We have previewed in prior posts the ways artificial intelligence is rapidly changing the way business operate, including the many ways AI has influenced the insurance market, creating both opportunities and risks for policyholders. We later highlighted, based on a recent securities lawsuit, how corporate management may be at risk for the alleged use or misuse of AI and how companies should evaluate their directors and officers (D&O) and management liability policies to ensure that they are prepared to respond to and mitigate AI-driven risks, including claims alleging that a company or its officers and directors made misrepresentations about AI.
That potential risk now has regulatory teeth, as the US Securities and Exchange Commission recently charged the founder of an AI hiring startup with fraud based on claims about using AI to help clients find diverse and underrepresented candidates to fulfill diversity, equity, and inclusion hiring goals.
These so-called “AI-washing” claims—focused on overhyped, misleading, or exaggerated statements about the use or development of AI technologies—are based on traditional securities allegations asserting that a company has made a misstatement about a particular technology, product, or process. But they also present a few unique considerations for policyholders assessing D&O exposures to keep in mind.
Beware of Exclusions. How does the company’s D&O policy respond to claims involving AI, if at all? Is there a “cyber” exclusion that may be interpreted broadly to apply to any and all AI-washing or AI-related allegations, even if only tenuously connected to the wrongdoing at issue?
Government Investigations. Even if a D&O policy has robust protection against AI-related securities claims brought by shareholders, how does the policy respond to government inquiries, investigations, and enforcement actions? Is there coverage prior to a formal enforcement action and, if so, what are the specific triggers, and how is coverage for investigations or pre-claim inquiries limited?
Evaluate Insurance Programs as a Whole. Claims involving AI may present “cyber” risks that potentially implicate multiple coverages and policies. Cyber and D&O policies, for example, provide distinct but overlapping protections for liabilities arising out of cyber incidents, which are likely to implicate AI more frequently in the future. Looking at all potential sources of recovery within an insurance program, and not analyzing policies in isolation, can help identify unintended gaps and strengthen complementary coverages for AI-related risks.
Protecting Executives From Personal Exposure. From the perspective of individual officers and directors, as potential management exposure grows, does the company’s D&O policies provide adequate protection for individuals? If there are no dedicated “Side A” limits or policies, are the company’s traditional “Side ABC” limits high enough to withstand protracted (and expensive) investigations and litigations involving state or federal regulators and potential follow-on civil actions? If the company is bankrupt or insolvent, or if company is unable to provide indemnification for a particular claim, insurance may be the only backstop available protecting individuals from personal exposure.
Analyzing these questions after a claim arises may be too late. Taking a proactive approach to assess and, if necessary, negotiate and improve policy language at the time of placement or renewal can identify potential gaps, increase the chance of recovery, and decrease the risk of surprise denials and coverage fights in the event of a claim involving AI.