Directors and Officers (“D&O”) and cyber-related incidents continued to make headlines while ramped up regulatory enforcement and new legislation significantly altered the insurance landscape for both policyholders and insurers. Other noteworthy decisions reinforced the importance of foundational insurance coverage principals. Now that 2023 has wrapped, we highlight and review some of the most significant decisions and insurance developments that will continue to impact the world of insurance in 2024 and beyond.
Directors & Officers
In 2023, policyholders saw favorable interpretations of coverage under their D&O policies. These recent policyholder wins demonstrate an expansive view of potential D&O coverage and serve as a good reminder for policyholders to consider whether coverage could be triggered under all of their policies when faced with a loss.
- D&O Can Be a Source of Coverage for Opioid Suits, The North Carolina Mut. Whole Company v. Federal Ins. Co., No. 1:22-CV-553, 2023 WL 5312234 (M.D.N.C.)
Courts nationwide have issued a wide range of decisions on insurance coverage for lawsuits arising out of the opioid epidemic under commercial general liability policies. On August 17, 2023, a North Carolina federal court illustrated why coverage is also available under Directors and Officers (D&O) liability insurance policies. In The North Carolina Mut. Whole Company v. Federal Insurance Co., No. 1:22-CV-553, 2023 WL 5312234 (M.D.N.C.), the court determined a drug wholesaler’s D&O policy provided coverage for more than one hundred underlying lawsuits, rejecting the insurer’s argument that two exclusions, the contract and professional services exclusions, barred coverage.
The decision offers positive takeaways for policyholders: first, the decision underscores that exclusions cannot apply expansively to effectively eviscerate coverage, as would have occurred here under the insurer’s expansive view of the professional services exclusion. Second, the decision confirms potential coverage for claims arising from the manufacture, distribution and sale of opioids.
- Delaware Court Finds Broad D&O Coverage for Directors and Officers in SPAC Claim, March 1, 2023, Clover Health Invs., Corp. v. Berkley Ins. Co., C. A. N22C-06-004 MMJ CCLD (Del. Super. Ct. Feb. 6, 2023)
A Delaware court issued a significant opinion in a directors and officers liability claim involving a special purpose acquisition company (“SPAC”). In an issue of first impression in Delaware, the Superior Court in Clover Health Investments Corp. v. Berkley Ins. Co. held that directors and officers of the post-merger entity were “Insured Persons” under the SPAC’s D&O policy because they were acting in “functionally equivalent” roles to directors and officers of the SPAC when the alleged pre-merger wrongful conduct took place.
The Clover Health opinion touches a number of important insurance issues. While certain issues are unique to D&O claims arising from SPAC transactions, others may have broader implications for D&O coverage in Delaware beyond SPAC deals.
First, the decision provides an expansive view of potential D&O coverage under policies issued to SPACs, including for wrongful acts allegedly committed by future directors and officers before the transaction as long as they were acting in a “functionally equivalent” role to that of a SPAC officer and director at the time of the alleged misconduct. Second, the decision is another example of a Delaware court correctly adhering to basic principles governing insurance policy interpretation, including that courts should interpret insurance contracts according to their plain, ordinary meaning and resolve ambiguities in favor of coverage consistent with the reasonable expectations of the insured. Third, the ruling in the policyholder’s favor on SEC investigation coverage based on the definition of “Claim” may be even more impactful to future D&O coverage disputes beyond those involving SPAC transactions. Finally, the decision is yet another example of the potential longstanding impact of the pro-policyholder decision, RSUI Indem. Co. v. Murdock, et al., No. 154, 2020, C.A. No. N16C-01-104 CCLD (Del. Mar. 3, 2021)—this time on the critical issue of allocation using the Larger Settlement Rule.
On October 1, 2023, Nevada became the first state to prohibit defense-within-limits provisions in liability insurance policies, potentially changing the D&O insurance landscape going forward. Defense-within-limits provisions—resulting in what is called “eroding” or “wasting” policies—reduce the policy’s applicable limit of insurance by amounts the insurer pays to defend the policyholder against a claim or suit. These provisions are commonly included in errors and omissions (E&O), directors and officers (D&O) and other management liability policies. This contrasts with other policies, most commonly commercial general liability policies, which provide defense “outside of limits” where defense costs do not reduce the policy’s limit.
Prohibiting defense-within-limits provisions may, however, be a double-edged sword. On the one hand, the provisions preserve coverage for settlements and judgments because costly litigation will not reduce the policy’s limits. On the other hand, where a policy’s limits are not reduced by defense costs, it could lessen the incentive for claimants to settle early in litigation to avoid the risk of eroding liability limits by defense costs. The new law also creates uncertainty in the insurance marketplace. Nevada policyholders may see increases in premiums and other changes to the structure of their liability insurance products to mitigate the increased risk to insurers because of the new law.
Government Enforcement Actions
Government enforcement actions, including those resulting from security failures to protect data (including employee information), improper data collection practices, failure to disclose a data breach or deceptive privacy practices, were also pervasive in 2023, showing policyholders that regulatory defense coverage is increasingly important. The DOJ, FTC and SEC were all involved in investigating potential violations of law following cyber incidents and prosecuting companies, including their directors and officers, who were found to have failed to protect data.
In 2023, regulators cracked down on companies that failed to secure data or fail to promptly disclose cyber incidents. In October 2021, Deputy Attorney General Lisa Monaco announced the launch of the Civil Cyber-Fraud Initiative, led by the Fraud Section of the DOJ Civil Division’s Commercial Litigation Branch. The Civil Cyber-Fraud Initiative was created to “utilize the False Claims Act (‘FCA’) to pursue cybersecurity related fraud by government contractors and grant recipients.” The announcement put executives and boards on alert after agencies and shareholders showed a willingness to pursue individual directors following cyber incidents.
The Federal Trade Commission (FTC) took enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug provider, GoodRx, for failing to notify consumers of its unauthorized disclosures of personal health information. In general, the Rule requires that vendors not covered by the Health Insurance Portability and Accountability Act (HIPAA) of personal health records give notice in the event of a “breach of security,” which is defined to include “unauthorized acquisition” of personal health records. GoodRx agreed to pay a $1.5 million civil penalty for its violation and will be prohibited from sharing user health data with third parties for advertising purposes. While GoodRx denies any wrongdoing it stated that it agreed to the settlement to avoid a costly legal battle.
The FTC’s unprecedented use of the Health Breach Notification Rule highlights the need for policyholders who gather personal information for consumer transactions, marketing purposes or as part of their core business model to ensure that their risk management plan includes a cyber policy that covers regulatory investigations and actions such as the one initiated against GoodRx.
The US Environmental Agency continued to address the Per- and polyfluoroalkyl Substances (“PFAS”) issue which have increasingly become the target of federal and state regulation in everything from drinking water, groundwater, site contamination, waste, air emissions, firefighting foam, personal care products, food and food packaging, and now consumer and commercial products.
As regulators increased their focus on PFAS, enforcement actions rose as well. This was in addition to third-party actions already being brought nationwide. The claims of groundwater contamination and exposure to PFAS-containing products were directed at manufacturers and other businesses in the supply chain.
In this client alert, we examined how a company’s commercial general liability (“CGL”) policies may cover PFAS-related claims. While these policies typically cover bodily injury or property damage when the occurrence that caused the injury or damage took place during the policy period, since cases generally allege that PFAS contamination and exposure has occurred over a long period of time, decades in many instances, there may be coverage under older CGL policies.
Crime
In 2023, courts also faced novel issues implicated by crime protection insurance policies. Fraudsters continued to wreak havoc on companies by impersonating employees and intercepting internal communications. Despite the increasingly narrow view of coverage for fraudulent transfer losses presented by insurers, policyholders have found some relief.
- Fifth Circuit Affirms Crime Policy’s Applicability to Fraudulent Transfer, Valero Title Inc. v. RLI Ins. Co., No. 22-20155 (5th Cir. Feb. 1, 2023)
The Fifth Circuit affirmed that a title company’s crime protection policy applies to cover loss from a fraudulent wire transfer. The insurer, RLI Insurance Company, had argued that the transfer was not covered under the funds transfer fraud endorsement because the instruction that led to the transfer was authorized and approved by the insured, Valero Title Inc. Specifically, a Valero employee instructed Valero’s bank to wire the funds to a fraudulent account after a fraudster posing as a lender’s employee intercepted email communications about a payoff transaction and deceptively instructed the transfer.
Relying on “ordinary contract principles,” including looking to the “plain language of the policy, examining the entire agreement and seeking to harmonize and give effect to all provisions so that none will be rendered meaningless,” the Fifth Circuit affirmed the district court’s holding that the policy provided coverage and held that the only interpretation of policy provision was one in which a written instruction is forged or altered by someone other than the insured without the insured’s knowledge or consent prior to being issued by the insured.
Insurance Fundamentals
Finally, 2023 proved that insurance fundamentals will always effect the ultimate resolution of claims. From notice requirements to the statute of limitations, 2023 showed policyholders and insurers alike how important it is to keep the basics in mind.
- It’s Too Late, Lloyd’s: New York Federal Court Finds Insurer Waived Late Notice Defense, Mave Hotel Inv’rs LLC v. Certain Underwriters at Lloyd’s London, 21-CV-08743 (JSR) (S.D.N.Y. Apr. 10, 2023)
A New York federal judge ruled that an insurer waived its late notice defense because a generic reservation of rights was insufficient to preserve it. As a result, the policyholder’s claim was preserved despite being submitted more than three months after the loss—a delay which would ordinarily be fatal under New York law.
The owner of a small hotel in Manhattan, Mave Hotel Investors LLC (“Mave”), was insured by Certain Underwriters at Lloyd’s, London (“Lloyd’s”). From October 2017 to October 2020, Mave contracted with a housing network to temporarily house homeless families and their children in the hotel. When the contract with the housing network terminated in October 2020, Mave alleged that the rooms were severely damaged and that it had to pay $1.4 million to repair them. In January 2021, Mave notified Lloyd’s of the damage and sought coverage under its general property insurance policy. Lloyd’s denied coverage citing a “wear and tear” exclusion which barred coverage but did not mention the more than three-month delay by Mave to report the claim.
Mave sued Lloyd’s, and Lloyd’s moved for summary judgment arguing in part that Mave failed to provide timely notice of the loss. Mave’s policy required it to provide “prompt notice” of a loss, and Lloyd’s argued that Mave’s delay in reporting the damage should bar the claim. In fact, New York courts routinely hold that delays of less than three months create grounds to deny coverage where the policy includes a “prompt notice” requirement. While Mave largely conceded that its notice was not prompt, it argued that Lloyd’s waived the defense by not raising it when it disclaimed coverage. The court found the disclaimer insufficient to preserve the late notice defense. Mave was saved by Lloyd’s generic reservation of rights, but the court’s decision highlights the importance of letting an insurer know of a potential loss as soon as possible, especially where the policy includes a prompt notice provision and is governed by New York law.
- When Does a Claim Become a “Claim”? A Lesson on Timely Notice, Pine Management, Inc. v. Colony Ins. Co., No. 1:22-CV-02407 (MKV), 2023 WL 2575082 (S.D.N.Y. Mar. 20, 2023)
The Southern District of New York denied a policyholder’s claim for coverage and granted the insurer’s motion for judgment on the pleadings in Pine Management, Inc. v. Colony Insurance Co.. The parties disputed whether a real estate liability insurance policy provided defense and indemnification for Pine Management, Inc. in an underlying lawsuit brought by several companies that Pine managed. A simple question proved pivotal in the outcome: whether Pine had timely sought coverage for its claim.
The underlying plaintiffs filed suit on July 26, 2019. But their counsel had sent a letter to Pine advising of the plaintiffs’ claims over a year earlier on July 17, 2018. Because Pine received this letter approximately two weeks before the policy’s inception, the court needed to decide whether the letter constituted a claim under the policy. If so, Colony could deny coverage because there was no “claim first made and reported in writing during the Policy Period.”
Based on Second Circuit precedent, the court found that the letter constituted a claim because it (i) alleged misconduct based on citations to theories of liability and supporting factual allegations; (ii) included specific demands for corrective action and proposed a plan for resolution of the dispute; and (iii) plainly placed Pine on notice of potential litigation involving claims it considered meritorious. Thus, the court concluded Pine’s claim predated the policy period, preventing coverage under the Colony policy.
The Pine outcome provides a stark reminder that, when faced with a claim or even a potential claim, policyholders should act quickly to notify their liability insurers of the exposure. Based on the court’s ruling, if Pine had a comparable policy in place prior to the Colony policy at issue, it needed to submit its claim under that earlier policy.
Florida passed new legislation making it more difficult, and costly, for policyholders of all sizes to sue insurers for bad faith. On March 24, 2023, Florida Governor Ron DeSantis signed House Bill (HB) 837 into law. The bill’s provisions eliminated fee-shifting for most policyholders and require something “more than” negligence for bad-faith claims against insurers. The legislation significantly impacted policyholders’ ability to hold their insurers accountable for the wrongful failure to pay benefits due under the insurance contract.
Now, a policyholder can recover attorneys’ fees only if it files a declaratory judgment action against the insurer when the insurer issues a “total coverage denial.” Note, however, that this does not apply to “any action arising under a residential or commercial property insurance policy.” The statute leaves open questions about what constitutes a “total coverage denial,” but the bill explicitly states that a liability insurer’s defense under a reservation of rights is insufficient to constitute a “total coverage denial” to trigger the potential for a fee award. As a result, policyholders are now forced to litigate coverage actions at their own expense, even where the insurer unreasonably denies coverage and thus requires the filing of the coverage action against it.
The statute also provides that in both statutory and common law bad-faith actions, “mere negligence alone is insufficient to constitute bad faith” and imposes a “good faith” standard on policyholders. Juries now may consider the policyholder’s conduct “in furnishing information regarding the claim, in making demands of the insurer, in settling deadlines, and in attempting to settle the claim” in order to “reasonably reduce the amount of damages awarded against the insurer.”