Risk Management

A New Risk Strategy for Regulatory Probes

New insurance products offer to cover some of the cost of corporate internal investigations. Why aren’t they taking off?
Sarah JohnsonFebruary 23, 2012

During an earnings call last year, Charles Cramb, then CFO of cosmetics company Avon Products, revealed a stunning figure. The company had logged $96 million in 2010 to pay for an ongoing investigation into possible violations of the Foreign Corrupt Practices Act — and would likely spend a similar amount in 2011.

Such a number provides fodder to insurance companies trying to gain traction on fairly new products that will cover third-party costs of corporate internal investigations — whether they’re probes of accounting-fraud allegations or bribery of foreign government officials.

Last March property-casualty insurer Chartis began selling coverage for investigations into securities-law violations, including insider trading, restatements, and, for an additional charge, FCPA-related violations. Insurance broker Marsh began offering a product last summer along the same lines that is limited to FCPA issues. Neither policy covers penalties, fines, or disgorgement.

Despite the increased likelihood that companies may need to investigate possible wrongdoing within their ranks, these policies are thus far a tough sell. Marsh has met with hundreds of potential buyers but has yet to complete a deal. “Our challenge has been to get this information out to the public since it’s a brand-new product and not a topic companies are used to talking about in the normal course of business,” says Machua Millett, senior vice president in Marsh’s financial professional group.

A Risk of Business
Companies may initiate an investigation after hearing about a possible problem from an internal tip line, a report to the audit committee, or other means. Sometimes an inquiry from a government agency will provoke a company to do its homework on an allegation but that’s less likely. “More often than not, a company gets wind of a problem from an internal source,” not the regulators, says Martin Weinstein, a partner at law firm Willkie Farr & Gallagher.

These investigations can last weeks, months, or even years — growing from a few questions of a few employees to a full-scale probe involving many outside sources, including lawyers who have dealt with similar situations and accountants who can dig deep into a company’s reporting to find traces of wrongdoing.

Working in the insurance companies’ favor is the fact that enforcement activity is up — at least for FCPA violations. The number of investigations by the Department of Justice and Securities and Exchange Commission nearly doubled between 2009 and 2010, according to Millett. And the agencies continue to cite the 34-year-old law as a high priority. Also providing insurers with marketing material is the SEC’s new whistle-blower program, which gives informants a financial incentive to come forward. Whistle-blowers can collect between 10% and 30% of a corporate wrongdoer’s payout to the commission (for penalties worth at least $1 million). In its first two months, the SEC received 334 tips. “I’m not sure all companies fully appreciate their risk of being investigated, but as we see more and more investigations, there will be a greater appreciation for that risk,” Millett says.

Of course, companies might want the SEC to hear their side of the story first. Self-reporting goes a long way with regulators, who may limit the scope of their investigations based on the breadth of documentation a company provides or at least grant the company leniency when negotiating settlement terms. In fact, regulators often rely heavily on a company’s internal-investigation work to build their case.

With that in mind, companies may want to lean more heavily on outside sources during their own investigation to give regulators the perception that their probe has integrity. The downside, of course, is that third-party costs can quickly add up, especially if an investigation takes longer than expected and crosses borders, as FCPA cases do.

But mitigating those costs by signing up for an insurance policy that may (they hope) never kick in may be a difficult decision for CFOs. The policies are triggered when a company receives an informal or formal inquiry from a regulator, or has self-reported. Working against the products are the facts that they’re new, there’s little competition to bring the price down, and the underwriters are taking a gamble by offering them. “We have to be careful of the risks we take on,” says Rob Yellen, chief underwriting officer for executive liability at Chartis.

Moreover, the application process may carry its own set risks, according to legal experts. For Marsh’s policy, employees, including some in the finance department, must orally answer questions about their company’s FCPA policies and procedures so that the answers won’t become subject to courtroom scrutiny later on. “If it’s committed to paper, it becomes discoverable,” warns Mikhail Reider-Gordon, director of disputes and investigations at Navigant Consulting.

Insurers have found their potential buyers don’t realize that a company’s third-party costs may not be covered under a typical directors’ and officers’ (D&O) insurance policy, which covers the legal fees of individuals. Some companies have found that out the hard way. Last October a federal appeals court denied Office Depot’s claim that its D&O insurer should have covered more than $20 million in legal fees the retailer had incurred while responding to several SEC inquiries.

“D&O products were designed to protect directors and officers when they were sued individually and not to protect the entity itself,” says Chris Warrior, an underwriter at insurer Beazley Group. His company sells a D&O policy that covers some outside costs for entities formally named in a regulatory investigation in which a director or officer has not been named.

Pay Now or Later
For CFOs considering whether to sign up for a financial safeguard against unexpected expenses, they will have to make a key calculation. Will it cost more to lay out cash for an investigation that has not occurred than to pay for the billable hours racked up if one does happen? For some companies, the answer may be yes. The underwriters are basing their prices on each insurance buyer’s compliance programs and history with securities regulators, along with their size, complexity, and geographic footprint.

And they are willing to turn away overly risky buyers, or at least charge so much to protect themselves that the buyers wouldn’t want to pay for such a policy. Just the fact that a company is willing to apply for a policy may raise underwriters’ eyebrows. “As a company, you’re not going to an insurer if you don’t already have some perceived risk,” says Reider-Gordon.

Materiality plays a role in whether a company will decide if a new policy is worth its while. Large multinationals are unlikely to be financially harmed solely by the costs that have gone into an investigation — even if their reputation takes a hit. For that reason, Chartis has found that midsize companies have become its sweet spot for marketing its policy. “The value proposition may be more meaningful for a middle or small company that cannot as easily absorb costs for responding to an investigation,” Yellen says.

In the meantime, insurers are patiently waiting for demand to increase. New insurance products often take time to get noticed, says Millett. Employment practices liability insurance and cybersecurity liability insurance, for example, took a couple of years to go from “brand-new concepts to being picked up by more and more companies,” he says.