Risk Management

Coverage for Uncovered Secrets

New insurance products will compensate companies for the costs of internal investigations.
Sarah JohnsonApril 15, 2012

During an earnings call for Avon Products last year, Charles Cramb, then CFO of the cosmetics and perfume company, revealed a stunning figure. Avon had spent $96 million in 2010 on an ongoing investigation into possible violations of the Foreign Corrupt Practices Act (FCPA). Moreover, the company would likely spend a similar amount in 2011, he said.

Those kinds of budget-busting figures have attracted the attention of insurers, who see an opportunity to promote new products that cover third-party costs of corporate internal investigations, whether probes of accounting-fraud allegations or bribery of foreign government officials. In March 2011, for instance, property-casualty insurer Chartis began selling coverage for investigations into securities-law violations, including insider trading, restatements, and FCPA-related violations. Insurance broker Marsh began offering a product last summer along the same lines that is limited to FCPA issues. Neither policy, however, covers penalties, fines, or disgorgement.

Although the likelihood that companies will have to investigate possible wrongdoing within their ranks is increasing, thanks to greater regulatory vigilance, the new policies have been a tough sell. Marsh, for example, has met with hundreds of potential buyers, but has yet to complete a deal.

“Our challenge has been to get this information out to the public, since it’s a brand-new product and not a topic companies are used to talking about in the normal course of business,” says Machua Millett, senior vice president in Marsh’s financial professional group.

Investigations Increase
There’s nothing new about the 34-year-old FCPA — except that enforcement actions have been rising, as regulators continue to cite the law as a high priority. The number of investigations by the Department of Justice and the Securities and Exchange Commission nearly doubled between 2009 and 2010 and remained high in 2011, according to law firm Gibson Dunn (see chart, below).

Companies may initiate an investigation after hearing about a possible problem from an internal source, such as a tip line or a report to the audit committee, or from an external source, such as a government agency. These investigations can last weeks, months, or even years — growing from a few questions posed to a few employees to a full-scale probe involving many outside sources, including lawyers and accountants.

Also providing insurers with marketing material is the SEC’s new whistle-blower program, which gives informants a financial incentive to come forward. For penalties worth at least $1 million, whistle-blowers can collect between 10% and 30% of the payout to the agency. In the program’s first two months, the SEC received 334 tips.

Of course, companies want the SEC to hear their side of the story first. Self-reporting goes a long way with regulators. They may limit the scope of their investigations based on the breadth of documentation a company provides, or at least grant the company leniency when negotiating settlement terms. In fact, regulators often rely heavily on a company’s internal-investigation work to build their case.

With that in mind, companies may want to rely more on outside sources during their own investigation to give regulators the perception that their probe has integrity. The downside, of course, is that third-party costs can quickly add up, especially if an investigation takes longer than expected and crosses borders, as FCPA cases do.

A Difficult Decision
Buying an insurance policy to cover such costs could be a difficult decision for CFOs. Working against the products are the facts that they are new, there’s little competition to bring the price down, and the underwriters are taking a gamble by offering them. “We have to be careful of the risks we take on,” says Rob Yellen, chief underwriting officer for executive liability at Chartis.

Moreover, the application process itself may carry risks for companies, according to legal experts. For Marsh’s policy, employees must orally answer questions about their company’s FCPA policies and procedures so that the answers don’t become subject to courtroom scrutiny later on. “If it’s committed to paper, it becomes discoverable,” warns Mikhail Reider-Gordon, director of disputes and investigations at Navigant Consulting.

Potential buyers may not realize that a company’s third-party costs may not be covered under a typical directors’ and officers’ insurance policy, say insurers. Some companies have found that out the hard way. Last October a federal appeals court denied Office Depot’s claim that its D&O insurer should have covered more than $20 million in legal fees the retailer had incurred while responding to several SEC inquiries.

“D&O products were designed to protect directors and officers when they were sued individually and not to protect the entity itself,” says Chris Warrior, an underwriter at insurer Beazley Group. His company sells a D&O policy that covers some outside costs for entities formally named in a regulatory investigation in which a director or officer has not been named.

As for FCPA policies, underwriters are basing their prices on buyers’ compliance programs and history with securities regulators, along with their size, complexity, and geographic footprint. And they are willing to turn away overly risky buyers, or at least charge so much that the buyers wouldn’t want to pay for such a policy.

Just the fact that a company is willing to apply for a policy may raise underwriters’ eyebrows. “As a company, you’re not going to an insurer if you don’t already have some perceived risk,” says Reider-Gordon.

Materiality plays a role in whether a company will decide if a new policy is worth its while. A large multinational is unlikely to be financially harmed solely by the costs that have gone into an investigation — even if its reputation takes a hit. For that reason, Chartis has found that midsize companies have become its sweet spot for marketing its policy. “The value proposition may be more meaningful for a [midsize] or small company that cannot as easily absorb the costs for responding to an investigation,” Yellen says.

In the meantime, insurers are patiently waiting for buyers to come. New insurance products often take time to get noticed, says Marsh’s Millett, who notes that it took a couple of years before employment-practices insurance and cybersecurity insurance began to find buyers.

Regarding FCPA insurance, Millett says, “I’m not sure all companies fully appreciate their risk of being investigated, but as we see more and more investigations, there will be a greater appreciation for that risk.”