There are three main types of insurance available that could, in theory, be used to insure against bribery.
Directors and officers liability insurance
Directors and officers liability insurance (or D&O) was originally designed to provide protection to the directors and officers of a company for claims made against them. Over time, D&O has come to comprise four distinct types of cover:
- ‘Side A’, which covers the directors and officers themselves
- ‘Side B’, which covers the company in the case where the company indemnifies a director (the policy will pay out the amounts that the company has paid the directors)
- ‘Side C’, which covers the company for breaches of securities laws
- ‘Side D’, which covers the company for derivative securities actions, such as lawsuits from shareholders
A large number of insurance companies provide D&O. Bribery will often be covered by ‘Side A’ and ‘Side B’, but will not be covered by general ‘Side-C’ cover unless the action is taken by the Securities and Exchange Commission (SEC) in the US (rather than by the Department of Justice (DOJ)).
Specific coverage for bribery
In addition to D&O, insurance products have recently been launched that specifically cover corporations for bribery offences. Some of these products cover actions under certain legislation (such as the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act), some merely remove exclusions in their general business coverage for bribery offences, and others focus purely on the cost of investigations rather than on any consequential fines and penalties.
When considering bribery coverage, there are a number of factors that determine whether the scope will work for your business:
- Does the cover mention specific legislation, such as the FCPA or Bribery Act? Some cover one or the other, and some also include local legislation. In one example, the policy covers FCPA actions and includes other activities ‘in violation of that portion of any similar foreign law that prohibits bribery of foreign government officials’, so would not cover corporate bribery under the Bribery Act. Similarly, receiving bribes is an offence under the Bribery Act but not under the FCPA. Where does your insurance policy stand on this?
- Where legislation is mentioned, does it include all offences? For example, in the Bribery Act there are specific offences of bribing or receiving bribes (that may relate to directors) and also an offence of failing to prevent bribery (that is only against the entity).
- Does it cover old legislation? For example, investigations for Rolls-Royce in Indonesia relate to matters pre-Bribery Act (obviously this question will become less important as time goes on).
- Does it include ancillary legislation (such as the Proceeds of Crime Act in the UK or the Racketeer Influenced and Corrupt Organizations Act in the US), which can also be used to recover the benefits of the bribery?
Coverage can also differ between:
- whether it includes only the fines and penalties or also the costs of investigations – many jurisdictions preclude insurance coverage for illegal acts as a matter of public policy
- civil penalties versus criminal penalties; and
- whether all employees are covered, or only named directors and officers
It is also important to remember that, regardless of the wording in the insurance contract, it is very unlikely that the coverage will include losses due to:
- acts that were already being investigated at the commencement of the cover
- reputational impacts (although public relations firm costs may be covered)
- contractual breaches that result in the loss of business
- debarment from government contracts
- the costs of removing the staff involved in the bribery and hiring replacements at a time when the reputation of the company is damaged; and
- the general loss of business focus that inevitably occurs when management are pulled into resolving bribery issues rather than growing the business
Transactional risk insurance
The third main type of insurance covers specific transactions, such as acquisitions or joint ventures, and is used to cover the risk of pre-existing bribery in an acquired company. The coverage will be limited to a named acquiring party so couldn’t cover the target before the acquisition.
This type of insurance can be broad in nature, covering general financial and legal risks, so it is vital to ensure that bribery is not a specifically-excluded risk.
WHAT TRIGGERS A CLAIM?
There are also important questions to consider regarding what will trigger the insurance to be payable.
Where the coverage is for (or includes) the cost of investigations, it probably will not cover costs lost from an industry sweep – where a regulator asks all entities in an industry about any issues they might know of – as this is an investigation without any specific cause. If an issue is uncovered from the sweep, the coverage would more likely be triggered at that point.
When an investigation is the result of a hotline or whistleblower complaint, the process will usually include a triage process to assess the veracity of the complaint. This case would also probably not trigger an insurance payment until the investigation was at a point where there was a conclusive finding, since many complaints do not lead to any enforcement actions being taken.
Some policies will include subrogation rights, where the insurer will take over the claim on behalf of the insured. A company might not want to have the cover triggered before they have decided on their preferred course of action, as they may not wish to self-report to a regulator. Once a claim is made, it can involve a loss of control over the investigation and a conflict between the best interests of the insured and those of the insurer. The issues of subrogation may also impact legal professional privilege if the case is managed by the insurer rather than by external legal advisers.
It is important to understand what will trigger the insurance because claims will generally need to be made within a specific time of becoming aware of a potential issue. The notice periods may be far shorter than the time needed to fully understand the circumstances involved and get advice on where the issues may lead, which may cause decisions to be made without full information.
For those cases where coverage relates to penalties that include a court imposing a fine, one potential area of uncertainty is where a deferred-prosecution-type agreement is negotiated that does not include any admissions or findings of guilt.
An insurer that has agreed to cover a company for specific bribery offences must resolve a number of key issues to determine what the company’s premium will be.
Lack of information
For many risks, such as theft or fire, there is a large pool of information from which the insurer can determine the likelihood of the event occurring and therefore the cost of insurance. For bribery, however, there is far less information, and there is no information on how often bribes are paid or on how often they will be successfully prosecuted.
Some information is available. Insurers can generally get an idea about how much investigations will cost, based on previous cases. Possible penalties can also be calculated using the UK or US sentencing guidelines. Some existing insurance products use general criteria, such as the company’s size, the markets they operate in or their industry sector. While these give some idea of the level of a company’s risk, there is nowhere near the amount of information for bribery as what is available for other risks. This basic information also doesn’t take into account the value of the culture and ethics of the company, or the compliance programmes that are in place that reduce the risk of bribes and simplify the investigation process.
Another major issue is that the companies who are most likely to purchase bribery insurance are those that are high risk or that have had previous instances of bribery. Rather than spreading the risk across a large pool of variable risk, this has the effect of increasing the overall risk to the insurers and therefore increasing the cost.
Since the market for bribery insurance is new, the difficulty is balancing fair pricing – where the insured can see the value – with the insurer’s desire to make a profit.
The following items must be covered in the contract:
Most insurance contracts will include wording that excludes claims where the insured has not been honest in disclosing relevant matters. This would be relevant where either the corruption is endemic or where individuals on the board knew of issues but didn’t disclose them. A non-rescission term should be included in the contract to ensure that the insurance is still valid when corruption is found.
Sometimes an individual knows about bribery occurring but does not report it to the company. For these instances, there should also be a severance clause in insurance contracts to remove cover from the individual without removing it from the company.
Cost allocation and conflict between the entity and its officers
Where a single policy is in place covering individual directors (or all staff) and the entity itself, there needs to be some method of determining which group will be allocated the larger proportion of the cover.
Cost allocation between the investigation and penalties
Where coverage includes both investigation costs and recovery of penalties, given the timing of the events it is likely that the investigation costs will use most of the coverage. This is especially important to remember for individuals who may no longer have coverage for any criminal prosecutions.
Insurance coverage for bribery matters is not going to provide a complete solution for a company, but for some firms it may be better than nothing. It is very unlikely that any firm would pay the level of premium necessary to provide full coverage for the hundreds of millions of dollars a significant FCPA investigation and penalty may cost, so the coverage will always be a small portion of the costs incurred.
D&O can provide some of the coverage needed, but may not be adequate in itself. Because of the issues of allocation and timing, in many cases the best solution would be to include both: D&O for the directors, and specific bribery insurance to cover the costs of the investigation.
Where insurance products are used to manage the risk of bribery it is important to remember that they do not remove the need for a robust compliance programme. Good quality compliance programmes will reduce: insurance premiums by demonstrating effective controls; the likelihood of bribery by improving the compliance culture; and, any penalties incurred during sentencing.