IN THE NEWS
Climate change derivative actions
– is there life after Shell?
The ClientEarth UK derivative claim against the Shell board fell at the first hurdle.
It’s worth bearing in mind that under English law the first hurdle in these types of claim is a high one. This is because they are an exception to the fundamental principle that only a majority of shareholders can or should be able to require the company to sue its directors for breach of duty.
I was excited about this attempt because, even though likely to fail, it reminded us of how UK courts approach derivative claims (which unlike in the US are not very common here). More importantly, it was an intriguing first attempt to use the procedure to try to force companies to tackle climate change risks more proactively. As such, the case has had a wider bearing on the whole ESG debate.
We were treated to two written judgments by the court by virtue of a quirky procedure that allowed ClientEarth two bites of the apple – an application on written evidence only and then an oral hearing (both ending in defeat). ClientEarth say they will appeal but at the time of going to press it is far from clear whether they will be able to, such was the resounding nature of this defeat. The main factor in their favour is those wider implications mentioned above.
In the US, the plaintiffs’ bar has succeeded in part by probing all potential legal theories until one sticks. It is through this process that they have learned how to plead cases to avoid failing at motion to dismiss, and found the routes to liability, however narrow they may be.
I’m not going to recite the arguments in the case here – there are many excellent law rm analyses out there to read. Instead, I am going to throw out a few observations about the case which might provide some clues as to whether it will deter future ones and if not how similar cases might fare in future.
Observations
On a general level, it will always be difficult for any shareholder to get around the fact that courts will be reluctant to interfere with commercial decisions of directors unless there was a clear breach of duty.
The way the breach of duty case was put by ClientEarth, albeit in some ways ingenious, was more likely to fail because it relied on “incidental” and “additional” duties to the statutory duties (e.g. a duty to implement reasonable measures to mitigate risks to the financial health of Shell in its transition to an economy aligned to the goals of the 2015 Paris Agreement on Climate Change). The court found these were too vague to be useful. Further, without strong independent expert evidence on Shell’s “Energy Transition Strategy” (“ETS”) they lacked credibility. Cases brought solely on the statutory duties with expert evidence will have more “heft”.
In respect of the s172 Companies Act 2006 duty to promote the success of the company, whilst climate is one of the statutory factors the directors must consider, it cannot override everything else. The court found only the directors could be trusted to balance the factors in a way that overall promotes the success of the company unless there was no reasonable basis for that decision.
The claim also relied on the Dutch case against Shell in which a non-shareholder campaigning group successfully convinced a court to order Shell to reduce its carbon emissions by 45% by the end of 2030. ClientEarth argued this order had not been complied with – another alleged breach of directors’ duties. However, the Dutch decision is on appeal and the English court found there was no separate duty on the part of the English board to comply with it. This was a particular feature of this claim that will not be present in others.
The court was swayed by a strong suspicion ClientEarth had an agenda that was to force Shell’s business, being heavily reliant on hydrocarbons, to have a less detrimental effect on the environment, over and above promoting the success of the company. This was fatal to its chances. ClientEarth is a campaigning group with legitimate aims, but an English judge is very unlikely to allow such a group to influence a company’s business strategy. Had the institutional investors who said they supported the action put their names on the Claim Form instead, this would have carried greater weight.
The court was also influenced by the fact ClientEarth held so few shares in Shell (27). Had the supportive institutional investors thrown their 24.7m odd shares behind the action this would have made it less vulnerable, albeit it would still have represented less than 1% of the total shareholding. To me, this would not have been a factor if the claim was stronger but here it just added weight to the other factors against allowing the claim to proceed. The nature of the remedy sought also made things more difficult – a declaration the directors were acting in breach of duty coupled with an injunction to change the board’s approach to climate risk. The court would be more ready to recognise a breach of duty in the past and award damages for that than seek to order the directors, going forward, to manage the company in a designated way.
Shell’s ETS had been approved by some 80% of its shareholders when considered only a year ago. The court strongly hinted the way minority shareholders should seek to influence the wider shareholder base – and therefore the board – is through general shareholder meetings, not the courts.
In conclusion, it would be wrong to dismiss this attempt by ClientEarth out of hand. It is out of failures like this that the law develops and is tested. The outcome is undoubtedly a blow to any activist shareholder considering trying to change corporate strategy on climate change through the courts, but influential minority shareholders with no wider agenda may be able to bring stronger claims, based on the clues set out in these judgments.
ClientEarth may yet have the last laugh. The publicity generated by this case, even though unsuccessful, has probably assisted their cause and in the end may still indirectly have a bearing on Shell’s (and others’) energy transition strategy.
I’ll end with some FAQs on how a derivative case may be treated under a D&O policy (I have no knowledge of the terms of Shell’s D&O policy and of course each case will depend on the particular factual circumstances and the precise terms of the relevant policy).
Side A or Side B?
Whilst instigated by a shareholder, a derivative claim is in its essence a claim by and for the company. If a liability to the company on the part of the directors is established this will be non-indemnifiable loss and the claim will be dealt with under Side A. However, up to that point the defence costs will under English law be indemnifiable and so dealt with under Side B if the company indemnifies. If the company refuses to indemnify these costs will be paid under Side A but it’s likely insurers will require the company to pay the Side B retention, under the “presumptive indemnification” machinery in the policy.
Is it a Securities Claim?
A derivative claim is not a securities claim in the sense that the claim does not concern the shareholder’s shareholding itself. However, a derivative claim is often contained in the Securities Claim definition. Why is this? It wasn’t my idea but have rationalised this as being because until the action is given permission to proceed, the company is a defendant (Shell is a defendant in the present case, not a plaintiff – a situation that would only change
if the action was allowed to proceed). The company is therefore known as a “nominal defendant” – no allegation is made against it, but it needs to be a party because the court’s order will have a direct bearing on it.
As the Securities Claim definition is solely for the purpose of covering the company, it is convenient to cover the company for the costs it incurs in a derivative claim whilst a nominal defendant, under Side C.
What other D&O provisions are potentially relevant?
The derivative claim may be preceded by a request by the shareholder that the company investigates a potential breach of duty by the directors. This is common in the US. The costs of the company undertaking this investigation may be covered by a policy extension. Further, if required to attend an internal hearing as part of such an investigation, the director may be covered for the costs of being represented at that.
If ClientEarth’s application had been successful then the court would likely order Shell indemnify ClientEarth’s costs of bringing the application because the company would have benefitted from it. Some policies provide cover for this to the company. It is debatable whether this is a good idea though – as for a time the policy will be eroded by all parties to the case – which will not benefit the directors if the limit of cover is under threat.
FOCUS ON CRIME
10 Things It’s Useful To Know
About Crime Insurance
Crime insurance is often lumped in with D&O and other “agnostic” covers bought by companies (EPLI and PTL/Fiduciary being others – I will tackle these in future Newsletters!). So, there aren’t many crime specialists out there and those who are, tend to be at the “senior” end of the talent pool.
Added to this, there has always been a mystique about the product itself – which to many looks old fashioned and doesn’t as obviously as it could do appear to tackle modern risks the clients need covering, which are primarily now electronic crime by third parties via the internet. Also, how does Crime t alongside Cyber and Specie? If you are an insurance professional or buyer working with Crime insurance but don’t regard yourself as a specialist, read on.\
I’m not going to plod through the product (I have a training module for that if anyone’s interested); here are the ten things that most helped me understand Crime insurance!
1. What is the most vital component of Crime insurance?
Crime cover responds to discovery of a direct financial loss (DFL). This may or may not be defined, but essentially it means the losses of the Insured that are caused directly by the crime. In the case of theft this is obviously the loss of the property that was stolen. It doesn’t include consequential loss – for instance where the theft of that property causes the Insured to suffer a business interruption, lost income, or have a liability to a third party.
2. What types of Crime are covered?
Crime cover tends to be split between internal crime cover – crime involving employees – and external crime cover – crime caused solely by third parties.
3. What’s covered under internal crime?
As long as there is some kind of criminal act involving an employee and a DFL the cover is engaged, subject to any exclusion.
4. What’s covered under external crime?
Coverage here is usually split into certain specific categories of crime: documentary crime (forgery, counterfeit, fraudulent alteration of documents), electronic crime (hacking, malware etc), social engineering (dishonestly impersonating a real person eg employee, customer or trading partner), and extortion (threatening to do something unless the Insured transfers funds or property).The cover is also often controlled by limiting the coverage for these crimes to loss of certain types of assets – typically money/funds, valuable property, and securities (ie financial instruments with inherent monetary value).
5. Why the split between internal and external crime?
Primarily because the internal crime cover is easier to underwrite – so is broad, with the routes to cover being straightforward. Internal criminals are also usually easier to catch – at some point they make a mistake or go on holiday, and their activities are uncovered. Also, stolen funds or assets may be easier to locate and recover.
The external fraud is harder to underwrite and seen as riskier – these days there are some pretty sophisticated criminals out there! Once the funds / assets have gone recovery prospects will likely be low or at best complex and expensive. So, insurers control this cover via the methods described in (4) above. In this way, the Insured has more hoops to jump through before the external crime cover is engaged.
6. Is there is distinction between physical and electronic crime?
In the internal crime cover, no. The external crime cover may often be split between electronic and physical crime, but these are just the methods by which the same crimes – typically theft of funds or property or gaining property by deception – are carried out. For this reason, they should provide the same cover although the conditions around them will differ.
7. Are there typical extensions?
Yes, like many FL products there are extensions, typically for certain specified indirect financial losses. The most obvious ones are additional costs – costs of establishing a covered loss, costs of repairing, reinstating, or replacing damaged property (whether physical or electronic), or litigation costs, so long as accompanied by a covered DFL.
8. What’s the difference between FI Crime and Commercial Crime policies?
FI Crime is sold to financial institutions, Commercial Crime is for any other type of institution. Whilst superficially the products look similar they are not the same. One important difference is that in banking, depositors’ funds are treated as being the property of the bank – so loss of it is a DFL of the bank – not a third-party loss. This is why in Commercial Crime policies loss of client funds is usually given by extension as it is not a DFL of the institution itself and therefore wouldn’t otherwise be covered.FI Crime policies also tend to have more extensions for things that are unique to the financial institutions’ industry.
9. Is there any cover for non-criminal events?
Perhaps surprisingly, often yes, particularly in FI Crime. However, anything that should be covered under another type of policy eg property or professional liability is usually excluded.
10. What is not covered by a Crime policy?
Generally, the Crime policy is not there for loss or theft of data, cryptocurrency (unless specifically agreed), assets that exist solely in digital format, trade secrets or confidential information, and data breach costs absent a covered crime. A DFL where the only evidence is a financial or inventory calculation will not be sufficient to trigger the policy although will be accepted as supporting evidence.
Also, there is usually no cover for kidnap, fraud concerning bills of lading and other cargo documents (seen as too easy to forge / counterfeit / fraudulently alter), loans and trading losses unless an employee benefitted directly (this is particularly important in FI Crime as it takes out rogue trader losses), and where the DFL was at least partly caused by infrastructure or human failure or war / terrorism. In London there will always be a war / terrorism exclusion.
Finally on Crime… three things to pay attention to:
How the Crime policy interacts with cyber and specie products
Despite the electronic crime cover Crime is not a substitute for Cyber nor vice versa. They cover different things, but in the product extensions they may overlap to an extent.My advice to the Crime market is to be clear about your boundaries! Alternatively, there is a case for combining Crime and Cyber which might benefit clients. Specie tends to cover loss and damage or mysterious disappearance, including theft, of valuable assets, so may overlap to an extent with Crime but again they are not the same. If both products are bought there should be a clear demarcation between them.
How the Crime policy comes to an end when there is an event during the policy period
Anyone who read the April newsletter will remember I commented on this previously. Crime policies are not always as clear as they could be on what happens when the Policyholder is taken over, divests a subsidiary or goes bust. The policy should probably stop providing cover for DFLs occurring after the event in question (unless the Policyholder retains ongoing financial interests in any potential DFL), but provide a period after the event (not necessarily to the end of the policy period) for reporting discoveries of a DFL that occurred prior to the event.
Claims – it’s all about claims right?
The policy is triggered by a “discovery” of a DFL during the policy period (usually by someone fairly senior – and obviously not someone actually involved in the crime!). When there is a claim under the policy, there may be a condition requiring a proof of loss (“PoL”) to be provided by the Insured within a certain period.This period will often be insufficient, particularly in complex frauds or where the police have locked down information. The parties should agree a longer period in such cases. The insurers won’t pay a loss until a PoL is provided but should be flexible in terms of time frames.
Crime is sometimes overlooked as a cover, particularly with the focus on cyber, but as a product it potentially has a lot to offer and may be an important part of an Insured’s protections. There are signs the market is embracing this and updating / upgrading the available products to make them more accessible and useful to buyers. This is a welcome step for everyone.
RELEVANT TO … ACCOUNTANTS’ PI AND D&O
UK Corporate Governance In August 2023,
Where Are We?
Confusion seems to reign at the moment in relation to two rather fundamental aspects of the UK’s corporate governance regulatory regime: the first in relation to the future of the UK Financial Reporting Council (“FRC”) and the second relating to revisions to the UK Corporate Governance Code.
The future of the FRC: Is ARGA DOA?
I have written about ARGA before (as have many). In 2018 Sir John Kingman recommended the establishment of a new governance authority to be called the Accounting Regulation and Governance Authority (ARGA) to replace the FRC which he described as “not t for purpose.” Shortly after that, Mr (now Sir) Jon Thompson was brought out of a senior position in the Ministry of Defence and appointed chief executive of the FRC. His job was to prepare the FRC to become ARGA, and government promised that parliamentary time would be found to pass the legislation to create ARGA and provide the powers that it needed to be effective.
Nearly five years have now passed; ARGA still doesn’t exist as a statutory entity and Thompson has just left the FRC, to become chair of HS2 (possibly another kiss of death). The annual report of the FRC, published on 21 July 2023, contained a report signed by Thompson in which he said what must be regarded as the understatement of the decade: “It has been somewhat frustrating that legislation has not yet been passed more than four years after
Kingman, and we continue to work with Government on preparing the legislation for when parliamentary time allows.’’
Thompson has worked hard to prepare the FRC to look as much like ARGA as possible short of actually having the statutory authority it needs (or the name!). The imposition in the past twenty-four months by the FRC of over £46 million of fines on the largest accounting rms in the UK for poor auditing standards is testament to a new harder line at the FRC.
Is the reality then that ARGA is never going to be established? Probably. The talk earlier this year was that legislation would be brought in 2024. However, with the deadline for the next general election set at January 2025, and the reality that it may well occur earlier, it seems unrealistic to believe that time will be set aside before an election for the ‘boring’ business of ARGA regulation; and any new government following an election is going to
have far too much on its plate to give it priority. One can’t help but conclude that it was this realisation that sparked Thompson’s resignation …
Revisions to the Corporate Governance Code: Mixed Signals?
This is the second major confusing issue. In its desperate keenness to stop the haemorrhaging of IPOs from the UK to the US stock markets, the UK Treasury has been keen to publicise the FCA proposals for a “lighter touch” around London listing requirements (eg abolish the distinction between premium and standard listings; allow dual voting and non-voting structures; and remove requirements for shareholders to vote on substantial transactions).
The institutions don't much like the idea: on 28 June 2023 ten pension managers including Railpen and HSBC holdings Retirement Fund said in an open letter that rolling back investor protections to make listings easier would diminish the UK's global reputation and make it “more challenging to act as effective stewards.”
So, now to the Corporate Governance Code. The Code is, of course, an integral part of the London listing regime. Yet, in May, following the consultations on the 2022 White Paper “restoring trust in audit and corporate government ‘’, the UK Department for Business and Trade invited the FRC actually to strengthen the Code in specific areas, and the FRC recently launched a public consultation on proposed revisions to the Code which are set out in a new draft.
The revisions are somewhat defensively portrayed as “limited” but in reality they are significant. For example, listed companies will be asked to set out a revised framework of ‘’prudent and effective controls to provide a stronger basis for reporting on and evidencing their effectiveness.’’ Changes will also be brought in to “reflect the responsibilities of the board and audit committee for sustainability and ESG reporting, and associated assurance in accordance with the company's audit and assurance policy.” Disclosures strengthening reporting on performance penalties and claw back arrangements are also going to be required. These are not ‘’light touch” measures.
So, there appear to be some mixed signals here. Does the left hand of government know what the right hand is doing? It’s not impossible that government departmental changes have led to fractured communications. At any rate, UK plc needs to see some joined up thinking.
TECHNICAL AND TOPICAL
Can ChatGPT Write An Insurance Product?
I wanted to know whether I and many others serving the insurance industry would be out of a job in 2 years. I teamed up with my internet generation friend Sam Bysh (currently doing a PhD in the philosophy of physics in Chicago) and we embarked on a mission to find out.
I realise others have looked into this already and also written articles. But I wanted to see the results for myself because I had a couple of questions nagging away at me:
First, should I assume that the capabilities of ChatGPT had been tested to their limits if the article writer would, understandably, want to reach a conclusion that didn’t threaten their livelihood? Further, the overlap between highly specialised drafting skills and the technical nous capable of testing out ChatGPT properly is probably quite small; certainly, I can say from my own experience that there is little overlap in skills between the writers of policy wordings and those with AI know-how.
Second, should anyone really expect ChatGPT to replace those tasks that go significantly beyond chatting, given that the clear purpose of ChatGPT (clue in the name) is to correspond in a way that mimicks natural human conversation? Chatting in a human manner is an incredibly impressive task for a computer, but whether an intelligence is artificial or natural it remains the case that the purpose to which that intelligence is turned matters a good deal. Want legal advice? Don’t ask a medic. Want to teach a child? Don’t ask a university professor. Want a succinct and easy to understand summary of something? Don’t ask a lawyer (only joking, lawyers). As for human intelligence, so for artificial intelligence.
Method
Sam and I combined our different expertise, and over the last 4 months or so set about testing the capabilities of ChatGPT in the eld of drafting insurance policy wordings.
We set ourselves a goal: to get ChatGPT to produce a D&O policy in which a given set of insuring clauses, extensions, definitions, exclusions, claims conditions and general conditions based on our prompts, was at least 60% satisfactory. We chose 60% to give it a decent chance, based on an assumption that it would then take relatively little time for a wordings professional to turn it into a “95% product”. Why D&O? Because I know it inside out and back to front, so it would be easy to critique the ChatGPT output. Our subsequent efforts and results are outlined below:
1. Our first attempt was to provide ChatGPT with example D&O policies. However, ChatGPT was unable to handle documents of this length, despite using a couple of the ChatGPT extensions designed with this express purpose.
2. Next, using tailored prompts, we asked ChatGPT directly to generate a D&O policy from a specific list of clauses. Initially, ChatGPT responded with something akin to a policy schedule, with none of the text details filled in. After asking for the text to be filled in, ChatGPT responded with something like a summary document. In both instances it also warned us that drafting contracts was a legal matter and needed lawyers’ involvement.
3. We needed to go back to the drawing board. Clearly, asking ChatGPT to do all this in one go was too much. How about changing the prompts and asking ChatGPT to write a D&O policy section by section? Finally, this approach bore some fruit. However, while some clauses were written to something like 60% completion, some were entirely incorrect. Where it did not understand what was asked of it, it was clear that ChatGPT simply guessed, and the resulting clauses were far wide of the mark. There was still more work to do in finessing the prompts given to ChatGPT.
4. After going through the generated clauses line-by-line and beefing up the initial prompts, we tried again to regenerate the policy. This was much more successful. We did, indeed, achieve a D&O policy of around 60% accuracy: something like an abridged D&O policy. And yet, it would seem as though the improvements that were made were achieved by ChatGPT repeating almost entirely the more detailed instructions given to it; the nuanced
comprehension promised by this large-language model certainly was not in evidence.
Observations
Let’s take stock. After at least 25 hours of Sam’s time and about 8 hours of mine, we did end up with a D&O policy that was about 60% complete. On the one hand, with any labour-saving technology it should be expected there will be an initial outlay of time. Yet, in assessing the usefulness of such a technology, we are surely most interested in two things: the novel outcomes achievable, and the transferability of our results. For if this technology is to be able to add anything useful, it must be able to achieve substantial novel results, and be transferable to other kinds of insurance policy. And, although some successes were achieved, the lack of nuanced “understanding” demonstrated by ChatGPT leads us to conclude that ChatGPT is fundamentally not able to do what we asked of it: to generate a new insurance policy. Indeed, I can write a new D&O policy from scratch in less time than it took us to feed the information to it – and as a template I could re-use that just as much as the output we achieved from ChatGPT.
If we were to ask ChatGPT to write a policy for another area (say, a Commercial Crime policy) based on what we have learnt, it is likely the same (or greater) outlay of time would be required engineering the prompts to raise the initial results to the 60% level.
If our aim was to generate something that could provide a useful example for someone who doesn’t know anything about D&O policies, this would be a good outcome. Or, if our aim was to generate an off-the-shelf SME D&O policy, again, perhaps this would be a useful outcome (although as mentioned above, I can do that). However, as something that can be incorporated into the workflow of the business of Coverage Matters, that of writing bespoke policy wordings, ChatGPT clearly is not there, yet. Again, though, perhaps this should be unsurprising: ChatGPT is not an AI developed to write insurance policies.
From playing with ChatGPT it seems clear that it represents a step-change in the abilities of computers to act like humans in certain limited situations or contexts. It does not seem that long ago that Microsoft Paperclip was the cutting edge of android intelligence, and anyone who ever has to deal with automated phone systems when trying to access customer services will know how humanlike computers can fail to be. But, just as almost all intelligent human beings would do a less than perfect job at writing an insurance policy, so too for ChatGPT.
While it represents a great leap forward, ChatGPT isn’t designed to write insurance policies. This seems to be true of other software out there at the moment, but there are products that can do quite an impressive job of reviewing insurance policies. When somebody builds an AI model whose purpose is to write bespoke insurance policies from scratch, that will potentially be a game changer. Notwithstanding the continued need for human oversight of AI-generated material, an AI model trained on the millions of insurance policies available in the market will certainly disrupt the business as it currently exists. The question is when, not if, that day will come.
Rest assured I will be monitoring this every step of the way.
DID YOU KNOW
- When in Insurance is a consumer a Consumer?
This sounds obvious, but it may not be. Small business insurers and brokers, take note!
It’s well known the UK Insurance Act 2015 (“IA 2015”) deals with the Insured’s disclosure requirements on inception and when amending insurance contracts, referred to as the “duty of fair presentation”, and the remedies that follow for a breach. It is well known for dealing with the legal status and effect of warranties (if any), and what happens in the event of fraudulent claims. IA 2015 also deals with contracting out and in this respect distinguishes between consumer and non-consumer contracts.
IA 2015 does NOT cover the Insured’s disclosure requirements on inception and when amending consumer insurance contracts. This is dealt with by another (perhaps less well-known) statute: the UK Consumer Insurance (Disclosure and Representations) Act 2012 (“CIA 2012”). The disclosure duties here are not exactly the same as under the IA 2015 with the CIA 2012 not talking about fair presentation at all and instead referring to the Insured taking “reasonable care not to make a misrepresentation” to the insurer. The remedies for breach are however similar to those under the IA 2015.
Who or what is a consumer here? Essentially it is a natural person buying the policy solely or mainly for their personal benefit and not their business or trade. So “consumer” will not usually embrace any entity, business enterprise or sole trader. It’s people, you and me. Products being sold to both consumers and small businesses therefore need to cater for the application of the two statutes in relation to the disclosure obligations in these two categories.
Much has been written lately about the Financial Conduct Authority’s “Consumer Duty” which went live on 31st July 2023. This is a new wide-ranging duty in financial services requiring regulated rms to deliver a higher standard of consumer protection including good outcomes for their clients. I am not going to say more about it than that, as it is a specialist area where expert advice is needed.
More generally in relation to its insurance regulation, the FCA has defined a consumer as “a natural person acting outside any trade or profession” – pretty similar to the categorisation in the IA 2015 and CIA 2012. However, the Consumer Duty, despite its name, is owed to a much wider range of customers: namely “retail customers” . I’m no regulatory expert but subject to some specific rules this appears to be everyone other than those buying:
-
reinsurance;
-
contracts of large risk; or
-
group insurance policies.
What is a large risk? It’s a business that meets two of the following three criteria:
-
Balance sheet total: EUR6.2m
-
Net turnover: EUR12.8m
-
Average annual employees: 250
So small businesses, eg CML for instance, will definitely be consumers for the purposes of the Consumer Duty, but they are NOT consumers in respect of their disclosure obligations for insurance contracts – which will be governed by the IA 2015 and not the CIA 2012.