CommTech 2006 Forum Newsletter - JLT

Lugano 2006
Contacts
JLT Risk Solutions Ltd
6 Crutched Friars
London EC3N 2PH
England
Peter Hacker
Tel: +44 (0)20 7528 4121 Email: Peter_Hacker@jltgroup.com
Celine Lachevre
Tel: +44 (0)20 7558 3356 Email: Celine_Lachevre@jltgroup.com
Luke Foord-Kelcey
Tel: +44 (0)20 7558 3514 Email: Luke_Foord-Kelcey@jltgroup.com
Registered office: 6 Crutched Friars, London EC3N 2PH England.
Telephone : +44 (0)20 7528 4444 Facsimile : +44 (0)20 7528 4185 www.jltgroup.com
Registered in England No. 1679424. Vat No. 244 2321 96.
References within this document to Jardine Lloyd Thompson, JLT Group, JLT and the Group mean the
Jardine Lloyd Thompson Group. Client services are provided by relevant operating companies within the
Jardine Lloyd Thompson Group. Jardine Lloyd Thompson Group plc is a holding company only, domiciled
in England and does not provide client services.
© Copyright Jardine Lloyd Thompson Group 2006 – all rights reserved.

Global Communications
& Technology
Industry Focus Group
3rd Annual Forum
May 3-5, 2006
Hotel Principe Leopoldo
Lugano, Switzerland
Lugano 2006

Key JLT CommTech Partners

DURING THE GLOBAL COMMUNICATIONS & TECHNOLOGY
INDUSTRY FOCUS GROUP 3RD ANNUAL FORUM, GLOBAL
EXPERTS FROM THE COMMTECH, MEDIA, ELECTRONICS AND
INSURANCE INDUSTRIES DEBATED AND EXAMINED THE ISSUES
AND CHALLENGES FACING THESE SECTORS.
IN THIS PUBLICATION YOU WILL FIND A SELECTION OF
ARTICLES FROM THESE EXPERTS FURTHER INVESTIGATING THE
ISSUES RAISED, AND REPORTS FROM THE SESSIONS HELD
DURING THE FORUM.
The Jardine Lloyd Thompson Group of companies is a leading risk management adviser and insurance and
reinsurance broker. JLT is also a major provider of employee benefit administration services and related
consultancy advice. JLT is quoted on the London Stock Exchange and is the largest European-headquartered
company providing these services. JLT operates out of more than 100 offices in over 30 countries and employs
more than 5,000 personnel.
JLT's Communication, Media and Technology Industry Focus Group develops unique solutions for insurance, risk
finance and treasury departments of major Communication, Media and Technology companies around the world.

Contents
Contents
Introduction Peter Hacker, JLT 5
The Failures of Corporate Governance after Enron Lynn Brewer 7
Corporates increasingly look to capital markets
for innovative risk solutions Peter Hacker, JLT 9
Catastrophe Losses –
where will the capital come from to fund them Michael Brown, Allen & Overy 10
Continuity risk within the supply chain –
the importance of the macro approach Chris Rigby-Smith, JLT 12
Learning the lessons of recent catastrophes
Franco Masciovecchio & Adrian McGarva, Glacier Re 14
Supply chain management and critical information structure:
the effect of outsourcing and more complex chains
Joe Bona, AXA Corporate Solutions 17
Cyberspace now on terrorists radar Nick Robson , JLT 19
Network asset protection - protecting your critical assets
Emily Freeman, JLT 20
Corporate Governance driving end to “Deal Now Deal Later” insurance market
Paul Wordley, Sian French, Kapil Dhir – Holman Fenwick & Willan 22
D&O premiums fall, but pitfalls grow Ken McKenzie, Davies Arnold Cooper 26
3

Introduction
Introduction
Jardine Lloyd Thompson’s Global Communications & Technology Forum took place in
Lugano with risk managers participating in a programme developed together with our
clients – ten leading companies from the sector.
The changing landscape of risk and the shift from tangible to intangible has particular
relevance for communications and technology companies and this theme was the focus
for speakers and workshops.
Where does risk come from The pace of change that affected your risk landscape is
fast developing along with the frequency of events that act as an agent of change. It is
unlikely that the shift of risk from tangible to intangible areas will reduce in future and
you will have to rise to these challenges if businesses are to succeed.
In this newsletter leading experts examine this debate alongside the business and
insurance issues. Their articles cover specific issues regarding corporate governance,
supply chain management, catastrophe losses, cyberspace threats, contract certainty,
D&O as well as asset protection and innovative risk solutions from the capital markets.
Peter Hacker, Partner and Head of JLT’s Global Communications & Technology Practice
5

The Failures of Corporate
Governance after Enron Lynn Brewer
When Enron imploded, it represented the largest scandal in US business history. In the
2 years following the demise of what was then America’s 7th largest corporation, the
US capital markets lost somewhere between $4-7 trillion USD.
Despite having all of the necessary components of “good” governance policies,
including a vision and values statement that included respect, integrity, communications
and excellence; a respected board of independent directors; a 63-page code of
conduct; a corporate social responsibility policy that boasted transparency; and an
internal whistleblowing hotline – the systems at Enron failed.
In July 2002, eight months after the implosion of Enron, regulators in the US were
forced to respond to what had become a wave of corporate corruption with the passage
of Sarbanes-Oxley (SOX). Although the initial issues raised with Enron, WorldCom, Tyco,
Parmalat and the hundreds of companies who have demonstrated a lack of integrity
since Enron’s implosion was initially seen as an “ethics” issue, most companies see
SOX and thus ethics as a regulatory compliance issue which simply means the focus
has shifted from what is right vs. wrong to what is legal vs. illegal. Although companies
are attempting to integrate governance, risk, and compliance – it appears as though the
US has failed in its effort to regulate a conscience.
Under Section 301 of SOX, every company listed on a US stock exchange must have a
whistleblowing system which would presumably reduce the number of whistleblowing
reports to the SEC; however, we have actually seen a 625% increase in whistleblowing
reports to the SEC since the implosion of Enron in 2001. Statistically speaking, for every
public company listed in the US, there are 51 whistleblowing reports – every month.
Of course, one of the myths is that Enron is somehow unique. Enron is not unique. In
fact, given the aforementioned statistics, it appears more likely that companies in the
US operate more like Enron than not. A survey last year by a leading US business
magazine revealed that 50% of CFOs are feeling pressure to “cook the books” with
20% actually feeling more pressure than they did before Enron. This figure means that
literally the US’s Fortune 100 companies may very well be cooking their books.
The risk facing companies today has never been greater as even good companies are
now suspect. And unfortunately SOX does nothing to dispel this myth. Historically,
companies have focused primarily on “corporate performance management” (CPM).
Although more “enlightened” companies recognize the importance of “quality
management” or TQM, rarely do companies understand the correlation between
performance and quality. Although important, these two components are insufficient
without understanding the “intangibles” or non-financial performance to assess the
integrity of a company. Unlike financial performance which is a lagging indicator,
intangibles provide a predictive look at where a company is heading. The integration of
all three of the key components: Intangibles, Quality and Performance (IQP), companies
can have a clear and concise understanding of their structural integrity.
7

The failures of corporate governance after Enron
As technology allows organizations to take integrity down to the desktop, companies
can mitigate against the risks associated the ethical misconduct disasters we have seen
with numerous companies. As strategic direction is implemented on an execution
engine and integrated with an incident management system, allowing employees to
raise important issues, companies suddenly begin to realize BI means more than
business intelligence – it means business integrity.
Lynn Brewer is a former Enron executive and whistleblower. While at Enron, she was responsible for risk
management in energy operations, competitive intelligence for Enron Broadband Services, the e-
commerce for Enron’s water subsidiary, and traded power at the height of the California power crises.
She is the author of “Confessions of an Enron Executive: A Whistleblower’s Story and Managing Risks for
Corporate Integrity.” She is founder and CEO of The Integrity Institute, Inc. www.IntegrityInstitute.com
8

Corporates increasingly look to
capital markets for innovative
risk solutions Peter Hacker, JLT
The global capital markets are becoming increasingly attractive to corporates in the
communications and technology sectors as some (re)insurers fail to keep pace with
change. And the trend will gather momentum unless insurers can think consistently
outside the box and interpret better the balance sheets and risk landscapes of
“commtech” companies with their increasing and dominating concentration on
“intangible assets”.
The dynamic pace of change in these sectors offers a unique opportunity for (re)insurers
to partner with corporates as they embrace converging technologies and new risk
financing techniques. Convergence also means that competitors might be suppliers and
suppliers might be customers and this interaction and dependence requires new risk
approaches.
(Re)insurers too often think in a linear way, but technology related risks are circular and
involving a material degree of volatility. Volatility is not just risk for the insurance carrier
but equally a chance to differentiate and set a new standard. Too often we hear from
(re)insurers, if we can’t model it we can’t write it, but these are the new risks that
customers face. In the past risks were tangible now they are increasingly intangible.
The most important “intangible” risks to corporates, he said, are intellectual property,
regulation and competition but none of these are materially insurable.
Whilst we fully understand the restrictions on the last two risk classes which are de
facto non-transferrable business risks, technical underwriters should focus once more
intellectual property.
“We can recognize that a growing number of communications and technology
companies are now considering or using alternative risk financing arrangements such
as credit default swaps or securitizations, with banks or finance houses related to
credit, catastrophe risks and intangible assets. Others are applying risk financing
“protected cell” structures that address the various accounting regulatory standards
such as US GAAP (Fin46, FAS 113, EITF 93-6/14, EITF 03-8)) and/or IAS (IAS 27) or
IFRS 4 implications”.
Insurers and risk advisors such as insurance brokers must keep up with change
including new accounting guidelines, perspectives for Solvency II and best practices for
transaction documentation. We must look at convergence as an opportunity to partner
with insureds for structured (re)insurance to broaden their income base rather than
imposing further restrictions. Since the convergence between the communications,
media and technology sectors will continue to blur and surpass the traditional
boundaries if (re)insurance does not keep pace then it is a matter of time until it will be
surpassed by the capital markets.
9

10
Catastrophe Losses – where
will the capital come from to
fund them Michael Brown, Allen & Overy
The insurance market has always been able to bounce back from bad catastrophe loss
years, and to replenish its capital needs. In the longer term, alternative structures to
manage catastrophe risk need to be developed alongside the traditional market to
handle demand for the spreading of risks of natural disasters and terrorist attacks.
First, some basic statistics (courtesy of Swiss Re 1 ): during the 1970s insured cat losses
ran at an annual average of US$3 billion. That loss level increased materially from the
1980s onwards: the adjusted annual average during the period 1987 to 2003 had risen
to US$16 billion per annum, a jump of over 500%.
It may be misleading to look at the last two years on their own; but 2004 and,
particularly 2005, were dreadful years for the cat market, with insured losses estimated
at US$40 billion for 2004 and US$83 billion for 2005, with US windstorms Katrina,
Wilma and Rita expected to cost US$65 billion. Swiss Re calculates that the cost of
insured losses from those three events alone would absorb over 11% of the total US
premium income generated for all US non-life business of all classes in 2005.
Prior to 2005 the worst single losses had been caused by Hurricane Andrew in 1992 (at
US$22.3 billion) and the al Qaeda terrorist attacks on New York and Washington in 2001
(US$20.7 billion).
It is in the nature of catastrophe business that losses will tend to be settled fairly quickly
after the event, even if business interruption losses may take rather longer to calculate,
and uncertainties over contract wordings may also serve to prolong the process (pace
the long running argument over whether or not the damage to the World Trade Center
twin towers constituted a single event and hence a single loss limit).
One consequence of that is the speed with which involved insurance and reinsurance
companies around the world need to move to restore their capital positions in order to
maintain regulatory solvency. Whilst there have been significant insurer casualties after
both after 9/11 and again after last summer’s US windstorms, the resilience with which
most insurers have been able to restore their balance sheets has been very evident.
Within 12 months of 9/11 the direct and reinsurance market had been able to raise
over US$30 billion in additional capital. The FSA estimated in February 2006 that about
US$22 billion had been raised in the wake of Katrina, though it will be noted that this is
only about one third of the estimated cost of Katrina, Wilma and Rita and little more
than one quarter of total estimated 2005 cat losses (US$83 billion).
Before we look further at the implications of this shortfall, it is worth noting that there is a
significant difference between an existing insurance company, with a claims legacy,
raising capital to restore its capital base on the one hand and, on the other, a start-up
venture with no such legacy tapping the capital markets in order to take advantage of the
increased premium rates that inevitably follow from a bad cat year until such time as the
capital injected back into the industry is sufficiently large to force prices down again.
Inevitably new ventures are an easier sell. One saw that phenomenon after 9/11 where
Bermuda’s start-up babies raised some US$14 billion in new capital. There is some irony
in the fact that many of those self-same companies, now adolescents, have had to tap
the capital markets again in recent months to meet losses on business written over the
last 3 years – though most have been successful in doing so. And a further generation of
new Bermuda start-ups have raised a further US$10 billion in new capital.
But when one takes a sober look at the growth in cat losses, the spiraling rate of that
growth, and the poor historically record of return on capital invested in the insurance

Catastrophe Losses – where will the capital come from to fund them
industry, one has to ask whether that success will continue. It would be a brave man
who would say that the 2005 windstorms are an aberrational event: earthquakes
present a huge hazard in heavily industrialized zones in the US, Japan and elsewhere;
climate change heralds the potential for heightened medium term flood risk as well as
other changes in weather patterns.
I am with Warren Buffett, boss of Berkshire Hathaway, who says: “I don’t know the
answer to these all important questions. What I do know is that our ignorance means
that we must follow the course prescribed by Pascal in his famous wager about the
existence of God. As you may recall, he concluded that since he didn’t know the
answer, his personal gain/loss ratio dictated an affirmative conclusion.”
Factors other than climate change lead to the inevitable conclusion that cat losses can
only grow in the decades ahead. Expanding economies mean enhanced insured values;
and as economies like China, India and Brazil develop, their industries, assets and
revenues will increasingly be insured too. So insured values at risk are growing fast,
just as the uncertainties of global warming loom to the fore.
The traditional reinsurance market is just not, by itself, large enough to absorb this risk
growth; and the flight to quality also has the perverse effect of concentrating the risk
within fewer well-rated players. Majors such as Munich Re and Swiss Re have not to date
experienced difficulty in tapping the equity or capital markets. There is a relatively limited
appetite within the capital markets to provide capacity for (mainly) third party catastrophe
risks. Swiss Re is one of a relatively select band of companies that has regularly
utilized this market. But, with an apparent capacity of US$5 billion, this market has been
stretched by Katrina and, for that and other reasons, offers no general panacea.
Major single cat loss events will inevitably potentially exceed what the (re)insurance
market capital bases can cumulatively support, particularly if their frequency increases.
The structures in place to support Californian homeowners and businesses in the event
of an earthquake, for example, show the need for combining traditional insurance and
alternative capital market solutions.
There remains a real question mark over whether some cat risks are insurable at all,
terrorism being an obvious example. In the UK the Government has for some years been
effectively the insurer of last resort of property and BI risks caused by terrorist attacks
via its reinsurance of Pool Re. In the aftermath of 9/11, Governments were forced to
step in temporarily to underwrite certain specific risks such as aviation liability. Further
serious terrorist attacks will re-introduce pressure on Governments to share more in the
assumption of such risks either in partnership with the insurance industry, or in place of
it. Understandably there will be political resistance to such moves, and there are serious
legal difficulties e.g. the prohibition of State subsidies in the EU.
But with frequency and size of cat losses set to grow, pressures to find risk sharing and
funding solutions within and beyond the insurance industry itself will become ever more
urgent.
Michael Brown is Co-head of the Insurance Group, Allen & Overy LLP.
Allen & Overy is a global law firm. The firm has advised many leading insurance and reinsurance
companies in the raising of regulatory capital. In the aftermath of 9/11 the firm was heavily involved
in establishing an aviation liability insurance facility backed by the UK Government and is advising
the owners of the World Trade Center on their insurance claims.
Sigma report: Natural catastrophes and man-made disasters 2005, No 2/2006. To ensure that the
comparison is true, the loss figures quoted here are inflation adjusted to 2005 cost levels.
1 Source: MMC Securities Inc.
11

Continuity risk within the supply
chain – the importance of the
macro approach Chris Rigby-Smith, JLT
Much has been debated on the issue of supply chains recently, within academia,
professional institutes and also commercial organisations. With the occurrence of every
new variant of disaster whether it be a terrorist attack, hurricane, tsunami, earthquake,
flood or fires, it seems that the supply chain risk is a critical issue.
Yet despite this heightened awareness, it is still a problematic area from a risk
assessment perspective. Some fundamental questions that highlight this dilemma and
confusion are:
• What is the difference between supply chain risk management and organisational
risk management
• What is the difference between ‘outsourcing’ risk and ‘supply chain risk’
• How can the supply chain risk be efficiently mapped and analysed
• What solutions exist – risk financing or otherwise – to address supply chain risk
• How can the supply chain work effectively as one to be adequately prepared, both
to respond to a crisis and to manage the recovery from it
Supply chains are becoming increasingly complex and interdependent in many sectors
and this is self-evident within the communications and technology sectors. The need to
source highly specific components from specialist sources, within a global marketplace
is a fundamental driver for many organisations. All too often the process of managing
the risks that ensue, is an afterthought of the established procurement function.
The immediate dilemma for any major company in facing up to this situation, is how to
break into the organisational structure and culture in such a way that a robust and
systematic process can be put in place, which will collate the necessary information in a
way that is replicable, on a regular basis, in the future. Fundamental to this is the
process of identifying the best sources for that data and establishing commitment from
the business leaders to provide it. Convincing the business of the value of risk
management, in the first place, might be an essential part of this! The organisations
which have already embedded risk management into their way of doing things will be
those that most readily appreciate the need to understand risk within the supply chain.
From a risk management perspective, there is a secondary and more specific dilemma,
which is the need to meet the various and competing needs of different stakeholders.
The insurance market continues to demand risk information on a location-by-location
basis. From a property damage and business interruption insurance point of view, the
analysis needs to provide maximum foreseeable loss figures, relating to an insured
event, impacting on property insured or used by the insured at specific premises. This
immediately has a tendency to drive the analysis towards high asset values or critical
production processes at key locations. From a business point of view, the interest is
much more in understanding what are the critical revenue streams, brands, markets
and product groups, and the vulnerabilities within the associated supply chains. In the
early stages, this second approach is not likely to be so locationally focussed. It is more
likely to be interested in supply chain mapping and interdependencies.
12

Continuity risk within the supply chain – the importance of the macro approach
Two other issues arise with the first of these two approaches, the location-by-location
analysis:
• Firstly, it is unlikely that personnel at site level are going to have a sufficient
appreciation of the upstream / downstream dependencies, beyond their immediate
boundaries.
• Secondly, the financial analysis of ‘see-through’ gross profit, that is needed for an
in-depth risk assessment, will not be available at site level.
It follows that one of the fundamental questions that an underwriter will ask relating to
supply chain risk such as ‘Where are the critical single points of failure and what is the
gross profit aggregation that arises from the interdependency’
The second, more business-driven approach will concentrate upon the major
brand/product/market combinations and establish early on where the sensitive points
are within the vertical supply chains. Once the ‘see-through’ gross profit numbers have
been clarified, an analysis of the infrastructure that supports them can be carried out.
This will identify the priorities against which risk control and transfer measures can be
targeted. These solutions might be straightforward insurance, physical risk control or
business continuity planning, or more likely, a combination of them all.
If the sensitive points (single points of failure) lie outside the boundaries of the
organisation itself, then it becomes critical to build an understanding of the quality of
the supplier’s or outsourcing company’s own risk management and business continuity
planning. It is increasingly acceptable that a customer should be allowed to satisfy itself
in the integrity of the supplier’s continuity planning and physical risk control, and to that
end, customer driven audits can be important. Depending upon the results of such
audits, procurement decision making can be adjusted to reflect the risk quality, and
contingent business interruption insurance protection can be tailored more precisely,
thereby maximising the usage of premium and capacity.
13

Learning the lessons
of recent catastrophes
Franco Masciovecchio & Adrian McGarva, Glacier Re
Over the last two years, the insurance/reinsurance industry has seen insured losses in
excess of $100bn from US hurricanes alone. When increased flooding in Europe, a
higher incidence of Western Pacific hurricanes and US tornadoes are added to this, it is
clear that the industry is facing a challenging period and will need to implement major
changes.
A feature of the events of the past two years is that natural peril catastrophe risk
management has proven to be of vital importance. Improved contingency planning has
in some cases, such as in Prague earlier in 2006, proved to mitigate damage. In other
cases, such as the levee failures in New Orleans, it has had disastrous consequences. It
has become clear that catastrophe risk management is now vital and shortcomings in
traditional modelling, which have become increasingly apparent, need to be addressed
as a matter of urgency in this new environment.
In addition to the headline loss costs and risk management failures, it is now generally
accepted that both the frequency and severity of natural, climate-related catastrophes is
on the increase. US hurricanes have had the most severe impact on the industry in
recent years and scientific consensus is that hurricane activity is affected by a natural
cycle phenomenon known as the Atlantic Multidecadal Oscillation (AMO). This cycle is
thought to be in the early stages of a ‘warm phase’, which is expected to last for
around five years.
As a result of this, North Atlantic sea surface temperatures are continuing to increase,
which triggers increased tropical storm activity. Current research indicates that the
overall rate of hurricane landfalls is 25-30 percent above the average over the past 150
years and ‘intense’ storms (known as category 3-5) will increase more than less severe
storms (category 1-2) .
For example, the US National Oceanic and Atmospheric Administration (NOAA) predicts
that this year’s Atlantic hurricane season, which formally begins on 1 June, will bring 8-
10 hurricanes, 4-6 of which are expected to be ‘intense’. While this is less severe than
2005, it is still well above average for the previous two decades.
Although the impact of climate change and ‘global warming’ is far from clear, it is
generally accepted that the current level of ‘high activity’ of major natural catastrophes
will continue for at least another 10-20 years. The insurance industry is therefore
changing its mindset if it is to cope with the events of the future and will need to
continue doing so.
In addition to the increases in event frequency and intensity, damage vulnerability to the
events of 2005 was also far worse than previously forecasted, most notably for major
commercial and industrial risks. The risk management failures of 2005 and failure to
accurately predict the impact of these events is now being integrated into the pricing
and assessment of other perils – notably earthquake and flood.
The breach of levees in New Orleans in the immediate aftermath of Hurricane Katrina is
one clear example where infrastructure must be updated, or indeed provided, in
vulnerable areas. When originally designed and constructed they were believed to be
adequate given the probability of an event such as Katrina. Recent events and expert
forecasts have shown that such measures need to be analysed and updated regularly.
As a counter example following major losses in 2002, the 2006 spring floods in Prague
14

Learning the lessons of recent catastrophes
“tested” the preparedness for a flood situation. After two catastrophic flood events the
attitude towards flood danger has changed dramatically. Flood defences (sandbags)
were built immediately after the announcement of an emergency flood situation.
This type of defences proved effective against this type of flood with lower return
periods. The new mobile flood defence system in Prague was built-up on Wednesday
after the announcement of an expected 10 years flow in Prague. However, the water
remained in the river banks and therefore did not breach the flood defences.
As the aftermath of the 2004/5 windstorm season and other natural catastrophes
continues to be felt, and steps are taken to contain the impact of future occurrences,
what does this mean in practical terms for the insurance industry
The losses following the US 2005 windstorms, most notably Hurricane Katrina, could
not have been avoided from better use of the then-current modelling techniques. The
unprecedented scale of windstorm, storm surge, flooding and business interruption
were unique, and most models failed the test.
So as insurance changes, risk modelling is also changing to take into account the new
and uncertain climate. Hurricane Katrina in particular proved that consequential losses
must be included in future risk modelling. Losses such as storm surge following
windstorms and fire following earthquakes are now an essential component of
insurance pricing.
At the commencement of the 2006 US hurricane season, capacity for catastrophe risks
is now extremely scarce, and retrocession cover is particularly difficult to find, although
Glacier Re continues to offer capacity in key catastrophe zones.
Rating agencies are increasingly vocal – and unforgiving – on catastrophe risk
management, which has led to a several key downgrades for reinsurers worldwide.
Major reinsurers are therefore cutting back on both premium and exposure.
Consequently, insurers are forced to hold bigger retentions and, to limit their need for
reinsurance, are also cutting back.
Against this background, pricing for catastrophe cover in US peak zones has inevitably
increased substantially. For US wind industry loss warranties (ILW’s), prices have
increased by over 400% at certain levels in the past 18 months.
For re/insurers, the ability to effectively and accurately assess risk has become
paramount. Companies need to be able to demonstrate catastrophe risk management,
the ability to geocode and cat model each portfolio is becoming essential for buying
cover. Furthermore, multi-line accumulation assessments are needed and differentiated
analysis is needed when writing individual risks. Increased stress testing is also required.
For insureds, intricate knowledge of risks and exposures is needed, so risk
management is high on the agenda. Insureds need to demonstrate their risk analysis by
providing complete information to insurers; ensuring the enforcement of state and/or
statutory building codes; secure contingency plans for key supplies such as power and
regularly testing emergency response procedures.
However, both insurers and insureds often overlook the human element of catastrophe
planning and response. People should manage a crisis; a crisis does not manage the
15

Learning the lessons of recent catastrophes
people. Getting the right people with the right knowledge and skills is an essential part
of managing the aftermath of catastrophe experience.
Part of this ‘human’ element is also to make sure that a clear understanding of the
agreements and procedures between all parties, on property and all other insurance
needs, is put in place from the outset. This ensures that the right cover is bought and
helps avoid disputes further down the line.
As the industry comes to terms with the experiences of 2004 and 2005, much has
been done to increase understanding of the new nature of risks. The consequences for
re/insurers and risk managers are far-reaching, but the industry has successfully
adapted to change in the past and will do so again.
Franco Masciovecchio is a Senior Underwriter at Glacier Re and Adrian McGarva is Chief Actuary at
Glacier Re.
16

Supply chain management and
critical information structure
Joe Bona, AXA Corporate Solutions
AXA Corporate Solutions took part in the panel in the workshop regarding “Supply chain
management and critical information structure: the effect of outsourcing and more
complex supply chains”, and raised some key points regarding the following:
Aggregation & Suppliers’ Extensions
• Headline grabbing events in recent years, most notably, perhaps, “9/11”, refocused
the attention on the criticality and susceptibility of outsourced supply
chains to uncontrollable risks.
• The identification and quantification of supply chain exposures is complicated and
especially so in high-tech industries, which are characterised by complex multi-tier
supply chains with considerable aggregation risks to the Insurers.
• Aggregation concerns are reflected in the lower limits imposed by the Insurers on
suppliers’ extensions.
• Such limits imply potentially uninsured exposures to the Insured. This places
added emphasis on the Insured’s need to risk manage the supply chain, focussing
on aspects such as the supplier’s criticality to the business (in terms of turnover
affected rather than contract price or number of widgets supplied) and the
supplier’s vulnerability to interruption. Ideally this needs to extend beyond Tier 1
suppliers to include critical Tier 2 / Tier 3 suppliers.
IT Infrastructure
IT infrastructure is an essential element of most operations and is increasingly
outsourced. Most conventional insurance policies do not respond to IT failure (e.g.
“millennium bug”, virus, software “glitch”), thereby constituting another Risk
Management “hot spot”. If we take the example of a telecoms operator, the network is
invariably resilient against loss of node. However, an IT failure could bring the entire
network to a stop.
Contract Risk
Another aspect of concern to Insurers is inherited contractual risk. A recent example
encountered by AXA was a situation where the insured signed a contract with an
equipment supplier and servicing company which included a waiver of subrogation
rights against the supplier for faulty workmanship, which resulted in a claim against the
Insurer. Contractual risk will inevitably come under increasing scrutiny.
Business Continuity
• Business Continuity Planning is vital in this BI intensive sector and the periodic
testing of BCP’s is essential in such a rapidly changing BI environment.
• BCP needs to look beyond the physical aspects and consider support activities
such as claims management. AXA Corporate Solutions Assurance has conducted
pilot studies with clients in the Retail sector to consider how the management of a
claim, arising in worst-case circumstances, might impact on the BCP and vice
versa. The exercise aims to identify critical pinch points. For example if the BCP
depends upon interim payments in the event of a claim, do all key players
understand what is expected of them and what substantiating documentation is
17

Supply chain management and critical information structure
required This exercise involves the Insured, Insurer, Broker, Claims Adjuster,
legal advisors, technical specialists and, not least of all, critical suppliers. This is
an approach that lends itself well to the high-tech communications sector.
Joe Bona is AXA Corporate Solutions UK’s Head of Risk Engineering.
18

Cyberspace now on terrorist
radar, experts warn Nick Robson, JLT
Review of terrorism patterns have revealed that commercial computer, IT and
telecommunications networks are increasingly likely to become a direct or indirect
target, a panel of experts warned during the debate on Cyber terrorism.
Nick Robson, a JLT partner and an expert in terrorism and political risk said: "If we look
at the history of terrorist activity it is reasonable that it is only a matter of time before
attention is refocused on economic targets. It is accordingly reasonable to expect that
there is a growing threat to business, though many corporations and institutions do not
seem to have identified the nature of this threat and where it will come from.”
He said that previous trends in terrorism indicated that it was only a matter of time
before terrorists utilised cyber vulnerabilities to support or indeed execute attacks. Such
action could have significant consequences for the communications sector.
The consequences of a cyber attack to the power industry for instance would cause
communications operations to close down for a period of time, expose customers to
loss of service, increase liability exposure and ultimately damage reputation for service
delivery. Companies need to identify their risk and where possible manage it.
Apart from security management, it is important for businesses not to consider
themselves only to be the victims or subjects of terrorism, but to contemplate whether
they have a relationship with the risk that allows them to perhaps exert some further
management over it. Whilst this may seem like an extraordinary statement, in emerging
markets this is of particular importance given the impact a business can have on
prospective terrorist activists, who may be drawn from disenfranchised local groups etc,
who may in turn have been impacted by commercial business investment.
The protection of critical components within internal and external IT infrastructure will
become even higher priority in particular relating to perils coming from non-physical
events such as cyber hacking which could take down a network.
JLT along with leading insurers has recently developed new unique risk financing
approaches to protect critical components and intangible assets.
Peter Yapp, Deputy Director of international business risk consultants, Control Risks said
that the "War on Terror" against one group of terrorists was a misnomer because the
majority of the terrorist attacks are committed by local operatives operating as
"franchise bombers" or completely independent operatives. There is no single threat
and one of the key issues for the future is cyber terrorism.
“They tend to go from the body count to commercial targets. It is reasonable to assume,
for example, that they will target critical points in our network such as IT infrastructure
in the energy sector.”
Mark Whitaker, Head of Security Consulting at consulting engineers Buro Happold said:
"Commercial companies need risk mitigation strategies that are based on detailed
advice on the assessment on the ground. Companies operating in foreign markets
should understand what the dynamics are in that country for their industry, what if any
problems there may be with the Government and special interest groups. They also
need to ensure that their assets are secured by design".
19

Network asset protection -
protecting your critical assets
Emily Freeman, JLT
Today’s companies perform innumerable transactions and infrastructure functions
through public and private computer networks, including new wireless applications.
Computer attacks, operational mistakes, and network outages may completely paralyse
an organisation by bringing down the information infrastructure and communication
lines. These issues are complicated by a network of outsourced and offshore third party
providers who increasingly provide critical IT and business process services.
To properly face the challenges of IT downtime and damage to critical digital assets,
such as software applications and data, enterprises are investing in business continuity.
In the United States, the Sarbanes-Oxley Act of 2002 has explicitly mandated viable
disaster recovery plans and data protection for public companies. Certain high
compliance industries, such as financial services and power/energy, are under
regulatory pressure to focus on recovery plans. Chief Information Officers are well
aware of the vulnerabilities of critical information and communication systems. However,
robust a company’s prevention strategies are, there is no absolute guarantee of safety
from threats such as viruses and denial of service, terrorist attacks, or operational
mistakes.
With organisational challenges and outsourced IT services, boards and senior
management are concerned about the extent to which the IT infrastructure is backed up
and how quickly operations can be resumed should disaster strike. For some industries,
corruption of data or network outages during a high or peak season could seriously
erode financial performance and concern investors.
Consider the following:
• According to the 2005 Symantec/Financial Times Survey, business continuity
compliance requirements are raising the level of attention paid to the cost and
efficacy of business continuity programs. Executives responsible for business
continuity, however, reported significant gaps in overall preparedness, particularly
as it relates to testing and financial assessment of loss impacts.
• In January 2006, the FBI released its 2005 Computer Crime Survey, reporting that
9 out of 10 organisations surveyed were victims of some sort of computer security
incident, and almost two-thirds suffered financial loss as a result of the cyber
incidents. Viruses, worms and spyware headed the list of incidents.
• 2005 Swiss Re’s Corporate Risk Survey reported that computer-based risks such
as hackers, viruses, piracy, and unauthorised disclosures rank highest among
executives worldwide and is the leading societal risk.
Traditional First Party and Generic Cyber Insurance – Limited at
Best
Most organisations have little or no insurance to cover operational risks related to
electronic data, applications, and computer networks. Property insurance markets have
either not offered or withdrawn coverage for non-physical events. Some organisations
have investigated or purchased “cyber policies” that offer limited coverage, uncertain
methods of determining loss, and low limits of insurance per hour. Often these policies
also contain inadequate limits for contingent business interruption or exclusions that
limit coverage for inside perpetrators of computer crimes. Time period deductibles have
also been overly onerous and virus coverage has been limited.
20

Network asset protection - protecting your critical assets
Broad Protection through the Network Asset Protection Policy
JLT Risk Solutions is introducing a new insurance product called Network Asset
Protection, designed specifically for business organisations anywhere in the world
and which addresses the first party risks associated with digital assets and
computer networks.
The insuring agreements include Loss of Digital Assets, Non-Physical Business
Interruption and Extra Expense and Cyber Extortion Threat.
This policy provides unique coverages and approaches to addressing these risks:
• Insured causes of loss include:
• Accidental Damage or Destruction
• Administrative or Operational Mistakes
• Computer Crime and Computer Attacks
• Broad terrorism coverage available by endorsement
• Clear methods and alternatives of determining loss, including agreed amount
• Worldwide coverage
• Contingent coverage for covered causes of loss arising from business process and
IT outsourcing
• A low minimum four hour time retention minimum with coinsurance options
• No internal per hour limitation for recovery
• Expanded coverage for special expenses including forensic expenses, customer
notification expenses, and public relations
• Broad coverage for events arising out of malicious or criminal attacks, including
acts committed by rogue employees
• $25,000 minimum premium with up to $10 million in primary limits available.
Emily Freeman is part of the Financial and Professional Liability Practice of JLT Risk Solutions in
London specializing in Technology Professional Liability, Media/Intellectual Property, and
Cyber/Network Risks.
21

Corporate Governance driving
end to “Deal Now Deal Later”
insurance market
Paul Wordley, Sian French & Kapil Dhir – Holman Fenwick & Willan
Conclusions of the Contract Certainty Workshop
The Starting Point - Structure
It was generally accepted that the starting point for considering the relevance of
contractual issues to buyers and the implementation of their insurance arrangements is
to consider the “insurance architecture” that is to be utilised in the risk transfer process
from the buyer (transferor) to the seller (transferee) via the broker (intermediary).
Insurance architecture considerations will include the establishment and/or use of a
buyer’s captives, fronting issues and ensuring proper (or actual) risk transfer versus
funding arrangements.
It is important that all stakeholders in the transaction process clearly understand the
objectives and needs of the buyer and the seller, including an understanding of the
insurance architecture. The objectives must be articulated clearly at the outset of a
potential transaction. This forms a proper starting point to deal with the insurance
documentation.
Specifics – Past, Present and Future
The following specific points were discussed and developed during the conference:
• Traditionally, the insurance market has worked on the basis of “deal now, detail
later” and the relevant documentation has followed well behind the actual
transaction and the inception date of the insurance contracts concerned. This is
becoming increasingly unacceptable for a variety of reasons: firstly, proper
business practice dictates that all concerned in the transaction – buyers, seller and
intermediaries – know exactly what constitute the terms of the transaction at a
stage at or before the date where all the parties will rely on the transaction i.e. the
inception date (“check before you commit”); secondly, good corporate governance
and sound risk management principles dictate that appropriate individuals within
the buyer and seller know the detail of the transaction, thus providing certainty to
the buyer in the context of a business which is not stationary that he has bought
protection for the risks that he has identified in his business and, from the seller’s
standpoint, an understanding of the risks that have been underwritten (“know what
you have”).
• Contract certainty initiatives as promoted by the Financial Services Authority in the
London Market (which tend to be copied elsewhere particularly where London
Market participants are involved in a transaction) require a similarity of certainty in
the insurance procurement process, namely the use of appropriate professionals
and service providers and the use of brokers not just in the insurance structuring
process but also, for instance, in the event of anticipated claims.
• Moving on to the content of individual transactions, these should conform with the
actual transaction that is being undertaken. However, it was agreed that there were a
number of issues that need to be considered when structuring the contractual terms
and conditions and in particular certain protections that can be built in to protect both
the buyer and indeed the seller. These include consideration of the following:
Proper law. Many parties enter into transactions that are silent as to the proper
law. However, it is important to consider exactly what law is applicable to the
22

Corporate Governance driving end to “Deal Now Deal Later” insurance market
insurance transaction in question since this will determine the nature and the
extent of the remedies available to either the buyer or seller depending on what
sort of breach of insurance contract is being considered. An example of this is the
Draconian remedy under English law that an underwriter has available for material
misrepresentation or non-disclosure of a fact that influences the underwriter in his
decision to write or price the risk which is the subject matter of the insurance
transaction. There are other examples under different legal systems of terms that
have similarly, or perhaps more or less Draconian effect in the event of
misrepresentation or non-disclosure when obtaining coverage. These should be
dealt with by careful consideration of the risk profile of the seller, a relative
valuation of the exposures, consideration of how the parties want to deal with
breaches of contract and so on.
Jurisdiction. In conjunction with proper law, jurisdiction is key to ascertaining the
forum for dispute resolution in the event of coverage issues. Different jurisdictions
will interpret the proper law in a different way. In the absence of express
jurisdiction clauses, and in the event of a disputed insurance claim, both the buyer
and the seller will have to perform a comparative coverage analysis to look at the
possible jurisdictions available to them and the expected outcome (in terms of
proper law and coverage) that each particular jurisdiction will assign to the
insurance contract in question. Almost as important for European-domiciled buyers,
a local legal system may not have the necessary skills, pool of expertise and
familiarity with what can be very technical issues in insurance claims (for example
root-cause analysis and coverage issues) and often perceive that certain
jurisdictions, such as the courts of England and Wales are best placed to deal with
such issues, given the history of the Commercial Court in dealing with insurance
and reinsurance claims throughout the 20th Century. Note that the same effect can
be achieved in an alternative way: it is possible to specify the jurisdiction of the
Commercial Court but also have a proper law clause that introduces some of the
more benign insurance rules and procedures that are prevalent in, for example,
Mainland Europe. Alternatively, the parties can specify private and confidential
arbitration in a location of their choice and subject to a proper law of their choice.
Finally, it is possible to use alternatives to litigation, such as Queens Counsel
clauses or appraisal clauses, where issues of policy response and quantum of
coverage respectively are referred to contractually binding, non-appealable,
adjudicators.
Information Provisions. Where information is required to be provided to
underwriters, there is a need for care in identifying the responsible person for
passing on that information, particularly within a buyer. These provisions can arise
in the context of either the provision of information pre-inception (disclosure
obligations) or upon the happening of a loss-event (notice provisions). It is possible
to stipulate in the insurance contract that information has to reach a certain level
within a company – for example an officer in the risk management department, a
main board director or indeed the legal department – before it triggers any
information requirements under the policy, such as notification of loss or, if
appropriate, an increase in material risk. For underwriters to accept such
provisions however, insureds have to provide a vast amount of information about
the adequacy of the information transfer process up and down the management
chain. Effectively, in this scenario, the insured has the benefit of insurance against
the failure of the information mechanism.
23

Corporate Governance driving end to “Deal Now Deal Later” insurance market
Misrepresentation and non-disclosure. As noted above in relation to the harsh
remedies available in respect of insurance disputes in certain jurisdictions, for
example England and Wales, it is possible to incorporate provisions into the policy
that restore some of the balance. The idea is to replicate the continental idea of
“proportionality” where the remedy is ascertained to be proportional to the breach.
In effect, for minor misdemeanours, underwriters do not get off the hook. At the
other end of the spectrum, major misdemeanours such as fraud or the deliberate
provision of misleading information, are punishable by forfeiture of the claim or
perhaps even the policy. There are of course graduating remedies in between since
the remedy must be proportionate to the breach and is compensable by damages,
e.g. if there is an enhanced risk then the underwriters may well set-off against the
claim an entitlement to charge an increased premium or additional terms and
conditions be imposed.
Conditions Precedent to Liability. It is important that conditions that are precedent
to liability (i.e. breach of which means that an insurance contract does not respond)
are clearly stated as such and it is possible to insert a clause that limits conditions
precedents to those clauses that are described specifically as such. The same can
be done with warranties. In the alternative, certain jurisdictions, such as the
Commercial Court in London, will look at the relevance and materiality of individual
clauses to ascertain whether they are conditions precedent or warranties,
notwithstanding the description of such clauses in the contract.
Contract Risk Management. Although not directly related to the insurance
transaction itself, it was recognised (particularly in the workshop) that there were a
number of legacy contract issues where insureds have long-standing contracts
with, for example, suppliers. Many legacy contracts do not accurately reflect the
commercial relationships in a current application and indeed underestimate in
terms of the available remedies the insured’s rights in the event of a supply chain
disruption. A full understanding of the supply chain and contract risk management
(including continuous assessment of the insurance architecture) in the supply chain
is essential in order to ascertain what risks are being retained by an insured and,
consequently what could be transferable to the insurance markets.
Claims handling. Another issue to emerge from the workshop was the need to
address, prior to inception, the importance of understanding what would happen in
the event of a claim: what authorities were available to be exercised by the insured
and what would be the role of loss-adjusters, bearing in mind that in a number of
areas, there will be the need for a very rapid response to a developing claims
situation where protection of reputation and brand are as important as dealing with
the normal business aspects of a claim such as resumption of production, issues as
to liability and so on. Part of this process should, based on the workshop discussion,
include some scenario analysis and stress evaluations of potential likely claim
scenarios and how these would be dealt with. This should form the basis of a written
claims handling protocol that is negotiated along with the main insurance contract.
Business continuity planning and crisis management. Following on from the
above, it was considered in the workshop that it was most important that both
business continuity planning and crisis management were considered alongside
any claims-handling protocol, not least recognising the alternative resources that
would be required in the context of business continuity planning and crisis
24

Corporate Governance driving end to “Deal Now Deal Later” insurance market
management, such as brand and reputation consultants. It is essential that all of
those involved in the rapidly developing, complex claims process, including those
tasked with ensuring, to the extent possible, that nothing is done which prejudices
insurance cover whilst underwriters are, as and where appropriate, adequately
protected.
Each of the above, if done successfully, is considered essential to ensuring that
claims certainty – which is the natural consequence of contract certainty is
achieved. Whilst there will always be an uncertainty in the insurance industry – by
its very nature insurance deals with the uncertain as well as the certain quantifiable
– it was felt by all those involved in the workshop and indeed in the general
discussions that an emphasis on and a proactive approach to dealing with the
contractual process would benefit all concerned.
Paul Wordley, Sian French and Kapil Dhir, Holman Fenwick & Willan
25

D&O premiums fall, but pitfalls grow
Ken McKenzie, Davies Arnold Cooper
The good news for buyers of Directors’ & Officers’ insurance is that premiums have
continued to fall, with an estimated additional 9% thought to have come off premiums
during last year. Though there is some indication that environmental exposures and
global warming may start to drive rates back up again in the near future.
Capacity, however, seems to be on the rise again, with UK consultants Towers Perrin
indicating that it is approaching $1.5 billion, the historical high of 2000.
Although there has been an increase in the number of class actions initiated by
institutional investors, the number of US class action suits seems to have dropped in
2005, possibly reflecting a reduction in alleged loss totals to investors.
Settlements continue to ride high in spite of a softening of the market. Nortel Networks,
for example, reported a $2.5 billion litigation expense thought to result from D&O
insurers having walked away from their much publicised problems. Profit forecast
shortfalls continue to offer fertile ground for corporate claimants. New policy products
keep coming and the market for them remains highly competitive.
Sarbanes-Oxley (SOX) continues to cast its long shadow, so much so that many companies,
including global communications and technology companies, are contemplating or have
actually initiated de-listing in the US. Dual US/UK listed companies caught up in US securities
action have included Vodafone, Cable & Wireless, and Shell. While de-listing might not have
been a complete answer originally, the SEC is proposing new arrangements which will make
it easier for non-US companies to de-list and obtain deliverance from their compliance
obligations on the basis of three alternative tests for “well known seasoned issuers”.
Anti D&O activists managed to get by before SOX and many notorious suits pre-date its
implementation. However, in HealthSouth, perhaps the best known post SOX D&O case
to date, having frozen the assets of CEO Richard Scrushy, the SEC allowed tens of
millions of dollars to be released to Mr Scrushy for personal use on legal and other
expenses, perhaps a sign of a lack of working D&O cover
This July will finally see the much-delayed implementation of Section 404 for relevant
non-US private issuers, obliging them to include both a management and auditor
statement on the effectiveness of internal controls over financial reporting in their
annual reports. Or will it A May 17 SEC announcement that small US companies will
have more time to comply has raised some expectations that the non-US deadline will
also be extended once again.
Nearer to home, the UK (whose “comply or explain” approach is apparently preferred by
the European Union Commission to a full blown European Corporate Governance Code)
is nearing the end of a long road towards the new Company Law Reform Act, predicted
to come into law at some point during 2007. The long consultation process involving
white papers, independent reviews, successive reports and reviews of codes is finally
drawing to a close. For D&O insurance purposes, the most interesting measures the
new bill proposes are to:
• Codify the duties of directors.
• Allow shareholders to agree to limit auditors’ liability to the company so that their
financial liability relates to their responsibility for the loss. (No news, however, on
the once-mooted cap for directors).
26

D&O premiums fall, but pitfalls grow
• Overhaul the machinery for derivative action by shareholders against directors or
third parties.
The new Act will roll up the Companies (Audit Investigations and Community Enterprise)
Act 2004 which itself relaxed the rules on the degree to which companies can
indemnify their directors in defence costs and actual third party liabilities. They can
advance and pay such costs (even in a claim by the company); however they become
repayable in the event of a unsuccessful defence of criminal proceedings or claim by
the company; fines imposed in criminal proceedings, regulatory penalties and liability to
the company itself cannot be indemnified.
In a late and surprising move at the end of last year, by the Companies Act (Operating &
Financial Review) (Repeal) Regulations 2005, with effect from January 2006, the
Government abolished the newly introduced Operating and Financial Review (OFR), a
move which may have taken much of the social, community and environmental spirit
out of currently proposed reforms. This may be a good thing for non-executive directors
who were potentially exposed to liability in discharging the role of moral conscience of
the company.
However, having just bowed to pressure from the Confederation of British Industry (CBI)
to strangle the OFR in its infancy, the Government was forced to re-open consultation
on the mechanism under threat of judicial review by Friends of the Earth. The results of
that consultation, which closed in March have resulted in the OFR remaining out of the
Bill. Indeed, current indications are that the UK government are moving in the direction
of shielding directors and officers from liability for untrue or misleading statements
except where bad faith or recklessness is involved; it looks as though the vetting
procedure of the courts for the new derivative actions will apply this principle.
Animal rights extremism has scored another own-goal in the UK where the threat of
circulation of shareholders’ details on the web has prompted immediate injunctive relief
and enhanced the likelihood that registration requirements will be relaxed in the new
Bill.
The role of non-executives remains problematic. Expensive to keep, they are arguably
superfluous in a well-run company and not always best placed to perform their
supervisory role. In Equitable Life, though criticised by the Penrose Report for being
effectively incompetent to monitor actuarial activity, the case against the non-executive
directors (and auditors) famously collapsed.
The new Bill still recognises no special role or distinct obligations for non-executive
directors, and that may pose its own challenge to the insurance industry.
Meanwhile the EU Council has adopted a directive updating accounting rules and
modifying the Fourth and Seventh Company Law directives to enhance confidence in
corporate financial statements and reports. This establishes collective responsibility of
board members for such statements, enhances transparency in off balance sheet and
related party transactions and introduces the requirement for a corporate governance
statement. EU states are supposed to adopt the changes into domestic law within two
years.
In spite of the softness of the market, severability remains a key area of concern,
highlighting the risk that information of which only certain directors may be aware can
27

D&O premiums fall, but pitfalls grow
be imputed to other innocent directors, either through the mechanism for placement of
policies, or operation of the policy language itself. This issue has placed an increased
focus upon the desirability of severability clauses and effective protection for all
directors. Without such clauses, very rigorous due diligence personally conducted by
and on behalf of each director may be necessary.
Another sensitive subject is Insured v Insured exclusions. These have been a feature of
some directors’ and officers’ policies for decades. Their effect varies very considerably
from jurisdiction to jurisdiction given the different rights which arise. In the US, for
example, where extensive rights are available to shareholders individually and as a class
to bring action against directors, the scope of policy risk and cover can be considerably
wider than in a jurisdiction like the UK where directors owe duties not, prima facie, to
shareholders, but to the company: if the company is an insured under a corporate
reimbursement clause and a simple form Insured v Insured exclusion denies cover for a
claim brought by an insured, what cover is left The answer may lie in the increasing
sophistication with which insurers modify the cover through carve-outs and exceptions.
The potential for extradition is beginning to cause concern. Enacted with anti-terrorism
firmly in mind, the UK Extradition Act 2003 has been more of a threat so far to directors
and officers, with examples like the three bankers resisting extradition from the UK to
the US on Enron charges raising the question why the Act is being used in this way
when there is no US reciprocity yet.
The D&O market, fuelled by much uncertainty over ongoing corporate reform in the UK,
US and Europe, continues to be one of the most fast-moving and volatile, behooving
buyers to monitor developments closely.
Kenneth McKenzie is a Senior Partner, Head of the Insurance Practice at Davies Arnold Cooper
28

CD POSITION
GUIDE ONLY
28
29