NVCA Today

Contributed By Spencer Hoole, Diversified Insurance Group

In 1996, I gave my first directors and officers (D&O) liability insurance presentation to a board of directors. The CFO of this publicly traded company asked me to discuss the highlights of its D&O insurance program that it had just renewed. The presentation lasted less than five minutes — and not one question was asked by any of the board members present. In fact, most of them were engaged in other conversations that they must have deemed more important or more interesting than insurance. My presentation was a mere formality: the board essentially rubber-stamped the CFO’s insurance decisions.

Since then, a board’s involvement in insurance decisions, like D&O coverage, has changed dramatically. Now our firm presents to its public client company boards and audit committees at least once a year. Board members are no longer passive and disinterested when it comes to insurance. Instead, most are well informed about the liability exposures directors face and want to fully vet their D&O insurance protection -- specifically the structure, limits and scope of coverage. Questions often arise about insurance carrier solvency, the importance of differences in conditions (DIC) A-side coverage, appropriate coverage limits and the terms and conditions of the policy. A decade ago, CFOs generally made all these decisions; in today’s ever-litigious corporate environment, many executives now defer these important decisions to their entire boards. They want their input and formal approval before finalizing major insurance placements.

Board involvement has not stopped at D&O insurance. Boards are also becoming much more engaged in risk management, specifically enterprise risk management (ERM). Traditional risk management identifies exposures to loss, examines various techniques to address the risk and then selects the most appropriate techniques to control the risk. It’s important to note that risk management focuses only on accidental losses, not all losses. A key technique used in risk management is insurance or risk transfer; however, insurance is only one facet of risk management. In fact, it’s been suggested that the paradox of insurance is that it is a good first and last response to managing risk, but is not always the most appropriate response. There are other important risk management tools, such as risk avoidance, self insurance, loss prevention, loss control, contractual risk transfer and alternative forms of risk financing.

In contrast, enterprise risk management, as its name suggests, deals with all aspects of an organization’s risk, not just accidental loss. The Risk and Insurance Management Society’s website (www.rims.org) defines ERM as “a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.” The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines ERM as a “process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Both definitions are mouthfuls, but the point is that ERM is all encompassing and touches the spectrum of organizational risk. Note the key takeaway that ERM is a process “effected by an entity’s board of directors.”

Since the recent financial and economic meltdown, the board’s involvement in ERM has grown significantly. Boards are expected to more effectively identify and assess risks across the entity spectrum, driven in large part by anxious shareholders and other stakeholders who want to ensure that both the balance sheet and shareholder value is properly protected. As such, the board’s role in ERM is one of the hottest topics in corporate governance.

The National Association of Corporate Directors (NACD) has also jumped into the ERM realm. Its Blue Ribbon Commission on Risk Governance: Balancing Risk and Reward included “Ten Principles of Effective Risk Oversight for Boards”:

1. Understanding key drivers of business success.
2. Assess risk in the company’s strategy
3. Define full board and committee’s roles in risk oversight
4. Consider which risk management system is appropriate
5. Management and Board agree on risk reporting to Board
6. Dynamic and constructive risk dialogue with management
7. Closely monitor risks in culture and incentive structure
8. Monitor alignment of strategy, risk, controls, compliance, incentives and people
9. Consider emerging and interrelated risks
10. Periodically assess board oversight processes

In July 2009, the Securities and Exchange Commission (SEC) took these responsibilities even further by proposing new disclosure rules regarding board oversight of ERM, which could impact how boards approach and manage risk in the future. The proposed amendments include newly mandated disclosures on the boards’ increasing involvement with ERM. If you thought directors of a public company had a tough enough job fulfilling traditional fiduciary and stewardship duties, imagine how those directors must feel knowing they could be held responsible for not accurately identifying and assessing all entity risks and for not properly planning a response for each one. If the SEC proposal passes, Christmas will come early and often to the plaintiff’s bar.

The process of identifying and managing traditional and known risks is certainly doable for directors. (Heck, even a simple insurance broker can handle this responsibility.) But should directors also be held accountable for the highly improbable “black swan?” According to Nassim Nicholas Taleb, “a black swan is a highly improbable event with three principal characteristics: It is unpredictable; it carries a massive impact; and, after the fact, we concoct an explanation that makes it appear less random, and more predictable, than it was.” He considers 9/11 the prime example of this phenomenon.

Think about being responsible for identifying something that is unpredictable, something that has a huge negative impact, and after the fact, experts assert that you should have predicted it. That is one tough exercise for anyone.

In the future, boards will need to be well equipped to deal with these increasing responsibilities. They will rely heavily on outside professional service providers to guide them through the labyrinth that is ERM. Whether or not the proposed SEC rules relating to risk management oversight are enacted, ERM will become a recurring theme in boardrooms across America. In fact, it just moved to the top of the agenda.

Spencer Hoole is a principal at Diversified Insurance Group ( TechAssure member) and the head of the firm’s management liability practice. He has been in the property and casualty insurance industry for the past eighteen year and has spent the better part of his career working with and insuring venture capital-backed and private equity-financed companies, particularly in the technology and life sciences industries. He can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

We encourage all NVCA members to contact their TechAssure regional representative and learn how the VentureInsure program can benefit your firm and portfolio companies.  VentureInsure is the insurance program for members of NVCA and their portfolio companies. Each insurance product has been selected and customized for the unique needs of venture capital firms and the companies they develop. Many NVCA members will enjoy savings of over 20% on the insurance products they already have to buy by switching to the VentureInsure package program. Learn more at http://www.ventureinsure.com