Insurance Bulletin, 13 January 2017
In this issue: Regulation and legislation; Court cases and arbitration
1. Regulation and legislation
France: Sapin II Law: Introduction of the French Bribery Act
After having been criticised for dragging its feet in the fight against corruption, France has updated its legislation through the enactment, on 9 December 2016, of the Sapin II law which now meets the same standards as the US FCPA and UK Bribery Act. The enactment of this law may impact D&O and civil liability insurers, as explained further below.
One of the new measures introduced by the law is an innovative settlement scheme – convention judiciaire d’intérêt public – inspired by the US and the UK Deferred Prosecution Agreement. This is brand new in the French legal system.
Such a settlement may be proposed to companies during the course of, or before, entering into criminal proceedings related to bribery, money laundering or influence peddling cases. If accepted, the settlement imposes a financial penalty of up to 30% of their average annual revenue as well as damages to identified victims. Companies may also be required to implement a compliance programme for a maximum of three years at their own cost and under the control of the French Anti-corruption Agency.
This innovation leads to an admission of fact by companies which may impact civil liability insurers as well as D&O insurers since directors and officers are not strictly parties to the settlement and may therefore still be exposed to criminal prosecution.
By strengthening the French anti-corruption arsenal, the Sapin II law aims to limit the extraterritorial application of the US FCPA to French companies. It may also change the landscape for D&O and civil liability insurers.
UK: Government confirms the GDPR and NIS Directive will be implemented despite Brexit
The UK Government released a report on 21 December 2016 that affirms its intention to apply the EU General Data Protection Regulation (GDPR) and implement the EU Directive on Security of Network and Information Systems (NIS Directive) despite Brexit.
Both EU laws will impact UK businesses from May 2018 (before the UK is likely to leave the EU) but what this announcement confirms is that they will continue to apply after the UK leaves.
The report was produced as a result of the review conducted last year to consider the need for regulation or incentives to boost cyber risk management across the UK as the pace of change had been deemed insufficient thus far.
The report focused on the intended application of the GDPR, and its benefits, and concluded amongst other factors that:
- No further regulation beyond the GDPR is required.
- Mandatory data breach reporting will provide the Information Commissioner’s Office (the ICO) (and customers in certain circumstances) with information which will allow the ICO to improve the education of others to prevent future security breaches.
- Financial sanctions under the GDPR will be a significant call to action for businesses.
The report recognised the importance of non-regulatory incentives such as providing more information online and in forums to businesses, although it ruled out further mandatory measures including: requiring cyber insurance, including cyber risk in company annual reports, or requiring a cyber “health check”.
UK businesses planning to offer goods and services to EU citizens when the UK leaves the EU will need to comply with the EU legislation whether the UK Government keeps it or not. However, even UK businesses that do not offer goods to EU citizens will need to continue their work to ensure they are compliant with the legislation.
The GDPR will be of particular interest to cyber insurers as it is expected that data collected by regulators will be shared to improve their ability to price risks more accurately. It is possible that with better pricing, and a more consistent scope of cover, cyber insurers will see the popularity of their products grow.
Although lots of businesses are already familiar with the GDPR, the report confirmed that the detailed scope and requirements of the NIS Directive will be set out by the UK Government in 2017. The UK Government is also considering whether further regulation might, in the context of the NIS Directive, be necessary for critical sectors.
A link to the report is here: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/579442/Cyber_Security_Regulation_and_Incentives_Review.pdf
2. Court cases and arbitration
England & Wales: Sauce for the Goose? Not in this case - Spire Healthcare-v-Royal & Sun Alliance  EWHC 3278
In Spire Healthcare-v-Royal & Sun Alliance1 the insurer succeeded in establishing a lower aggregate limit on its liability for “linked” claims without suffering the consequences of a corresponding limit on the insured’s deductibles (or “contributions”). The decision is largely specific to the policy in question, but it raises some interesting arguments regarding construction and the interplay between aggregation of limits and deductibles.
Spire claimed indemnity under the medical negligence section of its combined liability policy, in respect of hundreds of clinical negligence claims made against a consultant breast surgeon who had worked at Spire’s hospitals between 2004 and 2011. The issue was whether Spire had total cover available of either £10 million or £20 million for “linked” claims and, if the former, whether Spire’s total contribution by way of deductibles would be limited to £25,000 for all linked claims or to £750,000.
The Medical Negligence section provided claims-made cover with a Scheduled costs-inclusive Limit of £10 million for “any one claim” and £20 million in respect of all damages costs and expenses “arising out of all claims” during the period of Insurance.
The policy provided: “[5(a)] The total amount payable...in respect of....all claims.....consequent on or attributable to one source or original cause.... shall not exceed the Limit....[5(b)] the total amount payable...in respect of all damages arising out of all claims ...shall not exceed the appropriate Limit.”
The first question, therefore, was whether the Limit referred to in 5(a) was intended to mean the £10 million per claim limit, or the £20 million “all claims” limit.
Although the Judge found some of the policy wording to be inelegant or cumbersome, he applied the usual canons of construction (enunciated most recently in Arnold-v-Britton2) and found the relevant provisions to be certain and clear in their effect. He held that clause 5(a) was clearly an aggregation clause. He noted Spire’s argument that the Schedule which contained the limits did not contain a discrete limit for “linked” claims which arose out of one cause, and that such a limit should not be introduced by the Court, and that the contra proferentem rule meant that the larger limit (£20 million) should therefore be applied. However, he ruled that there were three categories of claim: a single claim, a number of claims not falling within 5(a) (“non-linked claims”) and those which do (“linked claims”), and 5(a) meant that that the linked claims were to be treated as a single claim for the purpose of applying the cover limit. He held there was no real difficulty in deciding which limit should apply in these circumstances i.e. the lower one, since the purpose of aggregation is to reduce cover in the case of linked claims and here the lower amount was specifically referenced to “one claim”.
The policy defined Spire’s Contribution as £25,000 “each and every claim”, with a total Aggregate Insured’s Contribution during the policy period of £750,000. Since “claim” was not defined for this purpose (i.e. there was no equivalent of 5(a) for deductibles), the Judge found it was not possible to say that £25,000 was to be the total contribution in respect of all linked claims. Spire had argued that it would be illogical if 5(a) operated as an aggregation clause in respect of cover limits but there was to be no equivalent aggregation for the insured’s contribution. However, agreeing with Morison J. in Countrywide-v-Marshall3, the Judge said that normally polices are worded so that aggregation of claims will involve aggregating the excesses so that claims are aggregated for both excess and limit, but that everything depended on the policy language: in this case there was no reason to depart from the plain and ordinary meaning of the words used.
Accordingly, the limit of RSA’s policy liability would be £10 million for linked claims i.e. those which were consequent on or attributable to one source or original cause, but Spire would have to bear a deductible of £25,000 in respect of each such claim, whether linked or not, subject only to an overall maximum contribution of £750,000. A further trial would be necessary to decide which claims were linked in the necessary way, and which were not.
-  EWHC 3278
-  AC 1619
-  Lloyds Rep. IR 195
England and Wales: Evidence from sunnier climes – Prudential Guarantee & Assurance Inc v Marsh Ltd (2016) QBD (Comm) 21/12/2016
In this case the court considered the issue of taking evidence from a witness in another jurisdiction pursuant to CPR 34.13.
The claimant was an insurer in the Philippines acting on behalf of a local company. The risks written by the insurer were reinsured in the London market through the defendant broker. The claimant’s case was that in breach of duty the defendant had disclosed confidential information relating to the cost of the reinsurance to its client, which revealed to the client that there was a substantial difference in the cost of the reinsurance to the claimant and what it was charging its client. The client then terminated its relationship with the claimant and engaged the defendant as its broker. The claimant claimed that it had lost its relationship with the client worth US$2.25 million per year as a result of the defendant’s breach of confidentiality.
The court was asked by the defendant to issue letters of request to three witnesses in the Philippines, who were senior employees of the client and could comment on the decision to replace the claimant and whether this was as a result of the disclosure of confidential material by the defendant.
The claimant opposed this, arguing that taking evidence in the Philippines would be disproportionately costly and would disrupt the trial timetable. It had been estimated that the cost of the case would be £800,000 for each side and the cost of taking evidence in the Philippines would be approximately £100,00 for each side.
The court considered that it was clear that the evidence could be relevant to issues of causation and quantum, in particular in relation to whether the defendant had acted in breach of duty in disclosing confidential information and whether this was the reason that the claimant had lost its lucrative client relationship. The court was therefore predisposed to allow the parties to obtain evidence which would assist it in reaching its judgment. On costs, the court did not consider that taking evidence in the Philippines would be disproportionately expensive given the existing costs budget. On timing, the defendant had given an undertaking that it would not disrupt the trial timetable and the court saw no reason why the evidence could not be taken in good time. Accordingly, the application was granted.
This case demonstrates how CPR 34.13 can be used to gather evidence from individuals overseas who are unwilling or unable to attend the trial. It also shows that in circumstances where the cost and time issues are not disproportionate, the court is minded to assist the parties in the collection of evidence to ensure it has the benefit of the best possible evidence prior to reaching judgment.