Hunton Insurance Recovery Blog

Hunton Andrews Kurth's insurance coverage team recently published a client alert discussing a D&O coverage dispute arising from a credit union’s post-acquisition fraud claims.

Everest National Insurance Company has filed a lawsuit denying any obligation to cover a post-acquisition lawsuit by a credit union alleging fraud against two banks and their executives. The seller paid additional premium for an extended reporting period to report claims based on pre-acquisition wrongful conduct, but the insurer denied coverage on the ground that any claims asserted by the buyer are excluded under the D&O policy’s “insured vs. insured” exclusion. The decision underscores the importance of not only ensuring continuity of D&O coverage before and after a transaction but also evaluating all possible claim scenarios arising out of a deal to ensure that all stakeholders are adequately protected.

The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks.  Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance.  In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.

The United States Court of Appeals for the Ninth Circuit recently held in Federal Deposit Insurance Corporation v. BancInsure, Inc., that an action by the FDIC against a failed bank’s former directors and officers was excluded by a D&O policy’s “insured vs. insured” exclusion. Against the backdrop of recent decisions finding similar exclusions to be ambiguous as to FDIC actions, such as St. Paul Mercury Ins. Co. v. Federal Deposit Ins. Corp., No. 14-56830 (9th Cir. Oct. 19, 2016) (previously discussed in this client alert), this decision shows how insurers continue to proactively adjust policy language to fit evolving and new exposures.  Policyholders should be doing the same.