D&O Insurance for SMEs: Those Who Are Liable Usually Don’t Know It

In Swiss SMEs, D&O insurance is now considered standard. What nobody explains is that the policy protects against the loss—not against what causes the loss. Twenty years ago, D&O insurance […]


Anyone who focuses solely on taking out insurance is looking only at the symptom, not the cause.

Anyone who focuses solely on taking out insurance is looking only at the symptom, not the cause.

Anyone who focuses solely on taking out insurance is looking only at the symptom, not the cause.

In Swiss SMEs, D&O insurance is now considered standard. What nobody explains is that the policy protects against the loss—not against what causes the loss.

Twenty years ago, D&O insurance was a niche product for publicly traded corporations. Today, it is a standard form of coverage in the Swiss SME market, across all industries.

The pressure behind this is measurable: rising insolvencies, stricter regulation, and a FINMA that no longer issues warnings before taking action. Anyone in a leadership position in the construction industry, retail, the hotel industry, or the B2B sector faces a level of liability that has increased significantly over the past ten years.

Globally, the financial sector leads the D&O market, accounting for about 30 percent of the total volume. More regulation, larger sums at stake, and more individuals personally exposed. The key driver of growth lies not in the financial sector, but in the SME sector. And there, many still do not understand who the policy actually protects.

In the event of a lawsuit: It was the CFO. Almost always.

A D&O policy protects all current, former, and future members of the board of directors and executive officers. That sounds comprehensive. On paper, that’s true.

In reality, the distribution of risk is more pronounced.

The CEO is liable for strategic missteps and poor organizational management. The CFO is the second-most exposed executive. Why? Errors in financial statements, incorrect liquidity planning, automatically coming under scrutiny in the event of insolvency (delaying insolvency proceedings), or management decisions based on incorrect or inadequate market analyses (M&A).

The chairman of the board of directors and members of the audit committee are not liable for what they have done, but for what they have failed to prevent.

CISOs and CIOs are increasingly facing personal liability under NIS-2, the revised Data Protection Act (DSG), and DORA. Not the institution. You personally.

The policy covers the entire spectrum. But it does not change the fact that this spectrum exists.

The mandate that no one signed

This is a gap that even well-informed board members overlook.

Modern D&O policies do not cover only traditional members of the executive body. They also cover de facto members of the executive body: individuals who, without a formal mandate, exercise significant and guiding influence over the management of the company. Consultants. Interim managers. Project leaders with de facto decision-making authority.

Anyone who makes actual management decisions as an interim CEO, CFO, or COO is legally liable in the same way as a registered officer, regardless of the wording of the contract.

The legal framework underlying this is broader than a single section of the law. OR 716a defines the non-delegable duties of the board of directors. OR 717 establishes the personal duty of care. For regulated institutions, FINMA regulations, the Anti-Money Laundering Act (GwG), and DORA also apply. Each set of regulations creates its own level of liability.

“Factual organ” is not a gray area. Swiss law provides for precise liability consequences. Examples:

Swissair

Claims for damages totaling several hundred million francs are linked to the largest and most high-profile bankruptcy proceeding in the history of the Swiss economy. Nineteen individuals, including former board members, the group CEOs, and members of executive management, were charged. On June 7, 2007, all defendants were fully acquitted.

Lake Constance Arena

The cost of renovating the ice rink in 2000 ultimately totaled 12 million francs, even though the budget had been set at only 9 million francs. As a result, the entire board of directors was replaced. In 2003, the new board of directors filed liability claims against the former board and the architect responsible. The settlement cost the architect 400,000 francs and the former board of directors 200,000 francs.

Swiss Life / Rentenanstalt

Six former members of the Group Executive Board must pay 350,000 Swiss francs for using the Group’s investment company, LTS, for personal investments.

From my practice:

For an interim engagement (owner-managed SME), the focus was on optimizing governance. Task: Conducting deeper, more detailed reviews of the existing Compliance Management System (CMS). Result: Increased transparency of existing key processes, achieved in part by redefining or expanding them.
Subsequently, the risk analysis identified gaps in the existing insurance coverage. The General Insurance Conditions (AVB) were aligned with the new risk profile. Result: The D&O policy was adjusted and expanded, which—thanks to the optimized internal control system (ICS)—was achieved under customized and more favorable terms.

Age takes its toll. Most of the time, we don’t even notice it.

Swiss CEOs of large companies are now 56 years old on average—three years older than they were in 2010. The proportion of decision-makers over the age of 70 in Swiss corporate leadership has doubled over the past ten years, rising from three to six percent.

That sounds like a secondary governance issue. It is a primary liability issue.

A 68-year-old member of the board of directors does not take out D&O insurance to protect the company. He is protecting his life’s work: his retirement savings, his personal assets, and the reputation he has built over decades. A lawsuit does not target the legal entity; it targets the person behind it.

A significant age gap between the CEO and the chairman of the board is statistically considered a governance risk factor. Insurers factor this into their pricing. The broker conducting this conversation is not discussing insurance; he is discussing governance.

“LIABILITY BLINDNESS” is the actual diagnosis

The key question is not, “Do we have a D&O policy?” The key question is, “Why does the liability risk exist?”

LIABILITY BLINDNESS ” is the state in which a board member knows that he or she is liable but does not know for what. This condition cannot be remedied by an insurance policy.

IMPORTANT: The policy compensates for the damage. It does not eliminate the cause!

The cause almost always lies in the same areas: a lack of governance documentation, unclear supervisory responsibilities between the board of directors and executive management, and control systems (CMS, ICS) that exist on paper but are not implemented in practice.

The approach is called “Compliance by Design”: rather than imposing governance requirements after the fact, they are built into processes, decision-making structures, and internal controls from the very beginning. Companies that are structured this way pay lower premiums and present fewer vulnerabilities.

The sparring partner sees what the policy doesn’t cover

Those who focus solely on taking out insurance are looking at the symptom. Those who look at the governance behind it are looking at the cause.

As a GRC sparring partner, I regularly encounter the same pattern in discussions with executive boards: The policy is in place. But there is a lack of awareness regarding the specific personal liability exposure. “Covered” and “protected” are used as synonyms. They are not.

Protected: The damage is covered if it happens.
Safeguarded: The governance structure is designed to make it less likely to happen.

D&O liability knows no silos. The CEO is also liable for what the Legal department failed to communicate and what the IT department failed to secure. If you approach this discussion on a department-by-department basis, you’re not getting the full picture!

How big is the gap between what your board of directors signs off on and what it can actually be held accountable for? This question determines whether the policy is a protective measure or just a placebo. What is the situation at your company?

Before a new engagement: GRC DIAGNOSIS (4 hours). You’ll receive a prioritized list of gaps and a concrete implementation plan for the next 60 days. No slides.

The next set of board meeting minutes that your executive committee will sign: Does everyone at the table know what they are personally signing off on?

TURNING REGULATION INTO VALUE!

Thomas Schubert, Mr. #DeedsCountMore

See also: Fraud Isn’t Just Bad Luck—It’s the Consequence


Tags: #B2B sector #Board of Directors #D&O Insurance #Damage Protection #Diagnosis #Hospitality Industry #Mandate #Protection #Regulation #Risk Distribution #Signing #SMES #Sparring partner #Standard