Post Office scandal: Lessons for underwriters

What lessons can directors and officers insurance underwriters and liability underwriters learn from the Post Office Horizon scandal?

An Institute of Directors policy paper published in October 2024 examines the key lessons for directors from the Post Office Horizon scandal.

What can insurers learn from the paper?

The paper gives some valuable insights as to some key considerations that underwriters may want to take into account when considering management liability risks. Those include:

1. Do directors undertake an ongoing programme of professional development? The Post Office scandal demonstrated that even those with significant experience in business may lack necessary expertise in aspects of directorship.
2. Does the insured have whistleblowing policies and procedures, and do those procedures take into account any self-employed contractors?
3. Are there measures in place to ensure that computer systems that measure and monitor employees are working properly?
4. Does the board engage with key stakeholders outside of the boardroom? Is the organisation vulnerable to groupthink? What steps do directors take to truly understand what is going on in the business? Are a diversity of voices being listened to?
5. How does the business ensure suitable governance of any outsourcing? One contributing factor in the Post Office situation was the mismanagement of the IT outsourcing relationship. The Post Office relied too heavily on assurances given about the Horizon system.
6. Do directors focus too much on future strategy rather than dealing with the problems of the present and the past? Directorship requires a balance of activities, including engaging with the culture of an organisation and holding management to account. 
7. Do directors have full access to all relevant information? The withholding of crucial reports and information from board oversight was a key governance failure at the Post Office. Directors need to be active in determining the kind of information they need to receive from management. 
8. Advice from legal advisers and other consultants may be critical input into board decision making; however, it should not be accepted without question. This may seem like an odd point coming from a law firm; however, Post Office board members deferred too much to the view of legal advisers. Directors are often better placed to take a holistic view of the organisation. Advisers should be a useful source rather than the ultimate decision maker. 
9. Is there an absence of corporate memory? Director induction processes need to be systematic and expose them to the history and culture of the organisation. Does the induction process for new board members provide a suitably informed basis for effective directorship? Are there any directors with longevity at the organisation?
10. Is board evaluation used as a key governance tool? A board evaluation process, such as an externally facilitated review, could have offered the Post Office board an opportunity to reflect on its functioning and have provided an independent perspective on director behaviour. To what extent does the board seek to evaluate and improve its own performance? Why might it be resisting challenges to existing ways of doing things?
11. To what extent does the board exhibit IT literacy? The Post Office failed to manage a critical IT project, with catastrophic consequences for individuals and the organisation. The board was unable to provide adequate oversight of the process, and insufficient tech literacy may have been a factor. This is particularly important given AI transitions that are currently occurring in organisations and the importance of managing cybersecurity threats.
12. Are directors aligned with an ethical code of conduct? Do they use it to reflect on their own behaviour and that of the board as a whole? Board members at the Post Office lost sight of basic principles of ethical business behaviour and had a distorted vision of the best interests of the organisation. Does the organisation have examples of poor behaviour being challenged?

Many of the points above will be familiar to underwriters of management liability products. However, the Post Office situation does serve as a very useful reminder of what can go wrong where there is insufficient governance in any organisation.

Underwriters are advised to review their question sets and enquiries and ensuring they are gaining a detailed understanding of the governance and culture of the boards they are insuring.