Insuring Dot.Coms

By Boris Feldman

Paradigm shifts are tough on insurance underwriters. Insurance carriers base their decisions on historic loss experience. Paradigm shifts break the mold. They reflect new dynamics, not old experience. At the outset of a paradigm shift, it is difficult to recognize that one is occurring, much less where it will lead and how it will get there.

The Internet is the mother of all paradigm shifts. Few would have predicted five years ago the emergence of "The New Dotconomy." Few can credibly divine the shapes into which e-commerce companies will have morphed five years hence. About the only thing that is clear is that these companies -- together with their relatives, the portals and the content providers -- will form a vital component of the global economy.

My perception is that Directors & Officers Liability insurers are having a tough time evaluating the dot.coms. Not only are their business models radically different from traditional high-tech companies; their market valuations defy economic gravity, and the metrics by which they ask to be judged are often ill-defined and transitory.

The answer is not, in my view, to take a pass on insuring this segment of the trade. A carrier that declines to insure the dot.coms will miss out on the most vibrant economic sector in the United States.

This article will set forth some of the positive and negative risk factors presented by insuring dot.coms. It will then suggest specific inquiries that may help to gauge the risk of a particular company. Finally, the article will suggest some measures that can help reduce that risk.

But before embarking on that journey, let me articulate my underlying bias: you cannot pick the winners and the losers in advance. Nor can any of your competitors. Or the venture capitalists. Or the institutional investors. Or the market. No one knows which will flourish, which will die by water and which by fire. I believe that a carrier that commits to the dot.com market will no doubt experience some significant claims. Nevertheless, I believe that overall will reap ample rewards by doing so. Only time will tell.

Positive Risk Factors

In four respects, the dot.coms may present less-risky D&O insurance prospects than other high-tech companies. First, the prospectuses for most Internet IPO's are so replete with detailed, graphic risk-factor disclosures that one wonders who is foolish enough to invest. An instructive parallel is the biotech industry. Historically, most biotech IPO prospectuses were brutally candid. As a result, even though that industry has had many spectacular failures, the overall incidence of shareholder suits is surprisingly low. The same may be true in the Internet space: even if a company fails post-IPO, plaintiffs' lawyers may be reluctant to sue because the risk factors are so strong.

Second, market awareness of investment risk is acutely high with respect to dot.coms. Even the proverbial person on the street knows that many of these companies will not take off. This makes it hard to argue that the gamblers - er, investors - were misled.

Third, the traditional factor that led high-tech companies to be sued - missing the quarter - may be less significant for many dot.coms. These firms are much less P/E-driven. They tend to be valued more on non-earnings metrics (a risk discussed below). Therefore the traditional "missed quarter" case is likely to be an uncommon phenomenon in the New Dotconomy.

Fourth, the life cycle of the dot.com appears to be shorter than that of other high-tech companies. They are more like fruit flies than tortoises. Many high-techs did fine on their first product generation or even on the second; by the time the market had evolved to the third generation, the company had run out of ideas. Birth-to-death is faster for the dot.coms; many will be acquired before they can run out of steam. This, too, can mitigate the risk of insuring them. On the other hand, it can also result in some spectacular crash-and-burn scenarios.

Negative Risk Factors

Three factors lend enhanced risk to insuring the dot.coms. First, the volatility of their stocks is mind-numbing. Monthly or quarterly market-capitalization fluctuations can lead to gargantuan plaintiff-style damage estimates. The impact of momentum-players is severe.

Second, there is the management issue. The shortage of experienced CEO's, CFO's, and others at the dot.coms is both chronic and acute. In the past, senior executives at high-tech companies (at least, post-IPO) often brought decades of experience (and acquired values) from distinguished computer companies, such as Hewlett-Packard or IBM. At some Internet companies, the management team lacks experience and ethical grounding. This, combined with meteoric and fluctuating net worths, can lead to unchecked temptations.

Third, I believe that, in place of the accounting fraud that has afflicted some high-tech companies, dot.coms will confront a different danger, which I call "metrics fraud." GAAP is of limited relevance to the market valuation of many dot.coms. As mentioned above, they are not valued on traditional income-statement results. Rather, in search of the next Yahoo or Amazon.com, the market is groping for the right yardstick by which to evaluate the dot.coms' success. For some, the metric is "hits-per-month"; for others, "connected desktops." Some tout the "stickiness" of their Web site. Others emphasize the number of return visits or unique visitors.

Many of these metrics are sound ways of valuing the company. But these metrics are rarely governed by GAAP. Few are audited by the outside accountants. Indeed, many dot.coms have no internal controls governing the collection or calculation of the metrics. The temptation to fudge the metrics will be as strong to some as the pressure to ship after the quarter has been to executives at prior restatement victims; but the ability to do so undetected may be even greater with respect to non-GAAP metrics.

Underwriting Inquiries

Before addressing certain inquiries that underwriters might make in evaluating dot.coms, let me reiterate: none of these will tell you whether or not the company ultimately will be a hit. If I knew how to do that, do you think I'd still be defending depositions? Rather, the point of these inquiries is to attempt to cabin the risk of a disaster, not to pick winners. With that caveat, I suggest three areas of special significance with respect to the dot.coms.

First, focus on the team. What prior experience has management had in running -- or even working at -- a public company? Are the Gen X founders still in charge, or have they brought in a more experienced group of executives to manage the business? If you believe that D&O insurance is a relationship, not just a product, then the right time to begin the relationship is before you sign the contract: meet the management team, question them, assess their maturity and integrity. Don't forget the Board. Does it have any leaders from the technology industry who can provide seasoning for younger management? Do the directors have enough time for meaningful oversight and involvement?

Second, consider the company's outside counsel. No, this is not a plug for my corporate partners. There are many law firms that are experienced at guiding young public companies in staying out of trouble. Has this company hired one of them? Do the outside lawyers have ongoing involvement in shaping the company's disclosures? Have they coached management on best practices in dealing with the Street? Or are they just brought into the loop when there's a deal to be done?

Third, drill down into the company's metrics. Ask management: What are your key metrics? Does the market agree with you that those are the most important ones? How do you measure them? Does anyone verify them? Audit them? What controls do you have in place to ensure that no one manipulates those metrics? In my mind, the key to avoiding metrics fraud will be the creation of controls that parallel those in place for GAAP accounting issues. If the company hasn't adopted any, its risk profile is much higher.

Prophylaxis

I believe that the carriers who will have the best loss experience in insuring dot.coms will be those that take a hands-on approach in guiding the companies. Because most of the Internet companies are less mature and experienced, preventive measures can have a meaningful impact on loss ratios. Here are three worth considering.

First, encourage the company to institute controls to prevent metrics fraud. A key control is the audit committee of the board of directors. Audit committee reform is all the rage this season. Ironically, most of the reform proposals do not address non-GAAP metrics. Work with your insureds to include Internet metrics in the items scrutinized by the audit committee. Similarly, encourage dot.coms to expand their engagement of the outside auditors to cover key non-financial statement metrics, along with the traditional GAAP items.

Second, be more proactive about stock sales. Given the wealth implications of the New Dotconomy (together with the age and prior earnings history of many executives), stock sales by insiders may well dwarf those of prior high-tech companies. Work with the executives to develop a structured diversification program: either a formal (not anecdotal) pattern of regular sales; or, better yet, a blind-trust approach.

 

Third, help the executives get coaching on their disclosure obligations and on dealing with the Street. Do not assume that they've handled analysts before; many have not. There are a variety of ways to educate inexperienced CEO's and CFO's on proper disclosure. Make sure that management gets a crash course in disclosure practices, especially the use of the safe harbor, and dealing with analysts.

* * *

Three or five years from now (maybe sooner), this article will be an anachronism. 'Of course we insure dot.coms - everyone does. How could we not?' Until then, underwriting diligence that goes deeper than is often the case with more familiar businesses may substantially reduce the risk that you incur.

November 10, 1999