Global risk trends UNIBA and Clyde Co creating

Global risk trends – UNIBA and Clyde &Co creating value for our clients Presentation at Uniba 2020 Worldwide Partners Conference 21 – 23 October 2020 Dr. Henning Schaloske

Speaker Henning Schaloske heads our German Insurance Practice and is a member of our European Board. Dr. Henning Schaloske Clyde & Co, Partner, Dusseldorf T: +49 (0)211 8822 8801 E: henning. schaloske@clydeco. com 1 He has participated in the Uniba 2018 Worldwide Partners Conference in Cape Town, South Africa, is part of the Uniba Relationship Team at Clyde & Co and works closely in particular with Uniba‘s German members.

Further UNIBA Relationship Team UK APAC MEA Bryn Hodges James Cooper Richard Harrison David Lee Wayne Jones Clyde & Co, Partner, London Clyde & Co, Partner, Sydney Clyde & Co, Partner, Dubai T: +44 (0) 2078766511 T: +44 (0) 2078766388 T: +44 (0) 2078766510 T: +61292104495 T: +97143844106 E: Bryn. Hodges@clydeco. com E: James. Cooper@clydeco. com E: Richard. Harrison@clydeco. com E: David. Lee@clydeco. com E: Wayne. Jones@clydeco. ae 2

50+ offices and Clyde & Co associated offices worldwide 440 Partners, of which 320+ focused on insurance 1800 lawyers, 2500 legal staff, 4000 staff in total Since 2018 appointed 41 new Partners, 24 promotions, 17 lateral hires 59% of staff are female, including 56% of legal professionals and 23% of Partners 3

Clyde & Co We are by metric the largest insurance law firm in the world combining local expertise with an unparalleled global reach Claims: We advise on and in particular defend claims against insured across all major business lines (D&O, PI, Product liability). Products: We help drafting and tailoring insurance products including global programmes, We drive digital innovation, crafting new solutions both for the industrialised world and emerging markets helping closing the insurance gap. Corporate insurance: We advise our clients, in particular insurers and brokers, on regulatory matters, corporate issues and insurance transactions. 4

A firm built for the insurance industry Coverage Corporate Defence • Advice on policy issues for primary and excess (re)insurers Our corporate insurance team is the largest specialist group of its kind of any law firm. We advise clients at every stage of their development: raising capital to start or grow their business, managing the issues around maturing businesses, staffing, overseas development and regulation, and closing books of business. We act as defence counsel in a range of matters including local court proceedings, and international and domestic arbitration • Liaising with insureds and their representatives on contentious claims • Monitoring and/or controlling the defence of 3 rd party claims against insureds • Advising on subrogation rights Commercial Advisory Subrogation Our advisory experience includes advising on product development and insurance structures, including drafting and localising insurance and reinsurance contracts across all classes of business, and advising on associated regulatory/ compliance issues. We offer a range of subrogation and recovery services designed to produce higher recovery rates and recovery of costs, while providing accountability and technical excellence Insurance business lines and Corporate expertise Claims Financial Lines and Directors and Officers • Marine Corporate • Aviation Professional Indemnity • General Corporate • • Casualty (Personal Injury, Catastrophic injury, • Property, Product Liability and Environmental Liability • Commercial Legacy, Fraud, Motor/Liability/Local Authority, and SHE Regulatory) 5 • • Regulatory • Construction and Engineering • Reinsurance • Transactions • Cyber and Data Security • Specialty (Contingency, Fine Art & Specie, Accident • Public Law • Energy & Health, Bermuda Form, Political Risk & Trade Credit, Terrorism, Kidnap & Ransom, Bloodstock & Livestock) We can provide practical commercial guidance for your operational needs. Our commercial dispute resolution practice covers litigation and all forms of alternative dispute resolution • Competition • Intellectual Property • Investment • Employment • Property • Insurance • Digital Transformation • Litigation

Firm rankings and awards Chambers 2020 rankings Awards Insurance Firm of the Year 2019 Transatlantic Law Firm of the Year Who’s Who Legal Awards by Transatlantic Legal Awards 2017 Canada Insurance Law Firm of the Year UK Insurance Law Firm of the Year by Best Lawyer 2018 by Legal 500 2016 Insurance Law Firm of the Year in Germany Best in Insurance Asia Pacific by Juve Awards 2018 Resolution Awards 2016 Hong Kong Insurance Law Firm of the Year MENA Insurance Law Firm of the Year by Legal 500 2018 by MENA Insurance Awards 20142016 Asian-MENA Counsel Law Firm of the Year by Asian-MENA Counsel 2017 6 by Asia Law Asia Pacific Dispute and many more. 50 total 39 maintained 2 moved up one band 8 new

Clyde & Co and UNIBA Partners 7

Clyde & Co and UNIBA Partners Supporting UNIBA Partners with their legal affairs Supporting UNIBA Partners with providing excellent seamless services worldwide to their clients Dedicated UNIBA contacts in many jurisdictions Preferrential rates 8

Agenda 1. Climate Change 2. Parametric Insurance 3. Cyber 4. Class actions / liability trends 9

1. Climate risk PHYSICAL 10 TRANSITION LIABILITY

Climate risk: impacts on insureds NEW DUTIES RISK MULTIPLIER "International opinion is now firmly behind the need for all entities with public debt or equity to respond to climate change issues in their governance, their strategy, their risk management and their metrics and targets and, importantly, to record their responses to the issues in their financial reports. ” “…we are now observers of a profound accelerating shift in the way that Australian regulators, firms and the public perceive climate risk”…“these matters elevate the standard of care that will be expected of a reasonable director” 2019 Hutley SC Opinion Australian Former High Court judge and royal commissioner Kenneth Hayne 11

Climate change (cont) What are the main liabilities that businesses face? Seven main categories of climate-related claims against companies that may be brought: Failure to mitigate greenhouse gas emissions Failure to adapt to the physical impacts of climate change Failure to adapt investment strategies Failure to disclose climate-related risks Failure to comply with environmental and other regulatory obligations Failure to adapt professional advice or services Failure of fiduciaries related to the above 12

Climate change (cont) D&O exposures Concerns about how companies are: reporting on their compliance with environmental regulations; assessing the impact of energy policies on their business; assessing how the frequency and severity of extreme weather events linked to climate change impact on business models Could face claims for: Breaching fiduciary duties Failing to disclose climate change liabilities / disseminating false or misleading or incomplete information on climate risks Failing to comply with legislative reporting requirements Mismanagement of climate-related risks Failing to protect the company’s assets 13

Climate change (cont) Role of risk managers? No ‘one size fits all’ solution Corporate governance: – Demonstrate the board understands climate-related risks and opportunities – Have processes in place to assess the risks and opportunities – Incorporate climate risk assessment into business planning, investment strategies and mode of service delivery – Ensure appropriate resilience, modelling and analysis done under realistic scenarios – Adequate disclosure 14

Climate change (cont) How we can help UNIBA Partners and their clients: 15

Agenda 1. Climate Change 2. Parametric Insurance 3. Cyber 4. Class actions 16

2. Parametric Insurance Overview: Contract management is inefficient Connected contracting Smart Clauses® 17

Contract Management is Inefficient Renewal/ Disposition – Average cost of managing a basic templated contract is c. $7, 000 due to high human overhead, often with repetitive tasks (= increased transaction costs) – Contracts are separated from increasingly digitised business processes (e. g. , signature, accounting, payments, IOT monitoring, blockchain-based processes) - fragmented management Contract Request Reviewing & Redlining Audit & Reporting Search & Retrieval Contract Lifecycle Management Records Management Execution Storage https: //blog. iaccm. com/commitment-matters-tim-cummins-blog/the-cost-of-a-contract 18 Approval

Connected Contracting Digitise any type of contract and integrate them with business, electronic signature, web services, and other software systems Automate payments and other contract operations in response to Io. T sensors, market prices, and other data sources 19 Initiate payments, issue invoices and purchase orders, and send notifications from within a contract ERP Contract Audit Trail to securely manage and share contract lifecycle and transaction data with trusted partners

Smart Clause® Smart Clauses are quickly and easily inserted into a contract to automate actions, provide real-time visibility, and connect contracts to external systems. Payments. Trigger payment in response to signature, subscription terms, delivery and other events or data. Data-driven performance. Smart clauses use Io. T data to monitor and perform contract obligations in real time. Payments. Trigger payment in response to signature, subscription terms, delivery and other events or data. 20 20

– Oracle Data Source – Basic flow: from Oracle data source – Create • Create basic contract stating t&c’s for claim payment • Smart Contract created on goes onto chain – F/X Rates • Calculate claim using F/X Rate • Pay claim • Proportion claim cost to insurer A&B • White bordereau with claim split – Insured – Insurer A – Create Contract Terms – MVP Components: 1. UI to define parameters 2. Smart contract submission to Testnet 3. F/X Rate API – Insurer B 4. 5. 6. Event Oracle (eg Weather) – Smart Contract – On trigger: Claim payment trigger • Calculate f/x • Calculate – payment Execute split Creation of excel bordereau • Execute • payment Event triggered • Generate claim file – Logic • Check premium received 21

Smart Clauses for Parametric Insurance Traditional Parametric Cover Insureds bear basis risk when the payout from an insurance policy does not fully cover their actual, incurred loss. * Parametric Cover with Smart Clauses Parametric policies align the incentive between the customer and the insurer* IT Systems are not aligned with policy wording This opens the market for indemnity cover to new risks* Reconciliation of data with the policy is expensive Policy automation through reusable Smart Clause templates Source: *CB Insights Quarterly Insur. Tech Briefing Q 3 2018, https: //www. cbinsights. com/reports/CB-Insights_Insurance. Tech-Q 3 -2018. pdf 22 22

Smart Clauses in Parametric Insurance Step 1 - Digital Signatures trigger the notification of contractual obligations Digital Signature Obligation to pay policy premium Insurer Digital Signature Customer 23 23

Smart Clauses in Parametric Insurance Step 2 - Premium settlement means that the smart contract is ready to receive data Premium Settled Customer 24 24

Three key components Policy responds to adverse weather data Pre-agreed and determined due to index triggers Subject to deductible days At least 10 days in the relevant period Subject to a cap for consecutive days Limited to 7 days Carve out for Named Storms 25 25

Smart Clauses in Parametric Insurance Step 3 - Data from a trusted source erodes deductible days from the policy and leads to claimable days Weather Readings Claims Bordereau File Named Storm 26 26

Parametric insurance (cont) How Clyde & Co can help the UNIBA partners in harvesting opportunities of the digital transformation? Clyde Code – A first-of-its-kind consultancy service for clients that will advise insurers and other sector clients on all aspects of the burgeoning new area of smart contracts, blockchain and distributed ledger technology. – The Clyde Code legal team – provides clients with smart contracts legal advice including on jurisdiction, regulation, terms and conditions, and enforcement. – The Clyde Code technical team – provides clients with smart contracts technical and programming advice. The team’s technical lead has access to an international team of software and IT engineers on a preferred supplier basis. – With its combined legal and technical expertise, Clyde Code offers the full range of smart contract products and services, and bridges the gap between the legal and technical aspects of smart contracts implementation. 27

Parametric insurance (cont) Clyde & Co example case: – We are currently working on what we believe is the first automation project of part of the NEC 3 suite of contracts, in partnership with the Government backed Digital Catapult. This will bring the potential for cost savings, reduced disputes and simpler administration on projects. 28

Agenda 1. Climate Change 2. Parametric Insurance 3. Cyber 4. Class actions / liability trends 29

3. Cyber Increased risks, malware threats and cyber crime – the increasing prevalence of Io. T means that exposure to cyber risks is only set to grow exponentially – according to Crowdstrike, in 2019, 49% of cyber-attacks involved malware, with the remaining 51% categorised as "malware-free“ – world’s largest sovereign wealth fund, Norfund, was a victim of a phishing attack which resulted in fraudsters stealing over NOK 100 million intended for a microfinance institution in Cambodia. Artificial Intelligence – Expect increased regulation on AI to protect information. In Spain, the data protection regulator (AEPD) recently published guidelines about data processing through AI. Collective actions – privacy activist groups and the growth of litigation - collective actions arising from cyber incidents are likely to rise. 30

Cyber (cont) Some recent Cyber stats • Cyber continues to be a board level issue for all companies, all sectors, globally, especially those that hold huge data • Cyber losses soar and firms losing more – total cyber losses among firms surveyed by Hiscox was $1. 8 bn – up from $1. 2 bn in 2018 (Hiscox Cyber Readiness Report 2020) • Ransomware attacks are becoming more frequent – Ransomware cyberattacks against clients (reported to Beazley) skyrocketed in 2019 – increasing 131% compared to 2018 (Beazley Breach Briefing Report 2020) • Anotable GDPR fine imposed in 2019 account for a wide range of GDPR infringements, not just relating to data breaches: Marriott (£ 99 m). However this has not been finalised (DLA Piper GDPR Data Breach Survey 2020) • The first seven months of 2020 saw a huge increase in fines – 330+ fines issued for GDPR violations, exceeding € 153 m – expected to rise. Between 2018 – 2019, the average number of fines issues per month increased by 260%. July 2019 – June 2020 saw an average of 18 fines issued each month = 260% increase from 2018 – 2019. 36 fines issued for non-compliance in March 2020 alone (https: //www. tessian. com/blog/biggest-gdpr-fines 2020/) • The Netherlands, Germany and the UK had the most data breaches notified for the 20 months from 25 May 2018 to 27 January 2020, with 40, 647, 37, 636 and 22, 181 respectively. The Netherlands, Germany and the UK also topped the table for the total number of breach notifications in last year’s report (DLA Piper GDPR Data Breach Survey 2020) • Munich Re expects the global cyber insurance market to reach a value of more than $20 bn by the year 2025, which will represent 4 x increase on the figure in 2018. For 2020, Munich Re estimates that the global cyber insurance market is worth over $7 bn. The value of the European cyber market in 2020 is estimated at more than USD 1 bn (https: //www. munichre. com/topics-online/en/digitalisation/cyber-insurance-risks-and-trends 2020. html) 31

Cyber (cont) How Clyde & Co can help the UNIBA Partners and their clients meeting the Cyber challenge? Developing Cyber wordings and international programmes Meeting regulatory challenges, in particular regarding data regulation (e. g. managing data breach notifications locally and globally) and other (e. g. sanctions) Defending insured in liability actions Especially: Providing Global Breach Response Services and Network 32

Cyber (cont) Clyde & Co breach response services: In the event of a cyber incident we will support you and your policyholders with a flexible suite of services, depending on the requirements, ranging from initial legal advice to providing a comprehensive breach response. Our service philosophy is built around the need to maintain business continuity. We are here to support clients 24/7/365 and we provide you with three main categories of support: Readiness, Respond and Recover. Our ‘one stop shop’ offering ensures that all the legal and regulatory requirements of your policyholders are met at every stage. All in one integrated solution. Clyde & Co Cyber Breach Response Team: Tel: +44 (0) 330 124 3590 33

Cyber (cont) Pre-breach services include: Breach response services: Post-breach services: - Pre-incident preparedness packages (e. g. compliance audits, breach response planning and table top training) - 24/7/365 global and multi-lingual cyber response line - Management of regulatory investigations, enforcement challenges and appeals - Full cybersecurity health checks - Data mapping and digital risk audit (e. g. examining legacy data issues) - Third party contract reviews from a cyber security perspective - Horizon scanning of cyber risks and identifying potential challenges 34 - Coordination of incident response process and management of specialist third party vendors - Privilege protection and assurance of regulatory and legal compliance - Communication including key stakeholders, customers, affected individuals, regulators, law enforcement and media - Mitigation of risk litigation post incident - Defence of any third party claims and litigation - Preserving evidence and recovery of losses against third parties - Working with IT forensic experts to establish the cause, mitigate risks and remediate vulnerabilities - Post-response audit and review focusing on lessons learnt from the incident

A snapshot of our expertise The Americas UK & Europe – Advising an online retail store – Advising an engineering service following a global data breach provider on data breach notification impacting over 300, 000 individuals regulations across the world and in over 100 jurisdictions including in coordinating the organisation’s relation to initial response and the required global notification unauthorised access to sensitive campaign for customers all of business response following confidential and personal – Acting for a major logistics provider in relation to processing of information – Acting as breach counsel to an Ontario health organisation after its systems were impacted by a ransomware, providing assistance to the organisation with its communications with employees, clients and government entities – Acting as breach counsel and incident response to an Ontario based Network Solutions Integrator for Corporate, Government and Defence infrastructure after being infiltrated by internationally known hackers 35 employee data, including representing the company during an ICO investigation and dealing with employment law implications and customer communications – Acting as breach response manager and coordinated the immediate response to this incident for the insurer in an incident involving a car dealership which experienced a ransomware attack Middle East Asia Pacific – Advising an oil & gas company on company’s reporting obligations in various jurisdictions and the implications of making ransom payments under UAE law following a Ryuk ransomware attack. 36 of the client's 37 compromised servers were restored – Advising an ASX listed property valuation company following a major and very high profile data disclosure which resulted in a large-scale, multi-party and multi-jurisdictional data breach – Advising an online retail store following a global data breach impacting over 20, 000 individuals in 90 jurisdictions. The response assistance provided included the coordination of over 28 different vendors and notification in 4 different languages – Advising a university following a high profile phishing attack against its students’ university email addresses, resulting in a number of coordinated frauds, in relation to management of – Advising in relation to a high the suspected security breach profile claim in Hong Kong and on the university’s involving the breach of personal exposure to claims for damages data privacy laws by Octopus, the first large scale contactless – Advising on a major hacking smartcard payment system in incident against the outsourced Hong Kong, including defence service providers to an Omani of investigations by the PCPD bank that resulted in a loss of USD 42 million for the bank relating to pre paid debit cards

Cyber (cont) Use case An Australian policyholder was hacked and sensitive personal data of data subjects in Australia, China, Hong Kong, the UK, Germany, France, Spain, Canada, the US and Brazil was stolen. Together with local broker, we provided breach response services globally cooperating with local IT forensic service providers and introducing other IT forensic service providers to investigate IT systems of local entities. Within the applicable time frames (e. g. 72 hours under GDPR), we prepared the initial data breach notifications in an uniform and aligned manner. 36

Agenda 1. Climate Change 2. Parametric Insurance 3. Cyber 4. Class actions / liability trends 37

4. Class actions / liability trends Collective actions are on the rise across the globe - increasingly a source of exposure for companies and their directors and officers The traditional markets, such as the U. S. and Australia, have the most developed procedures and are still showing the largest activity – but most jurisdictions now have some form of collective action procedure (though for some, just for consumer claims) Significant increase in such actions across the globe, spurred on by a thriving third party litigation funding market Increase also bolstered by strengthening legislation – e. g. GDPR and the EU collective redress directive (the “CR Directive”) The CR Directive is intended to better facilitate collective proceedings for European consumers. Will require each Member State to ensure that its domestic procedural laws for collective redress meet the minimum standards set out in the directive. The following heat map illustrates which jurisdictions, per our assessment, present high, medium and low risk for collective actions and the impact of litigation funding. 38

Heat map - spread of collective securities actions This map provides a visual snapshot of the risk of securities class actions to companies. In determining the categorisation of each jurisdiction in to low, medium or high risk, we have taken into account whethere is an established collective action mechanism available for securities actions, whether litigation funding / contingency fees are permitted in the jurisdiction (which would encourage and enable more to be brought) and the level of current activity. Alongside this, we have taken into account other aggravating factors which increase the cost of such actions, such as opt-out procedures, which expand the level of damages and costs of defending, and “loser pays” costs rules. 39

40 Class actions – established hotspots United States – The U. S. remains the most aggressive and active jurisdiction for class actions, and the numbers of actions being filed are increasing year on year. Following the Supreme Court’s decision in Cyan v Beaver County in 2018, securities actions are also increasingly being brought in state courts, often leading to defendants facing parallel actions in the state and federal courts – the areas for litigation are expanding e. g. data protection, cyber, climate change and cryptocurrencies (on which more later) Canada – 2019 saw the highest activity in shareholder class actions in Canada, with a notable increase in actions against public companies and their D&Os. Australia – Securities class action filings number approximately 15 per year – Litigation funding has its roots in Australia 40

Class actions – emerging hotspots England & Wales – Collective actions in general are on the rise - several of the largest cases in the courts in recent years have been securities group actions and this is only set to continue – Lloyds shareholder action and Tesco accounting misstatement group action The Netherlands – a jurisdiction where disgruntled European investors may seek relief, having been excluded from the U. S. class action system following the decision of the U. S. Supreme Court in Morrison v National Australia Bank (2010) – looks set to continue to move towards US-style class actions, having recently enacted further legislation, the Act on Redress of Mass Damages in a Collective Action ("WAMCA") 41

Class actions (cont) Cryptocurrency-related class actions – on 3 April 2020, 11 cryptocurrency-related securities class action lawsuits were filed in the Southern District of New York – The lawsuits target four crypto-asset exchanges and seven crypto-token issuers – The lawsuits accuse the issuers and exchanges of selling digital assets without registering them with federal or state regulators, and allege that the exchanges benefited financially from listing the unregistered assets 42

Class actions (cont) Non-securities class actions – consumer class actions in relation to breaches of data protection, environmental and health and safety laws Risks for directors – Indirect and direct exposures – Reputational risk – Criminal prosecution 43

Class actions / liability trends (cont) Use Case A German biotech holding company with a US operative entity sought to implement an international D&O programme. Insurers in Germany and the US offered fairly restrictive terms. The challenge was to integrate the new programme into existing coverage that was not renewed which led to several issues how retroactive coverage, ERPs and US exclusions for Side A claims operate. A Clyde & Co team from Germany, the US and the UK assisted the German and US UNIBA brokers in reviewing the exisiting coverage and the new offers, together with the UNIBA partners preparing a joint recommendation to the group legal and insurance teams at the German policyholder. 44

Class actions / liability trends (cont) Use Case II A German manufacturer (“hidden international champion”) asked broker for international solution for claims notifications for warranty claims by customers and international coordination of defending product liability claims and recalls. An international Clyde & Co team is developing new reporting forms together with the German broker, the insurer of the German master policy to reflect international standards and local specifics. Further, policyholder and broker propose that Clyde & Co is written into CGL policies as international defense counsel to guarantee global reach, local expertise and uniform claims handling standards. 45

Q&A 46

See you. . . 47 • At our virtual booth • Meet our local contacts • In Bangkok 2021!

440 2500 4000 50+ Partners Legal professionals Total staff Offices* worldwide * Includes associated offices Clyde & Co LLP accepts no responsibility for loss occasioned to any person acting or refraining from acting as a result of material contained in this summary. No part of this summary may be used, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, reading or otherwise without the prior permission of Clyde & Co LLP. © Clyde & Co LLP 2020