Increasing societal expectations and regulatory frameworks require vigilance against greenwashing and class actions. Emerging technologies such as AI bring new responsibilities that require robust risk management. Termination of bank-client relationships and insurance practices require transparent and fair approaches. Prioritising ethical behaviour and proactive risk management enables institutions to meet their duty of care amidst changing ESG dynamics.
#1 ESG and duty of care: companies must establish a clear ESG vision, differentiate legal risks from other factors, and allocate resources effectively
Looking ahead to 2030, a changing ESG-related landscape will require companies to establish and apply a firm vision on ESG, while at the same time incorporating sufficient flexibility to address future legal, societal, and geopolitical developments. As both pro- and anti-ESG pressure will increase, among others fuelled in part by litigation funding, companies should individually develop an understanding of their own potential duty of care. In doing so, companies would do well to distinguish between actual legal risks and actions that are driven by different, but potentially equally compelling factors such as their corporate identity, reputation and risk profile, and ethics. Such decision-making can be structured by considering the key drivers of an ESG-related duty of care, several of which were identified and discussed during the seminar. This should help companies to be clear about the underpinnings of their ESG strategy, to take genuine ESG risks seriously and allocate sufficient resources to them, and to get things done in their dealings with internal and external stakeholders.
#2 Greenwashing & prospectus liability: sustainability claims must be truthful and reliable
The prevention of greenwashing remains high on the agenda of financial institutions, as public scrutiny increases, and the regulatory framework tightens. In response, financial institutions should not resort to so-called ‘greenbleaching’ of their prospectuses. Rather, sustainability claims should be made in a fair and understandable way, including by providing context and limitations. To achieve this, institutions may consider guidance from relevant European and national supervisors, which often include practical case studies. However, regulatory compliance does not necessarily protect against civil liability for misleading sustainability claims. It is therefore important to effectively navigate civil liability risks in prospectuses and comply with the duty of care.
#3 Duty of care claims and class actions: financial institutions face broader collective action risks
The law on collective actions is changing, and this is affecting the financial sector. Traditionally, collective actions against financial institutions have focused on financial services and products. Today, financial institutions may also face collective actions in the areas of ESG, consumer law (unfair terms) and data protection. Using a case study, we have seen that any collectible breach of duty of care can potentially be the subject of a collective action. The playing field has become wider and, as a result, a collective action poses more risks for financial institutions. It is important to be aware of this development and to prepare your organisation in good time in the event of an impending class action.
#4 Duty of care towards third parties: raising awareness and considering the duty of care when updating policies and systems is good practice
The duty of care to third parties continues to evolve and remains relevant to the banks ‘daily practice. Banks are regularly accused of failing to pay sufficient attention to the actions of a client, resulting in potential adverse effects and damages to third parties. There are still significant thresholds before a duty of care to third parties arises, but once the threshold is reached it can be difficult to determine how to proceed. As the scope of the (to third parties) duty of care depends on the circumstances of each individual case, financial institutions may face dilemmas in balancing the interests of their clients with those of third parties and, increasingly, the public interest. In any event, to prevent breaches of the duty of care, it is good practice to raise awareness and consider the third-party duty of care when updating policies, processes, and systems, particularly in light of developments in the area of big data and AI.
#5 Data and AI: financial institutions must assess how to inform their customers, while remaining vigilant to potential risks and upholding their duty of car
With more data being generated every minute, AI is developing in a rapid pace, creating more opportunities for financial institutions to innovate. A fast and automated way to provide more personalised and tailored services is said to be the future. These developments put the duty of care in motion: real-time data generated from the client requires a continuous assessment of how to give substance to this duty, leaving financial institutions with questions such as when to inform and how to inform.
Furthermore, the use of data and technology is not without risk as AI technology is still evolving. Recent examples show that AI technology can be biased. While the product liability risk lies with the manufacturer of AI and not with its users, financial institutions may be exposed to contractual liability risks as AI, currently used as a facilitating tool, may become a leading tool in the future. Therefore, the duty of care of financial institutions should remain vigilant when looking at the data technologies that are yet to come.
#6 Termination of banking/credit relationships: banks must balance the right to terminate banking relationships with the duty of care towards clients
Banks regularly say goodbye to their clients. Sometimes the bank is obliged to do so, for example if it cannot carry out its customer due diligence under the Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft)). There may also be commercial reasons for termination, such as deteriorating creditworthiness or for policy reasons. According to the General Banking Conditions, a bank has in principle the right to terminate the banking relationship. However, this right is not unlimited: the bank cannot invoke termination if it is unacceptable according to standards of reasonableness and fairness. This requires a balancing of interests. In doing so, the bank must always take into account the interests of its clients on the basis of its duty of care. In order to avoid termination is not upheld in court, the following points are important: building up a solid file, hearing both sides of the argument, an individual weighing of interests, an intermediate step if possible, a termination letter stating all reasons for the termination, and a sufficiently generous notice period.
#7 Claims handling: insurers should navigate duty of care in claims handling to mitigate extended liability risks
Insurers may be liable for more than the sum insured if they breach their duty of care towards the insured. Under current case law, such duty of care is already presumed where the insurer abuses its investigative powers (very high threshold, rarely awarded) and in personal injury cases (more often awarded, but only limited immaterial damages). Despite this current state of case law, it is not inconceivable that this doctrine will be applied more widely in the future. In the context of settlement negotiations, conflicts may arise between the interests of the insurer and the insured. This may give rise to duty of care claims, as is currently the case in the US. From a risk mitigation perspective, key takeaways for insurers are to start investigating claims in a timely manner, to make an assessment of the minimum defensible liability exposure with the assistance of counsel, and to offer a contribution at least equal to the minimum defensible liability exposure.