Management liability insurance is the policy most UK private companies reach for when the board wants a single line of defence covering the people who run the business, the entity itself, and the way it treats its workforce. It bundles Directors and Officers Liability (D&O), Employment Practices Liability (EPL) and Entity Cover into one contract with one insurer, one aggregate limit, and one notification process. Many wordings extend to Fiduciary Liability and Crime cover as well, particularly where the client operates a pension trust or handles material funds transfers.
This guide sets out what the bundle actually contains, who typically buys it, where the cover meets its limits, and the statutory framework that shapes both the policy and the risks it responds to. It is written for UK directors, finance leads and company secretaries deciding whether management liability is the right structure for their business — and, if it is, what a well-arranged programme looks like.
Management liability is not a single-peril policy. It is a modular contract combining three principal covers under one schedule.
Directors and Officers Liability (D&O) protects individual directors, officers and — in most modern wordings — senior managers acting in a management capacity, against claims alleging a wrongful act in their capacity as directors. The claim can come from a shareholder, a liquidator, an employee, a regulator, HMRC, a creditor, or a third party.
Employment Practices Liability (EPL) responds to claims from employees, former employees and (in some wordings) applicants and contractors, alleging wrongful acts in the employment relationship. The typical universe of triggers is set by the Employment Rights Act 1996 and the Equality Act 2010.
Entity Cover, sometimes called Company Reimbursement or Corporate Legal Liability, protects the company itself where it is joined to a claim against a director, or where a wrongful act is alleged against the entity in its own right.
Bundled together, these three components form the management liability core. A well-arranged policy typically adds crime cover and, where relevant, fiduciary liability and pension trustee cover on the same contract. Cyber, PI and public liability sit outside the bundle and are placed separately.
The typical buyer is a UK-incorporated private limited company with turnover between £2m and £100m, a small board (two to six directors), and an employee headcount running from a handful to a few hundred. Owner-managed businesses buy it for the personal-liability protection it gives family members on the board. Larger private companies buy it because the risk of an employment claim, an HMRC investigation on the finance director, or a shareholder dispute has grown beyond what the implicit company indemnity can absorb.
Sectors where uptake is high include professional services, technology, manufacturing, hospitality, retail, construction and any business whose growth path involves external investors — investors typically require a management liability programme as a condition of investment. Charities and clubs also buy the bundle, though the wording is often adapted for the trustee structure.
Buying D&O, EPL and entity cover as three standalone policies is possible and, for very large or complex companies, sometimes preferable because it allows more granular limit selection. For SMEs the bundle is usually the more efficient choice: single premium, single application, single insurer at notification, and typically a lower total cost than three parallel policies of equivalent limit.
Directors and Officers cover sits at the core of the bundle and is structured, in almost every modern UK wording, around three insuring agreements known as Sides A, B and C.
Side A responds to loss suffered by an individual director or officer where the company cannot indemnify them. The two situations that engage Side A most often are corporate insolvency (the company simply lacks the funds to indemnify) and a statutory prohibition on indemnification. Under section 232 of the Companies Act 2006, any provision by which a company directly or indirectly indemnifies a director against liability arising from negligence, default, breach of duty or breach of trust in relation to the company is void. Section 232 sets the outer boundary of what a company can promise to cover; Side A of a D&O policy fills the gap.
Side B reimburses the company when it has lawfully indemnified a director. Section 233 of the Companies Act 2006 expressly permits a company to purchase and maintain insurance for a director against liabilities that would otherwise fall foul of the section 232 rule; Side B is the mechanism by which that permission is put into practical effect. Section 234 addresses qualifying third-party indemnity provision (indemnity for liability incurred to persons other than the company), which sits alongside insurance rather than replacing it.
Side C — sometimes called "entity securities cover" — responds to securities claims brought against the company itself. It matters most to listed companies and to private companies contemplating an IPO or public debt issue. For most UK SMEs, Side C is either narrowly worded or excluded, because there is no listed security to which a securities claim can attach. Many management liability policies substitute a broader entity cover in place of Side C to catch the corporate-liability exposures that private companies actually face.
The claims that come through the door cluster around a small set of scenarios. Shareholder disputes — particularly minority-shareholder unfair prejudice petitions under section 994 of the Companies Act 2006 — are a recurring source of loss. Insolvency-related claims from liquidators or administrators pursuing directors for wrongful trading, misfeasance or transactions at an undervalue are another. Investigations by HMRC, the Insolvency Service and the Health and Safety Executive can generate substantial defence costs even where no personal penalty is ultimately imposed. Regulatory action following a data breach can name individuals as well as the company; the ICO's position on the insurability of penalties issued to individuals under UK GDPR remains uncertain and is best treated as a case-by-case question for the wording and the specific fact pattern.
Prosecutions under the Health and Safety at Work etc. Act 1974 — particularly the section 37 route by which senior officers can be held personally liable where an offence by the body corporate is committed with their consent, connivance or neglect — are another live exposure. Defence costs for a section 37 prosecution can be significant, and the personal reputational stakes are high.
Employment Practices Liability responds to employment-related claims brought against the company, the board or an individual manager. In UK terms, that means claims to an employment tribunal and, less commonly, civil claims in the High Court or County Court.
The statutory backdrop is the Employment Rights Act 1996 — the source of the unfair dismissal, wrongful dismissal and redundancy frameworks — and the Equality Act 2010, which sets out the nine protected characteristics and the discrimination, harassment and victimisation frameworks that apply across the employment relationship. EPL cover typically responds to defence costs (solicitor and counsel fees, tribunal costs) and to settlements and awards, subject to any regulatory-fine or exemplary-damages exclusion. Compensatory awards for unfair dismissal, discrimination and harassment are ordinarily insurable; punitive elements or specific statutory penalties may not be.
Retentions on the EPL section are usually higher than on D&O — commonly £5,000 to £25,000 for SME programmes — reflecting the higher frequency and lower per-claim severity of employment matters. Most modern wordings offer an "each claim" retention rather than an aggregate, and many include a "consent-to-settle" provision requiring the insurer's agreement before a matter is settled above a threshold.
Common EPL triggers include unfair dismissal following a poorly-managed disciplinary or performance process, direct or indirect discrimination on grounds of a protected characteristic, harassment (including third-party harassment and, since 2024, the extended employer duties on sexual harassment prevention), constructive dismissal claims arising from mishandled grievances, and equal pay claims. Redundancy processes — particularly collective consultation under section 188 of the Trade Union and Labour Relations (Consolidation) Act 1992 — are a recurring source of protective-award claims where consultation timelines are missed.
Entity cover protects the company itself where it is named in proceedings, either alongside a director or in its own right. It overlaps with Side B of the D&O section (which reimburses the company for indemnifying directors) and Side C (which responds to securities claims against the entity). A claim brought purely against the company, without any individual director being sued, can fall outside a narrow D&O policy and land in a coverage gap unless entity cover is present.
In UK SME wordings, entity cover often extends to the defence of investigations by regulators and enforcement bodies where the entity — rather than an individual — is the subject of the investigation. That includes HMRC investigations under Code of Practice 8 or 9, competition investigations under the Competition Act 1998, and information-notice or enforcement action by the ICO under UK GDPR and the Data Protection Act 2018.
Most modern management liability bundles include, either as standard or as an optional extension, a crime and fidelity section. It responds to direct financial loss suffered by the company from employee dishonesty, computer crime, funds transfer fraud and social engineering — the last of these now the most active head of claim as invoice-redirection and CEO-impersonation attacks have proliferated.
Two features of the crime section deserve attention when buying. First, the discovery basis: crime cover almost always operates on a "loss discovered" trigger rather than the "claim made" trigger that governs D&O and EPL. Losses discovered in the policy period are covered, wherever the underlying fraud occurred, subject to the retroactive date. Second, the social engineering sub-limit: many wordings offer a sub-limit rather than the full policy limit for social engineering losses, and it can be materially lower than the primary crime limit.
PI and management liability are frequently confused by professional-services buyers holding both. The distinction is the direction of the claim. PI responds to claims by clients (or third parties who relied on advice) that the insured provided negligent professional services — the trigger is external, arising from advice or work delivered to a client. Management liability responds to claims arising from the management of the business itself — how it treats employees, how it deals with shareholders, how directors exercise their statutory duties, how the entity handles regulatory enquiries. The trigger is internal.
A firm of accountants sued by a client for negligent tax advice looks to its PI policy. The same firm sued by a former employee for unfair dismissal, or by HMRC in an investigation of the partners personally, looks to management liability. Both policies are typically necessary; neither substitutes for the other.
Standalone D&O and the D&O component of a management liability bundle are structurally the same product — same three sides, same wrongful-act trigger, same defence-costs mechanics. The bundle differs in its structure around it: one insurer, one aggregate limit shared across D&O, EPL and entity cover, one notification, one premium. For most SMEs the bundle is more efficient, with a lower total premium than the standalone equivalents. The trade-off is a shared aggregate — a heavy EPL claim can erode limit that would otherwise have been available for a subsequent D&O matter. Larger companies with material exposures across more than one area sometimes prefer standalone policies for that reason. It is a sizing question rather than a matter of principle.
The standard exclusions across UK wordings track a small number of themes. Deliberate acts, dishonesty and criminal acts by the insured are excluded — but the exclusion typically applies only after final adjudication or admission, so defence costs are advanced pending the outcome of proceedings. Bodily injury and property damage sit outside the bundle; they belong to public and employers' liability. Prior known claims and circumstances notified under a previous policy are excluded, which is why continuity of cover through insurer changes needs careful handling.
Regulatory fines and penalties are excluded to the extent they are uninsurable as a matter of English public policy. Whether a particular penalty is insurable depends on the statute under which it is imposed and the case law that has developed around it; defence costs incurred in resisting a penalty are typically covered even where the penalty itself is not. Pollution, war and terrorism, and specifically-listed excluded activities are also typical carve-outs. Claims brought by or on behalf of a majority shareholder are often excluded to prevent the policy being used as a mechanism for one insured to sue another.
Underwriters rate off a handful of factors. Turnover is the primary base, with employee headcount close behind for the EPL section. Sector risk matters. Board composition is examined — presence of independent non-executives, the separation of chair and CEO roles, and the size of the board all bear on the rating. Prior claims history is decisive: a clean five-year record materially reduces the premium; a live employment tribunal claim or an open D&O notification materially increases it and can make the risk unplaceable at the required limit until the matter is resolved. Jurisdictional exposure is another significant driver: a UK company with US operations or US-based investors carries meaningfully greater management liability risk than a purely domestic operation.
Financial condition is scrutinised for the D&O section. Insurers use accounts filed at Companies House to look at gearing, working capital, going-concern statements and audit qualifications. A company approaching financial stress is a heightened D&O risk because insolvency is the single most common route to a Side A claim. We do not quote figures in this guide; every risk is priced individually and any indicative figure would be misleading.
For UK private-company management liability programmes, first-layer limits are commonly written between £1m and £5m, with £10m available and sometimes required for larger or higher-risk operations. Excess layers can be added to build the aggregate cover as needed. The limit is usually structured as a shared aggregate across D&O, EPL and entity cover, with a separate crime limit if crime cover is included.
Retentions vary by section. D&O Side A typically has a nil retention — the point of Side A is to protect the individual when the company cannot pay. Sides B and C carry retentions ranging from a few thousand pounds to £25,000 for SME programmes. EPL retentions are usually higher, often set between £5,000 and £25,000 each claim. Crime retentions vary widely with the sub-limit and the specific peril.
Placing management liability begins with a proposal form. Insurers ask for the last two or three years of audited accounts, a board list with dates of appointment, employee headcount split by function, a claims and circumstances history running back three to five years, details of any current or threatened litigation, and jurisdictional details including any US operations, subsidiaries or investors.
For commercial buyers the proposal is not simply an administrative form. Under section 3 of the Insurance Act 2015, the insured owes a duty of fair presentation of the risk before the contract is entered into. That means disclosing every material circumstance which the insured knows or ought to know, or providing sufficient information to put a prudent insurer on notice that it needs to make further enquiries. The presentation must be reasonably clear and accessible, and every material representation of fact must be substantially correct, with representations of expectation or belief made in good faith.
The consequence of breach — set out in Schedule 1 of the same Act — ranges from proportionate reduction of the claim to avoidance of the policy from inception, depending on whether the breach was deliberate or reckless. For a director signing a proposal form, the practical implication is straightforward: disclose material matters known to any part of senior management, including matters that might feel embarrassing to disclose. Under-disclosure at inception is the single most avoidable coverage failure in the management liability book.
Apex Insurance Brokers Limited (FCA firm reference 724952) arranges management liability programmes for UK private companies across professional services, technology, manufacturing, hospitality and general commercial sectors. Placement is on a whole-of-market basis across FCA-authorised insurers with appetite for SME management liability, and each account is handled by a named director-led team. Matthew Bartlett is the responsible senior manager under the Senior Managers and Certification Regime and holds SMF3, SMF16 and SMF17 approvals.
Our approach to the bundle is to review the three components — D&O, EPL and entity cover — against the specific board composition, employee profile and financial trajectory of the business, and to arrange cover that fits rather than a shelf product. Where crime, fiduciary or pension trustee cover is required, we place it on the same policy where possible to keep notification and administration simple.
A UK management liability policy typically bundles three covers into one contract: Directors and Officers Liability (protecting individuals against personal claims for wrongful acts in their management capacity), Employment Practices Liability (responding to employment tribunal and related claims from employees), and Entity Cover (protecting the company itself where it is named in proceedings). Crime and fiduciary cover are often added on the same policy. Defence costs are usually advanced as they are incurred.
A standalone D&O policy protects individual directors and officers but does not respond to employment claims against the company, and its entity cover is typically narrow. Companies with employees are exposed to employment tribunal claims a standalone D&O will not answer. Either an EPL policy must be added alongside the D&O, or a management liability bundle purchased to replace both. Which route is more efficient depends on the size and complexity of the business.
No. PI responds to claims by clients that the insured provided negligent professional services — the trigger is external, arising from advice or work delivered to a customer. Management liability responds to claims arising from the management of the business itself — employment matters, shareholder disputes, regulatory investigations, insolvency-related claims against directors. A professional-services firm typically needs both.
The sizing question turns on turnover, employee headcount, board composition, prior claims experience, sector risk, jurisdictional exposure (particularly any US footprint), and the requirements of external investors or lenders. UK SME programmes are commonly written with first-layer limits between £1m and £5m; larger or higher-risk businesses buy £10m and above. There is no universal answer; a sizing conversation with a broker who understands the specific risk profile is more useful than a rule of thumb.
The position is partial. Defence costs incurred by directors resisting an HMRC investigation or an assessment against them personally are typically covered under the D&O section. Whether the penalty itself is covered depends on the statute under which it is imposed and on English public-policy principles that limit the insurability of some regulatory penalties. Some penalties can be insured; others cannot. Any expectation that a specific penalty will be reimbursed should be tested against the policy wording and, where the position is uncertain, against legal advice specific to the fact pattern.
The core structure — D&O, EPL, entity cover — is the same. What differs is the weight given to Side C (entity securities cover), which matters materially to listed companies and much less to private companies whose shares are not publicly held. Listed-company D&O programmes are underwritten with securities-claim exposure at the front of the analysis; private-company programmes emphasise employment risk, shareholder disputes and insolvency-related claims. Pricing, retentions and wording all reflect the difference.
For the wider directors' and officers' framework, see the Apex pillar on the ultimate UK directors and officers insurance guide 2026. For the statutory duties of directors that sit behind D&O claims, see Companies Act 2006 directors' duties explained. For the employment-liability component in detail, see employment practices liability UK explained. For the boundary between PI and management liability, see professional indemnity vs management liability UK.
Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Firm reference number 724952. Registered in England and Wales, company number 07014570.