The D&O Diary

The D&O Diary

A PERIODIC JOURNAL CONTAINING ITEMS OF INTEREST FROM THE WORLD OF DIRECTORS & OFFICERS LIABILITY, WITH OCCASIONAL COMMENTARY

Indiana Supreme Court: E&O Insurers Must Pay Settlement of Suits Alleging Health Insurer Dodged Medical Claims

Posted in D & O Insurance

indianaOn April 22, 2015, in a sweeping win for health insurer Anthem Inc., the Indiana Supreme Court held that excess reinsurers on the company’s self-insured E&O insurance program must pay the company’s costs of defending and settling allegations that it had improperly failed to pay, underpaid, or delayed paying medical reimbursement claims. The Court rejected the lower courts’ rulings that the underlying claims had not arisen out of acts that had occurred “solely” in Anthem’s rendering of, or failure to render, professional services. A copy of the Court’s opinion can be found here.

 

Background 

At the relevant time, Anthem was self-insured for errors and omissions liability. The company purchased policies from other insurers to reinsure its E&O liabilities. Under this arrangement, Anthem was its own primary and excess insurer, with certificates of reinsurance issued on the primary and excess policies. The reinsurance certificates were “follow form,” to Anthem’s primary policy – that is, they incorporated all of the terms and conditions of the primary policy. For simplicity’s sake, I refer below to the source of the applicable insurance contract language as “the policy.”

 

Starting in 1998, Anthem and other health insurers were hit with lawsuits alleging that the defendant companies had engaged in a pattern of failing to pay claims in a full and timely manner, in breach of certain agreements and several state and federal statutes. Anthem eventually settled its portion of the various lawsuits without admitting and instead denying any wrongdoing. In the settlement Anthem agreed to cash payments totaling $198 million and implementation of various agreed-upon business practices.

 

The primary reinsurer on Anthem’ E&O reinsurance program exhausted its coverage in payment of claim-related costs. The excess reinsurers denied coverage for defense costs and settlement amounts associated with the underlying claims. Anthem filed a lawsuit against the excess reinsurers. The trial court granted summary judgment in the excess reinsurers’ favor, holding that the underlying litigation had not arisen out of acts that had occurred “solely” in Anthem’s rendering of or failure to render professional services. An intermediate appellate court affirmed the trial court’s ruling. Anthem appealed to the Indiana Supreme Court.

 

The policy’s insuring agreement specifies that the excess reinsurers “shall pay Loss of the Insured resulting from any Claim or Claims … against the Insured … for any Wrongful Act of the Insured … but only if such Wrongful Act … occurs solely in the rendering of or failure to render Professional Services.” The policy defines “Professional Services” as “services rendered or required to be rendered solely in the conduct of the Insured’s claims handling or adjusting.”

 

The policy’s fraudulent acts exclusion precludes coverage for loss arising from “any dishonest or fraudulent act or omission” but the exclusion provides further that it “shall not apply to any Claim seeking both compensatory and punitive damages based upon or arising out of allegations of both fraud and bad faith rendering of or failure to render Professional Services.”

 

The April 22 Opinion

On April 22, 2015, in an opinion written by Justice Brett Dickson, the Indiana Supreme Court reversed the lower court’s rulings in most respects and entered summary judgment in Anthem’s favor except with respect to Anthem’s bad faith claims against the excess reinsurers, which claims the Supreme Court remanded to the trial court for further proceedings.

 

The excess reinsurers had argued that the alleged misconduct that was the basis of the underlying claim was “not committed in the performance of ‘professional services,’ much less ‘solely’ in the performance of professional services” as was required by the policy. The underlying claims alleged that after promising to pay doctors in a timely manner for rendering covered, medically-necessary services in accordance with standard medical procedures, Anthem engaged in an improper, unfair, and deceptive scheme designed to systematically deny, delay and diminish payments due. Essentially, the excess reinsurers were arguing that actually or allegedly engaging in such a scheme is not the delivery of professional services, and certainly did not “solely” involve the delivery of professional services, as more was involved the scheme than merely delivering or not delivering professional services.

 

The Indiana Supreme Court rejected this argument. The Court said that the policy “covers not only Anthem’s actions in adjusting and paying reimbursement claims from health care providers – but also its failure to do so.” The policy’s coverage provision’s use of the word “solely” operates, the Court said, “to prescribe coverage for Anthem losses resulting from claims for any wrongful acts that occur outside its rendering of such services.”

 

The wrongful acts alleged in the underlying claims, the Court said, “are clearly alleged wrongful acts by Anthem in the course of its claims handling and adjusting services and thus qualify as covered Wrongful Acts occurring in the rendering or failure to render Professional Services as specified in the insuring agreement,” adding the observation that the term Wrongful Act is broadly defined by the policy. The insuring agreement is “thus intended to provide professional liability coverage for losses resulting from claims alleging a broad range of wrongful conduct.”

 

The Court also rejected the excess reinsurers’ argument that the relief Anthem seeks is contractual or restitutionary in character, the insurance for which would be contrary to Indiana public policy. After reciting the principle under Indiana law that provides a “very strong presumption of enforceability” of contracts that represent the freely bargained agreement of the parties, the Court said that the excess reinsurers “fail to point to a declared public policy of this State that would bar Anthem’s recovery.” The court also found that there were non-contractual and non-restitutionary claims and that all contractual claim had been dismissed from the various cases by the time of settlement.

 

In addition, the Court rejected the excess insurers’ argument that coverage was precluded by the policy’s fraudulent acts exclusion, first because the exclusion requires “an ultimate factual determination” that dishonest or fraudulent act had occurred, and second,  because the underlying claims came within the exclusion’s provision preserving coverage for bad faith claims, which, the Court found, the underlying claims were – excepting only one portion of the underlying claims, with respect to which the Court said further proceedings were required in order to determine whether that portion of the underlying claims was the type of claim for which the coverage carveback clause preserved coverage.

 

Finally, the Court reversed the lower court’s entry of summary judgment in the excess reinsurer’s favor with respect to Anthem’s claims against them for bad faith. The Court said that further fact-finding was required in order to determine whether the excess reinsurer’s denial of coverage for Anthem’s claim “was unreasonable and lacking in any legitimate basis.”

 

Discussion

One of the recurring battleground issues in trying to establish coverage under an E&O insurance policy is the question of whether the underlying claim arises out of the insured’s rendering or failing to render professional services. This issue can be a particular problem where, as here, the relevant policy provision includes a narrowing qualifier like “solely.” The problem is that the world is never that tidy. All too frequently allegations spill over into other things, and that is the reason I have always disliked the inclusion of coverage restrictive policy terms like “solely.”

 

At least these days, the insuring agreement of the typical insurance company E&O policy would not include the word “solely.” The irony of this situation is that it Anthem itself was responsible for the language at issue, as it issued the policy with the operative language to itself. It was Anthem that included the word solely in the primary policy’s insuring agreement. (It is of course possible that the wording was the result of the reinsurers’ requirements.) In the end, the Supreme Court found that the narrowing language was not coverage preclusive here. But that was only after two different courts had concluded that the effect of the narrowing language was sufficient to preclude coverage.

 

It is hard to tell from the Supreme Court opinion alone what the characteristics of the underlying allegations were that would support the argument that there were not solely about the rendering or failing to render “claims handling and loss adjusting” services. At least based on the description of the underlying claim in the Supreme Court’s opinion, it sure does seem that what the underlying claim was about was supposed wrongful acts or omissions allegedly committed in connection with Anthem’s payment or nonpayment of claims.

 

The argument that the relief that Anthem sought was contractual or restitutionary in nature and therefore not covered under the policy is hard to gauge. The Supreme Court’s opinion states that the $198 million settlement consisted of Anthem’s agreement to make a $5 million contribution to a charitable foundation; a $135 million payment into a common fund from which affected class members could seek payment; and $58 million in attorneys’ fees. With respect to the $135 million part, I can see the argument that this amount either represents the payment of amounts owing under the health insurance contract or the payment of amounts due but withheld. I don’t know how much substance there would be to this argument. The portion of the Court’s opinion where this issue is discussed is kind of sketchy; it basically consists of the Court saying that the relief Anthem sought is not contractual or restitutionary.

 

Whatever the substance and merits of the excess reinsurers’ arguments might otherwise have been, the arguments didn’t make much traction with the Indiana Supreme Court. The Court’s opinion is without a doubt a policyholder friendly opinion. It is hard to read the opinion without getting the feeling that the Court was pretty much determined to find coverage. The Court as much as said as much when it emphasized the “very strong presumption of enforceability” of contracts. This sentiment worked in Anthem’s favor in this case, but could work against it the next time it is in court trying to resist a finding of coverage under one of its own policies.

 

One final thought about this case. This all began back in 1998. I don’t know for sure what the timing of all of the events relative to the (re)insurance coverage dispute has been but by any measure this has been going on for while. And – it isn’t over yet. The parties will now all head back to the trial court for further proceedings. Call it a hunch, but I am guessing that after their recent mishap in the Indiana Supreme Court, the excess reinsurers will try to close this case out as quickly as they can.

 

Securities Suits Hit Companies Using Stock Promoters

Posted in Securities Litigation

stockboardWhen plaintiffs’ lawyers filed a complaint against the company earlier this week, Cellular Biomedicine Group became the latest firm to be hit with a securities class action lawsuit relating to the company’s alleged use of a stock promotion firm. There were a number of companies hit with similar lawsuits last year, as I noted at the time, and there has been at least one other similar suit filed against another company within recent days. The allegations involved in these recent lawsuits are striking, as detailed below. These cases have important D&O insurance underwriting implications.

 

The most recent of these lawsuit filings involves Cellular Biomedicine Group. On April 21, 2015, a plaintiff filed a securities class action lawsuit in the Northern District of California against the company, its CEO and its CFO. Cellular Biomedicine is in the business of marketing and commercializing stem cell and immune cell therapeutics in the health care market in China. The complaint alleges that in reliance on paid stock promotion, the company achieved “an unsustainable $500 million stock valuation.” A copy of the plaintiff’s complaint can be found hereforcefieldenergycomplaint. The plaintiff’s lawyers’ April 22, 2015 press release about the complaint can be found here.

 

Specifically, the complaint alleges that on February 2, 2015, LifeTech Capital, a “purported biotechnology and medical technology investment bank” raised their target price on the company’s stock with a “Strong Speculative Buy” rating. Then on April 7, 2015 a report appeared on Seekingalpha.com that among other things said that the company was “another worthless Chinese reverse merger using paid stock promotion.”

 

The Seeking Alpha article cites a detailed litany of charges against the company, alleging not only that the company’s share price increase had been achieved by paid promotion, but also that the company’s technology had “experienced patient deaths,” that its founders face “dishonesty allegations,” and that the company faces “multiple accounting and financial integrity issues.” The complaint alleges that the company’s stock promotion scheme included “dozens of published articles and news reports” and that the company never disclosed its promotional campaign.

 

The complaint against Cellular Biomedicine followed just days after a lawsuit was filed ForceField Energy that raises even more sensational allegations. On April 17, 2015, a plaintiff filed a securities class action lawsuit in the Southern District of New York against ForceField and certain of its directors and officers, as well as two stock promotion firms. A copy of the complaint can be found here. A copy of the plaintiff’s lawyers’ April 17, 2015 press release can be found here.

 

The company designs, licenses and distributes alternative energy products in China and the United States. The complaint alleges that beginning in September 2013, the company retained MissionIR, which is alleged to be a securities advisor and investor relations firm and an affiliate of The DreamTeam Group (DTG). The complaint alleges that under the direction and control of ForceField and the individual defendants, DTG and Mission IR “began to tout” ForceField’s stock, as part of which the two PR firms “conducted a massive promotional campaign, which included publishing articles or news reports and making various statements through social media outlets.” The articles did not disclose that they were “authored by paid promoters under the control of ForceField.”

 

A March 20, 2014 Fortune article (here) first raised questions about the relationship between the stock promoters and ForceField. On April 15, 2015, Seeking Alpha published an article (here) which detailed the relationship between ForceField and DTG. Among other things the article alleged that DTG publications and statements had caused ForceField’s stock to hit all time highs. The article also alleges that the top three ForceField managers have “extensive ties to past fraudulent companies that have gotten into substantial trouble, including investigations by the SEC, FBI, the U.S. Senate and the Canadian Federal Government.” The article also details ForceFIeld’s CEO’s and Chairman’s involvement with various prior companies that have been accused of fraudulent activity (the details of these prior enterprises are quite something in and of themselves).

 

The developments after the Seeking Alpha article about ForceField appeared involved more than the filing of a class action lawsuit. In an April 20, 2015 filing on Form 8-K, ForceField disclosed that its Chairman had resigned, and that the cause of this resignation was that he had been arrested on April 17, 2015. As detailed in an April 20, 2015 Bloomberg article (here), the Chairman was “charged by U.S. officials with scheming to boost the company’s share price in part by making secret payments to conspirators through a firm based in Belize.”  The April 20, 2015 press release of the Office of the U.S. Attorney for the Eastern District of New York about the Chairman’s arrest can be found here.

 

It isn’t hard to guess the motives of those company officials that might resort to using paid stock promoters. Just the same, you do have to wonder what they are thinking, because it is pretty clear that when a small stock’s share price starts skyrocketing, it attracts attention. Indeed, the author of Seeking Alpha column about Cellular Biomedicine even explains the stock price screening tool he uses to identify companies whose share price is moving suspiciously. It does seem that companies whose share prices move as a result of the efforts of paid stock promoters are going to attract the attention of market watchers, such as the authors on Seeking Alpha.

 

It also seems, as these cases demonstrate, that companies relying on stock promoters to try to drive their share price are going to get hit with securities class action lawsuits, a point that is reinforced by my earlier post about companies using stock promoters. Indeed, as I detail in my prior post, there is a growing list of companies that, like ForceField, used the DreamTeam group and that have been hit with securities suits.

 

The obvious lesson for D&O underwriters is that is that it would be a good idea to find out if a prospective account they are considering has used the services of a stock promotion firm. A more detailed question would specifically ask about the company’s use of The DreamTeam Group and the other stock promoters that have been identified as these various companies have cratered and attracted securities lawsuits. It is pretty clear that using stock promotion firms is not only a very questionable business practice, it is a clear marker for securities class action litigation risk.   The fact that both of the companies described above were built around business operations in China seems like yet another factor to consider.

 

Early Returns on Omnicare: When the U.S. Supreme Court handed down its decision in the Omnicare case a few weeks ago (as discussed here), there was a lot of speculation about the possible impact of the decision on securities class action litigation. In an April 20, 2015 memo entitled “The Supreme Court’s Recent Omnicare Decision Already Netting Big Results For Issuers” (here), the Troutman Sanders law firm reviews the decision and examines the impact that decision has been having so far in the lower courts.

 

Among other things, the law firm’s memo notes that “although the Omnicare decision is less than a month old, it is already having an impact on pending Section 11 claims.” The memo’s authors also note that “other courts have relied on Omnicare to dismiss claims asserted under Sections 10(b) and 18 of the Securities Exchange Act of 1934.” The memo concludes by noting that the early returns suggest that “Omnicare could have a substantial impact on the overall landscape of securities litigation.”

 

More About Minimum-Stake-to-Sue Bylaws: As I have noted in numerous prior posts, one of the more significant recent developments in the corporate and securities litigation arena has been the rise of litigation reform bylaws, particularly forum selection bylaws and fee-shifting bylaws. Along with these more frequently discussed types of bylaws has been another type of litigation reform bylaw, the minimum stake-to-sue bylaw.

 

In an earlier post (here), I discussed the litigation that has arise in Florida in connection with Imperial Holding Group’s newly adopted bylaw that require shareholders to deliver written consents representing at least three percent of the company’s outstanding shares in order to bring a class action or derivative suit.

 

The litigation about the company’s bylaw has apparently just taken a substantial notch upward. As Alison Frankel details in an April 21, 2015 post in her On the Case blog (here), the plaintiff in the dispute has filed a new lawsuit in federal court, in which the plaintiff alleges, among other things, that the company’s disclosures in its latest proxy statement violate the federal securities laws. The complaint seeks an injunction barring the use of the bylaw. A copy of the federal court complaint can be found here.

 

As Frankel details in her blog post, there is a lot of bad blood between the sides in this dispute, but the case at least does hold out the possibility of a determination of the validity of yet another variety of litigation reform bylaw. At stake is the question of whether smaller shareholders of companies that adopt this bylaw will still be able to file traditional corporate and securities lawsuits against company officials. Stay tuned, this case potentially could be worth watching.

Advisen Report: Decline in Corporate and Securities Lawsuit Filings Continued in First Quarter

Posted in Securities Litigation

PrintThe recent trend toward declining numbers of corporate and securities lawsuit filings continued in the first quarter of 2015, according to a report from the insurance industry information firm, Advisen. If the level of activity in the year’s first quarter were to continue for the rest of the year, the number of new corporate and securities lawsuits would approach pre-crisis levels. The report, entitled “D&O Claims Trends: Q1 2015” can be found here.

 

Unlike other published reports which track only securities class action lawsuit filings, the Advisen report tracks a wide variety of types of corporate and securities lawsuit filings (including but not limited to securities class action lawsuit filings). However, the Advisen report uses its own peculiar terminology in describing the various categories of lawsuits; as a result, the report must be read with caution.

 

As Advisen has detailed in prior reports, the annual numbers of new corporate and securities lawsuit filings has declined for the past three years, as the wave of lawsuit filings associated with the financial crisis subsided. Based on the levels of corporate and securities lawsuit filings during the first quarter of 2015, it appears that this “downward trend may continue for at least one more year.” The overall number of new corporate and securities lawsuit filing during the first quarter was nine percent below the number in the first quarter of 2014 and 11 percent below the fourth quarter of 2014.

 

Exhibit 1 to the report shows that if the first quarter 2015 filings are annualized, the projected year end total number of filings would be at the lowest level since 2009 and only slightly above levels last seen in 2008.

 

Not all types of lawsuits declined during the quarter. While the number of derivative lawsuits, merger objection lawsuits, and securities class action lawsuits declined during the year, the number of lawsuits that the report categorizes as “capital regulatory actions,” “securities individual actions,” and fiduciary duty lawsuits all declined during the quarter.

 

Among the various types of lawsuits that Advisen tracks, the category with the highest number of new lawsuits in the first quarter was what the report calls “capital regulatory actions” (essentially, regulatory enforcement actions). These types of suits represented 62 percent of all recorded events. This elevated level of activity in the first quarter follows the year just completed, in which these types of actions also increased relative to the prior year. The report suggests this increased number of enforcement actions may be the “direct result” of the financial fraud task force that SEC Chair Mary Jo White created in 2014.

 

The number of securities class action lawsuit filings in the first quarter of 2015 (42) was essentially flat compared to the first quarter of 2014 (43).There was a time before the financial crisis when securities class action lawsuits represented as much as a quarter of all of annual corporate and securities class action filings. In more recent years, the number of securities class action filings as a percentage of all corporate and securities lawsuit filings fell to as low as ten percent, in 2011. Since that time, this percentage has inched upward; in 1Q15, securities class action lawsuits represented 14 percent of all corporate and securities suit filings.

 

The number of derivative lawsuit filings has also been declining since 2011. The downward trend apparently will continue in 2015. There were only 22 derivative lawsuit filings in the first quarter, compared to 55 in the first quarter of 2014 and 31 in the fourth quarter of 2014.

 

The number of new merger objection lawsuit filings also decreased in the first quarter of 2015, following a declining trend that has spread across the past three years. There were only 33 new merger objection lawsuit filings in the first quarter of 2015, compared with 60 in the first quarter of 2014. The report does not benchmark the number of merger objection lawsuits against the level of merger activity, so the report’s absolute filings numbers say nothing about the whether the rate of merger objection lawsuit filing activity is going up or down.

 

Another possible explanation for the decline in merger objection suits is the increasing prevalence of forum selection bylaws. These types of bylaws, which the Delaware courts validated in 2013, not only could be reducing the incidence of multi-jurisdiction merger litigation, but it could be dampening the overall number of merger objection lawsuits filed, and could also explain in part the decline in derivative lawsuit filings.

 

More companies in the financial services sector were hit with new corporate and securities lawsuits in the first quarter of 2015 than any other sector. Thirty percent of all companies named in corporate and securities lawsuits in the first quarter were in the financial services sector.

 

New actions (filed both in the U.S. and outside the U.S.) against companies domiciled outside the U.S. as a percentage of all new corporate and securities lawsuits rose to the highest level in ten years during the first quarter of 2015. Sixteen percent of all corporate and securities lawsuits filed in the first quarter of 2015 involved non-U.S. companies, compared to only 14 percent in 2014 and only ten percent as recently as 2009.

 

In considering why the overall numbers of corporate and securities lawsuits has been declining in the recent years compared to the filing levels seen during the financial crisis, the report suggests, among other things, that the decline may be due to “less financial crisis-related litigation” and to “ fewer public company targets.” Both of these considerations are important factors. I would add a couple of other factors that may be affecting the overall filings level; the elevated levels of the financial markets; the relatively healthy level of the overall economy (especially compared to the financial crisis years) and low interest rates (which reduce borrowing costs, putting less pressure on corporate income statements and balance sheets). Also, as noted above, forum selection bylaws may be reducing the curse of multi-jurisdiction litigation, which may be contributing to the lower numbers of merger objection and derivative lawsuits that are being filed.

 

Advisen Webinar, Thursday April 23, 2015: On Thursday, April 23, 2015, at 11 am EDT, I will be participating in a free, hour-long Advisen webinar, in which the first quarter claims trends will be discussed. The webinar discussion panel will also include Ben Fidlow of Willis; Brian Stoll of Towers Watson; and Jim Blinn of Advisen. Information about the webinar, including registration instructions, can be found here.

Guest Post: Cybersecurity Enforcement: The FTC Is Out There

Posted in Cyber Liability

weilAlong with the disruption and the reputational damage, a company experiencing a data breach can also find itself attracting the unwanted attention of regulators. Among the federal regulators that has proven to be active in data breach arena has been the Federal Trade Commission. In the following guest post, Robert Carangelo, Eric Hochstadt, and Gaspard Curioni of the Weil Gotshal law firm take a look that the FTC’s cybersecurity enforcement authority and actions, as well as the agency’s track record so far. A version of this guest post previously was published as a Weil client alert.

 

I would like to thank Robert, Eric and Gaspard for their willingness to publish their post on my site. I welcome guest post submissions from responsible authors on topics of interest to readers of this site. Please contact me directly if you would like to submit a guest post. Here is Robert, Eric, and Gaspard’s guest post.

 

**********************************************

 

The continued occurrence of serious data breaches, including the hack of Sony Pictures that resulted in the canceled theatrical release of The Interview, a satirical film about North Korean leader Kim Jong-un, and the Target data theft impacting up to 110 million consumers and several financial institutions, has put a spotlight on issues of cybersecurity and the protection of sensitive personal information. With public pressure mounting due to this growing threat, Congress is considering legislative action to bolster American businesses’ resilience to cybersecurity attacks and data theft.[i] But while the political process on Capitol Hill unfolds, other branches of the federal government have not remained idle. In the executive branch, the Federal Trade Commission (FTC) has stepped up its consumer protection enforcement activity in this area and has pursued actions against companies that the agency deems do not sufficiently protect personal data.

 

Overview of the FTC’s Cybersecurity Enforcement Authority and Actions

While the FTC has brought more than 50 enforcement proceedings in the past 15 years relating to data security, the pace of FTC activity has picked up in recent years.[ii] The bulk of the agency’s enforcement has been carried out through administrative actions, which in almost all instances[iii] have been resolved through consent orders that impose data security measures and long-term supervision by the FTC. The remaining dozen or so cases brought by the FTC have been filed in federal courts pursuant to the agency’s injunctive authority under section 13(b) of the Federal Trade Commission Act (FTC Act). As discussed further below, the FTC has brought such an enforcement action against the Wyndham hotel group, a case pending at the Third Circuit which is expected to address the reach of the FTC’s authority in this area. As with administrative actions, the overwhelming majority of these cases settle shortly after filing. For companies under investigation, early settlement may be driven by, among other considerations, a desire to avoid protracted litigation with a federal agency. Administrative and judicial proceedings involve intrusive and costly discovery[iv] and can take years to resolve.[v]

 

The FTC’s enforcement authority derives principally from the FTC Act.[vi] Under section 5(a) of the FTC Act, the FTC may take action against “unfair or deceptive acts or practices in or affecting commerce.” Historically, the agency has leveraged the FTC Act’s “deception” prong to challenge allegedly false data security representations made by companies. Up until 2014, all but one cybersecurity civil action brought by the FTC and more than half of FTC data security administrative actions invoked the deception prong.[vii] More recently, the FTC has challenged cybersecurity practices under the “unfairness” prong of section 5 of the FTC Act. In these enforcement actions, the FTC has developed minimum cybersecurity standards for companies that collect personal information, even in the absence of any allegedly false representations concerning data security.

 

Many data security vulnerabilities have drawn the agency’s attention as being “unfair” to consumers, including companies’ alleged failure to:

1) set up robust log-in protocols;[viii]

2) protect against “commonly known or reasonably foreseeable attacks from third parties attempting to obtain access to customer information;”[ix]

3) encrypt data;[x] and

4) provide cybersecurity training.[xi]

Through its consent decrees, the FTC has detailed the various steps that companies must implement to remedy these deficiencies. The typical consent orders, which usually last for 20 years, prohibit prospective misrepresentations concerning data security and prescribe affirmative security measures. A central requirement is the establishment of a comprehensive information security program with administrative, technical, and physical safeguards suitable for the company and the type of protected data. Further, the consent orders usually require independent risk assessments from information technology and security professionals, as well as periodic reporting of the findings to the FTC. Companies must also document their compliance efforts and report material changes affecting their obligations to the agency.

 

FTC v. Wyndham Worldwide Corp.

There has been little judicial scrutiny of the FTC’s exercise of its section 5 power in the cybersecurity space. A notable exception is FTC v. Wyndham Worldwide Corp.,[xii] a case which may at last provide much-needed clarification about the scope of the FTC’s authority to impose cybersecurity standards in the absence of substantive statutes or regulations on the subject.

 

In June 2012, the FTC sued Wyndham, alleging that it failed to maintain “reasonable and appropriate” data security measures. The failure purportedly allowed hackers to gain access to its computer networks, which resulted in the compromise of more than 500,000 payment card accounts and fraudulent charges on hotel guests’ accounts. Because Wyndham allegedly misrepresented that it had implemented reasonable data protection measures on its website, the agency claimed that Wyndham had engaged in deceptive practices under section 5 of the FTC Act. However, the FTC did not stop there. It also claimed that Wyndham violated the unfairness prong of section 5 by failing to implement “reasonable and appropriate” data protection measures in the first place.

 

In seeking dismissal of the unfairness claim, Wyndham contended that section 5’s unfairness prong did not confer the FTC with rulemaking authority over data security. A New Jersey federal judge rejected that argument in April 2014, given section 5’s broad language and the absence of any statutory command carving out cybersecurity from the FTC’s purview. But because of the novelty and importance of the issue, the judge certified the question for immediate appeal to the Third Circuit. On appeal, Wyndham argued that a business’s failure to take “reasonable and appropriate” cybersecurity measures was not an unfair practice under section 5, as it was not an attempt to take advantage of customers; rather, a cyber-attack harmed the company. Wyndham also faulted the FTC for failing to adequately specify what were “reasonable and appropriate” cybersecurity practices. During oral argument on March 3, 2015, the Third Circuit panel questioned whether the unfairness prong covered nonfraudulent negligent cybersecurity conduct and whether the FTC could directly bring an action in court without first issuing cybersecurity rules through rulemaking or adjudication. The court heard oral arguments on the latter issue on March 27, 2015. The upcoming ruling by the Third Circuit will likely provide greater clarification about the scope of the FTC’s unfairness authority over cybersecurity practices.

 

Parallel and Follow-On Litigation

To date, the FTC’s enforcement actions in the cybersecurity arena have not led to a wave of private follow-on litigation. One possible explanation is that the FTC Act, unlike the federal antitrust statutes enforced by the FTC, does not confer a private right of action. Enforcement targets must nevertheless be vigilant. Even if not subject to private litigation under the FTC Act, cybersecurity practices that the FTC deems unfair or deceptive can also lead to private follow-on class action litigation by consumers and other affected parties under state laws, such as consumer protection statutes or specific state data security statutes.[xiii]

 

The CBR Systems controversy is one such example of parallel FTC enforcement and private consumer litigation. CBR is a California-based company that stores stem cells from umbilical cord blood and tissue. In December 2010, a thief broke into a CBR employee’s car and stole a backpack containing a company laptop computer and other electronic storage devices that allegedly held unencrypted personal information on about 300,000 CBR clients, including their names, addresses, social security numbers, medical history, and payment details. The FTC opened an investigation and ultimately filed an administrative complaint in January 2013, asserting that CBR had engaged in deceptive practices by failing to protect its customers’ personal data. Shortly after, CBR entered into a 20-year consent order in which it agreed to establish and maintain a comprehensive information security program, be subject to monitoring from an independent auditor, and report periodically to the FTC about its cybersecurity efforts.[xiv] But the FTC consent order did not end CBR’s travails. In January 2012, clients of CBR filed a putative class action under California privacy and unfair competition law. The case settled in February 2013, with CBR agreeing to reimburse affected clients for identity theft-related losses, pay for class members’ two-year subscription to a credit monitoring program, and pay $600,000 in attorneys’ fees. The full value of the class settlement was estimated at $112 million.[xv]

 

Companies must also watch out for parallel litigation by state attorneys general. Snapchat’s case is illustrative. Snapchat’s mobile messaging application allows users to send photo and video messages (termed “snaps”) that the company claims disappear very shortly after being sent. Despite the claimed “ephemeral” nature of the snaps, recipients were able to use third-party tools to save the snaps indefinitely. In May 2014, the FTC filed a complaint against Snapchat, alleging that the company made false representations about the disappearance of the snaps, the collection of users’ personal data, and the robustness of its data security. Based on these allegations, the FTC asserted that Snapchat had engaged in deceptive practices under section 5 of the FTC Act. In May 2014, Snapchat agreed to settle with the FTC. The consent order prohibited misrepresentations about the company’s data privacy and security, required Snapchat to establish a comprehensive privacy program, and imposed independent monitoring and reporting obligations for 20 years.[xvi] While the FTC enforcement action was pending, the Maryland attorney general advanced similar allegations against Snapchat and claimed violations of Maryland consumer protection law and COPPA. Snapchat agreed to pay $100,000 and take corrective measures in a June 2014 settlement with Maryland.

 

Finally, FTC investigations and enforcement proceedings may expose companies to follow-on litigation beyond the consumer protection context. For example, as a result of the FTC’s enforcement action against Wyndham, the company was hit with a shareholder derivative suit which alleged that Wyndham’s directors and officers failed to implement adequate data-security measures and timely disclose the data breaches.[xvii] Although the lawsuit was ultimately dismissed at the pleading stage, the case shows the potential spillover effect of FTC enforcement proceedings. A comprehensive defense strategy should include close coordination between data protection and securities counsel.

 

Conclusion

Cybersecurity law enforcement is growing. While legislative momentum is building toward formulating federal data security standards, the FTC has continued to use its enforcement authority over unfair and deceptive trade practices to bring cases against companies with allegedly substandard data security practices. Critics point out that the agency does not have any regulatory authority over data security and that the general principles contained in its various consent orders do not provide sufficient guidance to the industry. The Third Circuit is expected to develop the law in this area in the coming months, but it undoubtedly will not be the final word. In the meantime, companies are well advised to bolster their cybersecurity practices and get ahead of any issues that could subject them to the full panoply of FTC enforcement action followed by state regulatory or private class action litigation.

 _________________________________

[i] See Discussion Draft (Mar. 20, 2015), Data Security and Breach Notification Act of 2015, H.R. ___, 114th Cong. (2015); Personal Data Privacy and Security Act of 2014, H.R. 3990, 113th Cong. (2014).

[ii] Legal Resources, Filtered by Type (Case) and Topic (Data Security), Fed. Trade Comm’n, https://www.ftc.gov/tips-advice/business-center/legal-resources?type=case&field_consumer_protection_topics_ tid=249 (last visited Apr. 1, 2015). Based on a review of publicly available data on the FTC website, twice as many administrative proceedings and court cases were initiated in the last five years as in the previous ten years. See id. A record number – seven administrative proceedings and two federal court cases – were brought in 2014 alone. See id.

[iii] Only one company, LabMD, Inc., has refused to enter into a consent decree with the FTC. See id. The FTC filed an administrative complaint against the company for its alleged failure to establish reasonable data security measures to protect customer information. After the FTC denied LabMD’s motion to dismiss, the company sought review of the decision in federal court. The Court of Appeals for the Eleventh Circuit ultimately rejected LabMD’s challenge as unripe because the FTC’s decision was a non-final agency action. The case has been remanded to the FTC and is currently pending before an administrative law judge. See Case Timeline, In re LabMD, FTC File No. 102 3099, Fed. Trade Comm’n, https://www.ftc.gov/enforcement/cases-proceedings/102-3099/labmd-inc-matter (last updated Feb. 24, 2015).

[iv] See 16 C.F.R. §§ 3.31-40 (setting out the methods, scope, and types of discovery in FTC administrative proceedings).

[v] See Case Timeline, In re LabMD, supra note iii.

[vi] In addition, the FTC is entrusted with enforcing the privacy and data security provisions of specific statutes. Before the creation of the Consumer Financial Protection Bureau in 2011, the FTC was responsible for enforcing the Fair Credit Reporting Act (FCRA) – which ensures that credit reporting agencies protect consumers’ private information – and the Gramm-Leach-Bliley Act (GLBA) – which obliges financial institutions to ensure the security of customer records. Also, the FTC administers the Children’s Online Privacy Protection Act of 1998 (COPPA), which requires Internet companies to obtain parental consent for the collection, use, and disclosure of children’s personal information. Finally, the Safe Harbor Framework program, which allows companies to transfer personal data between the United States and the European Union, provides for FTC enforcement against companies that fail to comply with the program’s requirements.

[vii] See Legal Resources, supra note ii.

[viii] See, e.g., Complaint at 2, In re TJX Cos., FTC File No. 072-3055, Docket No. C-4227 (F.T.C. July 29, 2008), available at https://www.ftc.gov/sites/default/files/documents/cases/2008/08/080801tjxcomplaint.pdf.

[ix] Complaint at 6, United States v. RockYou, Inc., No. 3:12-cv-01487 (N.D. Cal. Mar. 26, 2012).

[x] See, e.g., Complaint at 9, FTC v. LifeLock, Inc., No. 2:10-cv-00530 (D. Ariz. Mar. 9, 2010).

[xi] See, e.g., Complaint at 2, In re EPN, Inc., FTC File No. 112 3143, Docket No. C-4370 (F.T.C. Oct. 3, 2012), available at https://www.ftc.gov/sites/default/files/documents/cases/2012/10/121026epncmpt.pdf.

[xii] No. 2:13-cv-01887 (D.N.J. transferred Mar. 26, 2013). After denying Wyndham’s motion to dismiss, the district court certified its order for interlocutory appeal on June 23, 2014. The case is currently pending before the Third Circuit Court of Appeals. See FTC v. Wyndham Worldwide Corp., No. 14-3514 (3d Cir. argued Mar. 3, 2015).

[xiii] See, e.g., Notice of Removal, Johansson-Dohrmann v. CBR Systems, Inc., No. 3:12-cv-01115 (S.D. Cal. May 7, 2012), ECF No. 1-3 (attaching the class action complaint originally filed in state court, which alleged violations of the California Confidentiality of Medical Information Act and Unfair Competition Law, among other causes of action).

[xiv] Decision & Order, In re CBR Systems, Inc., FTC File No. 112 3120, Docket No. C-4400 (F.T.C. Apr. 29, 2013), available at https://www.ftc.gov/sites/default/files/documents/cases/2013/05/130503cbrdo.pdf.

[xv] See Order Granting Final Approval of Class Action Settlement, Attorneys’ Fees, Costs, and Incentive Award, Judgment and Dismissal, Johansson-Dohrmann, No. 3:12-cv-01115 (July 24, 2013), ECF No. 35.

[xvi] Decision & Order, In re Snapchat, Inc., FTC File No. 132 3078, Docket No. C-4501 (F.T.C. Dec. 23, 2014), available at https://www.ftc.gov/system/files/documents/cases/141231snapchatdo.pdf.

[xvii] See Palkon v. Holmes, No. 2:14-cv-01234, 2014 WL 5341880, at *6 (D.N.J. Oct. 20, 2014).

D&O Insurance: Insured That Settled Underlying Claim Without Insurer’s Consent Cannot Sue the Insurer for Breach of Contract or Bad Faith

Posted in D & O Insurance

GaThe Georgia Supreme Court has held that where a policyholder settled an underlying claim without its D&O insurer’s consent, the policyholder cannot sue the carrier for breach of contract or for bad-faith failure to settle. The Court, applying Georgia law, entered its opinion in the case based on questions certified from the United States Court of Appeal for the Eleventh Circuit. The Georgia Court’s April 20, 2015 opinion can be found here. As discussed below, this ruling potentially creates problems for a policyholder that believes the insurer has unreasonably withheld its consent.

 

An April 20, 2015 post on the Executive Summary Blog about the Georgia Supreme Court’s opinion can be found here.

 

Background

At the relevant time, Piedmont Office Realty Trust had a $20 million D&O insurance program, consisting of a primary D&O insurance policy with a $10 million limit of liability and an excess D&O insurance policy with a $10 million.

 

Piedmont was sued in a securities class action lawsuit. After protracted proceedings, the district court entered summary judgment in the defendants’ favor in the securities class action lawsuit. The plaintiffs filed a notice of appeal. While the appeal was pending, the plaintiffs and Piedmont agreed to mediate the plaintiffs’ claim.

 

By this time, Piedmont’s defense expenses had already exhausted the $10 million limit of the primary policy, as well as another $4 million of the excess policy. Piedmont sought its excess D&O insurer’s consent to settle the claim for the $6 million remaining under the excess policy’s limit. The excess insurer agreed to contribute $1 million toward the settlement. Without obtaining the excess insurer’s consent, Piedmont agreed to settle the underlying lawsuit with plaintiffs for $4.9 million. The district court approved the settlement. Piedmont demanded that the excess insurer provide coverage for the full settlement amount. The excess carrier refused.

 

Piedmont filed a lawsuit in federal district court for breach of contract and for bad faith failure to settle. The district court dismissed the coverage lawsuit and Piedmont appealed the district court’s ruling to the United States Court of Appeals for the Eleventh Circuit. The 11th Circuit certified several questions of law to the Georgia Court of Appeals.

 

The D&O policy at issue incorporated a “consent to settle clause,” which provides that “No Claims expenses shall be incurred or settlements made, contractual obligations assumed or liability admitted with respect to any claim without the insurer’s written consent, which shall not be unreasonably withheld. The insurer shall not be liable for any claims expenses, settlement, assumed obligation or admission to which it has not consented.”

 

The D&O policy also incorporated a “no action” clause, which provides that “No action shall be taken against the insurer unless, as a condition precedent thereto, there shall have been full compliance with all of the terms of the policy, and the amounts of the insureds’ obligation to pay shall finally have been determined either by judgment against the insureds after actual trial, or by written agreement of the insureds, the claimant and the insurer.”

 

The April 20, 2015 Opinion         

 

In an April 20, 2015 opinion written by Chief Justice Hugh P. Thompson, the Georgia Supreme Court unanimously held, in reliance on its 2009 ruling in Trinity Outdoor LLC v. Central Mut. Ins. Co., that in light of the “unambiguous” policy provisions, Piedmont is precluded from pursuing this action against the excess insurer because the excess insurer did not consent to the settlement and because Piedmont “failed to fulfill the contractually agreed upon condition precedent.”

 

In reaching this conclusion, the Court noted that “the plain language of the insurance policy does not allow the insured to settle a claim without the insurer’s written consent,” and also provides that the insurer shall only be liable for a loss which the insured is legally obligated to pay. In addition, the policy’s no-action clause “stipulates that the insurer may not be sued unless, as a condition precedent, the insured complies with all of the terms of the policy and the amount of the insured’s obligation to pay is determined by a judgment against the insured after a trial or a written agreement between the claimant, the insured and the insurer.”

 

The court also rejected a number of Piedmont’s arguments, including one based on the contention that these principles should not apply because the district court had approved the settlement. The court said that Piedmont could not settle the underlying lawsuit without the excess insurer’s consent – “in breach of its insurance contract” – and then “after breaching the contract, claim that the district court’s approval of the settlement imposed upon [the excess insurer] a distinct legal obligation to pay the settlement on Piedmont’s behalf.”

 

Because the excess insurer was providing Piedmont with a defense, the Court also rejected Piedmont’s argument that Piedmont was estopped from insisting that Piedmont needed to obtain insurer’s consent to settle, because the insurer did not “wholly abandon” Piedmont.

 

Finally, the Court declined to follow decisions of other court which had held that an insured who settles a lawsuit in violation of a no-action clause can still bring a bad faith claim against the insurer, saying that this is “not the law of Georgia.”

 

The Court concluded by saying that absent the excess insurer’s consent to the settlement, “under the terms of the policy, Piedmont could not sue [the excess insurer] for bad faith refusal to settle the underlying lawsuit in the absence of a judgment against Piedmont after an actual trial.”

 

Discussion

At the point where Piedmont asked the excess insurer for consent to settlement, this case had been going on for years, yet Piedmont was asking for the remaining $6 million of the excess insurer’s policy limit, after spending $14 million of the insurers’ money obtaining summary judgment in the case. I can imagine that this was not a proposal that thrilled the insurer, but on the other hand, the excess insurer’s proposal to contribute only $1 million may have stymied the company and its desire to resolve the case at that point. I don’t know for sure why the conversation then broke down, but I know from experience that it can be a very difficult situation when the policyholder and the carrier are at loggerheads on the question of whether or not the amount of a proposed settlement is reasonable.

 

I also know from long experience that many defense attorneys view the consent to settlement requirements in the typical D&O insurance policy as little more than an annoying impediment. But as I have pointed out in prior posts on this blog (for example, here), consent to settle really is required, and as this case shows, policyholders that proceed to settle an underlying claim without the insurer’s consent do so at their own peril.

 

To be sure, an insurer’s right to withhold consent it not unlimited. The typical D&O policy provides that the insurer’s consent to settlement may not be unreasonably withheld. There have been cases in which courts have held that a D&O insurance carrier’s consent to settlement was unreasonably withheld (refer, for example, here). However, this constraint on the carriers has practical limitations; at the moment when the underlying claims needs to be settled, there is no way of knowing if a court will later agree that the carrier’s refusal to consent was unreasonable. Indeed, while there are, as noted, cases in which courts have found a D&O insurer’s refusal to consent to settlement to be unreasonable, there are other cases in which the court’s have said that the D&O insurer’s refusal to consent to settlement was not unreasonable (refer, for example, here).

 

The interesting thing to me about this case is that the Georgia Supreme Court does not seem to have even reached the question of whether or not the excess carrier’s refusal to consent to the settlement was unreasonable. If I am reading the opinion correctly, I think the Court was saying it did not need to reach that question.

 

One of the Eleventh Circuit’s certified questions asked, in pertinent part, “can a court determine, as a matter of law, that an insured who seeks (but fails) to obtain the insurer’s consent before settling is flatly barred – whether consent was withheld reasonable or not – from bringing suit for breach of contract or for bad-faith failure to settle? Or must the issue of whether the insurer withheld unreasonably its consent be resolved first?” The Georgia Supreme Court’s opinion doesn’t directly map its responses to the Eleventh Circuit’s certified questions, but taking the Supreme Court’s opinion as a whole, it seems as if the Court determined that the insured who settles without the insurer’s consent is precluded from bringing the bad faith claim, without regard to whether or not the insurer unreasonably withheld its consent.

 

My concern about this reading is that the practical effect seems to be that the policy clause providing that the insurer may not unreasonably withhold its consent is effectively read out of the policy.

 

If the policyholder cannot sue the insurer for breach of contract where the insurer declined to consent to the settlement of the underlying claim, there is no way for the policyholder to contend that the insurer unreasonably refused to consent. Again, if I am reading the Georgia Supreme Court’s opinion correctly, where the insurer has withheld its consent to the settlement of the underlying claim the policyholder cannot assert the breach of contract or bad faith against the insurer – even if the insurer acted unreasonably in withholding its consent. If that is the holding, the typical clause specifying that the D&O insurer’s consent shall not be unreasonably withheld may provide very little protection for policyholders, at least in Georgia.

 

Imagine the following hypothetical. Let’s assume an insurer actually did unreasonably withhold its consent. (Understand, this is a hypothetical, I am not saying that is what happened here.) If the carrier really did unreasonably withhold its consent, then it has breached the contract. Why should the policyholder have to continue to perform under the contract if the carrier has already breached it? Why should the policyholder be barred from filing suit for the carrier’s breach? And, to take it out of the hypothetical context, how can it be concluded that the policyholder has no right to sue, if there hasn’t  been a determination of whether or not the carrier breached the contract by unreasonably withholding the consent to settle? 

 

I welcome readers’ comments about this opinion or my interpretation of the opinion, particularly if there are readers who think I am not reading the opinion correctly.

SEC Whistleblowing Program: The Agency Means Business

Posted in Whistleblowers

seclogoThe SEC wants you to know that it means business about its whistleblowing program. On April 1, 2015, in the latest in a series of steps to protect and encourage whistleblowers, the agency entered an order in an enforcement action against KBR saying that the company’s confidentiality requirements for internal investigation witnesses violated the agency’s whistleblowing rules. In the KBR enforcement action as well as other steps the SEC has taken, the agency has made it clear that it intends not only to encourage whistleblowing and protect whistleblowers, but also to put down any efforts the agency thinks could stifle whistleblowing.

 

KBR required witnesses involved in the company’s internal investigations to sign a form confidentiality statement that required the witness to agree that “I understand that … I am prohibited from discussing any particulars regarding this interview and the subject matter discussed … without the prior authorization of the Law Department.” The provision also states that the witness understands that any unauthorized disclosure “may be grounds for disciplinary action up to an including termination of employment.”

 

The SEC said that this provision violated Commission Rule 21F-17, which provides that “No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement, with respect to such communications.”

 

Interestingly, the agency’s order expressly notes that the agency is unaware of any instance where a KBR employee in fact was prevented from communicating with the agency or that KBR took action to enforce the confidentiality agreement or otherwise to prevent communication.

 

The SEC’s concern was not any specific actions the company had taken; rather, the agency was concerned with the mere existence of the confidentiality provisions. In the order, the agency states that “the language found in the form confidentiality statement impedes such communications by prohibiting employees from discussing the substance of their interview without clearance from KBR’s law department under penalty of disciplinary action including termination of employment.”

 

 

The SEC imposed a cease and desist order on KBR as well as a civil money penalty of $130,000. KBR also agreed to amend its confidentiality agreement to include the following statement:

 

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblowing provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

 

It is not as if the agency didn’t give warning that it was going to be targeting measures that it believed tried to suppress whistleblowers or to keep them from communicating with the agency. In a March 2014 speech at Georgetown University, Sean McKessy, the chief of the SEC’s Office of the Whistleblower, declared that the agency was looking at company contract or agreements attempting to deter whistleblowers from making reports to the agency. Among other things, he said that “we are actively looking for examples in confidentiality agreements [and] employee agreements that … in substance say ‘as a prerequisite to get this benefit you agree you’re not going to come to the commission or you’re not going to report anything to a regulator.’”

 

It seems probable that the agency will take further actions against companies that have confidentiality requirements or employment agreements that the agency beliefs are intended to suppress whistleblower reports to the SEC. Indeed, in his speech, McKessy specifically forewarned that they the agency may go after the lawyers that drafted the language.

 

The SEC’s enforcement action against KBR is merely the latest in a series of actions the company has taken to encourage whistleblowing and to suppress efforts to stifle whistleblowers. For starters, the agency has a number of whistleblower awards pursuant to the Dodd-Frank Act’s whistleblower bounty provisions. While the agency has to date made only a small number of awards, the awards so far include last year’s record-setting whistleblower bounty payment of over $30 million.

 

In addition, in June 2014, the agency brought its first action under the Dodd-Frank Act’s anti-retaliation provisions. The agency charged that the hedge fund Paradigm Capital Management and its owner Candace King Weir, had violated the securities laws and then retaliated against the employee who reported the trading activity to the SEC. After learning that the employee had reported the trades to the SEC, the employee, a former head trader, had been demoted to a compliance assistant.

 

In March 2015, the agency took the unusual step of making a bounty payment of between $475,000 and $575,000 to a corporate officer that had reported information he had learned of from another employee’s report. In making the award, the agency said that “corporate officers have front-row seats overseeing the activities of their companies, and this particular officer should be commended for stepping up to report a securities law violation when it became apparent that the company’s internal compliance system was not functioning well enough to address it.”

 

In other words, the SEC has made it clear not only that it is going to deploy the Dodd-Frank’s bounty provisions to reward whistleblowers and encourage whistleblowing, but that it is going to seek out and try to subdue efforts to suppress whistleblowing.

 

As the Latham & Watkins law firm stated in its memo about the case, the lessons from the SEC’s action against KBR are that companies should avoid any action to impede a whistleblower from communicating directly with the SEC, including by enforcing or threatening to enforce a confidentiality agreement, and that companies should eliminate language from forms and policies that expressly require employees to report internally before reporting to U.S. authorities.

 

The larger lesson is that companies should avoid taking any actions that SEC could interpret as an effort to deter whistleblowers from reporting wrongdoing to the agency.

 

In Defense of Stockholder Appraisal Litigation: In an April 16, 2015 article in the New York Times Dealbook column (here), Case Western Reserve University law Professor Charles Korsmo and Brooklyn Law School Professor Minor Myers make their case that stockholder appraisal litigation, as opposed to the more common (and much bemoaned) merger objection litigation, “plays a strongly beneficial role in mergers and acquisitions.”

 

In a stockholder appraisal lawsuit, a shareholder goes to court to contest the price paid in a corporate buyout. The authors contend that it is a form of shareholder suit “where the merits actually matter.” Their studies show that “appraisal litigation is significantly associated with buyouts with an unusually low deal price and where insiders are part of the acquiring group.” The authors argue that the appraisal litigation benefits shareholders in two ways; directly, when the litigation results in improved terms, and indirectly, for the “genuine deterrence” the litigation provides. To the critics who contend that appraisal rights should be curbed because they deter transactions, the authors say that “the evidence suggests that appraisal litigation deters transactions that ought to be deterred.” The authors argue against current efforts to curtail shareholder appraisal rights.

 

circusA Colloquy on Dr. Seuss: The other night at dinner with friends, the conversation inexplicably turned to the question of which is the best of the many books written and illustrated by the children’s author, Dr. Seuss. Despite the fact that the group consisted only of adults whose children are all themselves now adults, the conversation was surprisingly detailed and animated.

 

At the outset of the discussion, there was a general consensus that we all loved the short, rhyming easy reader books like One Fish, Two Fish, Red Fish, Blue Fish and Fox in Socks. Green Eggs and Ham was a particular favorite. The Dads at the table confessed a general affection for Hop on Pop. But as much fun as these beginners’ books are, they are not Dr. Seuss’ best.

 

There was a substantial groundswell of support at the dinner table for The Lorax, which I agree is one of the author’s better books. But for me the book, which is a sort of environmentalist fable, has too much of a self-consciously moralist purpose. I think Dr. Seuss’ better books are the ones that aren’t about anything at all. Seuss wrote a number of books that provided social commentary – The Sneetches, Yertle the Turtle – and I never liked those as much as some of his others.

 

There were those at the table who argued in favor of The Cat in the Hat. I always thought the book was more than a little bit creepy. For heaven’s sake, what is a weird, adult human-sized cat doing in the house while mother is away for the day? I have the same problem with The Grinch Who Stole Christmas. Little Cindy Lou Who should not have to worry about a disguised antisocial misanthrope sneaking around her house at night.

 

In my view, some of the best Seuss books are the ones that are not as well remembered these days, especially the ones that tell a story, like And to Think That I Saw it on Mulberry Street, and the two Bartholomew Cubbins books, Bartholomew and the Oobleck, and The 500 Hats of Bartholomew Cubbins. I also liked his endearing books about animals with a streak of nobility and a heightened sense of duty, particularly Horton Hears a Who, Horton Hatches an Egg and Thidwick the Big-Hearted Moose.

 

But for me the best Seuss books are the ones that simply bypass the constraints of ordinary life. The imaginative possibilities unleashed in On Beyond Zebra is a great example of this type of book. But the absolute triumph of the form is the book If I Ran the Circus, in which Little Morris McGurk dreams up increasingly outlandish embellishments he would make to the Circus McGurkus, each one increasingly dependent on the innocent but compliant Mr. Sneelock. If I Ran the Circus is a book for a kid that imagines growing up to be a professional baseball player or an astronaut. It is a book about possibilities. If you can’t dream about possibilities when you are a kid, when can you dream?

 

Securities Litigation Developments Outside the U.S.: Interview with Shareholder Attorney Alexander Reus

Posted in International D & O

areusAmong the more interesting recent securities litigation developments outside the United States was the announcement earlier this month that institutional investors had reached a 11 billion yen ($92 million) settlement of shareholder lawsuits they had filed in Japan against Olympus. Among the many interesting details about the settlement was the involvement of global securities litigation firm DRRT in the Japanese litigation settlement. Following the settlement news, I reached out to Alexander Reus of DRRT to see if he would agree to participate in a Q&A for publication on this site, to which he agreed.

 

Alexander is the managing partner of DRRT. DRRT is an international law firm and litigation funder with offices in Miami and several other international locations specializing in representing institutional investors in shareholder litigation and loss recovery. DRRT has special expertise in the increasingly important non-U.S. jurisdiction and is handling over a dozen cases worldwide.

 

I would like to thank Alexander for his willingness to participate in this Q&A. The Q&A is set out below. My questions are in bold, and Alexander’s answers are in plain text.

 

***************************************************

 

The mechanisms for private securities and investor litigation are well-established in the United States (and Canada) but not nearly as well established outside of the U.S. – yet many of the cases in which your firm is involved have been filed in non-U.S. courts. How did this come about and what do you think the opportunity is for your firm? When your firm is involved in a case outside of the U.S., what is your firm’s role?

 

We have always focused on creating value for our clients and acting opportunistically in doing so. While the US / CAN class action system are well established and function well for anybody, even without being active, most non-U.S. systems do not know or accept class actions “opt-out style”. Hence, it is either “do nothing, get nothing” or “do something, in order to get the chance for a recovery”. Representing first mostly European institutions, it was logical and natural to also focus on European “class action alternatives”, and we have been pioneers in this field.

 

We identify a potential case, research the local laws and procedures, identify and qualify a local firm, evaluate the economic feasibility and then put together a legal and economic concept for the risk-free, funded representation of institutional investors. That involves a lot of hands on legal work both in the run-up to an actual filing, as well as the hand-holding of the local firm and the strategic guidance during the litigation. Of course, it also involves the funding of the litigation.

 

When your firm becomes involved in a case outside of the U.S., how does your firm go about selecting the cases in which it become involved, and what are the criteria for selection? Are there countries or jurisdictions that you prefer to avoid, and if so, why?

 

The jurisdiction must allow litigation funding and/or success fees, and have a legal and procedural framework which makes the handling of a case for 50-100 institutions possible. It cannot have too much economic risk from adverse costs or local lawyer or court fees, or must have some insurance mechanism to insure against the high economic risks. Also, such as China and Hong Kong, it cannot make litigation funding illegal and subject to criminal persecution.
 

Your firm was involved in the cases that were filed in Japan on behalf of nearly 100 investors relating to the Olympus accounting scandal and that recently settled for 11 billion yen ($92 million). How did your firm become involved in these cases and what was its role? What did that litigation involve and how was the settlement reached? What do you think is the significance of these cases and of the settlement?

 

It involved 2 related cases filed in 2012 and 2013 for two large groups, as well as another group of non-litigating clients who were included in a mediation. The groundbreaking moment in this litigation was the foresight of one of the senior lawyers within the law firm handling Olympus’ litigation matters to discuss possible mediation options and procedures with me, which resulted in an October 2013 tentative settlement. Nevertheless, it has been a challenge ever since to get the details and mechanics of the settlement worked out for over 16 months. Significant is the fact that a large settlement was reached BEFORE an actual court decision in Japan, which is something unheard of.

 

One of the biggest current scandals outside the U.S. involves the Brazilian oil company, Petrobras. There have been securities lawsuits filed against the company and its executives in the U.S. on behalf of investors who purchased their Petrobras securities on U.S. exchanges, but many more of the company’s shareholders purchased their shares on Brazilian exchanges and therefore can’t be a part of the U.S. securities litigation. Are there steps that can be taken on behalf of these investors who purchased their shares in Brazil? What are the features of the situation that might complicate efforts to pursue claims in Brazil on behalf of these other investors?

 

Yes, and we are on this case, just like we have been working on a similar, but smaller scale corruption case in Italy involving Saipem. We are not only filing lawsuits for our clients with significant exposure to US traded securities, but also preparing litigation in Brazil in the near future. Litigation in Brazil in this specific case, and as an interesting twist to what some companies would like to also implement in the U.S., will have to take place within an arbitration setting at the Market Arbitration Chamber of the BOVESPA, as dictated by Petrobras’ bylaws.

 

I know your firm was involved in the landmark Royal Dutch Shell settlement entered in the Netherlands courts using the procedure available under Dutch law for collective settlements the Dutch Collective Settlement of Mass Damages Claims Act, known as WCAM. At the time of the Royal Dutch Shell settlement many observers thought that the Netherlands courts might become the focus of global investor claims asserted in reliance on the Dutch collective settlement procedures. While there have been other settlements reached involving this procedure, the prediction that the Netherlands might become a magnet for investor claims has not really happened. Why do you think that is? Do you think it could still happen that the Netherlands courts could become a preferred forum for investor claims?

 

I always knew that the NL would not become the “European mecca” of class action securities litigation. However, what it can be and become is a very useful settlement place for willing parties to avoid European litigation. Suing in the NL still requires jurisdiction so it is not suitable for any lawsuits against any company.

 

What do you think the future may be for collective investor actions outside of the U.S.? Do you have any predictions for developments we can expect? Are there particular countries where you expect to see significant developments in the future?

 

Some countries are seriously considering implementing opt-.out class action systems, and the EU is also working on collective redress mechanisms. However, they can be 5-10 years out still. I believe that small investors will be left out while large investors can always “band” together and create institutional investor groups of 50-100 with a critical mass of damages to make a group action economically feasible. With more litigation funding available in England and the rest of Europe and with other countries accepting this notion as well, there will be more and more cases filed outside of the US. Don’t forget also the amount of cases being filed in Canada and Australia, where the opt out system exists but is not used, yet where a test case for opt outs is set to be ruled on this year.

Are Event Studies in Securities Litigation Reliable?

Posted in Securities Litigation

stock pricesIn its June 2014 opinion in the Halliburton case, the U.S. Supreme Court held that securities lawsuit defendants may introduce evidence at the class certification stage to try to show that the alleged misrepresentation on which the plaintiffs rely did not impact the defendant company’s share price. To show the absence of price impact, defendants typically will rely on “event study” methodology to analyze factors affecting a company’s share price. The event study methodology has a well-established academic pedigree. But in a recent paper, two authors raise the question ask the question “Are event studies in securities litigation reliable?”

 

In their March 19, 2015 paper, “Event Studies in Securities Litigation: Low Power, Confounding Effects, and Bias” (here), Duke Business School Professor Alon Brav and J.B. Heaton of the Bartlit, Beck, Herman, Palanchar, & Scott law firm identify several problems in the way event studies are used in securities litigation. Their longer academic paper is summarized in a shorter April 14, 2015 post on the CLS Blue Sky Blog (here).

 

Event studies are used in securities litigation to try to answer two questions: First, was an alleged misrepresentation or corrective disclosure associated with a price impact? Second, if there was a price impact, how much of it was caused by the alleged misrepresentation or corrective disclosure as opposed to other, unrelated factors?

 

The problem with the use of event studies in securities litigation, as the authors see it, is that the methodology used in court differs from the methodology used in academic research. In general, the studies used in court are single-firm event studies, while almost all academic research event studies are multi-firm event studies. As the authors note, “importing a methodology that financial economists developed for use with multiple firms into a single-firm context creates substantial difficulties, and review of the case law suggests that courts and litigants often have failed to recognize these problems.”

 

The problem with using single-firm event studies is that they lack “statistical power” to detect price impacts unless the price impacts are “quite large.” This has the effect of giving a “free pass” to some economically meaningful price impacts and may encourage more small- to mid-scale fraud. The use of statistical significance concepts that are appropriate to multi-firm event studies “implements a legal regime where the probability of incorrectly exonerating securities defendants is much higher than the probability of incorrectly finding securities defendants liable.”

 

A second problem with the use of event studies in securities litigation is that when a single-firm event study does detect a price impact, “it reflects confounding effects that are unrelated to the fraud.” It is well known that stock prices move for a variety of reasons, many of them unrelated to news about the company. So the stock price moves reflect a component related to the event and a component unrelated to the event. There is, however, no mathematically precise way to separate the two components. Single-firm event studies “do not average away confounding effects.”

 

The low statistical power of single-firm event studies and the presence of confounding effects means that there is a “sizeable upward bias in detected price impacts and therefore in damages.” That is, if the event study measures a price impact large enough to be detected, the detected price impact “may be substantially higher than the true price impact.”

 

The authors suggest three steps for improving the use of event studies in securities litigation. First, the authors suggest courts should require litigants and their expert witnesses to report the results of a statistical power analysis for the event study. A power analysis will “tell the court whether the litigant’s event study was reliable for detecting price impacts of various sizes.” The authors add that a “securities litigant should not be heard to say that a misrepresentation or corrective disclosure caused no price impact based on a text that had little or no power to detect a price impact that the court determines to be material.”

 

Second, to address the confounding effects problem, the authors suggest that courts should allow litigants flexibility to present other evidence to prove that a price impact from misrepresentation or corrective disclosure did or did not occur. This evidence might include, for example, intraday analyses and quantitative analysis of other news about the firm that day, as well other factors, to value posited confounding effects.

 

Third, courts and litigants should recognize that statistically significant price impacts determined through a single-firm event study are “biased estimates of true impacts” and that because of this bias, detected price impacts are more likely to overestimate price impact than underestimate it.

 

It is important to note that events studies have long been used for other purposes in securities lawsuits. Indeed, one of the reasons that the Halliburton court agreed to allow price impact evidence at the class certification stage is that it would make no sense to allow price impact evidence for, say, the purpose of establishing that the company’s shares trade on an efficient market, but to preclude the evidence that the alleged misrepresentation did not actually affect the share price and therefore that the fraud-on-the-market presumption should not apply. Price impact evidence is also used for purposes of materiality and reliance, and to determine the existence or absence of loss causation and the amount of damages.

 

Because price impact evidence can be relevant to multiple issues in a securities case beyond just the question of class certification, the defects with the way that event studies are used in securities litigation can affect a number of issues and determinations. For that reason, it is, as the authors suggest, important for courts and litigants to have a “firmer basis for considering evidence based on single-firm event studies.”

 

Note to Readers: On Tuesday, I changed the email service provider that I use for email distributions. The new service provider has a very rigorous filter to try to eliminate bad email addresses. If you are a subscriber and you did not receive an email on Wednesday, your email address may have been filtered out by the new email service provider. If you would like to continue to receive emails, please re-subscribe by entering your email address in the Subscribe by Email box in the right-hand column – be sure to click the confirmation link in the confirmation email you will receive. I apologize for any inconvenience. Please let me know if you continue to have problems receiving emails.

Guest Post: The SEC Continues to Turn Up the Heat on Private Equity

Posted in Private Equity

CozenOConnor-Logo-RGBIn the following guest post,  Elan Kandel, who is a member of the Cozen O’Connor law firm, takes a look at the SEC’s recent investigative interest in the way private equity firms disclose their fees. He also reviews the insurance issues these types of SEC investigations and enforcement actions raise. A version of this article previously was published as a Cozen O’Connor client alert. I would like to thank Elan for his willingness to publish his article on my site. I welcome guest post contributions from responsible authors on topics of interest to readers of this site. Please contact me if you would like to submit a guest post. Here is Elan’s article.

 

***********************************************

 

On April 3, 2015, The Wall Street Journal reported that private equity adviser Fenway Partners LLC (Fenway) received a Wells Notice from the U.S. Securities and Exchange Commission (SEC) in March 2015 regarding Fenway’s treatment of fees and expenses incurred by its sponsored funds’ portfolio companies.[i] Specifically, the SEC is apparently investigating how Fenway Partners handles fees and expenses, including payments made for consulting services by portfolio companies, and how such payments are disclosed to fund investors.[ii]

Fenway is the latest in a string of private equity advisers to face SEC scrutiny concerning the adequacy of its disclosure of fees and expenses incurred by a private equity adviser to fund investors. Two days prior to The Wall Street Journal’s report, on March 30, 2015, the SEC’s Enforcement Division commenced public administrative and cease and desist proceedings against private equity investment adviser Lynn Tilton (Tilton), Patriarch Partners, LLC, Patriarch Partners VIII, LLC, Patriarch Partners XIV, LLC and Patriarch Partners XV, LLC (collectively, Patriarch). The SEC alleges that Tilton and Patriarch breached their fiduciary duties and defrauded investors in three of Patriarch’s sponsored collateralized loan obligation investment funds (the Zohar Funds) and improperly collected nearly $200 million in management fees and other expenses.

According to the SEC’s order instituting an administrative proceeding, since 2003, Tilton and Patriarch have breached their fiduciary duties and defrauded investors in the Zohar Funds by failing to value assets using the valuation methodology set forth in the documents governing the Zohar Funds. The Zohar Funds reportedly raised more than $2.5 billion since 2003 from investors and used this capital to make loans to distressed companies. The loans made to distressed companies (the Zohar Funds’ portfolio companies) by the Zohar Funds are the Zohar Funds’ primary assets. Over the past several years, however, many of the Zohar Funds’ portfolio companies have not made interest payments, or have only made partial payments to the Zohar Funds.

As required by the Zohar Funds’ governing documents, Patriarch regularly provided information to the funds and their investors concerning the funds’ performance. Instead of applying the valuation categorizations required under the Zohar Funds’ governing documents, the SEC contends that, at Tilton’s direction, Patriarch did not assign a lower valuation category to an asset unless and until Tilton “subjectively decides to stop ‘supporting’ the distressed company.” As a result of Tilton’s undisclosed and subjective valuation methodology, nearly all of the asset valuations remained unchanged since the time they were acquired. Importantly, had Tilton and Patriarch applied the required valuation methodology, the SEC alleges that “management fees and other payments to Tilton and her entities would have been reduced by almost $200 million, and investors would have gained more control over the Funds’ activities … By applying her own undisclosed discretionary valuation methodology, Tilton created a major conflict of interest.”

The SEC further alleges that the quarterly financial statements for the Zohar Funds were not prepared in conformity with generally accepted accounting principles (GAAP) despite the certification made by Tilton and Patriarch to the contrary.

The disclosure of possible SEC action against Fenway and commencement of enforcement proceedings against Tilton and Patriarch came on the heels of reports in February 2015 that private equity giant KKR & Co. reportedly issued “fee credit” refunds in early 2014 to investors in some of its buyout funds in the wake of an unfavorable SEC examination. KKR & Co.’s fee credit refunds were issued around the same time as the SEC’s commencement of enforcement proceedings against Clean Energy Capital (CEC) and its main portfolio manager, Scott Brittenham (Brittenham) in February 2014.

In the CEC/Brittenham action, the SEC alleged that CEC and Brittenham improperly allocated more than $3 million of CEC’s expenses that CEC managed. The SEC alleged that such allocations were made without adequate disclosure to investors, and therefore constituted a misappropriation of assets from CEC’s funds. On October 17, 2014, CEC and Brittenham agreed to pay $2.2 million in disgorgement and civil penalties to settle the action.

Roughly one month prior to the CEC/Brittenham settlement, on September 22, 2014, the SEC entered into a cease and desist order against private equity adviser Lincolnshire Management (LMI) finding that LMI breached its fiduciary duty to its funds. The SEC charged LMI with failing to allocate expenses properly after LMI integrated portfolio companies of two affiliated private equity funds. The SEC alleged breach of fiduciary duty and failure to adopt and implement written policies and procedures reasonably designed to prevent violations of the Investment Advisers Act of 1940 arising from the integration of the two portfolio companies owed by separately advised LMI funds. LMI paid $2.3 million to settle the SEC’s charges in disgorgement and civil penalties.

The SEC has touted the CEC/Brittenham action as its “first-ever” action arising from its focus on fees and expenses charged by private equity firms. The agency’s recent pursuit of Tilton/Patriarch and Fenway confirms that the private equity industry’s fees and expenses and valuation practices, and the perceived lack of disclosure to fund investors, remain on the SEC’s radar. As such, in the coming months, additional disclosures by private equity advisers and the SEC of investigations and possible enforcement actions against private equity advisers should be expected.[iii] In an effort to avoid becoming ensnared by the SEC, private equity advisers should consider examining and clarifying, when applicable, their disclosures of valuations, fees, and expenses and other practices.

From an insurance coverage standpoint, private equity advisers and their insurers should note that depending upon the specific wording of the implicated private equity management and professional liability policy, SEC enforcement actions and the investigations that precede them, may raise a panoply of coverage issues.

As a threshold matter, while the policy’s definition of “claim” is generally defined to include enforcement actions and formal administrative and regulatory investigations, not all policies extend the claim definition to include “informal investigations.” This is particularly relevant when the SEC’s formal investigation does not commence (if at all) for months (or in some cases years) after the informal investigation. For example, according to the civil action filed by Tilton and Patriarch in federal court against the SEC, seeking removal of the enforcement action to federal court, the SEC issued its first document request on December 15, 2009, but did not issue a Wells Notice until October 4, 2014. It is unclear whether the SEC issued its December 2009 document request pursuant to a formal notice of investigation or whether the request was issued in connection with an informal investigation. In the event that the document request was issued as part of an informal investigation, unless the applicable policy’s definition of claim includes informal investigations, the policy would not provide coverage for fees and expenses incurred by the private equity adviser or any of its directors and officers in order to respond. Fees and expenses incurred in connection with an SEC investigation can be significant.

Questions regarding the scope of indemnity coverage may also arise because the monetary remedies sought by the SEC are limited to disgorgement, civil fines and penalties.[iv] In most policies, the “loss” definition contains language excluding “matters deemed uninsurable under the law pursuant to which this policy is construed.” Some policies also expressly exclude “disgorgement or restitution” from the definition of loss, but often subject to certain limitations. Where the definition of loss does not expressly exclude disgorgement or restitution, there is a well-developed body of case law holding that disgorgement is uninsurable as a matter of public policy (even in the context of a settlement agreement as opposed to a judgment or award). It should be noted, however, that some more recently decided cases have rejected insurers’ attempts to deny coverage where it is less than clear that the settling parties were the recipients of the disgorged funds.

Depending upon the wording of a policy’s “fraud and dishonesty” exclusion, an SEC settlement may also raise the potential applicability of a policy’s fraud and dishonest conduct exclusion. Specifically, the fraud and dishonesty exclusion found in most policies requires a “final adjudication” for the exclusion to apply. Coverage issues may arise over precisely what constitutes a final adjudication, particularly in the context of an SEC settlement agreement and implementing order. For example, in J.P. Morgan Securities v. Vigilant Ins. Co.,[v] the insured’s professional liability insurers sought to invoke the policies’ “dishonest acts” exclusions in order to preclude coverage for $250 million in penalties and disgorgement imposed by the SEC against now-defunct investment bank Bear Stearns & Company in a SEC consent order and related New York Stock Exchange stipulation of settlement. The insurers argued that the dishonest acts exclusion was applicable because by consenting to the entry of administrative orders that contained detailed “findings” and requiring Bear Stearns to make “disgorgement” payments and pay penalties, Bear Stearns had been adjudicated a wrongdoer. In its January 15, 2015 decision, the Appellate Division (First Department) of the New York State Court rejected the insurers’ argument, on the basis that the SEC and NYSE settlement agreements expressly provided that Bear Stearns “did not admit guilt, and reserved the right to profess its innocence in unrelated proceedings.” As such, the Appellate Division held that the settlement agreements and their incorporated findings did not constitute final adjudications for purposes of the policies’ dishonest acts exclusions. Accordingly, when entering into settlement agreements with the SEC, policyholders and insurers are advised to keep in mind the potential applicability of the fraud/dishonesty exclusion.

In view of the SEC’s ongoing heightened scrutiny of the private equity industry, private equity advisers are encouraged to examine their disclosure practices closely. Private equity policyholders and their insurers alike are advised to review their applicable insurance policy wording so that the potential risk and exposure associated with matters stemming from such practices may be adequately explored.

________________________________________

[i] Ryan Dezember, “SEC Warns Fenway Partners of Possible Action,” Wall. St. J., April 3, 2015, available at http://www.wsj.com/articles/sec-warns-fenway-partners-of-possible-action-1428073087.

[ii] Chris Witkowsky, “SEC Investigates Consulting Fees, GP Clawback at Fenway Partners,” pehub.com, April 6, 2015, available at https://www.pehub.com/2015/04/sec-investigates-consulting-fees-gp-clawback-at-fenway-partners.

[iii] Private equity advisers and their insurers should also anticipate the possibility that disgruntled investors will separately file civil actions asserting claims under federal and state securities law as well as under common law to the extent that undisclosed or inadequately disclosed treatment of fees and expenses, valuations or other practices is material.

[iv] The definition of “loss” generally expressly excludes fines and penalties. Given that an SEC settlement agreement typically expressly delineates that a portion of the relief compromised constitutes fines and penalties, the lack of coverage for such relief is difficult for policyholders to reasonably dispute based on the loss definition. 

[v] 126 A.D.3d 76, 2 N.Y.S.3d 415 (1st Dept. 2015).

PwC Report Reviews 2014 Securities Suit Filings and Settlements, Analyzes Trends Likely to Drive Future Suits

Posted in Securities Litigation

pwc3On April 10, 2015, PwC released the latest in what is now a series of annual securities class action litigation reports. PwC’s report is generally consistent with the reports previously published by Cornerstone Research and NERA. What makes the PwC report noteworthy is its commentary on the trends the report’s authors believe could contribute to future securities litigation. The PwC report, which is entitled “Coming into Focus: 2014 Securities Litigation Study” can be found here. PwC’s April 10, 2015 press release about the report can be found here.

 

My prior posts about Cornerstone Research’s annual securities litigation reports can be found here and here, and about NERA’s report can be found here. My own analysis of the 2014 securities class action lawsuit filings can be found here.

 

Review of 2014 Securities Class Action Litigation

Number of Securities Suit Filings: According to the PwC report, securities suit filings during 2014 were below longer-term filing levels, although with 169 filings during the year, the 2014 filings were above both 2013 (160 filings) and 2012 (149 filings). The report speculates that perhaps because of the suspense involved in waiting for the U.S. Supreme Court’s ruling in the Halliburton case in early 2014, there were fewer securities suits filing in first half of 2014 (79) than in the year’s second half (90 cases).

 

Inverse Relation between Securities Suit Filings and Stock Market Performance: The PwC report’s authors note the “countercyclical nature of federal securities class action filings relative to stock market performance.” In years in which the stock market outperforms the preceding year, the number of securities suit filings declines. When the stock market underperforms the prior year, the number of filings increases. The authors note that this pattern held in 2014; even though the stock market’s performance during the year was positive, it was below that of 2013, and the number of securities suit filings in 2014 increased compared to the year before.

 

Accounting-Driven Securities Suit Filings Increase: As the financial crisis-related litigation has wound down, accounting-driven securities class action lawsuits have increased, largely as a result of regulators’ actions. Accounting-related securities suits increased during 2014 both in the total number of cases (53, up from 46) and as a percentage of all cases filed (31%, up from 29%).

 

Twenty of the 53 accounting-related cases filed during the year included allegations of improper revenue recognition. Another scheme that can be used to boost reported earnings is to understate expenses; of the 53 accounting cases filed in 2014, 16 cases alleged the understatement of liabilities or expenses (up from seven filings in 2013). Another common trend in accounting-related securities suit filings is an allegation of lack of adequate controls over financial reporting. 31 of the 53 accounting-related cases alleged inadequate control over financial reporting.

 

Health Industry Targeted: The health industry (including pharmaceuticals, medical devices and health services) again had the highest number of securities class action lawsuits. 44 of the 2014 securities suits involved companies in the health industry, representing 26% of all securities suit filings during the year, compared to 36 (23%) in 2013.

 

Smaller Companies Hit Hard: Two-thirds (66%) of all companies named as defendants in securities suits in 2014 were “small-cap” companies (market caps of $2 billion or less). About one quarter of all 2014 securities suit filings involved “micro-cap” companies (market caps under $300 million).

 

Filings Against Non-U.S. Companies Increased: 21% of the 2014 securities suit filings involved foreign domiciled companies, compared to 19% of cases in 2013. Companies headquartered or incorporated in China were the most frequent target, accounting for 11 of the 35 cases filed against foreign issuers.

 

Anti-Corruption Enforcement Driving Securities Suit Filings: In 2014, six federal securities class action lawsuit filing following the public disclosure of SEC or DoJ investigations related to potential FCPA violations. There were also at least three securities suits filed in the U.S. following the disclosure of a regulatory or anti-corruption investigation outside of the U.S.

 

IPO and M&A Activity and Securities Suit Filings: The number of IPOs during 2014 (288) was at its highest level since 2007. Securities suit filings related to IPOs also increased during 2014. According to the report, there were 19 non-accounting federal securities class action lawsuits related to IPOs in 2014, compared to 13 in 2013. The elevated levels of M&A activity during 2014, along with the increasing complexity of many of the deals, also contributed to the 2014 securities class action lawsuit filings. During 2014, there were 15 securities suits filed in response to deals, which was the same number as in 2013.

 

Average, Median, and Aggregate Total Settlements Declined: The 2014 average securities suit settlement (based on the date the settlement was announced) was $40 million, down from $50.8 million in 2013. The 2014 median settlement was $6.7 million, down from $9.1 million in 2013. The total value of settlements in 2014 decreased “fairly sharply” to about $2.9 billion, down from $3.3 billion in 2013 and (excluding outliers) the lowest total in 10 years. Only 35% of settlements were above $10 million, well below the average of 50% during the previous four years.

 

Trends Likely to Drive Future Securities Suit Filings

Regulatory Activity Likely to Continue to Drive Securities Litigation Filings: Consistent with their observation that much of the 2014 securities litigation activity was “largely driven by the actions taken by regulators,” the PwC report’s authors suggest that the regulatory enforcement – and in particular, accounting enforcement — could continue to grow in the years ahead, leading to further securities class action litigation. In particular, the report suggests that the SEC’s increased focus on financial and reporting fraud is likely to lead to increased regulatory enforcement activity, with an attendant likelihood of increased follow on securities class action litigation activity.

 

Several current and likely future trends suggest the likelihood of increased regulatory enforcement. First, the SEC has deployed innovative analytic tools (such as the SEC’s Financial Reporting and Audit Task Force’s Accounting Quality Model) to detect anomalous patterns in financial reporting, supporting increased enforcement activity. Second, increased whistleblower activity encourage by the Dodd-Frank Act’s provision for whistleblower bounties is also likely to contribute to increased enforcement actions. Third, the increased attention to anti-corruption enforcement, both within the U.S. and abroad, is likely to continue.

 

The enforcement patterns suggest that, in addition to involvement in bribery or corruption schemes regulators will continue to be focused on targeting companies that lack comprehensive, accurate and reliable controls over financial reporting; have problematic accruals and reserves, valuation questions, revenue recognition issues, and frequently revised financial statements. When regulators target companies with these issues, “more often than not” the enforcement action is followed by securities class action litigation.

 

Cybercrime is a Growing Concern and Increasingly a Litigation Exposure: A company experiencing a data breach can attract regulatory scrutiny and even a regulatory enforcement action. In addition, “a successful cyber-attack also represents a potential liability exposure for corporate directors and officers via derivative lawsuits.” However, the report also notes that “it is not clear yet whether the continuing wave of data breaches will be a source of viable claims brought by the plaintiffs’ bar.” Nevertheless, “it is clear that company boards and senior management will continue to face scrutiny from a number of stakeholders for cybersecurity issues.”

 

IPO Activity and M&A Activity Will Continue to Drive Litigation: As long as the market for IPOs remains active, IPO-related litigation will continue to accrue. The PwC report notes that a factor contributing to the increased numbers of IPOs is the availability of the JOBS Act’s IPO on-ramp procedures, which, among other things, relieve “emerging growth companies” of certain disclosure and financial reporting requirements in connection with their offering. The PwC report states that this means “less transparency in the registration process,” which, taken together with the fact that the newer companies are “inherently higher-risk ventures” and “more susceptible to negative surprises” could mean “an increase in IPO-related federal securities class action litigation in the years ahead.

 

The increased size, complexity, and geographic scope of the merger and acquisition deals are also likely to contribute to increase levels of M&A-related litigation. The report’s authors also note that “with M&A volume predicted to be higher in 2015 than in recent years, it appears M&A-related securities litigation will remain robust and a significant business risk for yet another year.”

 

Discussion 

Although the various published securities litigation reports are directionally consistent, many of the specific numbers reported differ, in some cases substantially. Most of the differences can be explained by differences in the methodology used. For example, in counting the number of securities class action lawsuit filing, the PwC report counts multiple filings against the same defendant with similar allegations as one case, whereas other reports count multiple filings against the same defendant as separate claims where the filings occur in different judicial circuits, unless or until the separate cases are consolidated. Similarly, in calculating average, median and aggregate settlement amounts, PwC assigns settlements to a particular year based on the date the settlement was first announced; other reports assign the settlements according to the year the settlement was judicially approved.

 

As I noted in my own analysis of the 2014 securities lawsuit filings, it can be somewhat misleading to consider only the absolute numbers of securities suit filings in isolation from the number of companies listed on U.S. exchanges. The absolute number of filings, which in 2014 was below long-term average annual numbers of filings, might suggest that securities litigation activity is down. However, the number of companies listed on U.S. exchanges has declined substantially since the mid-1990s. Relative to the number of publicly traded companies, securities lawsuit filing activity is actually above long-term filing rates. Or, to put it another way, the likelihood that any given U.S.-listed company might experience a securities class action lawsuit is above long-term levels.

 

The PwC reports authors’ suggestion that there is likely to be increased levels of IPO-related litigation ahead corresponds to a prediction I made earlier this year. This projection is based on the assumption that increased IPO activity means increased IPO-related litigation. However, as I noted in a recent post, the number of IPOs completed in the first quarter of 2015 was well off from the levels of IPO activity seen in 2014, and the number of companies filing draft registration statements was also down during the first quarter as well. The significant numbers of IPOs completed during 2013 and 2014, as well as the usual lag between the IPO date and the date an IPO-related lawsuit complaint is filed, means that we will probably continue to see heightened levels of IPO-related litigation for some time yet. However, if the fall off in IPO activity that we saw in the first quarter of 2015 continues, the level of IPO-related litigation could start to fall off in time.

 

One area where I definitely agree with the PwC report’s authors is their suggestion of the likelihood that increased regulatory activity will continue to drive securities class action litigation. The SEC’s heightened monitoring for accounting fraud, the increased numbers of whistleblower reports, and the increased levels of anti-corruption enforcement are likely to continue to lead to follow-on civil litigation. One point the PwC report makes that is particularly important to note is the fact that regulatory outside of the U.S. has increased as well and this increased activity by regulators abroad has led to securities litigation in the U.S. (For example, consider the recent cases that have been filed against Petrobras, and Chemical & Mining Company of Chile, Inc.)

 

I also agree with the PwC authors’ inclusion of cyber security as an area of possible future litigation activity, but I agree also with their suggestion that it remains to be seen whether or not the plaintiffs’ lawyers will figure out a way to make money filing D&O lawsuits against the boards of companies that experience a data breach. There were two high profile derivative lawsuits filed in 2014 against companies that had been hacked (Target and Wyndham Worldwide), but there haven’t been any subsequent D&O lawsuits filed despite a number of very high profile hacks in the interim (e.g., Home Depot, Anthem, Sony Pictures). In addition, the Wyndham case was dismissed (as discussed here). The plaintiffs’ lawyers haven’t yet figured out how they are going to make money from the cyber breaches. That doesn’t mean that there won’t be viable data breach-related D&O lawsuits in the future, but for now, at least, the scourge of data breaches and hack attacks is not contributing significantly to the numbers of corporate and securities lawsuits.

 

The Problem with Plaintiffs’ Attorneys’ Fee Awards in Securities Class Action Litigation: The amount of the fees to be awarded to the plaintiffs’ attorneys’ in connection with securities class action lawsuit settlements is one of those recurring and troubling issues that never seems to be resolved. One of the goals of Congress in enacting the Private Securities Litigation Reform Act was to encourage class representatives to take a more active role in negotiating and monitoring plaintiffs’ attorneys’ fees. But that hasn’t really happened, according to a recent academic study.

 

In their February 11, 2015 paper entitled “Is the Price Right: An Empirical Study of Fee-Setting in Securities Class Actions” (here) Lynn Baker and Charles Silver of the University of Texas and Michael Perino of St. John’s University examined 434 securities class action settlements that were announced between 2007 and 2012. Their overall conclusion is the current system for setting plaintiffs’ attorneys’ fees is “deeply flawed.” The authors found that in the vast majority of cases, fees are determined after the fact, based only on the size of the settlement and the biases of the court. Congress’s goal in the PSLRA of encouraging lead plaintiffs to take a more active role in negotiating and monitoring plaintiffs’ fees has not been met.

 

Among other things, the authors found that in 85 percent of the cases, the plaintiffs’ lawyers were simply awarded the fees they asked for. With respect to the remaining 15 percent of cases in which the fees were cut, the authors could not find a meaningful way to predict why judges cut fees. The absence of readily identifiable factors for fee cuts suggests that the fee reductions are “for all intents and purposes random events.” The authors suggest that the cuts arguably reflect little other than the judges’ biases. The authors suggest that in order to avoid the problems with plaintiffs’ attorneys’ fee awards, the lead plaintiffs should be more active in negotiating the attorneys’ fees at the outset of the case.

 

Alison Frankel has a very good summary and discussion of the authors’ academic article in an April 10, 2015 post on her On the Case blog (here).

 

An Interesting Article about Cyber Insurance: There is no shortage of articles and other information about the cyber security threat, or even about cyber insurance. At this point, many of the articles on these topics have a certain repetitiveness about them. Just the same, I found an April 9, 2015 article published on the Cybersecurity Docket to be interesting. The article, entitled “Cyber Insurance: A Pragmatic Approach to a Growing Necessity” (here) and written by John Reed Stark and David R. Fontaine, suggests that rather than the standard approach to the process of acquiring cyber insurance, companies should “begin with a review of actual cyber-attacks experienced by others.”

 

The authors suggest that by analyzing and understanding the “workstreams” those companies have had to implement to respond to data breaches, companies can then “collaborate with its insurance brokers and originators to allocate risk responsibly and determine, before any cyber-attack occurs, which workstream costs will be subject to coverage; which workstream costs will fall outside of the coverage; and which workstream costs might be uninsurable.” I found the article interesting and worth reading.