The D&O Diary

The D&O Diary


The Travel Issue: Singapore (Second Edition)

Posted in Uncategorized

093aThe D&O Diary is on assignment in Asia this week, with the first stop in Singapore. I was very happy to be in Singapore this past week and not just because the Professional Liability Underwriting Society (PLUS) Regional Professional Liability Symposium I attended there was so very successful, as described below. I was glad to find myself in Singapore because, after my first visit to Singapore two years ago, I wanted a do-over. A bout of tendinitis in my knee during my prior visit had prevented me from really exploring the city. I was able to take much greater advantage this time around. As I discovered on this visit, Singapore is a very walkable city and tremendously rewarding to explore.


The prosperous city-state of Singapore is located about 60 miles north of022a the equator, with a warm, humid climate, and this time of year, frequent rain showers. The country is about the size of three District of Columbias and with a population of about 5.3 million (roughly the same as Colorado). The downtown business district is full of sleek steel and glass office towers, but the rest of the city has a leafy, upscale suburban feel. Singapore is a regional entrepôt and a something of a cross-roads, with a diverse population to match. Although I did meet several Singapore natives, so many others I met had come to Singapore from elsewhere.


The view across Marina Bay from the central business district where I stayed is dominated by the Marina Bay Sands Casino, which sort of looks like an enormous skateboard resting atop three giant clothes pins. Behind the casino, away from the central city, is a huge green space in the Marina City Park called the Gardens by the Bay, which is built on reclaimed land and former parking lots. The Gardens are dominated by groves of enormous steel and concrete tree sculptures covered with vines and flowers, called “Supertrees.”






 The Singapore River flows into Marina Bay. In the past, the river was a gritty channel for industry and commerce, but following a massive 101areclamation project in the 70s and 80s, the river is now flanked with pleasant walkways. Just upstream from the mouth of the river on the southern shore is Boat Quay (pictured left), which has an incredible diversity of ethic restaurants, as well as pubs and bars, all built in preserved shop houses. A little further upstream on the opposite bank is Clarke Quay, another nightlife district lodged in restored warehouses re-built through a separate reclamation project that was only completed in the early 90s. On a warm evening (and I don’t think there is any other kind of evening in Singapore), Clarke Quay is hopping. However, anyone attempting a pub crawl there had better bring lots of cash. A pint of beer will set you back 17 Singapore Dollars (about $13.50).


130aJust a few block south of the river is Singapore’s Chinatown, which is a densely populated area full of shops selling an astonishing variety of trinkets, cloth and garments, herbal medicines and ointments, spices and herbs, as well as books, shoes, paintings, picture frames and much else besides. There are also many tailor shops, each with a talkative proprietor out front trying to lure passersby into their shops. For some reason, the various tailors seemed to assume I was British; they addressed me as a “fine looking chap” whose life would be immeasurably improved with the benefit of a hand sewn shirt or a bespoke suit.


The pedestrianized streets are also lined with restaurants. I visited133a Chinatown at lunch time and I actually was kind of hungry, but just the same I didn’t have the courage to attempt the more authentic looking eateries, which had the look of places where you would have to wonder what you were actually eating. I settled for a tofu stir fried at a more modern establishment on the main road.


Along the main road adjacent to Chinatown is Sri Mariamann Temple, a colorful Hindu temple with a history dating back to the early nineteenth120a century. I arrived while a devotional service was underway. A drummer and another musician playing a long woodwind instrument played fast-paced rhythmic music while another attendant rang a bell. In the front of the hall, others lit incense and chanted. I stood in the back of the hall, along with other tourists and passersby who looked on with expressions of curiosity mingled with confusion. I stayed for a while as it was cool inside the temple and sheltered from the hot sun.


One evening while I was my dinner plans changed unexpectedly, and I found myself with a little bit of unscheduled time, so I went out to Holland Village, a quiet neighborhood of restaurants and bars about a 15 minute cab ride from my hotel. I was there relatively early in the evening, so the bars were just starting to fill. Sitting at a sidewalk café and watching the crowd stroll by, it was very easy to forget that this place was located deep in Southeast Asia. It had more of a feel of an American college town during summer break. 




While I was visiting Singapore, I had a chance to meet with many industry friends who are now based in Singapore. These friends come from very different backgrounds — one is Chinese who studied law in the U.S., another is a former Lloyd’s broker who came out from London for a career redirection, while another is a  U.S. lawyer who came out because his wife had an interesting career opportunity in the city. However, they were all in agreement that Singapore is a remarkably pleasant place to live and work. The city’s compact size makes life manageable and comfortable. They all find the eternal summer of the equatorial climate agreeable. They all mentioned how much they appreciated living in a clean, orderly safe place. They also all mentioned the interesting opportunities they all had to be able to do business in interesting places; not just Malaysia, Indonesia and India, but places like Vietnam, Bangladesh, and Bhutan.




I have to say that on a warm evening as I sat at the sidewalk café in Holland Village drinking a locally brewed Tiger Beer while darkness gathered, I could certainly see the appeal of living in a place like Singapore, which has all the comforts of a Western city but the diversity and exotic cultural richness of an Asian city. I have heard it said that Singapore is Asia for beginners; there may be some truth to that. All I know is that for the second visit to Singapore in a row, I found myself regretting that I had not brought one or more of my kids with me to see what’s going on there. It is a place where things are happening, in a way that things are not happening in many other places.


sccThe PLUS event, which was held on Thursday at the Singapore Cricket Club (pictured left), was a great success. The local event committee, chaired by my good friend Aruno Rajaratnam, did an excellent job planning and organizing the event. The overflow crowd of more than 100 industry professionals who attended the event was very convivial and it was a tremendous treat to me to find out that so many of them read The D&O Diary. The great success of an event like this one will help ensure that there will be many future events in Singapore and elsewhere in Asia, and that PLUS will continue to expand its international footprint. I know that for myself, I feel tremendously enriched by meeting so many industry colleagues and making so many new friends. I was also honored to be a part of this very successful event.


Here is a picture of me with the local Singapore committee. From left to right: Kevin Leung of Swiss Re; Bill Wharton of Catlin; Arati Varma of Chubb; me; Aruno Rajaratnam of Ince & Co.; Ronak Shak of JLT Asia; and David Ackerman of AAI Consulting.



One of the highlights of the evening for me took place when Ernest Heng, a financial lines underwriter with AIG, came up and introduced himself.. Ernest had brought his D&O Diary mug to the event, and so he was able to take a mug shot that featured both the mug and The D&O Diary guy (that, I learned, is how I am known there.)  We also got another great picture with the mug and a number of younger brokers and underwriters from Singapore.





Loyal reader Jenny Wilhelm of Chubb (now of Singapore, previously fron Australia) wanted to take this picture with me, to send back to her former colleagues in Australia.



More pictures of Singapore:









Clarke Quay









Boat Quay on Friday Evening









Fort Canning Park











Guest Post: The Director Risks Posed by a UK Subsidiary

Posted in Director and Officer Liability

Nick_Lindsay[1]Because I am based in the United States and because my experience has been concentrated in the U.S., my focus in this blog has primarily been on issues and developments in the U.S. — although I do enjoy the occasional opportunity to write about developments elsewhere. Because I know that many of this blog’s readers are based outside the U.S., I welcome the chance to try to expand this site’s geographic scope when I can. For that reason, I am happy to be able to publish the following guest post about director duties and exposures in the U.K. This post was submitted by Nick Lindsay; a solicitor admitted in England and Wales and a governance professional at Elemental CoSec. He advises UK companies on legal, governance and compliance issues.


I would like to thank Nick for his willingness to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. If you would like to submit a guest post, please contact me directly. Here is Nick’s guest post:



In the modern international business, it is common practice to have subsidiaries spread across the globe. The local subsidiary poses many advantages; allowing the business to meet local compliance requirements; insulate the rest of the group from local risks; and efficiently structure the tax burden of the local operation. However, the local subsidiary can expose the directors to significant risks that differ from their local jurisdiction. These risks may well attach to them personally and may not always be mitigated by D&O insurance. It is therefore critical that the directors understand the jurisdiction they are acting in and don’t just assume that it is the same as home.

Here I have set out the D&O risks faced when setting up a UK subsidiary, although the principles will likely apply to numerous other jurisdictions as well. As the D&O Diary has a US focus, I will look at the example of a US incorporated company that has a UK subsidiary. The UK subsidiary could have solely US resident directors, solely UK resident directors or a mixture. All of these arrangements can be made to work depending on the commercial realities, but pose their own risks.

Director’s Duties in the UK

In the UK, every director of a company owes certain fiduciary duties to the company. It used to be thought that a non-executive director owed a lower standard of duty and could largely defer to the executive directors however, it is now clear from case law that all directors owe the same duties to the company.

The main duties are set out in sections 171-177 Companies Act 2006, though they are others contained in case law and certain specific legislative sections. The main duties on a UK director are (i) a duty to act within their powers, (ii) a duty to promote the success of the company, (iii) a duty to exercise independent judgement, (iv) a duty to exercise reasonable care, skill and diligence, (v) a duty to avoid conflicts of interest, (vi) a duty not to accept benefits from third parties, and (vii) a duty to disclose interests in a proposed transaction or arrangement.

These duties need to be exercised positively and it has been held by the courts that any director that ‘fetters’ their discretion by mindlessly following the direction of another (for example the decision of the head office) would be in breach of these duties.

Failure to comply with some of these duties is potentially a criminal offence (for example, failure to declare an interest in an existing transaction) and the penalties may fall on the director personally.

Shadow Directors

Under section 251 Companies Act 2006, a shadow director is a person in accordance with whose directions or instructions the directors of a company are accustomed to act. This definition could include a manager at the US head office, where the directors of a UK subsidiary blindly follow the manager’s instructions. It is also not uncommon to see subsidiary boards that ‘ratify’ the decisions of senior management at the parent company and, again, this would pose a risk that the US manager would be considered a shadow director.

A shadow director is largely subject to the same director’s duties as a de jure director, although this is only to the extent that the corresponding common law rules or equitable principles apply. A shadow director is also subject to a number of offences under the Insolvency Act 1986.

The large risk posed by the shadow director rules, is that the individual will generally not realise that they are a shadow director and that they are taking these risks. Therefore there may not be appropriate risk mitigation or insurance to protect them. As set out above, there is also the risk that the de jure directors will be failing in their duties to the company, by following the instructions of the shadow director rather than exercising their own independent judgement.

Company indemnities, D&O Insurance and their limitations

Like many jurisdictions, the UK has placed limits on what can be covered under a company indemnity (ie an indemnity from the company in favour of the directors). This is to stop directors escaping liability for their failures, simply by having the company meet the claim. It also helps to protect the creditors of a company where the directors have failed in their duties.

As set out in Chapter 7 of Companies Act 2006, a company may not generally exempt a director from, or indemnify him against, liability in connection with any negligence, default, breach of duty or breach of trust by him in relation to the company. As a result, the company cannot generally exempt or limit the liability of a director for breach of his duties as a director. However, the company can provide a ‘qualifying third party indemnity’ which is an indemnity against a liability incurred by the director to a person other than the company or an associated company provided that such liability is not a fine imposed in criminal proceedings or a sum payable to a regulatory authority by way of a penalty in respect of non-compliance. Further the indemnity cannot cover liability in defending any legal proceedings in which he loses.

The company may also provide a qualifying pension scheme indemnity, the details of which are set out in section 235 Companies Act 2006.

The limits of these indemnity provisions makes the terms and structure of any D&O insurance policy absolutely critical to ensure that the directors are still protected notwithstanding the above limitations.

This article is provided for general information only and no liability is accepted in respect of its contents. Specific advice should always be obtained if you are in any doubt as to your legal obligations.

Another Environmental Disclosures Securities Suit Survives Initial Pleading Hurdles

Posted in Environmental Liability

caliIn recent months, there have been a number of securities class action lawsuits filed based on alleged misrepresentations of the defendant company’s environmental compliance. On August 7, 2014, the securities suit filed against Exide Technologies and certain of its directors and officers based on the defendants’ allegedly misleading statements about the company’s compliance with environmental regulations became the latest environmental disclosure securities suits to overcome the initial pleading hurdles. These cases underscore  the fact that reporting companies’ environmental compliance disclosures are facing increasing scrutiny, making the quality of the environmental disclosures increasingly important.


A copy of Central District of California Judge Stephen V. Wilson’s August 7, 2014 order denying the defendants’ motion to dismiss can be found here.


Exide is in the business of producing, recycling and distributing lead-acid batteries. The company maintains a large recycling plant in Vernon, California. The plaintiffs in the securities suit allege that the company experienced a series of problems and related regulatory compliance issues regarding the Vernon plant’s alleged emissions of arsenic into the air and regarding an allegedly non-compliant piping system that allegedly was leading hazardous materials into the groundwater. These problems allegedly were not publicly disclosed until the period March through May of 2013, while during the preceding months the defendants allegedly made a number of reassuring statements about the company’s environmental compliance.


Judge Wilson granted the defendants’ motion to dismiss the plaintiffs’ initial complaint without prejudice. In February 2013, the plaintiffs filed an amended complaint, and the defendants renewed their motion to dismiss.


In his August 7 Order, Judge Wilson denied the defendants’ renewed motion to dismiss. He found that amended complaint pled “allegations sufficient to present a question of fact as to whether Defendants omissions and misrepresentations regarding the Vernon plant’s environmental contamination issues made Defendants’ communications with investors misleading.”


In support of their motion to dismiss, the defendants had tried to argue that the company’s SEC filings were sufficient to disclose the company’s environmental risks. As quoted by Judge Wilson in his order, the company’s SEC filings stated that the company could not “be certain that it has been, or will at all time be, in complete compliance with all environmental requirements, or that the Company will not incur additional material costs or liabilities in connection with those requirements in exces of amounts it has reserved.”


Judge Wilson said that it is “an issue of fact whether a reasonable investor would consider this boilerplate disclosure sufficient enough that the disclosure of the actual environmental issues at Vernon during the class period would not have significantly altered the total mix of information made available about the company.” Judge Wilson went on to note that “if Defendants general environmental disclosures were sufficient to cover the existing environmental problems at Vernon as a matter of law at the pleading stage, it is difficult to see a logical stopping point to the ability of a company to ‘disclose’ serious environmental or other problems to investors through vague, general or boilerplate statements.”


In order to try to satisfy the requirements for pleading scienter, the plaintiffs relied on the allegations based on statements that confidential witnesses who alleged that Exide has a system in place for reporting environmental compliance issues, which the plaintiffs alleged were sufficient to show that individual defendants should have been aware of the Vernon plant’s issues. Taking a “holistic approach” to the scienter issue, including taking consideration of the seriousness of the problems at the Vernon plant and the importance of the Vernon plant to Exide’s operations, Judge Wilson found that the plaintiffs’ scienter allegations, taken in conjunction with the company’s environmental reporting system, “support a cogent inference that Defendants were aware of Vernon’s environmental issues.”



The survival of the environmental disclosure  securities suit against Exide comes closely after the Secnd Circuit’s recent ruling in the JinkoSolar securities suit, discussed here, in which the appellate court reversed the lower court dismissal of the suit and concluded that the plaintiffs’ allegations concerning the alleged deficiencies of the defendant  company’s environmental compliance disclosures were sufficient. While these are just two cases, it does seem as if the plaintiffs are getting some traction in securities suits based on environmental compliance disclosures.


As the derivative lawsuit filled earlier this year against the board of Duke Energy highlights, environmental issues apparently are becoming an area of increasing focus for plaintiffs’ lawyers. As cases like those filed against Exide and JinkoSolar prove to be viable, further cases based on environmental compliance and environmental disclosures may follow.


At a minimum, it is clear that companies’ environmental disclosures will face increased scrutiny. In that respect, Judge Wilson’s comments about Exide’s environmental disclosures are interesting. From Judge Wilson’s perspective at least, mere “boilerplate” disclosures or “vague” or “general” statements will not be sufficient to protect companies from allegations that their environmental compliance disclosures were inadequate. The lesson is that it will be increasingly important for companies to ensure that their environmental disclosures avoid use of mere boilerplate and instead incorporate specific and detailed discussion of the circumstances surrounding their environmental compliance.


By the same token, D&O insurance underwriters considering companies whose operations may present environmental concerns will want to review the environmental disclosures in the companies’ periodic reports in order to assess the extent to which the disclosures provide  a specific and detailed picture of the company’s environmental compliance circumstances.


Finally, and as a I noted in  my recent post about the Second Circuit’s decision in the JinkoSolar case, it clearly is going to be important for policyholders to ensure that their D&O policy contains no pollution exclusion (as is the case in many current policies, which, rather than including a pollution exclusion simply carve out environmental remediation costs from the definition of covered loss), or, they have a pollution exclusion, that the exclusion contains a provision carving back coverage for derivative claims and securities suits.

Second Circuit Affirms Porsche Securities Suit Dismissal; Domestic Transaction Necessary But Not Sufficient to Invoke U.S. Securities Laws

Posted in Securities Litigation

porscheOn August 16, 2014, in a long-awaited decision that is sure to provoke comment and that could fuel disputes in future cases, the Second Circuit affirmed the dismissal of the securities suits hedge fund purchasers of certain swap agreements had filed against Porsche and its executives.


The plaintiffs contended that because they had completed the swap contracts transactions in the United States, the swap transactions represented “domestic transactions” within the meaning of the “second prong” of the Supreme Court’s holding in Morrison v. National Australia Bank, in which the Court had said that the U.S. securities laws apply to “domestic transactions in other securities.”


In an unsigned  per curiam opinion (which can be found here), the Second Circuit — concerned the application of Morrison as the plaintiffs urged would result in the very kind of extraterritorial extension of U.S. securities laws Morrison had sought to avoid — said that while it is necessary for the U.S. securities laws to apply that a domestic transaction is involved, it is not sufficient.  The court went on to say that the claims in this case are so “predominately foreign as to be impermissibly extraterritorial.” The court stressed that it was not attempting to establish a rule that would govern future cases, but instead emphasized that future courts would have to make determinations on a case by case basis based on the facts presented.


While the Second Circuit affirmed the district court’s dismissal of the case, the appellate court nevertheless remanded the case to the lower court for further proceedings to see whether or not the plaintiffs could amend their pleadings to try to satisfy the requirements the appellate court had specified.



The plaintiff hedge funds had entered security based swap agreements that referenced the price of VW shares.  The referenced VW shares did not trade on any U.S. exchange. The swaps did not trade on any exchanges. The swap agreements generated gains for plaintiffs as VW’s shares decline and produced losses as the price of VW shares rose.


The plaintiffs allege that all of the steps necessary to transact the swap agreements took place in the United States. The swap agreements contain choice of law and forum selection provisions that designate New York law and a New York forum.


In the lawsuits, the hedge fund plaintiffs allege that the Porsche defendants had caused a dramatic rise in VW stock prices by buying nearly all of the few freely-traded shares as part of a secret plan to take over the company, while publicly denying that it sought to gain control. The plaintiffs allege that after months of denying that it sought to take over VW, Porsche on October 26, 2008 disclosed the extent of its accumulated holdings in VW stock, as a result of which the VW share price shot up, causing the plaintiffs massive losses on their swap agreements.


The defendants moved to dismiss in reliance on Morrison, on the grounds that the swap transactions were not within the ambit of Section 10(b) of the Securities Exchange Act of 1934. As discussed here, in a December 30. 2010 opinion, Southern District of New York Judge Harold Baer granted the defendants’ motion to dismiss, holding that the application of the U.S. securities laws to the swap transactions would be “inconsistent” with the Supreme Court’s intention to “curtail the extraterritorial application” of the U.S. securities laws. The plaintiffs appealed.


On March 1, 2012, as discussed here, while the plaintiffs appeal was pending, the Second Circuit issued its opinion in Absolute Activist Value Master Fund Limited v. Ficeto, in which the appellate court examined the requirements under Morrison’s second prong. The Second Circuit held that in order to establish the existence of a “domestic transaction in other securities,” a plaintiff “must allege facts suggesting that either irrevocable liability was incurred or title transferred within the Unites States.”


The August 15 Opinion 

On August 15, in a lengthy per curiam opinion, to which Judge Pierre Laval appended a concurring opinion, the Second Circuit affirmed the district court, while also remanding the case back to the district court for the court to determine whether or not the plaintiffs could amend their complaints sufficiently to meet the standards set by the appellate court.


The Second Circuit recognized that the plaintiffs had entered their swap transactions in the United States, which would therefore, based on the Absolute Activist decision, seem to suggest that the transactions met Morrison’s second prong. The problem with this conclusion is that “it would subject to U.S. securities laws conduct that occurred in a foreign country, concerning securities in a foreign company, traded entirely on foreign exchanges.” It would subject foreign defendants to potential liability under the U.S. securities laws based on nothing more than an entirely private transaction of which the defendant were entirely unaware.  This result would result in the very extraterritorial application of the U.S. securities laws that the Supreme Court sought to avoid in Morrison.


Accordingly, the Court said, adding its own gloss to Morrison, that while it is necessary for U.S. securities laws to apply that a domestic securities transaction is involved, it is not sufficient. The Court said that it need not even determine whether or not the Absolute Activist standards had been met here, because “we think it is clear that the claims in this case are so predominately foreign as to be impermissibly extraterritorial.”


The Court stressed that its holding in no way forecloses the application of the U.S. securities laws to govern swap transactions where “the transactions are domestic and where the defendants are alleged to have sufficiently subjected themselves to the statute.” The Court warned that its conclusion in this case cannot be “perfunctorily applied to other cases based on the perceived authority of a few facts.” Rather, courts will have to “carefully make their way with careful attention to the facts of each case.” The Court also suggested that it would be better left to the SEC or to Congress to provide a more comprehensive rule.



As the Second Circuit said, this case “illustrates the problem with treating the location of a transaction as the definitive factor in the extraterritorial inquiry.” If the mere fact that the swap transactions –between private parties and entered without  Porsche’s involvement or knowledge — were completed in the U.S. were sufficient to subject Porsche and its executives to potential liability under the U.S. securities laws, it “would seriously undermine Morrison’s insistence that Section 10(b) has no extraterritorial application.”


Just the same, it could be argued that the Second Circuit ranged beyond the strict confines of Morrison and extended entirely new guidelines when it stated that it was necessary but not sufficient that a domestic transaction was involved in order for the U.S. securities laws to apply.


The difficulty with the Second Circuit’s extension is that it invites further disputes, particularly given the lengths to which the Court went to avoid any suggestion that it was laying down a bright-line rule. (Indeed, Judge Leval’s concurrence was written in defense of the fact that the Second Circuit has taken the Supreme Court’s single-factor “domestic transaction” test and turned it into a multi-factor formulation.) While the Morrison court laid down what is “necessary,” the Second Circuit arguably has now begged the question of what is “sufficient” for U.S. securities laws to apply.


The Second Circuit provided little guidance about what may be “sufficient,” except to say that the U.S. securities laws are implicated when a domestic transaction is involved and the defendants “are alleged to have sufficiently subjected themselves to the statute.” But what activities are relevant in consideration of the question whether the defendants have “subjected” themselves to the U.S. securities laws – and doesn’t risk getting courts back into the “conduct” part of the old “conduct and effects” test that the Supreme Court rejected in Morrison? And what degree of activity is enough to say that defendants have “sufficiently subjected” themselves to the U.S. securities laws? Obviously, the Second Circuit standard leaves much for subsequent courts to fill in, which seems to put us back on the slippery slope toward the inconsistent case law the Supreme Court sought to eliminate when it rejected the “conduct and effects” test.


By the same token, defendants will now seek to resist the application of the U.S. securities laws by attempting to argue that the transaction in question was “predominately foreign.” Which of course begs the question of what factors establish that something is “foreign” rather than “domestic,” and what degree of showing is required to establish that something is predominately foreign.


Perhaps these disputes can be avoided. The Second Circuit’s focus on the fundamental importance of avoiding extraterritorial application of the U.S. securities laws may prove a sufficient guiding principle that many line-drawing disputes can be avoided. Nevertheless, the groundwork seems to be set for future disputes about whether a plaintiff’s allegations have established the elements that are both “necessary” and “sufficient” to warrant the application of the U.S. securities laws.


An interesting final question is what the plaintiffs will do next. On the one hand, they could just go back to the district court and try their luck at amending their pleading to try to satisfy the Second Circuit’s standard. The Second Circuit’s opinion states that after the dust settled following Porsche’s disclosure that it was well on the way to acquiring control of VW, short sellers lost a total of $38.1 billion. The plaintiffs, whose losses constitute a part of that $38.1 billion, seem to have substantial financial incentives to try to take their fight to the U.S. Supreme Court. Given the U.S. Supreme Court’s propensity to take up securities cases in recent years, and given the magnitude of the changes that the Second Circuit’s formulation works on Morrison, the Supreme Court might well want to take up this case.


The Porsche case presented difficult issues. Based on Morrison, the Second Circuit was correctly concerned about the possible extraterritorial application of the U.S. securities laws. Nevertheless, the basis of its decision could provide fodder for protracted battles as other courts struggle to determine what factors are “sufficient” to warrant the application of the U.S. securities laws.


Interruption in the Publication Schedule: Due to my overseas business travel obligations, there will be an interruption in The D&O Diary’s publication schedule over the next several days. The regular publication schedule will resume upon my return at the end of next week. 


Dodd-Frank Anti-Retaliation Provisions Do Not Protect Overseas Whistleblowers

Posted in Employment Practices Liability

secondsealIn the latest fiscal year report of the SEC Office of the Whistleblower, the agency reported that as of the end of the 2013 fiscal year it had received  a total of 6,573 whistleblower reports since the the Dodd-Frank whistleblower program’s inception. These figures include not only domestic whistleblower reports but also reports from a total of sixty-eight different countries. During fiscal year 2013, there were 404 whistleblower reports from outside the U.S. representing nearly 12% of all reports during the year. Clearly, whistleblower reports from non-U.S. countries have represented a significant part of the whistleblower program, and foreign whistleblowers have been drawn to the program.


However, based on a recent Second Circuit decision, prospective foreign whistleblowers thinking about making a whistleblower report had better be prepared to watch out for themselves, as according to the appellate court’s August 14, 2014 decision in Liu Meng-Lin v. Siemens AG (here), the Dodd-Frank Act’s whistleblower anti-retaliation protections do not apply extraterritorially — that is, they do not protect whistleblowers outside the U.S. This ruling obviously could dampen the interest of prospective foreign tipsters from making whistleblower reports.


In this action, a Taiwanese former compliance officer of Siemen’s Chinese healthcare subsidiary alleged that he had been retaliated against for making a whistleblower report. The claimant filed the claim in reliance on provisions of the Dodd-Frank Act that prohibit employers from retaliating against whistleblower employees who make reports protected by the Act. The plaintiff allegedly had discovered that employees of the Chinese subsidiary were making improper payments to officials in North Korea and China in connection with medical equipment sales in those countries. The plaintiff alleged that after reporting this conduct to superiors through internal company procedures, he was demoted and ultimately fired. Two months after being fired, the plaintiff reported the allegedly corrupt conduct to the SEC.


The plaintiff filed an action alleging that the employment actions taken against him violated the Dodd-Frank Act’s anti-retaliation provisions. Siemens moved to dismiss the plaintiff’s action, arguing that the anti-retaliation provisions do not apply extraterritorially and that all of the key actions involved here had taken place outside the United States. The district court granted the defendant’s motion to dismiss and the plaintiff appealed.


In an August 14, 2014 opinion written by Judge Gerard E. Lynch, a three-judge panel of the Second Circuit affirmed the district court’s dismissal of the action. The Court said, in reliance on the U.S. Supreme Court’s Morrison decision, that in the absence of clear congressional intent to the contrary a statute is presumed, to apply only domestically, and “because there is no evidence that the anti-retaliation provision is intended to have extraterritorial reach, we conclude that that provision does not apply extraterritorially.” The Court said further that because the plaintiff “was a non-citizen employed abroad by a foreign company, and that all events allegedly giving rise to liability occurred outside the United States, applying the anti-retaliation provisions to these facts would constitute an extraterritorial application.”


The Court did not reach the question whether or not the protections of the anti-retaliation provisions apply to protect whistleblowers that make their reports internally. There has been a split among various courts on the question of whether or not the provisions protect internal whistleblowers. (For example, in July 2013, the Fifth Circuit held that the anti-retaliation provisions only protect those that make reports directly to the SEC.) The appellate court said only that it “need not reach” that question given its ruling on extraterritoriality.


The Second Circuit’s decision clearly will have an impact on prospective whistleblowers outside the United States.  Many may hesitate to make reports out of fear of retaliation.


Just the same, the Second Circuit’s decision left many questions unanswered, as discussed in an August 14, 2014 Law 360 article entitled “2nd Circ. Ruling on Overseas Tipsters Dodges Big Issues” (here, subscription required). This case arguably was straightforward, since every aspect of the case took place outside   the U.S. and there were no U.S. connections involved. The Second Circuit’s ruling gives no indication of what the impact on its ruling might have been if the whistleblower were a U.S. citizen or if the whistleblower report had involved a U.S. company operating overseas, or if any of the alleged misconduct had taken place inside the U.S.  These issues will have to be addressed in future cases. In the meantime, it seems probable that the seeming enthusiasm for whistleblower reports from outside the U.S. will be dampened


I will say that as I have traveled overseas in recent years, I have heard concerns about the extent of whistleblower reports from  outside the U.S. and the extent to which this whistleblowing activity might lead to enforcement action or claims against the companies involved  in their home countries. These concerns may be relieved to a certain extent by the Second Circuit’s ruling. If prospective overseas whistleblowers know they will not have the benefit of anti-retaliation provisions, there likely will be fewer whistleblower reports, reducing the  risk of the feared possible enforcement action or follow-on claim activity in other jurisdictions.


Another concern I have heard as I have travelled around the world is that observers in other countries are alarmed by the extent to which U.S. regulators are willing to try to assert their regulatory authority outside of the U.S. border, a phenomenon about which I recently wrote here. However, this case, and in the Second Circuit’s recent opinion in the Porsche case, about which I commented in an accompanying blog post, seem to reflect the U.S. courts straining to avoid the extraterritorial application of the U.S. laws. While there may be very good reasons for concern about U.S. regulators’ cross-border assertion of their authority, there are also important cross-currents working against the extraterritorial assertion of U.S. laws.


Should Bank Directors’ Fiduciary Duties Be Expanded?

Posted in Director and Officer Liability

bankboardA recurring question is whether bank directors should be held to a more stringent fiduciary duty than are the directors of other kinds of companies. The question has been raised in the current wave of failed bank litigation, as the FDIC has tried to argue, for example, that bank directors are not entitled to the same protections of the business judgment rule as are directors of other companies. A recent speech by a Federal Reserve Board governor has once again raised the issue of whether bank boards should face “broadened” fiduciary duties, a suggestion that has provoked a sharp critical response.


In a lengthy June 9, 2014 speech (here), Federal Reserve Board Governor Daniel K. Tarullo raised the question whether the fiduciary duties of boards of regulated financial firms should be expanded because of the systemic risks embedded in banking sector.  Gov. Tarullo specifically referred to a “provocative recent paper” by Oxford University Law Professor John Armour and Columbia Law Professor Jeffrey N. Gordon  entitled “Systemic Harm and Shareholder Value” (here), in which the two professors propose board-level oversight responsibility for institutional risk-taking, in order to better align investor interest with societal interest in banking sector stability that could be disrupted by excessive risk-taking.  In their paper, the professors specifically propose that the directors be held liable for losses resulting from breaches of their risk management oversight.


As summarized by Gov. Tarullo, the professors argue that bank directors’ duties should be expanded “precisely because diversified shareholders have a strong interest avoiding risk decisions by these institutions that increase systemic risk.” The broadened fiduciary duties that the professors recommend would apply only to “systemically important financial institutions. “


These proposals were sharply criticized in an August 7, 2014 American Banker article by John Gorman of the Luse Gorman Pomerenk & Schick law firm entitled “Beware of Expanded Board Duties” (here). Among other things, Gorman notes that broadening bank directors’ fiduciary duties for institutional risk-management would “expose a board to liability for good faith judgments” and would “require boards to function in a management capacity.” These developments would be both “expensive and inefficient” and “would undoubtedly discourage capable persons from serving on bank boards.”


According to Gorman, altering bank boards’ fiduciary duties to require directors to take ownership for risk management issues “would merely provide a prima facie basis for the filing of a lawsuit against many boards.” Bank boards are “already significantly exposed to litigation and potential liability to both regulators and shareholders.” Any expansion of boards’ fiduciary duties with respect to risk management “would be a dangerous development for directors of all banks.”


The two professors’ recent article to which I linked above is hardly the first instance where it has been argued that, owing to their organizations’ unique roles in the financial system, bank directors should face a heightened standard of liability than do directors of other organizations. Indeed, in his recent speech Gov. Tarullo also cited to earlier academic articles where similar proposals had been suggested.


However, it is important to note that the idea that bank directors should face a different standard than directors of other companies has not been confined just to academic articles. Similar arguments have made their way into the current round of bank failure litigation, where, for example, the FDIC has argued that bank directors are not entitled to the same protection of the business judgment rule as are directors of other companies.


As noted here, Northern District of Georgia Judge Tom Thrash Jr. raised that very question in an FDIC lawsuit involving the failed Buckhead Community Bank. Among other things, Judge Thrash observed that “there is every reason to treat bank officers and directors differently from general corporate officers and directors.” Ultimately, rather than answer the question of whether bank directors are entitled to the same protection of the business judgment rule as other directors, Judge Thrash certified the question to the Georgia Supreme Court.


As discussed here, the Georgia Supreme Court’s answer was not exactly what the bank directors and officers had been hoping for; that is, the Court agreed in the end that the business judgment rule protects bank directors and officers and directors and officers of other corporations in the same way, but that in neither case are directors and officers entitled to absolute immunity from negligence claims. Just the same, Judge Thrash’s question show that it is not just academics and regulators that are struggling with the issue of whether or not different standards should apply to bank directors.


It should be emphasized that the academics’ proposal to hold bank directors to a higher standard was limited just to directors of systemically important financial institutions. I share the concerns John Gorman expressed in his American Banker article about this proposal. However, I have additional concerns, which is that there are already theories floating around that bank directors should be held to a different standard than directors of other companies, as shown by Judge Thrash’s remarks in the Buckhead Community Bank case. My concern is that if the idea were accepted that directors of systemically important banks should be held to have expanded fiduciary duties, the idea would quickly expand beyond just systemically important institutions and be applied to many , most, or even all bank directors, without regard to whether or not their institution is systemically important.


There undoubtedly are meritorious lawsuits filed against bank directors, particularly where there is evidence of self-dealing or complete abdication of responsibility. Just the same, the overall level of litigation aimed at bank directors is both excessive and socially inefficient, particularly with respect to the litigation that so often follows after banks’ failures. So often the failed bank lawsuit allegations consist of little more than scapegoating and hindsight second-guessing. Creating a liability regime that would encourage further litigation and expand the potential liabilities of bank directors would accomplish little except enlarging the litigation burden that prospective directors would have to consider before accepting a seat on a bank board.


I fully recognize that I am stepping into an issue on which there is already a spirited debate and I understand that reasonable minds could have a different view. I encourage those who see these issues differently to add their thoughts to this post using the blog’s comment feature.


Special thanks to a loyal reader for sending me a link to the American Banker article.



Guest Post: Cybersecurity and Cyber Governance: Understanding and Implementing the NIST Cybersecurity Framework

Posted in Uncategorized

weilG2_Logo[1]On February 12, 2014, the National Institute of Standards and Technology (NIST), pursuant to an Executive Order from President Obama, released the first version of the Framework for Improving Critical Infrastructure (here), to identify standards and practices to promote the protection of critical infrastructure from cyberattack. In a recent speech, SEC Commissioner said that the NIST Framework is “likely to become a baseline for best practices by companies, including in assessing legal or regulatory exposure” to cybersecurity issues.


In the following guest post, Paul A. Ferrillo of the Weil Gotshal law firm and Tom Conkle of G2,Inc. take a detailed look at the NIST Framework and explain why the Framework is so important for companies and for their boards of directors. They also review the steps  companies can take to try to implement the Framework. (To see full-sized versions of the graphical images embedded in this post, please click on the images.)


I would like to thank Paul and Tom for their willingness to publish their guest post on my site. I welcome guest post submissions from responsible authors on topics of interest to readers of this site. Anyone interested in publishing a guest post should contact me directly. Here is Paul and Tom’s guest post:



Why the Cybersecurity Framework was created and why it is so important

Despite the fact that companies are continuing to increase spending on cybersecurity initiatives, data breachs continue to occur. According to The Wall Street Journal, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier according to Allied Business Intelligence Inc.[i]” Despite the boost in security spending, vulnerabilties, threats against these vulnerabilities, data breaches and destruction persist.  To combat these issues, the President on February 12, 2013 issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity[ii].” The EO directed NIST, in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks.

In February 2014, through a series of workshops held throughout the country and with industry input, NIST released the “Framework for Improving Critical Infrastructure Cybersecurity” (“the Framework”)[iii]. For the first time, the Framework provides industry with a risk-based approach for developing and improving cybersecurity programs. It also provides a common language regarding cyber security issues to allow for  important discussions to take place between an organization’s “IT” people, and an organization’s “business” people, some of whom may cringe when hearing complicated terms like “APT” (Advanced Persistent Threat). Its common sense, “English language” approach allows an organization and its directors to both identify and improve upon its current cybersecurity procedures. Though the Framework was developed for the 16 critical infrastructure sectors, it is applicable to all companies – albeit at least today – on a voluntary basis.

What is the Cybersecurity Framework

The Framework contains three primary components: The Core, Implementation Tiers, and Framework Profiles. 

The Framework Core

nist implementation framework updatedThe Framework Core (“Core”) is a set of cybersecurity activities and applicable references established through five concurrent and continuous functions – Identify, Protect, Detect, Respond and Recover – that provide a strategic view of the lifecycle of an organization’s management of cybersecurity risk. Each of the Core Functions is further divided into Categories tied to programmatic needs and particular activities. The outcomes of activities point to informative references, which are specific sections of standards, guidelines, and practices that illustrate a method to achieve the outcomes associated with each subcategory.  The Core principles can be thought of as the Framework’s fundamental “cornerstone” for how an organization should be viewing its cybersecurity practices: (1) identifying its most critical intellectual property and assets; (2) developing and implementing procedures to protect them; (3) having resources in place to timely identify a cybersecurity breach; and (4) having procedures in place to both respond to and (5) recover from a breach, if and when one occurs.

The Framework Implementation Tiers

The Framework Implementation Tiers (“Tiers”) describe the level of sophistication and rigor an organization employs in applying its cybersecurity practices, and provide a context for applying the core functions. Consisting of four levels from “Partial” (Tier 1) to “Adaptive” (Tier 4), the tiers describe approaches to cybersecurity risk management that range from “informal, reactive responses to agile and risk-informed.”

The Framework Profile

The Framework Profile (“Profile”) is a tool that provides organizations a method for storing information regarding their cybersecurity program. A profile allows organizations to clearly articulate the goals of their cybersecurity program. The Framework is risk-based; therefore the controls and the process for their implementation change as the organization’s risk changes. Building upon the Core and the Tiers, a comparision of the Profiles (i.e. Current Profile versus Target Profile), allows for the identification of desired cybersecurity outcomes, and gaps in existing cybersecurity procedures.


Why Directors should care about the Framework

Tom Wheeler, Chariman of the Federal Communications Council (FCC), stated that an industry-driven cybersecurity model is preferred over prescriptive regulatory approaches from the federal government.[iv] Nonetheless, it continues to see successful attacks on critical infrastructure organizations.

At some point, if critical infrastructure organizations do not demonstrate that a voluntary program can provide cybersecurity standards that are the same as, if not better than, federal regulations, regulators will likely step in with new laws. In fact, according to SEC Commissioner Luis Aguilar, the Framework has already been suggested as a potential “baseline for best practices by companies, including in assessing legal or regulatory exposure to these issues or for insurance purposes. At a minimum, boards should work with management to assess their corporate policies to ensure how they match-up to the Framework’s guidelines — and whether more may be needed.”[v] If SEC or other proposed federal regulation of cybersecurity becomes a reality, implementing the Framework could be a mandatory exercise.  By choosing to act now, organizations have the benefit of more flexibility in how they implement the Framework. 

In addition to staying ahead of federal and state regulators and potential Congressional legislation, the Framework provides organizations with a number of other benefits, all of which support a stronger cybersecurity posture for the organization.  These benefits include a common language, collaboration opportunities, the ability to verifiably demonstrate due care by adopting the Framework, ease in maintaining compliance, the ability to secure the supply chain, and improved cost efficiency in cybersecurity spending. Though it would be Herculean to accurately summarize all benefits of the Framework and how to implement them, we pull out its key points below.

Common Language

The Framework, for the first time, provides a common language to standardize the approach for addressing cybersecurity concerns. As we have noted in other articles, including in June 2014 and July 2014, many cyber security principles are not intuitive. They are not based upon well-established principles that Directors (especially audit committee members) are used to hearing, like “revenue recognition.” The Framework allows for cybersecurity programs to be established and shared within an organization and to organizational partners using a common language. For example, the Framework allows for the creation of several types of Profiles: Profiles that provide strategic enterprise views of a cybersecurity program, Profiles that are focused on a specific business unit and its security, or Profiles that describe technologies and processes used to protect a particular system. Despite the number of Profiles that may exist for an organization, directors can quickly and easily understand how corporate guidance is implemented in each Profile since they have a standard language and format for describing an organization’s cybersecurity programs.  


NIST and participants from industry that assisted in the Framework development envision the Framework Profiles as a way for organizations to share best practices and lessons learned. By leveraging the common language and increased community awareness established through the Framework, organizations can collaborate with others through programs such as the Cybersecurity Forum (CForum)[vi]. CForum provides an online forum for organizations to share lessons learned, post questions regarding their cybersecurity challenges, and maintain the conversation to continually improve cybersecurity capabilities and standards.

Demonstrating Due Care

By choosing to implement the Framework (or some part of it) sooner rather than later,  organizations can potentially avoid the inevitable conclusion (or parallel accusation by a plaintiff’s attorney) that they were “negligent” or “inattentive” to cybersecurity best practices following disclosure of a cyber breach. Organizations using the Framework should be more easily able to demonstrate their due care in the event of a cyber attack by providing key stakeholders with information regarding their cybersecurity program via their Framework profile. At the same time, Directors can point to their request that the organization implement the Framework in defense of any claim that they breached their fiduciary duties by failing to oversee the cyber security risk inherent in their Organization.

Maintaining Compliance

Many critical infrastructure organizations are required to meet multiple regulations with overlapping and conflicting requirements. In order to avoid fines and additional fees from regulatory bodies, many operators are forced to maintain multiple compliance documents describing how the organization is complying with each requirement. The standard developed by the Framework enables auditors to evaluate cybersecurity programs and controls in one standard format eliminating the need for mulitple security compliance documents.

Knowing your Supply Chain

The Framework also provides an opportunity for organizations to better understand the cybersecurity risks imposed through their supply chains. Organizations purchasing IT equipment or services can request a Framework profile, providing the buying organization an opportunity to determine whether or not the supplier has the proper security protections in place. Alternatively, the buying organization can provide a Framework profile to the supplier or vendor to define mandatory protections that must be implemented by the service provider’s organization before it is granted access to the buying organization’s systems.

Spending Security Budgets Wisely

In an environment where cyberthreat information is not readily available, organizations struggle with understanding how much security is enough security, leading to organizations implementing unnecessary cybersecurity protections. Through the use of the Framework, standards for care can be established for each critical infrastructure sector. Organizations can leverage these standards to determine the appropriate level of security protections required, ensuring efficient utilization of security budgets.

nist framework benefits updated

The diagram above provides questions to help determine if and how an organization can benefit from implementing the Framework. Discussing these questions and their responses will help organizations determine how well their current cybersecurity efforts are protecting them against cyber attacks.  Based on the answers to these questions, they will better understand which of the benefits presented in this article will apply to their organization should they implement the Framework. 

Where do you start with implementing the Framework?

A major challenge in adopting the Framework is simply getting started. Organizations typically have limited resources and familiarity with the Framework to help them leverage their existing cybersecurity, compliance and audit programs, policies and processes.

At a minimum, directors and their management should become familiar with the Framework. Additionally, directors (or some committee thereof) should have a deep discussion with management about the organization’s Implementation Tiers. The Implementation Tiers allow an organization to consider current risk management practices, the threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints.

Educating managers and staff on the Framework to ensure all organizations are on the same page is also an important step toward the successful implementation of a robust cybersecurity program. The previously mentioned CForum is a source for success stories, lessons learned, questions and information useful to organizations implementing the Framwork. This information about existing Framework Implementations may help organizations with their own approaches. Additionally, organizations can seek out cybersecurity service providers skilled in helping organizations with the education, awareness and planning required to implement the Framework across an entire enterprise.

Though “voluntary,” it cannot be overstated that the Framework is “a National Standard” developed with input from industry experts, collaborators and businesses with years of cyber experience. As stated by the Chairman of the House of Intelligence, Mike Rogers, “there are  two kinds of companies. Those that have been hacked and those that have been hacked but don’t know it yet.[vii]” Given that it is almost inevitable that an organization will be hacked, there will be a time and a place where it may need to demonstrate to customers, investors, regulators, and plaintiff’s attorneys that it gave thought to, and implemented, cyber security measures in order to defend its most critical intellectual property assets, or its most critical business and customer information. Implementing the Framework will not only allow organizations to improve cyber security measures, but also to effectively demonstrate due care.

About the Authors: Tom Conkle is the commercial services lead for G2, Inc. He assists clients in developing and improving their cybersecurity programs based on their risk tolerance through the use of the Cybersecurity Framework developed by NIST. Paul Ferrillo is Counsel in the Securities Litigation practice of Weil, Gotshal & Manges LLP in New York City.


[i] Companies Wrestle With the Cost of Cybersecurity, February 25, 2014, available at

[ii] Executive Order 13636 of February 12, 2013, Improving critical Infrastructure Cybersecurity, available at

[iii] The National Institute of Technology and Standards (NIST) “Framework for Improving Critical Infrastructure Cybersecurity version 1.0”, February 12, 2014, available at

[iv] (Sarkar, 2014), available at

[v] See “Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus,” available at

[vi] The Cybersecurity Forum (CForum) is a not-for-profit, publically available site dedicated to the evolution and implementation of the Cybersecurity Framework, available at

[vii] Graham, Scott, Interview: Greg Toughill, DHS, USA on Cybersecurity, July 28, 2014, available at

The Pre-IPO Company and “Failure to Launch” Claims

Posted in IPOs

roadDue to a combination of favorable circumstances, the number of companies completing initial public offerings is currently at the highest level in years. According to a recent study from Cornerstone Research (here), with the 112 IPOs in the first half of 2014, IPO activity is on pace to increase for the third consecutive year. IPO activity just in the first six months of 2014 equaled 71 percent of total IPO activity in 2013 and exceeded the full years 2009, 2010, 2011 and 2012. The favorable IPO environment has encouraged even more companies move toward an IPO. However, for a company starting down the road toward an IPO, there are a number of risks. Among other things, pre-IPO companies face increased risks of liability and claims, particularly when the planed IPO fails to launch.


A recent case filed in New York (New York County) Supreme Court illustrates the kinds of “failure to launch” claims that pre-IPO companies can face. Although the case involves somewhat unusual circumstances specific to the defendant company involved, it does provide an example of a claim arising from a pre-IPO company’s failure to complete its planned IPO.


According to the plaintiff’s August 1, 2014 complaint (which can be found here), defendant is a Delaware corporation with its principal place of business in Fujian, China. In 2011, Westergaard completed a private placement that provided for “automatic redemption” of the units sold in the placement if the company failed to complete an IPO at an offering price of $3.00 or greater within two years of the private offering’s closing date. The redemption amount was specified as $3.00 per share. The complaint alleges that private placement transaction closed on October 24, 2011, but that the company did not complete an IPO within two years of that date nor has it yet completed an IPO. The plaintiff is assignee of investors who had purchased units in the private placement. The plaintiff filed the action as assignee to enforce the redemption provisions in the private placement agreement, as well as to recover its costs of collection.


This lawsuit is obviously a reflection of the specific features of the private placement agreement in which the company had undertaken to redeem the units it had sold in the private placement if it did not complete an IPO within two years of the private placement closing.  But while the particulars of this claim may reflect the specific circumstances of the company involved, the situation nevertheless does illustrate how a pre-IPO company’s failure to launch can lead to claims from disappointed investors. To see an earlier example of a situation where claims arising out of a company’s pre-IPO activities arose out after a company’s planned IPO failed to launch, refer here.


Because of the possibility of failure to launch claims and other concerns, it is very important that a company contemplating a future IPO structure its D&O insurance coverage to take into account the increased risks and exposures involved with its planned IPO – even if the company does not ultimately complete its IPO.  In that regard, however, this specific case may not be the best example, as the kind of breach of contract claim asserted against an entity defendant likely would not be covered under the typical private company D&O insurance policy. This case does show how pre-IPO activities can give rise to claims, and therefore underscores the importance of taking these kinds of risks into account when structuring the D&O insurance coverage for a Pre-IPO company.


One particular concern is the securities offering exclusion found in most private company D&O policies. The pre-IPO company would not want this exclusion to sweep so broadly that it would preclude coverage for claims arising out of the company’s pre-IPO activities. If the company were to fail to complete its planned IPO, the company’s private company D&O insurance policy is the one that would respond to any claims that might arise, so it is very important that the securities offering exclusion is written a way that any “failure to launch” and other claims would not be precluded from coverage. Ideally, the securities offering exclusion would not go into effect unless and until the company actually completes an IPO, at which point the company should have put in place a public company D&O insurance policy to provide liability insurance against the company’s activities as public company.


When a company is on a trajectory toward an IPO, there is a natural tendency to focus on the liability exposures the company will face after it goes public. But the process leading up to the IPO often involves circumstances that can create their own set of risks and exposures. As a company readies itself to go public, it often restructures its operations, its accounting, its debt, or other corporate features. The company also makes pre-offering disclosures, for example, in road show statements. The process creates expectations that can create their own set of problems. All of these changes, disclosures and circumstances potentially can lead to claims, particularly  if the offering does not go forward.


Often pre-IPO company management is reluctant to take the time to address D&O insurance issues at the appropriate time before the company is deep into the IPO process. But claims can and do arise involving companies’ pre-IPO activities. The significance of the pre-IPO period in a company’s life cycle underscores the importance of having a skilled and experienced insurance professional involved well before the time of the IPO. 


PLUS Regional Professional Liability Symposium in Singapore, August 21, 2014

Posted in Professional Liability

singaporeOn August 21, 2014, the Professional Liability Underwriting Society (PLUS) will be hosting a regional professional liability symposium in Singapore. This dinner event, which will be held at the Singapore Cricket Club, marks the second year that PLUS has hosted an educational and networking event in Singapore, building on its 25+ year history of hosting industry-leading events in the professional liability market worldwide. The keynote speaker at the event will be Chelva Rajah of the Tan Rajan & Cheah law firm, whose remarks are entitled “Tales from the Corporate Crypt.” I will also be making a presentation at the event entitled “Latest Global and U.S. Trends in D&O Liability Insurance: What’s Hot, What’s Cold!”


I already know for talking to friends throughout the region than many industry professionals are planning on attending this event. I hope that all of my readers and friends in the region will be there and will encourage others to attend as well. Details about the event, including registration information, can be found here.

The Long Arm of U.S. Regulatory Enforcement and the Cross-Border Reach of U.S. Laws

Posted in Regulatory Enforcement

globalreach1One of the most distinctive aspects of the current global regulatory environment has been the increasing willingness of U.S. regulators to try to project U.S. enforcement authority outside the U.S. The cross-border assertion of U.S. regulatory authority has taken place across a broad range of regulatory and compliance issues, including, for example, antitrust, trade sanction, and taxation enforcement as discussed here.


One area where the U.S. regulators’ cross-border reach has been most pronounced has been with respect to anti-bribery enforcement.  A July 30, 2014 memorandum by Demme Doufekias and Adam J. Fleisher of the Morrison & Foerster law firm entitled “The Long-Arm of the FCPA: Former BizJet CEO Arrested in Amsterdam, Pleads Guilty in Oklahoma” (here) takes a look at a recent instance where U.S. prosecutors projected their reach outside of the country in order to enforce U.S. antibribery laws. The memo also reviews the many recent instances where the U.S. authorities have reached across the country’s borders to enforce the Foreign Corrupt Practices Act (FCPA). The memo highlights the fact that this cross-border reach is not limited just to FCPA enforcement.


The primary focus of the law firm memo is the recent prosecution of Bernd Kowalewski, the former president and CEO of BizJet International Sales and Support, Inc., a U.S.-based subsidiary of Lufthansa Technik AG. The company had its headquarters in Tulsa, Oklahoma. As discussed in the U.S. Department of Justice’s July 24, 2014 press release (here), the DOJ alleged that Kowalewski and three other BizJet officials had engaged in a conspiracy to violate the FCPA by paying bribes to government officials Mexico and Panama, in order to obtain aircraft maintenance contracts in those countries.


In 2012, two of the four BizJet officials who were under indictment for the alleged bribery pled guilty to FCPA violations. However, the charges and the guilty pleas were all kept under seal at the DOJ’s request, because, as it was later revealed, the DOJ was trying to locate and arrest Kowalewski and one other BizJet official, who were by then living outside of the U.S. According to the DOJ press release, Kowalewski ultimately was arrested by authorities in Amsterdam on March 13, 2014 on a provisional arrest warrant. He waived extradition on June 20, 2014, and on July 24, 2014, he entered a guilty plea in the Northern District of Oklahoma to conspiracy to violate the FCPA and to one substantive violation in connection with a scheme to pay bribes. The fourth BizJet official remains as a fugitive and is believed to be living abroad.


The press release quotes a DOJ official as saying that “though he was living abroad when the charges were unsealed, the reach of the law extends across U.S. borders, resulting in Kowalewski’s arrest in Amsterdam and his appearance in court today in the United States.”  (Emphasis added). Another official is quoted as saying that Kowalewski’s arrest was the result of “investigators and prosecutors …work[ing] together across borders and jurisdictions to vigorously enforce” the FCPA.


As the law firm memo states, the government’s approach in the BizJet case shows “the lengths to which the DOJ is willing to go to track, arrest and extradite U.S. and foreign nationals abroad to face FCPA charges in the United States.”’ International businesspeople that depend on their ability to travel “should not be lulled into a false sense of security as a result of their status as foreign nationals or the fact that they live outside the United States.” The memo notes further than individuals involved in FCPA investigations “must be aware that silence from the government may simply be the result of the DOJ striving to keep its enforcement efforts under wraps.”


The U.S. government, the memo notes, has a number of means to use to try to apprehend foreign nationals residing outside the U.S. The U.S. can seek to have the individual arrested by going through INTERPOL. The U.S. can try to lure the individual back to the U.S. or simply establish a border watch to alert law enforcement officials if the individual presents himself or herself at the U.S. border. The DOJ can also seek provisional arrest warrants and pursue extradition of individuals from other countries pursuant to extradition treaties.


Given the “growing cooperation between U.S. and foreign authorities” on anti-bribery enforcement , the likelihood is that the DOJ’s efforts will be successful, “ensuring that individuals being investigated or charged with FCPA violations or other crimes will not be able to evade the long arm of the U.S. government simply by remaining abroad.”


The law firm memo notes that the Kowalewski case is “only one of a growing list of examples where the DOJ has been able to bring individuals living abroad back to the U.S. to face criminal charges.” The memo cites the example of Frederic Pierucci, a French citizen and former official of the French company Alstom SA, who was arrested when his plane landed at JFK Airport in New York, in connection with alleged bribing of Indonesian government officials. The memo cites other examples where foreign nationals were arrested outside of the U.S. and extradited to the U.S. by the governments of the countries where the individuals had been arrested. To be sure, the DOJ is not always successful in apprehending fugitives in FCPA cases. The memo cites to a lengthy list of FCPA fugitives who remain at large. However, the recent events “nevertheless display DOJ’s resolve in pursuing foreign fugitives.”


The memo emphasizes that FCPA cases are not the only area where the DOJ has been successful in bringing foreign nationals and others residing outside the United States back to the country to face charges. The memo cites the example of the DOJ’s April 2014 success in extraditing a foreign national to the United States to stand trial for alleged violations of the criminal antitrust laws. The case involved an Italian national and former official of an Italian company who had been under indictment in the U.S. since 2010 for alleged violations of the Sherman Antitrust Act. The individual was extradited to the U.S. from Germany.


The law firm memo emphasizes the lengths to which the U.S. authorities will go to bring individuals charged with violations of U.S. laws back to the U.S. to fact prosecution. However, these efforts are just part of the larger U.S. effort to project the enforcement of its laws outside of the country. As discussed here, U.S. authorities are actively asserting their authority outside of the country in a number of different areas, including securities, trade sanctions, taxation, and drug safety. In that regard, it is probably worth noting that though the BizJet case involved alleged misconduct by a U.S. domiciled business operation, many of the examples cited in the law firm memo not only involved foreign nationals, but alleged misconduct that took place outside the U.S. and involving companies domiciled outside the U.S. As the DOJ official quoted in the press release linked above put it, “the reach of the law extends across U.S. border.”


One of the reasons the law reaches across borders is the increasing levels of cooperation among regulatory authorities. The willingness of foreign governments to arrest and extradite foreign individuals is one of the key components of the ability of U.S. authorities to bring these individuals to justice in the U.S.


It should be noted that the U.S. government is not the only one to extend the enforcement of its laws through cooperation with other governments. To cite but one recent example, on July 24, 2014, the UK Serious Fraud Office recently announced that it had brought corruption charges against the UK subsidiary of Alstom in connection with transportation projects in India, Poland and Tunisia. The UK investigation commenced because of information provided to the SFO by the Office of the Attorney General of Switzerland. The company has already been fined for related activities by the Swiss government. Other recent examples of extensive cross border cooperation include the recent investigation of the alleged manipulation of the Libor benchmark.


The increased activity of regulatory authorities around the world had important implications for companies and their officials. While this activity can mean that companies face a heightened risk of regulatory scrutiny, risks these companies face may also include the possibility of regulatory and enforcement action by U.S. authorities. As the law firm memo underscores, U.S. regulators are actively asserting their authority outside of the U.S. In an environment where there already is a growing perception of increasing regulatory risk, the U.S. authorities’ vigorous assertion of regulatory authority outside the U.S. represents a particularly hazardous part.


These developments not only have important compliance implications for many non-U.S. companies. They also raise important issues about the liability exposures of the potentially affected companies as well as for their directors and officers. The liability exposures include not only the potential regulatory and enforcement risk but also the possibility of follow on civil actions, brought by shareholders or others. The “others” that might bring claims include supervisory board members in those jurisdictions with the dual-board structure.


These issues in turn have important D&O insurance implications. The issues also present a particularly difficult challenge for D&O insurance underwriters involved in underwriting companies outside the U.S. as they must attempt to understand and anticipate these kinds of actions from U.S. regulators and how they may affect the companies under consideration. Emerging issues involving the enforcement of trade sanctions laws and the Foreign Account Tax Compliance Act (FATCA) highlight the potential significance of these challenges. Questions regarding the cross-border enforcement of regulatory authority are likely to remain both difficult important in the months ahead.


London PLUS Symposium on the Dangers of Cross-Border Enforcement: In light of the kinds of concerns I have noted above, an upcoming Professional Liability Underwriting Society regional symposium to be held in London is particularly topical and timely. The luncheon event, which is entitled “Dangers of Long Arm Enforcement in a World Without Borders” will take place on Monday, September 29, 2014, at Gibson Hall in London. I will be presenting at the event on the topic of “The Dangerous Cross-Border Regulatory Environment.” The event keynote speaker will be the author and consultant David Bermingham, who is best known as one of the NatWest three, and who will presenting his own personal perspective on cross-border enforcement based on his extradition to the U.S. on charges related to the Enron scandal. Following the keynote address, Bermingham and I will discuss the evolving challenges in an increasingly global regulatory environment.


Background regarding the event, including registration information, can be found here. I have participated on a panel with David Berminham in the past, and I can assure everyone that this will be a lively and interesting event. I hope all of my UK readers and friends will plan on attending.