The D&O Diary

The D&O Diary

A PERIODIC JOURNAL CONTAINING ITEMS OF INTEREST FROM THE WORLD OF DIRECTORS & OFFICERS LIABILITY, WITH OCCASIONAL COMMENTARY

PwC 2013 Securities Litigation Report Asks Whether There Are Changes Ahead

Posted in Securities Litigation

pwc2In its recently released annual analysis of securities class action litigation, PricewaterhouseCoopers observes that while 2013 may not have been a particularly noteworthy year in the securities class action litigation arena, “significant events and announcements in 2013 have set the stage for potentially sweeping changes in the future.” The PwC report, which is entitled “Are Changes on the Horizon?: 2013 Securities Litigation Study” can be found here. PwC’s April 11, 2014 press release about the report can be found here.

 

In making its suggestion that there may be significant changes ahead, the PwC report is relying on a number of factors, including first and foremost the U.S. Supreme Court’s reconsideration of the “fraud on the market” theory in the Halliburton case currently pending before the Court. The report cites a number of other factors as well, most particularly be the SEC’s July 2013 creation of the Financial Reporting and Audit Task Force.

 

The SEC’s new Task Force is dedicated to identifying and prosecuting those involved in accounting and financial reporting.  The Task Force’s efforts will be substantially aided by the many whistleblower reports flooding into the agency, as well as the analytic tools at the Task Force’s disposal, such the agency’s Accounting Quality Model. The PwC report notes that “an SEC Task Force dedicated to financial fraud, this is equipped with modern tools and a potential army of whistleblowers waiting in the shadows to report misconduct, will inevitably lead to a greater number of financial fraud cases.”

 

As companies announce their involvement in SEC investigations or enforcement actions, “securities litigation will inevitably follow.” The PwC report suggests that while there may be a delay before the litigation impact, “it may only be a matter of time before the number of accounting related cases returns to previous highs.”

 

The PwC report also notes that during 2013, there was an increase in the number of companies completing initial public offerings compared to the immediately preceding years and that many of the IPO companies are completing their listings by taking advantage of the JOBS Act provisions for Emerging Growth Companies. The PwC report states that the companies taking advantage of the JOBS Act provisions “may be at a heightened risk of becoming the subject of litigation.” The reduced level of financial information that EGCs are required to provide “may increase the potential for allegations of omissions and/or inadequate disclosures regarding factors detrimental to the current financial position and future prospects.”

 

According to the PwC report, there were 160 securities class action lawsuits filed in 2013, up from 149 in 2012 but below the annual average number of filings (179) since the enactment of the Private Securities Litigation Reform Act. The report also notes that in 2013 there were the fewest numbers of accounting fraud cases during the 18 years that PwC has been completing its annual securities litigation survey. The low levels of accounting fraud allegations held both with respect to the absolute numbers of accounting fraud filings (46) and to the percentage of all cases filed (29%).

 

The report notes that with respect to the accounting cases that were filed, allegations of internal control deficiencies are cited more frequently than any other type of allegation. In 2013, 70% of all accounting-related cases alleged inadequate internal controls, or controls that were inappropriately designed, overridden or ineffective. The 70% figure for 2013 accounting-related cases is higher than the 6) of accounting cases in 2012, and represents the highest percentage of accounting cases citing internal control allegations in over ten years.

 

The report also notes that companies should be wary of any notion that they are “too small “to attract the attention of the plaintiffs’ lawyers. According to the PwC report, in 2012 and in 2013 respectively, 61% and 67% of all companies named in securities class action lawsuits had market capitalizations under $2 billion.

 

As was the case in 2012, the industry that attracted the highest percentage of securities class action lawsuit filings was the health industry, which was hit with 23% of all filings in both 2012 and 2013. The report notes a number of factors that cause the health industry to attract litigation. First, at least with respect to pharmaceutical companies and medical device companies, “both are heavily dependent on the successful launch of new drugs and products.” Because of marketplace pressure to keep investors apprised of product developments throughout the produce development life cycle, inevitably if problems later emerge investors may question the accuracy of prior statements about the products.

 

The health industry is also heavily regulated by multiple government agencies. As the report notes, “from research and development, to manufacturing, marketing, selling and billing, companies in the health industry are under intense government scrutiny – with securities litigation as a bi-product if allegations of non-compliance with regulations are made or investigations are initiated.”

 

Of non-U.S. companies named in securities class action lawsuits in 2013, the country with the most companies sued was Canada. The report notes that this may be due to the fact that in general companies in the mining sector – an important part of the Canadian economy—attracted significant litigation activity in 2013.

 

The PwC report notes that the number of securities class action settlements in 2013 (69) was roughly the same as the number in 2012 (70). However, the average securities class action settlement in 2013 of $49.6 million was 32% greater than the 2012 average and 21% greater than the five year average. The 2013 average was pulled upward by a number of significant settlements during the year of large cases relating to the financial crisis. The report cautions that these larger settlement figures “should not be viewed as the new ‘normal’ by the plaintiffs’ bar and by mediators” and notes that as the financial crisis cases filter out “total settlement value and average settlement amount will likely decrease in coming years, barring any new trend or industry practice that leads to increases in case filings and the resulting settlements.”

 

While the average securities class settlement in 2013 was higher than in 2012 and when compared to the average of the preceding five years, the median settlement was unchanged. The median settlement in 2013 was $9.1 million, the same as in 2012, and above 2011 ($8.9 million) but below 2010 ($10.8 million). 

D.C. Circuit Strikes Down SEC Conflicts Minerals Rules in Part, Upholds Other Provisions

Posted in Conflicts Minerals

dccircuitIn an April 14, 2014 Opinion (here), the D.C. Circuit struck down a portion of the SEC’s conflicts minerals rules as violative of the First Amendment, while at the same time upholding the other challenged portions of the Rules. A majority of the appellate panel found that the rules’ requirement that companies must disclose in their SEC filings and on their website that their product is not “conflict free” – by compelling “an issuer to confess blood on its hands” – violates the First Amendment’s free speech protections.

 

Background

As discussed here, Section 1502 of the Dodd Frank Act required the SEC to promulgate rules requiring companies to annually disclosure their of conflict minerals originating in the Democratic Republic of Congo (DRC) or an adjoining country. On August 22, 2012, the SEC adopted the conflict mineral disclosure rules. The SEC’s August 22, 2012 press release can be found here and the rules themselves can be found here.

 

The specific minerals at issue are tantalum, tin, tungsten and gold. The countries covered by the disclosure rules are, in addition to the DRC, Angola, Burundi, Central African Republic, the Republic of Congo, Rwanda, South Sudan, Tanzania, Uganda and Zambia. Companies are required to comply with the new disclosure rules for the calendar year beginning January 1, 2013, with the first disclosures due May 31, 2014 and subsequent disclosures due annually each year after that.

 

Several business organizations including the National Association of Manufacturers challenged the rules in Court, arguing that the way that the SEC adopted the rules violated the Administrative Procedures Act, the Exchange Act and the First Amendment. In July 2013, the district court granted summary judgment in the SEC”s favor, rejecting the various challenges to the rules. The business organizations appealed the district court ruling to the D.C. Circuit.

 

The April 14 Opinion 

On April 14, 2014, in an Opinion by Senior Judge A. Raymond Randolph for a three judge panel, the D.C. Circuit affirmed the district court’s ruling in part, but reversed the district court with respect to its ruling on the First Amendment challenge. Judge Sri Srinivasan wrote a separate opinion in which he concurred with the court’s opinion in all other respects but dissented from the majority on the First Amendment issue. Judge Srinivasan contended that the Court should have held the First Amendment portion of its opinion in abeyance while an en banc panel of the D.C. Circuit considered the same First Amendment issues in a separate case involving rules relating to the labeling requirements for meat products.  

 

All three judges on the panel agreed in rejecting the business groups’ challenges to the conflict minerals rules based on argument that the rules are “arbitrary and capricious” under the Administrative Procedure Act and the argument that the SEC had failed to establish that the benefits of the Rules outweighed the substantial costs they are likely to impose. Essentially the court upheld the rules’ requirements for companies to investigate whether their products include the minerals and file public reports on their investigations beginning in June.

 

However, with respect to the business groups’ contention that the rules’ requirement that issuers must in their SEC filings and on their websites list specific products as not “DRC conflict free” unconstitutionally compels speech in violation of the First Amendment, a majority of the appellate court upheld the business group’s arguments. The appellate court said:

 

The label “conflict free” is a metaphor that conveys the moral responsibility for the Congo war. It requires an issuer to tell consumers that its products are ethically tainted even if they only indirectly finance armed groups… By compelling an issuer to confess blood on its hands, the statute interferes with their exercise of the freedom of speech under the First Amendment.

 

The court held that the conflict minerals provisions of the Dodd Frank Act and the SEC’s rules violate the First Amendment “to the extent the statute and the rule require regulated entities to report to the Commission and to state on their website that any of their products have ‘not been found to be DRC conflict free.’” The appellate court remanded the case to the district court for “further proceedings consistent with this opinion.”

 

In a footnote, the majority opinion addressed the concurring opinion’s suggestion that the panel should have stayed the First Amendment portion of its ruling in order to allow the en banc consideration of the First Amendment issues in the meat labeling case. The majority opinion states that issuing the opinion rather than holding the First Amendment issue in abeyance, “issuing an opinion now provides an opportunity for the parties in this case to participate in the court’s en banc consideration of this important First Amendment question.”

 

Discussion

The SEC’s conflicts minerals rules have been highly controversial. As discussed here, the rules could prove difficult for many companies to put into effect and the implementation of the rules could create a host of problems for companies, including in particular even litigation risks. However, though a portion of the rules was struck down, the other portions were upheld. 

 

The SEC now has some decisions to make, and in particular it will have to decide whether or not it wants to seek en banc review of the appellate court’s First Amendment ruling.  By the same token, the business groups will have to consider whether they want to seek en banc review of the portions of the appellate court ruling upholding the rules. Either way, an en banc review of the case could create procedural complications. Among other things, there is the question of whether or not the en banc panel, the district court or the SEC itself will stay in the implementation of the rules during the en banc review.  

 

The SEC will also have to consider whether, on remand to the district court, it wants to go forward now with implementation of the portion of the rules that the appellate court upheld, without the disclosure requirements that were a key component of the transparency objectives of the Dodd Frank conflict minerals provisions.

 

In an April 14, 2014 Reuters article about the D.C. Circuit’s ruling (here), at least one legal commentator suggested that the ruling and the current state of play will put pressure on the SEC’s to grant companies more time to comply with the rules. In any event, it seems like there is more of this story to be told before the court challenge phase is complete.

 

It would seem that in light of the fact that the appellate court upheld the other portions of the rules and that for now at least the implementation of the rules has not been stayed that companies should prepare themselves to meet the rules’ requirements and deadlines in all respects other than the specific portion of the rules that the appellate court struck down.

 

I welcome comments from any readers who can shed any further light on where things stand with the implementation of the conflicts minerals rules now given the D.C. Circuit’s rulings and the current procedural posture of the case.

 

Employers and Social Media

Posted in Employment Practices Liability

socialmediaIn a very short time period, Internet-based social media have become a pervasive part of our lives and culture. Inevitably, employee use of social media has become a workplace issue. As a result, employers are concerned about employee social media use and employees are concerned about privacy and rights of individual expression. As social media use has become a workplace issue, it has also created a number of areas of potential liability exposures for employers, particularly as relates to hiring decisions and to other employment actions.

 

One source of potential liability arises from employers’ use of information and material gathered from social media sites about job applicants and employees. Many users of social media are accustomed to documenting their lives in online posts, as well as in pictures and videos. Some of this online information may reflect behavior or attitudes that prospective or existing employers find to be disqualifying. As a general matter, there is nothing unlawful about employers accessing publicly available information about job applicants or employees. But there at least a couple of ways employers could trigger potentiall liability from this kind of information gathering.

 

First, in reviewing social media sites, employers expose themselves to all kinds of information that cannot be legally considered in the hiring process or in employment actions, such as religion, race, gender, sexual orientation, and health status.  As noted in a recent post on the National Law Review entitled “Employers Using Social Media to Monitor Employees: Risks and Liability” (here), an employer’s use of information gathered from a social media site “may provide the basis for claims under employment discrimination statutes if the employer used such methods of off-resume information-seeking to seek out information about the employee that was legally protected in some way.” While it may be difficult for the applicant or employee to prove that the employer used the information as a basis for an adverse action, it is an area of concern.

 

Second, several states have passed laws that prohibit an employer from requesting or requiring that an applicant or employee disclose a user name, password or other means of access an online account or service. Just last week, Tennessee’s legislature enacted a bill with these kinds of protections, joining a number of other states including Maryland, Illinois, California, Michigan, Utah, New Mexico, Arkansas, Colorado, Wisconsin and Nevada. According to the National Council of State Legislatures (here), legislation on these issues has been enacted or is being considered in 28 states. Many of these state statutes also prohibit an employer from forcing an employee to log into their personal accounts in their employer’s presence, or forcing the employee to “friend” the employer or an employer’s representative. Many of the states protect employees and applicants from retaliation for refusing to allow employers access to social media sites.

 

Another troublesome area for employers as they attempt to grapple with these workplace issues are the efforts by some employers to adopt social media policies. Over the last several years, the National Labor Relations Board has issued a series of decisions and guidelines specifying that employer social media policies may not sweep so broadly that they prohibit activity protect by Section 7 of the National Labor Relations Act, such as the discussion of wages or working conditions among employees.

 

Just last week, the NLRB issued a statement that it had reached a settlement with Valero Services in a proceeding in which a labor union contended that the company’s social media policy interfered with employees’ rights to discuss their terms and conditions of employment  on social media sites. In the settlement, the company agreed that it will rescind its unlawful social media policy and notify employees that they will not be prohibited from using social media to discuss their terms and conditions of employment.

 

The settlement with Valero is the latest in a series of NLRB actions relating to employee use of social media, starting with the NLRB’s September 2012 ruling in a case involving Costco (which is discussed at length here). In that case, the NLRB struck down Costco’s social media policy based on a finding that the company’s social media policy “clearly encompasses concerted communications protesting [Costco’s] treatment of its employees.” Costco’s maintenance of the social media policy therefore “has a reasonable tendency to inhibit employees’ protected activity” and as such “violates” the National Labor Relations Act.”

 

In addition to these and other decisions, the NLRB has also released guidelines in three reports, describing acceptable and unacceptable employer social media policies. The first of these guidelines, released August 18, 2011, can be found here. The second report, dated January 25, 2012, can be found here. The third report, dated May 30, 2012, can be found here.  A “fact sheet” posted on the NLRB’s website describing the agency’s position with respect to social media can be found here.

 

Essentially, the NLRB’s position is that employers may not prohibit employee use of social media in a way that interferes with “the rights of employees to act together to address conditions at work, with or without a union.” The protection under the federal labor laws applies whether or not the employees are organized or trying to organize under a collective bargaining agreement. On the other hand, “an employee’s comments on social media are generally not protected if they are mere gripes not made in relation to group activity among employees.”

 

The NLRB’s position on social media has been the subject of criticism. For example a November 3, 2013 article on the Cornell HR Review website (here) notes that while the NLRB’s guidance provides a “baseline structure” for employers, it does not provide “an explicit test for determining what constitutes protected social media activity.” In addition, the NLRB’s approach, while protective of employees’ rights still allows for employers to monitor and even to base employment decisions on an employee’s social media activities. Moreover, while speech related to working conditions may be protected, it may be very difficult to tell when an individual is discussing workplace conditions or is just venting frustrations. By the same token, employers may feel that the NLRB’s decisions and guidance “fail to fully address concerns over disclosure of confidential or private information.”

 

In a July 29, 2013 Bloomberg BNA article entitled “Creating an Effective Workplace Social Media Policy” (here), Spencer Hamer of the Michelman & Robinson law firm suggests in light of these concerns that employers take a number of steps in crafting social media policies, including taking care to ensure that the policy does not prohibit protected activity, at the same time providing that personal complaints and offensive remarks are not protected. The Cornell HR Review article closes by noting that “employers should continue to remain cognizant of employee expectations of privacy and changing employment laws to ensure their policies are not overly broad unlawfully restrictive or intrusive.”

 

In addition to the careful construction of their social media policies, employers concerned about these issues may also want to consider their employment practices liability insurance policies. At a minimum, claims arising from job related actions that are alleged to represent harassment or discrimination are within the scope of protection afforded by the typical EPL insurance policy, and the fact that the alleged discrimination or harassment involved employer access to or information drawn from a social media site should not change that analysis.

 

An employer’s retaliation against an employee for refusing to provide social media password information, if in violation of one of the applicable state statutes, may present a different analysis, and the question of coverage will depend on the company’s EPL policy’s definition of Employment Practices Wrongful Act. To the extent employer retaliation in and of itself comes within the definition, the policy’s coverage may be broad enough to provide coverage for this type of claim. However, this issue may be the type of concern that needs to be specifically addressed in an amendment to the definition of Employment Practices Wrongful Act.

 

In thinking about the potential EPL insurance implications of the NLRB’s position that social media policies may violate the protections of the National Labor Relations Act, it is important to note that many EPL policies have National Labor Relations Act exclusions, precluding coverage for claims based upon alleged violations of the NLRA or similar federal, state and local statutes. However, many insurers are willing upon request to amend this exclusion to provide a carve-back specifying that the NLRA exclusion does not apply to claims for retaliation.

 

A retaliation carve-back to the EPL policy’s NLRA exclusion would not preserve coverage for all claims asserting that a company’s social media policy violates the NLRA. The retaliation claim coverage carve-back to the NLRA exclusion might preserve coverage for a claim by an employee that he or she was terminated in retaliation for engaging in activity that contravened a social media policy that violated the NLRA – or to put it more simply, in retaliation for engaging in activity protected by the NLRA. However, even among carriers who are willing to extend the carve-back to the NLRA exclusion, the carriers sometimes restrict the carve-back so that it does not extend to extend coverage to class or mass action claims.

 

The workplace issues surrounding employee social media use continue to evolve rapidly. Employers, employees, regulators and the courts will continue to struggle with these issues as we seem an equilibrium position that appropriately balances employer’s needs with employees’ expectations of privacy and free expression.

 

More About Antitrust Enforcement and Follow-On Civil Litigation: In a recent post, I noted the rising global levels of antitrust enforcement activity, and also noted that increasingly antitrust enforcement actions are accompanied by a follow-on private civil action as well. A recent lawsuit filing provides yet another example of this phenomenon.

 

On April 11, 2014, a Microsoft shareholder filed a derivative lawsuit in the Western District of Washington against certain directors and officers of the company, as well as against the company as nominal defendant, in connection with recent EU antitrust enforcement actions against the company. The complaint, which can be found here, alleges that the individual defendants breached their fiduciary duties by willfully violating a prior European Union antitrust settlement agreement and incurring a $731 million fine.

 

In, 2009, Microsoft had entered an antitrust settlement with EU regulators that required Microsoft to offer consumers a choice of web browsers within the Windows operating system. It was later alleged that the company had eliminated the choice option, which resulted in an action against the company to enforce the prior settlement agreement and ultimately in the entry of the massive $731 million fine. The plaintiff alleges that he had made a demand on Microsoft’s board to investigate the matter and initiate a lawsuit those responsible for the actions that led to the fine, but that the board refused.

 

As I noted in my recent post, the current regulatory enthusiasm for antitrust enforcement not only represents an important liability exposure for companies and their boards, this trend may also represent a significant exposure for their D&O insurers as well, even if only in the form of the follow on shareholder litigation. The recent derivative lawsuit filed against the Microsoft board is just the latest example of this phenomenon.

 

You’ll Never Walk Alone: A couple of weeks ago, on March 30, 2014, I was in London the day of the Premier League soccer game between Liverpool and Tottenham. The game took on unanticipated importance when the day before league-leading Chelsea lost unexpectedly to lowly Crystal Palace, meaning that if Liverpool won its game against Tottehamn it would take over the at the top of the league table. I watched the afternoon match between Liverpool and Tottenham at the Famous Three Kings pub on West Kensington, in London.

 

Because the pub is in London and because Tottenham is a London team, I had assumed that it would be a Tottenham crowd watching the game. As it turned out, the pub was packed with “Scousers” (that is to say, serious Liverpudlians). Even though I had arrived before the match began it was standing room only inside the pub. The crowd was decked out in red and white and chanting and singing as if they were at actually at the game at Anfield, Liverpool’s home field. It was great fun standing in the crowd and watching as Liverpool dominated the match. Liverpool eventually won, 4-0, sending the team into first place in the Premier League.

 

I have always enjoyed watching Premier League soccer but I have never really had one particular team that I have rooted for. I can’t say that my London pub experience with the Liverpool fans has made me a complete Liverpool fan, but I did come away with much stronger feelings for the team, which has a loyal fan base, a great history, and is having a great run at the top of the league table.

 

One of the great traditions for Liverpool fans is their singing of the song “You’ll Never Walk Alone” at the start of each game. The song’s title has become something of a motto for the team and its fans. The video below, which captures some of the team’s great fan loyalty and emotion, shows Liverpool’s fans singing the song before yesterday’s game against Manchester City at Anfield.

 

The video doesn’t show it, but after the song, there was a moment of silence for the 96 people that died in the Hillsborough disaster in April 1989. Perhaps as a result, the game between Liverpool and Manchester City was very emotional. It was also a great game. Liverpool scored early and led at the half, 2-0, but Manchester City came back to tie the game 2-2 before Phillipe Coutinho scored the game winner to seal the game – and possibly the league title — for Liverpool. It was a great game for a great team with great traditions.

 

So in honor of the team and its fans, here is a video of the crowd singing “You’ll Never Walk Alone” before yesterday’s game.

 

 

  

D&O Policy’s Professional Services Exclusion Does Not Preclude Law Firm’s Coverage for False Advertising Claim

Posted in D & O Insurance

rhode islandWell-advised professional services firms will carry both errors and omissions insurance and management liability insurance. A recurring problem under management liability insurance policies for all types of professional services firms relates to the very broad professional services exclusions often found in these polices. These exclusions preclude coverage for claims relating to the professional services firm’s delivery of professional services. Insurers sometimes attempt to apply a very broad preclusive effect to these exclusions, even with respect to claims for which the professional services firm rightfully expects coverage under its management liability policy.

 

In a recent case, a federal district court applying Rhode Island law ruled that the Legal Services Exclusion in a law firm’s D&O insurance policy did not preclude coverage for false advertising claims asserted against the law firm and two of its attorneys, and therefore that the insurer had a duty to defend the  underlying lawsuit. The case provides a good example of the kinds of problems that can emerge when carriers broadly apply the professional liability exclusion in a professional services firm’s management liability insurance policy. A copy of the district court’s February 3, 2014 opinion can be found here.

 

Hat tip to the Jones Lemon Graham law firm’s D&O Digest blog for the link to the district court’s decision. The blog’s April 7, 2014 discussion of the case can be found here.

 

Background  

Levine & Associates, a small law firm, advertises on the Internet and on television using the tag line “Call a Heavy Hitter® Today!”  Two clients of the law firm filed an action in Rhode Island Superior Court against the law firm and two of its attorneys. The third count of the claimants’ complaint alleges a class action for “Deceptive Trade Practices.” Specifically, the plaintiffs allege that the defendants “deceptively advertised in all media in Rhode Island” and that the defendants “gave the false impression to Plaintiffs and …to future clients that they have special expertise in personal injury cases and disability cases.”

 

The law firm submitted the lawsuit as a claim under its D&O Insurance policy. The D&O insurer denied coverage for the claim, citing the D&O policy’s Legal Services Exclusion, which precludes coverage for “Loss for any Claim based upon or arising out of any Wrongful Act related to the rendering of, or failure to render, professional services.” The law firm filed an action against the D&O insurer seeking a judicial declaration that the law firm defendants are entitled to defense and indemnification for the underlying lawsuit. The parties cross-moved for summary judgment.

 

The Court’s Opinion 

In a February 3, 2014 opinion, Rhode Island District Court Judge John J. McConnell, Jr. granted the law firm’s motion for summary judgment and ruled that the D&O insurer had a duty to defend the defendants in the underlying claim.

 

The D&O insurer had sought to rely on the Legal Services Exclusion’s broad “arising out of” preamble, arguing that courts have interpreted exclusions with this language very broadly. The insurer argued further that the allegations of false and deceptive advertising are “inextricably intertwined with the rendering of professional services” and that the allegedly deceptive advertising would not constitute a Wrongful Act within the meaning of the policy unless the law firm was hired by a claimant and then failed to deliver services as advertised. For its part, the law firm argued that the alleged deception related to advertising not to the delivery of legal services.

 

Judge McConnell looked at the dictionary definition of the term “render,” which means “to do; perform; to render a service” and “to do (a service) for another.” Based on this, he said that “the plain and ordinary language of the Legal Services Exclusion therefore eliminates from coverage only conduct that relates to Levine & Associates providing legal services.” He noted that the claimants’ claim “is about advertising not about the provision of legal services.” He added that “applying the Legal Practices Exclusion to this alleged deceptive advertising would ignore the meaning of the word ‘rendering’.”

 

Judge McConnell concluded by saying that “if the Court were to adopt the expansive reading” of the exclusion urged by the D&O insurer, “then any conduct by Levine & Associates would be excluded from coverage since Levine & Associates’ business is ‘related to the rendering of …professional services’.” He added that “if this were the case, the D&O Policy would be meaningless and provide no coverage. The Court will not construe the contract to create such an absurd result.”

 

Judge McConnell added in a footnote the following observation: “What seems clear from the plain language of the exclusion is that it was meant to exclude claims commonly referred to as malpractice claims, as opposed to claims arising from the business side of running a legal business. The policy in question here was a Directors and Officers policy, not a legal malpractice policy.”

 

Discussion 

When the law firm in this case advertised itself, it was engaging in ordinary business activity of the type any business organization might undertake. It was not “doing what lawyers do,” it was “doing what any business might do.” The law firm rightfully expected that its D&O Insurer should provide coverage for the advertising-related claim to the same extent as it would provide coverage for a similar claim against any small business. 

 

This case provides a perfect example of why I have long argued that the professional services exclusion within a D&O Insurance policy ought to have the narrower “for” wording rather that the broader “arising out of” wording – the danger is that with the broader wording the insurer could seek have the exclusion’s preclusive effect apply far beyond the relatively narrow delivery of professional services and apply it to anything a professional services firm does.

 

 

Unfortunately, as I have previously noted on this blog (refer here), the question of whether or not claims related to the activity of a professional services firm are precluded from coverage under the firm’s management liability insurance policy is a recurring issue.  The use of the “for” wording in the exclusion’s preamble would provide some assurance that the exclusion is not applied overly broadly, and that the exclusion would apply only (as it should only apply) to “malpractice” claims and not to the business side of a professional firm’s business. Regrettably, many carriers decline to give the narrower “for” wording, and so problems continue to arise when carriers seek to apply the exclusion broadly.

 

Judge McConnell was right when he said that if a D&O insurance policy’s professional services exclusion is applied broadly to apply to the business side of the professional firm’s business, it threatens to render the policy meaningless and to lead to an “absurd result.” If a carrier will not (as it should) agree to change the professional services exclusion preamble to the “for” word, then it is incumbent on the carrier to ensure that it does not rely on the breadth of the broader “arising out of” preamble wording to try to make the exclusion apply to the business side of a professional firm’s business.  

 

As the Jones Lemon Graham law firm’s blog post notes, the Court’s opinion discusses only the third count in the underlying complaint, it does not discuss the other counts. Nor, as the blog post notes, “is the firm’s commercial general liability advertising injury coverage addressed.” I would note that the opinion also does not discusses whether or not the law firm’s D&O policy has a so-called “antitrust” exclusion, which as sometimes worded will preclude coverage for allegations of unfair or deceptive trade practices.

 

I suspect some readers may have some strong responses to my comments in the blog post. Readers are strongly encouraged to add their comment to this post using the blog’s comment feature.

 

District Court Upholds FTC’s Authority to Bring Data Breach Enforcement Action

Posted in Cyber Liability

new jerseyIt is a dangerous world out there. Among many other things, companies and other organizations are increasingly vulnerable to data security attacks from would-be hackers. Indeed, an April 8, 2014 New York Times article entitled “Hackers Lurking in Vents and Soda Machines” (here) notes that “companies scrambling to seal up their systems from hackers and government snoops are having to look in the unlikeliest places for vulnerabilities.”

 

According to the article, in recent incidents hackers have gained access to sensitive data through all kinds of internal systems, including “heating, ventilations and air-conditioning ; billing; expense and human-resource management systems; graphics and data analytics functions; health insurance providers; and even vending machines.”

 

As if it were not enough that companies and other organizations have to contend with the possibilities that the hackers are coming at them from just about every conceivable direction, the companies must also face the possibility that if they are subject to a successful hack, they may have to face an enforcement action from governmental regulators over the breach and its consequences.

 

In an April 7, 2014 decision (here), in a test case of the agency’s authority, District of New Jersey Judge Esther Salas confirmed the authority of the Federal Trade Commission to pursue an enforcement action against Wyndham Worldwide Corp. and related entities alleging that the company and its affiliates had failed to make reasonable efforts to protect consumers’ private information.

 

Background 

The FTC alleges that between April 2008 and January 2010, intruders gained unauthorized access to Wyndham’s computer network on three occasions, on each occasion accessing sensitive personal information stored in Wyndham’s hotel property management system. The agency also alleges that after discovering the first two breaches, Wyndham “failed to take appropriate steps in a reasonable time frame to prevent the further compromise” of its network. The FTC alleges that the data breaches resulted in the compromise of more that 619,000 consumer payment card account numbers, many of which were subsequently exported to a domain registered in Russia, allegedly causing fraudulent charges and more than $10.6 million in fraud loss.

 

As discussed here, the FTC filed a complaint against Wyndham and its related entities alleging that the defendants’ alleged failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information violated the prohibition in Section 5(a) of the Federal Trade Commission Act of “acts or practices in or affecting commerce” that are “unfair” or “deceptive.” The FTC’s lawsuit seeks to compel the company to improve its security measures and to remedy any harm its customers have suffered.

 

The defendants moved to dismiss, arguing that the FTC does not have the authority to bring an unfairness claim involving data security; that fair notice principles require the agency to promulgate regulations before brining this type of an unfairness claim; and that the FTC’s allegations are pleaded insufficiently to support either an unfairness or deception claim.

 

The April 7 Ruling  

In a detailed, 42-page opinion, Judge Salas denied the defendants’ motion to dismiss and rejected the hotel chain’s arguments that the FTC does not have the authority to regulate data-security practices or that the agency has to issue regulations before bringing a data breach enforcement action. She also held that the FTIC’s allegations were sufficient to state a claim for purposes of the motion to dismiss.

 

Before considering the question of whether the FTC had authority to bring the action, Judge Salas noted that “we live in a digital age that is rapidly evolving – and one in which maintaining privacy is, perhaps, an ongoing struggle.” This environment “raises a variety of thorny legal issues that Congress and the courts will continue to grapple with for the foreseeable future.”

 

In contending that the FTC did not have the authority to regulate data security and therefore to bring the enforcement action, Wyndham argued that various measures Congress has enacted give certain federal agencies the authority to establish minimum data-security standards in various sectors of the economy, in effect carving out a data-security exception to the FTC’s unfairness authority by its specific statutory specifications.. Judge Salas found that the data-security legislation “seems to complement – not preclude – the FTC’s authority” and that in any event the legislation actions “do not call for a data-security exception to the FTC’s unfairness authority.”

 

As for Wyndham’s argument that fair notice requires the FTC to issue rules and regulations before it can file an unfairness claim, Judge Salas noted that “Circuit Courts of Appeal have affirmed FTC unfairness actions in a variety of contexts without preexisting rules or regulations specifically address the conduct-at-issue.” Moreover, she said she could not accept “the untenable consequence of accepting” Wyndham’s argument, that the FTOC would have to cease bringing all unfairness actions without first prescribing particularized prohibitions – “a result that is in direct contradiction with the flexibility inherent in Section 5 of the FTC Act.”

 

Finally, with respect to Wyndham’s argument that the FTC’s complaint did not satisfy minimum pleading requirements because, among other things, it did not specify how the consumers had suffered the requisite “substantial injury.” Judge Salas concluded that the FTC’s complaint sufficiently pleads both an unfairness claim and deception claim under Section 5 of the FTC Act.

 

Judge Salas emphasized, with respect to her rulings, that “the Court does not render a decision on liability today,” and she further emphasized that her decision “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked.” Instead, she said, she her decision only “denies a motion to dismiss given the allegations in this complaint – which must be taken as true at this stage – in view of binding and persuasive precedent.”

 

Discussion 

Though Judge Salas took pains to emphasize that ruling was narrow and addressed only to the specific matter and issues before her, her decision does nevertheless have “broad ramifications for the liability of companies whose security systems are breached,” according to an April 7, 2014 Wall Street Journal article about the ruling in the Wyndham case (here).

 

According to the Journal, the FTC has brought dozens of data-security cases, but “the overwhelming majority of them have produced out-of-court settlements, meaning judges were never asked to weigh in on the agency’s powers.” The article quotes the FTC’s chair, Edith Ramirez, as saying that the ruling confirms the agency’s ability to “hold companies accountable for safeguarding consumer data.” It also quote her as saying “Companies should take reasonable steps to secure sensitive consumer information,” adding that “when they do not, it is not only appropriate but critical that the FTC take action on behalf of consumers.”

 

By now, most company officials are aware that a significant data breach can be disruptive and expensive for their companies and can be a public relations disaster. In addition to these problems, a significant data breach can also have litigation consequences as well. As I noted in a recent post, following Target’s recent high profile data breach, the company’s directors and officers were hit with a shareholders derivative suit. And as the FTC’s Wyndham case shows, companies experiencing significant data breaches at least potentially could face a civil enforcement action from the FTC, and perhaps other regulators as well. Not only does this case affirm the FTC’s authority to bring these types of actions, but the statement of the FTC chair make it clear that the agency intends to pursue more of these kinds of actions on behalf of consumers.

 

For publicly traded companies, these kinds of regulatory actions may present insurance challenges. The only defendants in this action were the corporate parent company and certain of its operating subsidiaries. In a public company D&O policy, the corporate entity is provided coverage only for securities claims. Because the FTC’s enforcement action did not allege violation of the securities laws, an FTC action of this kind would not trigger the entity coverage found in most D&O policies.

 

While private company D&O insurance policies provide broader entity coverage, private company policies also often contain so-called “antitrust” exclusions that broadly preclude coverage for claims involving allegations of unfair or deceptive trade practices. The exclusions in some carrier’s policies expressly preclude coverage for claims under the Federal Trade Commission Act. Some carriers will remove these exclusion upon request, but others will not, while yet others will only provide so-called antitrust coverage on a sublimited basis, or on a defense cost only basis.

 

Many carriers now offer separate cyber risk insurance policies that include third-party liability protection. The third-party liability protection available under these cyber risk policies usually include insurance protection for actions brought by regulators following a data breach, including even coverage for regulatory fines and penalties where insurable.  However, the third-party regulatory protection available under many cyber risk policies is often subject to a sublimit.

 

The threat of a significant cyber breach presents a significant risk for companies and Increasingly these risks include the possibility of litigation following a data breach — including the risk of litigation brought by shareholders or by regulators. These data breach litigation risks in turn may present potentially complex insurance coverage issues, which underscores the need for companies to consult with knowledgeable insurance advisors in connection with these developing litigation exposures.

 

 

Antitrust Enforcement and Corporate Risk Exposure

Posted in Director and Officer Liability

wikiglobeAs a result of heightened regulatory scrutiny and changing enforcement priorities around the world, “cartel enforcement is a hot topic in boardroom,” according to a March 29, 2014 Economist magazine article entitled “Just One More Fix” (here). According to the article, antitrust enforcement authorities are getting “better at detecting cartels and bolder in punishing them.” This developing global regulatory trend has important implications for companies, their boards, and for their D&O insurers.

 

According to the article, “fines and penalties” for conduct violating antitrust laws “have shot up in recent years greatly raising the costs of collusion.” In recent years, enforcement authorities have busted international conspiracies “in fields as diverse as seat belts, seafood, air freight, computer monitors, lifts and even candle wax.” 

 

Although in this as in many other regulatory arenas U.S. regulators have lead the way, the article mentions significant current or recent enforcement actions in countries as diverse as Brazil, Japan, German, Ireland, India, and Britain, as well as actions by the European Commission. In these and many other jurisdictions, “policing and penalties have grown harsher.” For example, in the U.S. the maximum corporate fine has increased tenfold, while the European Commission can fine companies up to 10% of turnover..

 

Perhaps most significantly, the various countries’ competition authorities are sharing information and acting in tandem. As a result, “in the biggest cases, offenders can be hit with suits in a dozen countries.” More difficultly for the defendant companies, “jurisdictions often co-ordinate their actions but they do not have to take account of each other’s fines, and do not always agree.”

 

In addition to the actions of regulatory authorities, “price-fixers have to worry about the growth of civil litigation, which almost always follows action by competition authorities.” According to the article, “private suits in America generated awards and settlements of $33 billion – four times the level of official fines – between 1990 and 2008.” Although class action lawsuits are most frequently filed in American courts, the article notes that “class actions are less common but [are] on the rise in Europe, with Britain, German and the Netherlands leading the way.”

 

One reason for the increased regulatory attention to cartel busting is that price-fixing companies have huge incentives to self-report. Over 50 countries have now adopted regulatory programs providing that a company that self-reports will receive substantial leniency credits in connection with sentencing and fines, while at the same time, a company that hangs back and is not forthcoming may face more punitive fines and penalties.

 

Perhaps the most interesting point in the article I that notwithstanding all of this regulatory and enforcement activity, cartels continue to form, basically because, as an academic study cited in the article put it, “crime pays.” The study showed that cartels typically can raise prices 20%, which at the same time the chances of getting caught remain relatively low.

 

In other words, we have a set of business behaviors for which there are strong economic incentives, meaning that companies will continue to be drawn toward this type of conduct notwithstanding the increasing regulatory focus. As a result, there would seem to be a strong likelihood that we will continue to see significant regulatory attention to this area.

 

Accordingly, while there may be economic incentives that continue to draw companies toward anticompetitive behavior, this area represents a significant liability exposure for companies and their boards. The exposure consists not only of potential civil liability to regulators or even to consumers or other civil claimants; in many jurisdictions, the tools available to competition enforcement authorities include the ability to bring criminal actions as well. As the article notes, “America leads in putting price-fixers behind bars,” adding that the average jail term has rise, from eight months in the 1990s to more than two years now. Criminal penalties can be imposed in Ireland and Britain as well.

 

For all of these reasons, it is hardly surprising that cartel enforcement is, as the article says, a hot topic for corporate boards. It may also be of increasing concern to their D&O insurers as well, although antitrust and competition claims may represent something of an awkward fit for many D&O insurance policies.

 

In many antitrust enforcement actions and in many civil antitrust lawsuits, the main target or one of the main targets is going to be the company itself. However, public company D&O policies typically provide insurance coverage for securities claims only. Because an antitrust enforcement action or follow on civil action typically will not include an alleged violation of the securities laws, the typical public company D&O insurance policy will not provide coverage for the antitrust enforcement actions or even the follow on civil actions (except as noted below).

 

The coverage for the corporate entity afforded in private company D&O insurance policies is broader; it typically is not limited to securities claims only. However, many private company policies include an antitrust exclusion in their base policy forms. (As discussed here, the preclusive effect of the typical private company D&O insurance policy antitrust exclusion is usually much broader than just antitrust claims but also includes many other kinds of unfair and deceptive trade practices claims as well.). Some – but not all – carriers will agree to remove this exclusion upon request, while others will provide defense cost only protection for antitrust claims, or otherwise restrict the coverage available for antitrust claims through sublimits or coinsurance provisions. In other words, even under private company D&O insurance policies, the extent of coverage available for antitrust claims against the corporate entity often may be limited at best, and in other cases nonexistent.

 

It is a different story with respect to antitrust claims against individuals. Subject only to the preclusive effect of any antitrust exclusions and any other potentially applicable exclusions, the typical D&O insurance policy would provide coverage for individual defendants in antitrust enforcement actions or follow on civil actions.

 

As noted above, the article states that consumer civil actions often follow in the wake of the regulatory enforcement action. In addition, there is another type of civil action that may also follow after the regulatory action. Shareholder suits may also follow after the regulatory action.

 

For example, as discussed here, in April 2013, shareholders initiated a securities class action lawsuit in the U.S. against Sweden-base auto parts firm Autoliv and certain of its directors and officers, relating to the company’s announcements in early 2011 that the DoJ and the European Commission were investigating units of the company for anti-competitive practices and antitrust violations. The investigation resulted in the company’s June 2012 agreement to plead guilty to price-fixing for certain auto parts.

 

Similarly, as discussed here, Russia-based Mechel OAO and certain of its directors and officers were hit with a securities class action lawsuit in the U.S. after Russian authorities found guilty of breaking competition laws; discriminating against Russian consumers; and maintaining a monopoly in the coal market.

 

Other examples of cases where securities class action lawsuit followed in the wake of antitrust enforcement activity include the  securities suit filed against Reddy Ice Holding and certain of its directors and officers (about which refer here), as well as the securities suit filed against Horizon Lines and certain of its directors and officers (refer here). More recently, the Libor-scandal related securities suit filed in the U.S. against Barclays and certain of its former executives followed after the company had reached a regulatory settlement with regulators in the U.S and the U.S. of an enforcement action that included alleged violations of the antitrust laws.

 

While the typical antitrust enforcement action would not trigger the entity coverage under a public company D&O policy because it does not involve an alleged violation of the securities laws, these securities lawsuits following on in the wake of antitrust enforcement actions which do involve alleged violations of the securities laws typically would trigger the entity coverage in the public company D&O policy.

 

In other words, because of the type and scale of litigation activity that can follow in the wake of antitrust enforcement activity, the current regulatory enthusiasm for cartel busting not only represents an important liability exposure for companies and their boards, this trend may also represent a significant exposure for their D&O insurers as well, even if only in the form of the follow on securities litigation.

 

More generally, these antitrust enforcement trends and related civil litigation represent just one specific example of a larger phenomenon that I have noted frequently in recent months, which is increasing levels of regulatory enforcement action in general as well as of the rise in related civil litigation following in the wake of the enforcement actions ( about which refer here).

First Circuit: D&O Insurer Must Advance Failed Bank Directors and Officers’ Defense Expenses

Posted in D & O Insurance

prIn an interesting March 31, 2014 opinion (here), the Unites States Court of Appeals for the First Circuit, applying Puerto Rico law, affirmed a district court’s ruling that the D&O insurer for the failed Westernbank of Mayaguez, Puerto Rico must advance the bank’s former directors’ and officers’ expenses incurred in defending the FDIC’s suit against them in its capacity as the failed bank’s receiver. Though the case ultimately involves an interpretation of Puerto Rican statutory principles dictating when an insurer must advance defense expenses, it also includes an interesting angle on the recurring issue of whether or not an action against a failed bank’s directors and officer by the FDIC in its capacity as receiver for the bank is precluded from coverage under the “Insured vs. Insured” exclusion found in most D&O insurance policies.

 

Background

 

Regulators closed Westernbank on April 30, 2010, which according to the FDIC cost the insurance fund $4.25 billion. In October 2011, certain of the former Westernbank directors and officers sued the bank’s primary D&O insurer in state court in Puerto Rico, seeking a judicial declaration that the insurer must defend that against claims the FDIC had asserted against them  (about which refer here). The FDIC as receiver for Westernbank moved to intervene in the state court action, and on December 30, 2011, removed the state court action to the District of Puerto Rico. On January 20, 2012, the FDIC filed its amended complaint in intervention, in which it named as defendants certain additional directors and officers, and, in reliance on Puerto Rico’s direct action statute, the various D&O insurers in the bank’s D&O insurance program. A copy of the FDIC’s amended complaint can be found here.

 

In its complaint, the FDIC, as Westernbank’s receiver, seeks recovery of over $176 million in damages from the former bank’s directors and officers as well as their conjugal partners, based on twenty-one alleged grossly negligent commercial real estate, construction and asset-based loans approved and administered from January 28, 2004 through November 19, 2009. In its complaint in intervention in the directors and officers coverage action against the bank’s D&O insurers, the FDIC seeks a judicial declaration that its claims against the directors and officers are covered under the policies. All of the defendants moved to dismiss the respective claims against them.

 

As discussed here, on October 12, 2012, Judge Gustavo Gelpi, denied all of the motions to dismiss. A copy of the court’s October 23, 2012 decision can be found here. Among other things, Judge Gelpi ruled that the insured vs. insured exclusion did not preclude coverage for the FDIC’s liability action against the former directors and officers, in part because at least in this case the FDIC not only sought to enforce the rights of the failed bank to which it succeeded as the failed bank’s receiver, but also because the FDIC also sought to enforce the rights of “depositors, account holders, and a depleted insurance fund.”

 

In addition, and of the greatest significance for purposes of the appeal,  Judge Gelpi ruled that the D&O insurer must advance the individuals defendants defense expenses, noting that Puerto Rican statutory law requires liability insurers to advance defense expenses “if there is even a remote possibility that a claim ultimately will be covered.” He also noted that his advancement ruling “is without prejudice” to the insurer’s “eventually being entitled to repayment.”

 

The insurer sought to appeal the advancement ruling to the First Circuit.

 

The March 31 Opinion

 

In a March 31, 2014 opinion written by Judge Ojetta Rogeriee Thompson, a unanimous three-judge panel of the First Circuit affirmed the lower court’s ruling that the D&O insurer must advance the individual directors’ and officers’ defense expenses.  The appellate court emphasized that the Puerto Rican statute requiring advancement if there is even a “remote possibility” of coverage, and that any doubts about an insurer’s advancement obligation “must be resolved in the insured’s favor.”

 

The insurer had sought to argue that there was not even a remote possibility of coverage, because the FDIC’s action against the individuals depended on the rights to which it succeeded as receiver for the failed bank. Because the FDIC as receiver stepped into the shoes of the failed bank, the insurer argued,  its action is just as precluded under the insured vs. insured exclusion as the action would have been had it been brought by the bank itself. In arguing that there was at least a remote possibility of coverage, the individuals and the FDIC cited to various cases that have held that the insured vs. insured exclusion does not preclude coverage for a D&O lawsuit brought in its capacity as receiver for a failed bank.

 

The appellate court noted specifically that, while the insurer argued that the FDIC was proceeding only its capacity as receiver, the FDIC for its part alleged more than that it had succeeded to the rights of the failed bank. It also alleges under FIRREA that it has succeeded to the rights of Westernbank’s depositors and account holders, and also that it was suing to recover “money the insurance fund had shelled out” after the bank failed. The Court said that “we think that these allegations make it likely possible – even if only remotely so – that the FDIC is suing on these non-insureds’ behalf. “

 

Noting that the parties’ arguments make this “a classic battle of dueling caselaw” with “no controlling authority” and with an obligation to resolve any doubts in the insured’s favor, the D&O insurer’s “suggestion that there is zero likelihood of a remote possibility of coverage falls flat.” The court ruled that the district court’s advancement ruling should stand, while emphasizing that “having lost the likelihood-of-success skirmish,” the D&O insurer “may still ‘win’ the coverage war at a succeeding trial on the merits.”

 

Discussion

 

It bears emphasizing that the First Circuit’s ruling does not represent an appellate affirmation of the district court’s coverage ruling on the insured vs. insured exclusion, but rather represents only an appellate ruling on the question of whether or not the lower court correctly applied the Puerto Rican statute requiring liability insurer’s to advance defense costs when coverage is disputed.

 

Nevertheless, the appellate court’s determination of the advancement issue does provide some interesting perspective on the ultimate merits of the disputed coverage issue. First, the appellate court did note (in footnote 2) that the D&O insurance policy at issue, by contrast to other policies that the same insurer has issued, does not contain a so-called “regulatory exclusion” expressly excluding coverage for claims brought by regulatory authorities.

 

Second, the appellate court considered it relevant and significant that in asserting its claims, the FDIC expressly sought to assert rights beyond those to which it succeeded as receiver of the failed bank, asserting in addition its rights under FIRREA to assert the claims of depositors and account holders, as well as on behalf of the deposit insurance fund.  These are the claims with respect to which the district court had concluded that the FDIC was also proceeding in a non-insured capacity and therefore that its claims were not precluded from coverage by the insured vs. insured exclusion.

 

Because the appellate court’s ruling involved the merits only of the advancement issue and did not involve an appellate consideration of the merits of the coverage dispute under the insured vs. insured exclusion, it will have no preclusive effect even in the First Circuit of the continuing dispute as to whether or not the FDIC’s assertion of claims in its capacity as receiver of a failed bank against the bank’s former directors and officers are precluded under the insured vs. insured exclusion.

 

Accordingly, this ongoing coverage dispute, which has also arisen in numerous other coverage actions associate with failed bank D&O lawsuits, will continue. The carriers, for their part, will try to rely on the rulings, such as the Northern District of Georgia Judge Richard W. Story’s August 2013 opinion (discussed here) that the insured vs. insured exclusion does preclude coverage for an FDIC lawsuit against a failed bank’s directors and officers, while the directors and officers will try to rely on rulings such as Northern District of Georgia Judge Robert Vining’s January 2013 ruling, discussed here, that the insured vs. insured exclusion doesn’t preclude coverage.  

 

I do note the following with respect to the question of the relevance to the coverage determination of the question as to whether or not the FDIC is proceeding against the directors and officers in a capacity other than as the receiver for the failed bank. The insurers will likely contend that even if the FDIC is acting on behalf of other constituencies in bringing the suit, it is first and foremost bringing the suit in its capacity as receiver for the failed bank, as that is the basis upon which it has any right to bring the claims in the first place. The insurers will further argue that the sole basis on which the FDIC has any right to assert the claims is because, by operation of the receivership, it is acting “in the right of” the failed bank, and therefore the preclusive language of the exclusion applies, notwithstanding the fact that the FDIC may have other purposes and motivations in bringing the action. The policy’s exclusion does not require, in order for the exclusion to apply, that the action be brought “solely” or “only” “in the right of” the Organization. The insurers will argue that because the action was brought “in the right of” the Organization, the exclusion applies notwithstanding the fact that in bringing the claim the FDIC was also action on behalf of other constituencies.

 

One final aspect of the First Circuit’s opinion here is worthy of comment. In her opinion for the court, Judge Thompson adopted a rather light-hearted tone, using phrases such as saying that the directors and officers “find themselves in the cross-hairs” or in its intervention the FDIC was “jumping in with gusto” or that “without missing a beat” the directors and officers sought coverage under the D&O policy. There is much more of the same in the opinion. Some may find this approach to judicial writing amusing; I do not. I am not sure what Judge Thompson sought to achieve by this approach, but personally I find this jaunty tone to be grating. I don’t think she intended to communicate that the parties’ dispute was unimportant, but I know for sure I were a party to this dispute I would have found her “isn’t this all so very amusing” tone to be extremely annoying.

 

Very special thanks to Evan Shapiro of the Boundas Skarzynski Walsh & Black law firm for sending me a copy of the First Circuit’s opinion.

 

Joe Monteleone’s take on the First Circuit’s opinion in an April 3, 2014 post on his D&O E&O Monitor blog can be found here.  

 

More About D&O Insurance Coverage for Subpoena Response Costs

Posted in D & O Insurance

law libraryAs I have previously noted on this blog, a recurring insurance coverage issue is whether or not the costs incurred in responding to a regulatory or enforcement subpoena represent covered defense under a D&O insurance policy. In an interesting March 27, 2014 memo entitled “D&O Coverage for Subpoena Response Costs: An Emerging Consensus?” (here), Benjamin D. Tiersky of the Orrick law firm takes a closer look at the recent case law and concludes that “there is a general trend emerging to recognize broad coverage for subpoena response costs under D&O policies.”

 

The costs of responding to an administrative, regulatory or grand jury subpoena can be very substantial, particularly in this era when so many documents are electronic or stored electronically. Given the magnitude of subpoena response costs, it is hardly surprising that those responding to the subpoenas seek to find insurance to pay for their incurred costs.

 

The principle point of dispute when questions arise as to whether or not a D&O insurance policy covers subpoena response costs are covered is the question of whether or not a subpoena is a “Claim” within the meaning of the policy. In contending that there is an “emerging consensus” that subpoena response costs are covered, Tievsky cites several recent cases in which courts have found that these a subpoena comes with the D&O insurance policy’s definition of “claim” because it represents a “demand for non-monetary relief.”

 

The author  refers in particular to the 2013 New York appellate court decision in a case involving Syracuse University and its costs incurred in responding to various subpoenas involved with investigations surrounding allegations against a former assistant basketball coach. The appellate court affirmed the trial court’s ruling that the insurer was liable for the university’s costs of responding to the subpoenas. The author also cites other cases where courts have found that a D&O insurance policy provides coverage for subpoena response costs, including at least case where a federal district court cited the Syracuse University case in finding coverage for the costs of responding to a NASA subpoena.

 

The author does note that while there may be a trend in the case law on the question of whether or not a subpoena is a claim within the meaning of the D&O insurance policy, questions may remain depending on the issue of who the subpoena’s target is and whether or not the subpoena is directed to an insured person or is directed to that person in an insured capacity.

 

The author also notes that issues may arise about which costs are covered. The author notes that insurers may take the position that they are only obligated to cover legal costs incurred in responding to the subpoena, but may dispute whether they must also cover indirect costs such as internal investigations relating to the subject matter of a subpoena, or costs relating to informal information requests relating to the subject matter of a subpoena.

 

In noting that “policyholders must be wary that with specific reference to D&O coverage of subpoena response costs” because “two leading cases come out opposite ways” on the question whether the policy must also cover indirect costs such as internal investigations relating to the subject matter of the subpoena or the costs of informal investigative responses. In support of this statement, the authors cites to the 2011 decision in the MBIA case (about which refer here), in which the Second Circuit held that costs incurred in voluntarily complying with investigative requests, as well as special litigation committee costs, are covered under a D&O insurance policy. The author contrasts the MBIA decision with the 2012 decision in the Office Depot case (about which refer here), in which the Eleventh Circuit held that the insured’s costs of responding to an informal inquiry were not covered under its D&O insurance policy.

 

Finally, the author notes that questions also remain as to whether “ancillary costs” that may arise when a company is subpoenaed – such as the costs associated with hiring a crisis management firm – are covered under the D&O insurance policy.

 

Discussion

 

The author’s analysis is interesting and certainly there are grounds on which it may be argued that a consensus is emerging on the question of whether or not a subpoena is a claim for purposes of determining D&O insurance coverage. However, I think there are several important points that should be kept in mind when considering these issues.

 

First, the wordings of the policy definition of the term “Claim” vary substantially between policies and the precise wording used can be crucial. Often seemingly minor differences can be coverage-determinative.

 

Second, in addition to the wording of the policy, the nature of the subpoena involved may also be important. A court may well have a different perception of, say, a grand jury subpoena, compared to an administrative subpoena, for example.

 

Third, the typical D&O policy provides coverage for loss arising from a “Claim” based on an “actual or alleged Wrongful Act.” Whether or not a subpoena represents a “Claim,” there may still be a question whether an actual or alleged Wrongful Act is involved.

 

Fourth, the author is correct that the MBIA and Office Depot cases may represent contrasting reference points on the question of whether or not various investigative response expenses are or are not covered. However, the cases were not directly related to the specific question of whether or not subpoena response costs as such are or are not covered. In addition, as discussed here, while the MBIA case undoubtedly is helpful to policyholders, its usefulness may be limited by the case-specific and somewhat unusual fact that all of the disputed costs at issue in the case were incurred after the SEC had issued a formal order of investigation. Accordingly, the case may be less helpful in those circumstances when a formal order of investigation has not yet been issued.

 

Special thanks to the several readers who sent me a copy of the author’s memo.

 

Guest Post: BSA/AML Enforcement Trends and D&O Liability

Posted in Director and Officer Liability

NERA_horizontal_2945_4cIn the following guest post, Christopher Laursen, Senior Vice President and Chair, Financial Institutions and Bank Practice at NERA Economic Consulting, takes a look at the current enforcement trends involving the Bank Secrecy Act and the Anti-Money Laundering regulations. I welcome guest submissions from responsible persons on topics of interest to readers of this blog. If you are interested in submitting a guest post, please contact me. Here is Chris’s guest post:

*******

 

 Following HSBC Holdings plc’s December 2012 admission to facilitating the laundering of $881 million in drug cartel monies and violating federal sanctions, members of Congress have pressed regulators to hold individuals accountable for systematic violations of Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations. Recent enforcement trends and public statements suggest that regulators, who were already shifting towards a stricter enforcement trend by levying large corporate monetary penalties, have responded with increased scrutiny for directors and officers failing to address alleged BSA/AML compliance shortfalls. In March 2014 statements before the Association of Certified Anti-Money Laundering Specialists (ACAMS), regulators indicated that they intend to hold individuals accountable for violations as part of this broader shift toward stricter enforcement.

 

Members of Congress have repeatedly raised the issue of individual accountability for AML compliance violations. In October 2013, House Democrats introduced a bill making bank executives, officers, and directors personally liable for BSA/AML violations. The “Holding Individuals Accountable and Deterring Money Laundering Act” would also grant FinCEN, the federal regulator directly responsible for enforcing BSA/AML compliance, expanded power to litigate independently of other regulators. The bill was referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations on January 9, 2014.

 

Undersecretary of the Treasury for Terrorism and Financial Intelligence David S. Cohen stated before the Senate Committee on Banking that under his direction, FinCEN is looking at ways to bring monetary penalties and industry participation injunctions against individuals for BSA violations. Comptroller of the Currency Thomas J. Curry has echoed FinCEN’s focus on responsibility, and repeatedly stated that the OCC was looking into holding individuals accountable for violations. He reiterated this goal in a focused speech before ACAMS in March 2014, suggesting that a stricter enforcement paradigm targeting individual accountability might emerge in the near future. In each of these statements, bank D&O were mentioned as a class facing increased scrutiny from an individual liability perspective.

 

The general trend toward stricter enforcement is evident from recent enforcement actions against financial institutions. Federal regulators levied nearly $5 billion in monetary penalties against financial institutions in connection with alleged violations of BSA/AML regulations since 2007. According to analysis by NERA Economic Consulting in the white paper “Recent Trends in BSA/AML Enforcement and Litigation,” two-thirds of all formal enforcement actions since 2012 have included monetary penalties, compared to only one-third from 2007 through 2011. Moreover, more than four-fifths of the approximately $5 billion in monetary penalties imposed since 2007 have been levied since 2012. This regulatory emphasis has persisted despite reportedly enhanced BSA/AML compliance efforts by financial institutions’ compliance personnel, directors, and officers, including a 38% increase in filings of Suspicious Activity Reports (SARs) since 2006.

  Figure 3

 

Regulators’ enforcement practices have shifted paradigms from the financial crisis and its aftermath through the present. From 2007 through late 2009, a period in which many financial institutions struggled to maintain liquidity and capital ratios, regulators typically issued cease and desist orders with no pecuniary levies. No BSA/AML monetary penalty exceeded 1% of a financial institution’s total equity capital in that period.  This stance may have been, in part, an effort to avoid placing further strains on institutions weathering the financial crisis. From late 2009 onward, however, regulators shifted to a more aggressive enforcement paradigm and pursued enforcement actions against financial institutions for both larger dollar amounts and larger proportions of total equity capital. The increasing trend in the penalties assessed as a share of total equity capital—conditional upon an enforcement action—has been striking.

 

Figure 4

 

 

As part of this aggressive enforcement paradigm, FinCEN added a stand-alone Enforcement Division in June 2013 in a major internal reorganization, and FinCEN also started placing emphasis on corporate and individual responsibility with respect to BSA/AML compliance. While historically, financial institutions that were the subject of enforcement actions were typically able to consent to monetary penalties without admitting or denying the alleged wrongdoing, FinCEN Director Jennifer Shasky Calvery has made clear in multiple speeches since 2013 that this practice is deliberately changing. This emerging trend in admitting responsibility in response to enforcement actions both increases the liability risk for D&O and widens avenues for private litigation against financial institutions and their D&O.  

 

Bank D&O are ultimately responsible for ensuring that a bank maintains an effective BSA/AML compliance program, which must be approved by the board of directors and noted in the board minutes. The compliance program must provide for four minimum requirements: 1) a system of internal controls to ensure ongoing compliance; 2) independent testing of BSA/AML compliance; 3) designation of an individual or individuals responsible for managing BSA compliance; and 4) compliance training for appropriate personnel. In addition, notification of SARs filed must be regularly presented to the board of directors and documented in the board minutes.

 

A number of enforcement actions have assessed personal monetary penalties against bank D&O over the past few years. In February 2009, the directors of Sykesville Federal Savings Association were collectively fined $10,500 in non-reimbursable civil money penalties for multiple violations of a consent order to cease and desist. In January 2013, the OCC levied civil money penalties against five D&O of Security Bank for up to $20,000 per person in connection with violations including failure to ensure an effective BSA compliance and SAR reporting system. In September 2013, the Justice Department charged the CEO of Public Savings Bank with criminal failure to file a SAR and maintain adequate AML controls in connection with an $86,400 wire transfer of suspected drug money.

 

Though bank directors and officers are often covered by D&O liability insurance, for the past several years the Federal Deposit Insurance Corporation (FDIC) has taken an increasingly strong position that a financial institution’s insurance policies may not indemnify D&O for civil money penalties. In 2011, the FDIC cited several financial institutions for D&O liability insurance policies that covered civil money penalties, and in October 2013 the FDIC published a Financial Institution Letter explicitly prohibiting insured depository institutions or their holding companies from purchasing insurance policies that would indemnify institution-affiliated parties against civil money penalties.

 

The shift toward individual accountability for BSA/AML violations has sparked some concerns that qualified personnel might avoid compliance or D&O positions at banks due to the risk of personal liability, especially due to the prohibition on institution-provided D&O civil money penalty insurance coverage. Comptroller Curry attempted to assuage such concerns in his March 2014 address before ACAMS, stating that increased D&O accountability “doesn’t mean that a senior executive in New York, for example, should be held responsible if an account officer in South America decides to turn a blind eye to suspicious transactions.” Curry also clarified that his focus would be on major, systemic violations, by assuring ACAMS that the regulatory focus on individual accountability “doesn’t mean penalizing honest mistakes or errors in judgment or even minor failures in compliance.”

 

While many experts and financial journalists have expressed concern that qualified individuals will nonetheless shy away from BSA/AML compliance positions as a result of a focus on individual accountability, some see this very public expression of regulatory intent as a means of forcing bank executives and boards of directors to prioritize compliance, in order to provide more support to compliance officers. Since compliance does not create revenue, regulators and bank compliance personnel have both expressed the sentiment that tough talk and even enforcement “catastrophes” by regulators are sometimes required to shift management’s attention to compliance matters. Seen through this lens, regulators’ recent comments suggest that they do not believe bank D&O are currently allocating sufficient attention or resources to BSA/AML compliance, and may feel the need to make a few examples.

 

Many financial institutions have responded to stronger BSA/AML enforcement with enhanced compliance programs, a substantial increase in SAR filings, and so-called de-risking of customer portfolios. De-risking, a potentially costly compliance response, involves the purposeful closing of financial relationships with groups of customers or lines of business considered high risk under BSA/AML standards. Before de-risking a group of customers or a line of business, banks must compare the benefits of potential revenue from existing business arrangements against potential compliance risk costs.

 

Regulators have generally encouraged increased SAR filings as the best relatively inexpensive way to reduce compliance risks for financial institutions. Institutions have responded to this impetus: the number of SARs filed with FinCEN has grown nearly thirty-fold since 1996, when the SAR was introduced, and nearly five-fold since 2002, the first year the Patriot Act’s Title III expansion of BSA/AML requirements was in effect, according to FinCEN’s SAR Activity Review – By the Numbers. However, some regulators and law enforcement personnel have criticized what they term “defensive” SAR filings, which allegedly report a large number of transactions with low levels of detail included in each report. Regulators have initiated multiple enforcement actions against financial institutions for allegedly insufficient or incomplete SAR filings, likely to incentivize banks to report additional context in each SAR filing.

 

Partial compliance with relevant regulations is not enough to avoid regulatory action. The JPMorgan Chase & Co. (JPMC) settlement from January 2014 in particular reveals the broad scope and long look-back of recent enforcement actions. JPMC admitted and accepted responsibility for violations of the BSA during the period between 1996 and 2008, including failure to file SARs in connection with its relationship with Bernard Madoff and his Ponzi scheme and failure to maintain an effective AML program. However, in the deferred prosecution agreement, supervisory agencies acknowledged that JPMC filed a timely British SAR on Madoff, but seemingly sought to emphasize that meeting foreign reporting obligations did not satisfy US BSA/AML regulatory requirements.

 

The increasing magnitude of regulatory and private challenges to BSA/AML compliance has come with increased costs to financial institutions. According to the 2014 Global Anti-Money Laundering Survey, average AML compliance costs for financial institutions have grown at a rate of at least 40% every three years since 2002, and by 53% over the most recent three year period. It is expected that the costs of compliance, regulatory enforcement actions, and private lawsuits will continue their increasing trend. As legislators and regulators have specifically stated their desire to hold D&O accountable for AML violations, and as regulators bar institution-provided liability insurance from indemnifying D&O, it may also be expected that their personal liability risks will increase accordingly.

 

 

Author: Christopher Laursen

Senior Vice President

Chair, Financial Institutions and Banking Practice

NERA Economic Consulting

tel: +1 202 466 9203

christopher.laursen@nera.com

 

Mr. Laursen is a Senior Vice President and Chair of NERA’s Financial Institutions and Banking Practice. He is a leading expert in financial products, markets, risk management, and financial regulation. He has served as an expert witness in numerous litigation matters and has provided consulting and advisory services for both public and private sector clients. Prior to joining NERA in 2009, Mr. Laursen served as a banking company policy-maker, supervisor, and examiner for 17 years with the Federal Reserve Board, Regional Federal Reserve Banks, and the Office of the Comptroller of the Currency. He has extensive expertise in anti-money laundering compliance, fraud reviews, credit underwriting, and trading activities, and has served as an expert witness and consultant in matters dealing with BSA/AML.

The Travel Issue: Stockholm Edition

Posted in Travel Posts

150aThe D&O Diary’s European mission continued last week with a stop for meetings in Stockholm, Sweden’s beautiful capital city and the largest city in Scandinavia. I know from experience that the weather in Europe in March can either be great or it can be awful. Just the same, I couldn’t have predicted the weather in Stockholm last week. The word that comes to mind is – magical. For three straight sunny days, the temperatures were in the 60s, with crystal clear blue skies and only the gentlest of breezes.

 

Let’s put this weather into perspective. At 59 degrees north latitude, Stockholm is really far north.  By way of comparison, Moose Jaw, Saskatchewan is only at 50 degrees north latitude. While I was actually getting a little sunburned in Stockholm, it snowed – twice – back home in Cleveland (located at 41 degrees north latitude). The funny thing is, I had several different conversations with locals who were upset because the winter in Stockholm was so awful – no snow! It hardly even got cold this winter! And Spring, in March? What’s up with that? (Stockholm is also further east than you might think. Stockholm is at 18 degrees east longitude; Berlin, by comparison, is at 13 degrees east longitude. Stockholm is both the furthest north and – excepting only Asia – it is the furthest east I have ever traveled.)

 

Stockholm has the essential charm, character and history you would068a expect of a venerable European capital city. But there is also something about its location on the Baltic Sea that in my mind makes Stockholm distinct, almost exotic. Stockholm is wreathed in water. With the brilliant blue skies and the waterfront buildings reflecting off the water’s surface, there were times during my visit when the city itself seemed to be floating on the water (as reflected in the picture at the top of this post).  And as a by-product of Sweden’s now centuries-old pacifist history, its architectural legacy is unusually well preserved. 

 

074aStockholm has a population of about 1.3 million, roughly the size of San Diego –but comparisons to the American city (or really to any city) are difficult because of the way Stockholm is arranged. Its physical area is one-third water and one third-parks. As a result, the city’s texture is surprisingly varied. Gamla Stan, the city’s extraordinarily intact old town, is laced with narrow, cobble-stone alleyways and full of shops and restaurants. The Baltic Sea connects to Lake Mälaren through a series of locks where Gamla Stan links to Södermalm, the city’s densely populated southern island. During my visit, I made my way to Tantolunden, one of the city’s many huge parks, on Sodemalm’s southern side. A collection of small holiday houses sits along a south-facing hillside in the park, each with its own garden (pictured below). The warm sunshine had drawn out each garden’s early spring flowers in a colorful profusion of crocuses, snowdrops and daffodils.   

 181a

 

 

 

 

 

 

 

 

 

As enjoyable as it is to walk around the city, the necessity for using public transportation quickly became apparent. I am a big fan of using public transportation when I travel, but I have to admit that had to work up my nerve to use the Stockholm subway (Tunnelbana). The city transit map looked like a colorful bowl of spaghetti. And then there are the station names – well, they are all in Swedish. None of the station names are pronounced the way they look. One of the stations with a relatively simple name near my hotel was “Hötorget,” which is pronounced “Heur-tor-jeh(t)” (sort of). But I managed to overcome my trepidation. It turns out the system is relatively easy to use and quite efficient. The subway system has also been called the world’s largest underground art gallery; many of the stations are dazzlingly colorful.

 

On Saturday, I was confident enough in my mastery of the transit system026a to take the Tunnelbana to Drottningholm Palace, the Swedish royal palace and residence of the current monarch, King Carl XVI Gustaf of Sweden. Regrettably, I did not see the King while there, nor any other member of the royal family. The palace is beautifully situated on the water and within immense parklands, but during my visit the trees and formal gardens were still in their winter dormancy. Further away from the actual palace itself, the park walkways were quite deserted. The woods and gardens had a quiet, austere beauty. I can only imagine how spectacular the grounds are in the summer months.

 

077aaThere is another palace in the city center, known simply as the Royal Palace (Kungliga Slottet), within Gamla Stan, across from the Parliament Building. This palace apparently is no longer used as a residence; I was told that this one is where the King works. Which made me wonder, what kind of “work” does a king do? I picture King Carl answering his email, putting together a spreadsheet listing his various palaces, and sending text messages to the other European royalty (say, to Prince Charles: “Sup dog? When u gonna b king???”)

 

There are a lot of great reasons to visit Stockholm, but one of the best is the food. I had several great meals there. For example, I had a terrific Asian fusion meal one night in an unusual food court near my hotel, called K25. (The name is a reference to the food court’s street address, Kungsgatan 25.) The basic idea of the place seems to be casual dining as theater. There are eleven food vendors in the center of the hall, and along the back wall is stadium style seating, affording an agreeable view of the food court scene. This perspective allowed me to observe that I was easily double the age of just about everyone in the place.

 

001aI did also enjoy some traditional Swedish food, as well. On my first night in Stockholm, I traveled by ferry with several industry colleagues to Restaurant J, a beautifully situated waterfront restaurant, where I enjoyed a plate of reindeer carpaccio, served with cloudberries and beets. And on Friday night, I had a traditional Swedish meal at Gunnels Krog, a small restaurant in Gamla Stan. For my main course, I had – wait for it – Swedish meatballs (pictured), made from moose meat and served with ligonberries, pickles, and cauliflower, with a bowl of potatoes on the side. I am not sure what kind of wine Hugh Johnson would recommend with moose meat, but I had a nice Côtes du Rhône. I also enjoyed the opportunity to chat with the restaurant’s charming proprietress, Gunnels Angberg, who is one of those special people who manages to show that she absolutely loves what she does and that she wants to share it with everyone. It was a truly memorable meal.

 

I want to thank Sverker Edstrom and Carl Bach of Navigators for inviting me to Stockholm to participate in their very successful broker event. Stockholm is a terrific place and I am grateful to have had the opportunity to visit.

 

I know I got lucky with the weather. I took advantage of it. I think I walked a couple of dozen miles in Stockholm and I took hundreds of pictures. I have set out a small sample of them below.

 

196a

 

 

 

 

 

 

 

 

 

 

 

 

173a

 

 

 

 

 

 

 

159a

 

 

 

 

 

 

 

 

 

 

 

 

055a

 

 

 

 

 

 

 

027a

 

 

 

 

 

 

 

I know that it is very immature of me, and perhaps even ignorant, but I found some of the Swedish words and phrases to be funny.

112a

 

 

 

 

 

 

 

116a

 

 

 

 

 

 

 

117a

 

 

 

 

 

 

 

153a