Payment Instruction Fraud and Cyber Insurance Coverage

As I have noted in prior posts, a recurring challenge many organizations face these days is the threat of “payment instruction fraud,” also sometimes called “social engineering fraud” or “payment impersonation fraud.” In these schemes scammers use official-seeming email communications to induce company employees to transfer company funds to the imposters’ account. Among the many issues arising when these kinds of scams occur is the question of insurance coverage for the loss. Some victims may expect that their cyber liability insurance will cover their loss.

 

However, as Lauri Floresca of Woodruff-Sawyer points out in her December 5, 2019 post on her firm’s blog entitled “Payment Impersonation Fraud: Why is This Common Cyber Problem Not a Valid Cyber Claim” (here), these  claims rarely involve the kind of cyber security breach required to trigger cyber insurance coverage. Accordingly, there are other steps well-advised companies may want to take to try to protect themselves from these kinds of losses. Continue Reading

Cyan Compels Remand of Previously Removed State Court Securities Suits

In prior posts, I have detailed the havoc that the U.S. Supreme Court’s March 2018 decision in the Cyan case has wrought, as Securities Act liability class action defendants find themselves facing multiple parallel suits in both federal and state court. A recent ruling in a consolidated federal court action involving the failed Miller Energy Company underscores the procedural disarray that Cyan continues to cause; in this case, the federal court, in reliance on Cyan, has remanded to state court two actions that pre-Cyan had been removed to federal court and consolidated with a third federal court action. As discussed below, this decision demonstrates yet another way in which Cyan produces outcomes contrary to procedural simplicity and judicial efficiency.  Eastern District of Tennessee Judge Thomas Varlan’s December 6, 2019 decision in the case can be found here. Continue Reading

Guest Post: Landmark UK Legal Statement Provides Clarity for Smart Contracts and Cryptoassets

Karen Boto

In the following guest post, Karen Boto, Legal Director at Clyde & Co, takes a look at the Legal Statement recently published by the UK Jurisdictions Taskforce addressing a number of legal issues cryptocurrencies and smart contracts. A version of this article previously was published as a Clyde & Co client alert. I would like to thank Karen for allowing me to publish her article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Karen’s article.

************************

On 18 November 2019, the UK Jurisdiction Taskforce (UKJT), part of the LawTech Delivery Panel of senior solicitors and barristers headed by Chancellor of the High Court, Sir Geoffrey Vos, published a landmark “Legal Statement” providing long awaited clarity as to how cryptocurrencies, distributed ledger technology (DLT) and smart contracts might be treated under English law.

The statement follows several rounds of public and private consultation, conducted to address the perceived legal uncertainties of these innovative technologies.

For the first time, the Panel has recognised that cryptoassets, including but not limited to, digital currencies, can be treated as property in principle, and that smart contracts are capable of satisfying the requirements of contracts in English law, making them enforceable by the Courts.

Cryptoassets

  • What is a cryptoasset?

The Legal Statement does not seek to define the term “cryptoasset”, the Panel having recognised the wide variety of systems in use, and the kinds of assets represented.  These range from purely notional payment tokens, such a Bitcoin, to tangible objects which are external to the system, such as a share or unit in a company or fund.   Rather the Panel has sought to identify and describe, in broad terms, the features of cryptoassets which make them novel and distinctive from more conventional assets, to allow for a detailed consideration of their legal and proprietary status.

In summary, the Panel explains that a cryptoasset is defined by reference to the rules of the system within which it exists.  It is typically represented by a pair of data parameters: one public (disclosed to all participants in the system) and one private. The public parameter contains encoded information about the asset, such as its ownership, value and transaction history.  The private parameter (the private key) permits transfers or other dealings in the cryptoasset to be cryptographically authenticated by a digital signature.  The private key should be kept secret to the holder.

Dealings in cryptoassets are broadcast to the entire network and, once they are validated, they are added to the digital ledger.  Most commonly the ledger is decentralised meaning no one person or entity has control over it.  It is also immutable and cannot be changed.  The most common type of ledger being used today is blockchain, although other models do exist. The rules governing the system are established by the informal consensus of the participants.

The novel features of cryptoassets are therefore broadly summarised as follows:

  • intangibility;
  • cryptographic authentication;
  • use of a distributed transaction ledger;
  • decentralisation; and
  • rule by consensus.
  • Can cryptoassets be characterised as property?

The Legal Statement focuses on the status of the cryptoasset itself (referred to as the “on-chain” asset), not any other asset it may represent (such as conventional assets linked to the system, which will already be classed as property).

The Panel has considered what property is, as a matter of English law. As no general or comprehensive definition of property exists in statute or case law, the Legal Statement focusses upon the necessary characteristics of property as identified in a number of authorities. The Legal Statement provides that before a right or interest can be admitted into the category of property: “it must be definable, identifiable by third parties, capable in its nature of assumption by third parties, and have some degree of permanence or stability. Certainty, exclusivity, control and assignability have also been identified in case law as characteristic of property rights.”

The Panel then considered firstly whether cryptoassets possess those important characteristics and secondly if so, whether there is some special legal reason to disqualify them from being considered to be property.

Although whether English law would treat a particular cryptoasset as property will be fact sensitive and require a consideration of the nature of the asset concerned, and the rules of the system in which it exists, in general, the Panel concluded that “cryptoassets have all of the indicia of property.”

The Panel also concluded that the “novel or distinctive features possessed by some crypto-assets” set out above, did not “disqualify them from being property…..nor are cryptoassets disqualified from being property as pure information, or because they might not be classifiable either as things in possession or as things in action.”

  • Why does it really matter if a cryptoasset is property?

It is important to determine whether a cryptoasset is capable of being property because it means that it can be owned, which gives rise to important proprietary rights that can be recognised against the whole world. The owner of a thing is entitled to control and enjoy it to the exclusion of anyone else.

Proprietary rights are of particular importance when it comes to issues relating to succession on death, the vesting of property in personal bankruptcy, and the rights of liquidators in corporate insolvency, as well as in cases of fraud, theft or breach of trust.

  • So, what is the asset and who owns it and how is it transferred?

The Panel explains that the asset does not consist of the public or private keys, or the distributed ledger itself; these are all deemed to be items of pure information.  The asset is something that arises from their combination with the rules of the relevant system, which provide the owner with the exclusive ability to effect or authenticate dealing with the cryptoasset.

In the Panel’s view, the owner of a cryptoasset is described as typically being the person who has acquired control of a private key by some lawful means, in much the same way that a person lawfully in possession of a tangible asset is presumed to be the owner. However, the Panel also notes that ownership may be dependent on the circumstances and the rules of the relevant system.

The Legal Statement confirms that whilst cryptoassets can be transferred either via an “on chain” transfer (with the ledger being updated in the usual way) or by way of an “off chain transfer” (another type of transfer outside the ledger which is vulnerable to a superseding on-chain transfer i.e. double spending by the transferee)) these will not constitute transfers in the legal sense.  This is because of the way the distributed ledger technology operates: unlike a tangible asset, the same cryptoasset does not pass, unchanged, from one person to another. Instead, the transferor typically creates a new cryptoasset, with a new pair of data parameters: a new or modified public parameter and a new private key. The data representing the “old” cryptoasset persists in the network, but it ceases to have any value or function because the cryptoasset is treated by the consensus as spent or cancelled so that any further dealings in it would be rejected.

  • What type of property is a cryptoasset?

The law has traditionally recognised two distinct types of personal property: things in possession and things in action. The Legal Statement confirms that a cryptoasset is not a thing in possession; cryptoassets cannot be physically possessed, being purely “virtual”.

The issue of whether a cryptoasset is a thing in action gave the Panel more pause for thought, though it ultimately concluded that they will fall within this category of property. In doing so, the Panel drew upon the fact that the term thing in action has historically been used more broadly as a kind of “catch all” to refer to any property that is not a thing in possession.

This categorisation is potentially important because it has been said that the law recognises as property only things in action and things in possession but not anything else.  The Panel took the view that despite these statements, it considered that the common law is and should be flexible and the Courts should interpret traditional definitions and concepts widely to adapt to new business practices (as we have seen in the past in respect of the development of shares in a company).

Furthermore, even if cryptoassets cannot be defined as a thing in action, the Panel found precedent for the treatment by the Courts of novel types of intangible risks as property, EU carbon emissions allowances being one example. This, said the Panel, recognised that personal property can include things other than things in action or things in possession.

  • What consequences does this classification have?

The Legal Statement concludes that it is possible to declare a trust over an ownership interest in a cryptoasset.

However, as the Panel found that a cryptoasset is not a physical thing, it cannot be subject to a possessory relationship, such as a bailment, a lien or a pledge. That said, the Panel expressly states that it could see no obstacle to the granting of other types of security such as charge or mortgage.

It is also clear that cryptoassets are not documents of title, documentary intangibles or negotiable instruments (though some form of negotiability may arise in future as a result of market custom), nor are they instruments under the Bills of Exchange Act.

Nevertheless, as the Panel was of the view that cryptoassets can be property at common law they were in no doubt that they may therefore also be property for the purposes of the Insolvency Act 1986 (IA 1986) which contains a very wide definition of property. Indeed, even if a cryptoasset was  deemed not to be property at common law, it might still be deemed to be property under the IA 1986.

Smart contracts

The Legal Statement also discusses smart contracts starting from the position of identifying the legally novel or distinctive features of these contracts.

In the Panel’s view the characteristic feature of a smart contract is automaticity.  A smart contract is performed automatically and without the need for human intervention.  That requires the terms of the contract to be recorded in code. Many smart contracts are embedded in a networked system that uses the same techniques as cryptoassets (i.e. cryptographic authentication, distributed ledgers, decentralisation, consensus), as discussed above.

The Panel went on to consider whether this automaticity amounted to a good reason for treating smart contracts as different in principle from conventional contracts and considered that it did not. In doing so, the panel acknowledged that the scope for legal intervention in smart contracts may be reduced, as the automaticity of smart contracts, and the manner in which computer code operates, should mean that there is strictly no need for a party either to promise performance or to resort to the law to enforce a promise by their counterparty: the code will simply do what it has been programmed to do.

However, the Panel was of the view that the risk that performance of the contract is affected by an event external to the code, such as a system failure, or that the code may behave in an unexpected way still remained, and it was important that any disputes that arise should be capable of adjudication.

The Legal Statement also discusses the requirements for the formation of a contract, namely that two or more parties have reached an agreement, with the intention to create a legal relationship and consideration has passed. The Panel concluded that a smart contract is capable of satisfying these requirements just as well as a more traditional or natural language contract, and a smart contract is therefore capable of having contractual force.

Although the parties’ contractual obligations in a smart contract may be defined by computer code (in which case the code may not be susceptible to the exercise of contractual interpretation at all), a smart contract can be identified, interpreted and enforced using ordinary and well-established legal principles.  For example, just as with any other contract, a Court will intervene in cases of duress, fraud, misrepresentation and so on.

The Legal Statement also highlights that English law provides a suitable framework for dealing with a number of issues that arise in relation to smart contracts. For example, English law does not struggle with the concept of anonymous or pseudonymous parties contracting.  There is no requirement under English law for parties to a contract to know each other’s real identity.  English law also does not struggle with the notion that a contract can be formed between individuals by virtue of them each having agreed to subscribe to a set of rules (as happens, for example, in a club). English law is fully equipped to deal not only with bilateral smart contracts but also those structured around Decentralised Autonomous Organisations (DAOs).

One of the most welcome parts of the Legal Statement, when it comes to smart contracts, is the analysis around whether a statutory signature requirement can be met by using a private key:The Legal Statement discusses the legal rules which require certain documents to be “signed” or “in writing”. The Panel concludes that, in their view, a statutory “signature” requirement could be met by using a private key which is intended to authenticate a document, and a statutory “in writing” requirement can be met, in principle, in the case of a smart contract whose code element is recorded in source code.  This is encouraging and reflects the reality of modern day commerce.

Comment

Many commentators believe the legal uncertainties surrounding cryptoassets and smart contracts (and the technologies which underpin them) have been the most significant barrier to their mainstream adoption. It is hoped that the Legal Statement demonstrates the ability of English law to respond consistently and flexibly to new commercial mechanisms, proving a foundation for the responsible future utilisation of cryptoassets and smart contracts.

Indeed, Sir Geoffrey Vos recognised the potential of cryptoassets and smart contracts, and the potentially huge benefits to society that they can deliver, saying:

In legal terms, cryptoassets and smart contracts undoubtedly represent the future.  I hope that the Legal Statement will go a long way towards providing much needed market confidence, legal certainty and predictability in areas that are of great importance to the technological and legal communities and to the global financial services industry.”

The thorny issue of how dealings in cryptoassets should be regulated will need to be tackled next,  the Panel having concluded that it was “more appropriate for regulation to follow the logically prior issues of common law characterisation”.

In the meantime, for insurers writing crypto-related risks, the Legal Statement confirms that cryptoassets are “property”, which is likely to be welcome clarification and allows for further consideration as to how they are treated under insurance policies to be undertaken.

It also important for insurers who may be providing crime cover to crypto-related businesses for for hacking incidents. Although the Legal Statement does not address the issue directly, the classification means that important proprietary rights and remedies may exist for victims.  For example, if a hacker causes a cryptoasset to be spent or cancelled in someone’s favour, and a new cryptoasset is thus created, whilst it may be possible for the victim to argue for the original cryptoasset to be returned to him/her, the ownership of the newly created cryptoasset may remain subject to other proprietary remedies which are available as a result of the hacker’s misconduct (such as unlawful spending).

The clarification provided in the Legal Statement as to the legal status of cryptoassets may therefore increase the prospects of recovering losses, which may, in turn, reduce the losses being claimed from insurers in the first instance and/or pave the way for subrogated recoveries to be made in future.

Cryptocurrencies and blockchain undoubtedly represent potential areas of growth for the insurance industry.  As we enter a new decade, we can expect to see insurance demands increase especially if the Legal Statement has the desired effect of promoting further utilisation of these technologies going forward.  With this industry starting to show signs of stability it will be interesting to see if insurers’ appetites to write such risks also expand.

 

Guest Post: Is it Time to Revisit the Scope of D&O Coverage?

John McCarrick

Paul Schiavone

In the following guest post, John McCarrick and Paul Schiavone propose that as D&O insurers seek to return to profitability by raising prices, the insurers should also revisit many of the coverage extensions that have become standard in recent years. The authors present a “wish list” of specific items they suggest insurers might want to consider; the list itself is the result of the authors’ “anonymous survey” of insurer-side professionals. My commentary on the authors’ proposals follows below. John is a partner in the law firm White and Williams LLP and leads the Firm’s Financial Lines Practice Group.  Paul is a Senior Vice President at Allianz, and is the Global Head of Alternative Risk Transfer and North American Head of Corporate Long Tail Lines.  I would like to thank John and Paul for allowing me to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John and Paul’s article.

 

********************************

Capital providers supporting D&O underwriting facilities have been heartened to witness double-digit rate increases in D&O underwriting lines over the past several calendar quarters – marking a possible end to the decade-long soft market drought.  D&O insurers reportedly are no longer reducing expiring premiums just to hold onto underwriting business, and appear to have already begun increasing premiums substantially on renewal or new accounts.

The profitability picture is less rosy for excess D&O insurers, where rates have been driven down as much as 80% in the past several years.  Looking at the same data, industry experts estimate that it will take multiple years of substantial annual, rate increases to restore profitability to the excess segment of the D&O market.

How long or extensive the market turn will last is anyone’s guess.  But we should all keep in mind that the long deterioration in D&O underwriting results was only partly a function of pricing.  At the same time that pricing was depressed, D&O coverage expanded – and expanded dramatically.

So as we think about restoring profitability to the D&O segment of the underwriting business, perhaps we can consider peeling back some of the coverage enhancements that became standard features of competitive D&O underwriting in the past, and that now could be tradeoff compromises in negotiations over premium pricing.

Brokers and risk managers might have a viscerally-negative reaction to forfeiting the broadest possible wordings – particularly because brokers spent much of the past decade negotiating these coverage-broadening terms.  But here’s another way to look at it:  the steep pricing increases already in place, and likely continuing well into 2020, reflect the cost of level-setting premiums to match the expanded coverage risks inherent in broader policy wording.  And so brokers and risk managers have two choices: either accept steeply-increasing premiums for the foreseeable future and light a candle — praying for the end of the hard market, or conform the D&O policy to a narrower scope of necessary coverage in exchange for more moderate price increases.

We took an anonymous survey of D&O underwriters and claims attorneys, and asked for their suggestions on soft market coverage enhancements that they’d like to see go the way of the dinosaur, and their collective suggestions are listed below.  Think about this “wish list” as more like a menu of available options that can balance pricing and scope of coverage. Not every change below is appropriate for every account, and no one has suggested to us that these changes should be blindly implemented across the board on all accounts.

The following list is presented in no particular order of importance:

  • Executives’ personal settlements of sexual harassment and similar disputes against them should be excluded from any proposed D&O coverage;
  • The use of sublimits to reimburse amounts incurred in connection with derivative-type litigation, such as books and records demands, and internal and special litigation committee investigations, should be limited to small and middle-market companies that really need funded expertise, and are arguably superfluous and therefore unnecessary for the large and mega D&O accounts (e.g., SEC investigation of entity, disclosure event coverage, event study costs and tax liabilities);
  • Coverage triggers for Side A and Side A-DIC policy should be narrowed, particularly with respect to presumptive indemnification, so that insureds don’t have broad latitude to simply tap this coverage at will;
  • If the industry insists on waiving rescission as a remedy for misrepresentations in the application process, at the very least it should tighten up warranty language, and avoid granting severability in connection with warranty exclusions whenever possible;
  • Avoid using the “that portion of Loss” language in the exclusions section of the policy, and limit its use elsewhere whenever possible;
  • More rigorous use of “tie-in” limits endorsements on FI accounts, given the demonstrated propensity of related FI risks to run into claim trouble simultaneously;
  • Revisit final adjudication and non-appealable requirements for conduct exclusions, where permissible by state law;
  • Revisit severability for conduct exclusions;
  • Consider broader Prior Wrongful Act exclusions, including wordings that do not require a showing of the insured’s actual knowledge of the prior act;
  • Beef up insurers’ ability to control defense counsel rates in non-duty to defend policies, including reversing the historical watering-down of “reasonableness” wording;
  • Delete the requirement that the insurer demonstrate prejudice in connection with late notice denials of coverage;
  • Restrict the scope of the “Claim” definition, especially in connection with informal SEC investigations and Section 220 demands;
  • Revisit the definition of “Loss:”
    • exclude coverage for plaintiffs’ attorneys’ fees in certain instances (e.g., bump-ups, Section 11 claims, etc.);
    • limit coverage for punitive, exemplary or multiple damages, where permissible;
    • specifically identify the applicable state law governing insurability of Loss;
  • Revisit prior notice exclusion language to conform to underwriting expectations;
  • Return to broader “based upon, arising out of” exclusion preamble language in lieu of “for” language;
  • Limit coverage in “bump-up” M&A cases to “Defense Costs” only;
  • Specify a choice-of-law jurisdiction in policies if underwriters don’t want to be forced to litigate every D&O coverage dispute in Delaware;
  • Revisit the scope of the contract exclusion and the professional services exclusion in D&O private company and private equity fund D&O/E&O forms;
  • Revisit the language impacting underlying insurer limits depletion and potential gap-filling opportunities;Revisit the need for pre-suit mediation provisions; and
  • Tighten up the relatedness language tying together related Wrongful Acts and/or related claims given some recent unfavorable law in Delaware, Florida and other pro-policyholder states.

One data point that’s difficult to quantify is the coverage exposure impact of any one or combination of these coverage-tightening changes. Will the suggested change impart frequency, severity or both?  As to severity, will any suggested change impair settlements, defense costs, or both? Or until the change simply reduce the potential that an unfriendly court won’t enforce the policy terms as written?

And finally, what’s a reasonable premium tradeoff for a given set of coverage-tightening changes?  Larger D&O policyholders might be prepared (i.e., have the financial resources) to absorb higher premiums instead of agreeing to shrink coverage, but smaller policyholders might reluctantly accept coverage changes to preserve access to D&O coverage limits, or to any D&O coverage at all.

[John F. McCarrick is a partner in the law firm White and Williams LLP and leads the Firm’s Financial Lines Practice Group.  Paul Schiavone is a Senior Vice President at Allianz, and is the Global Head of Alternative Risk Transfer and North American Head of Corporate Long Tail Lines.  The authors’ views are their own, and do not necessarily reflect the views of their respective firms.]

 

********************

 

Kevin’s Comments:

 

Let me say that I found it a struggle to find the right tone for my response to John and Paul’s article. To state it simply, on my first reading of the wish list, I had exactly the “viscerally-negative reaction” the authors anticipated policyholder-side representatives might have.

 

At the same time, I have known both John and Paul a very long time and I consider them both friends. I respect them both a great deal, both personally and professionally. I would not want my visceral reaction to their suggestions to translate into a response that sounded negative toward either of them.

 

In addition, I recognize that John and Paul have offered their observations to initiate a discussion of these topics. The very submission of their article for publication on my blog bespeaks their presumption that well-meaning insurance professionals can have a reasonable conversation about important topics, even about topics that may be controversial.

 

In that spirit of reasonable conversation among industry professionals, I offer a few observations here about John and Paul’s wish list. Please note that I have not attempted to respond to all of the items on the wish list. Instead, I have selected a few items on which to comment, as a way to convey my overall views about the list.

 

First of all, my visceral reaction notwithstanding, I don’t disagree with everything on their list. There are a few items that I think, subject to further consideration and elaboration, usefully might be adopted in D&O insurance policies.

 

For example, I do think there may be a role for the inclusion in D&O insurance policies of choice of law clauses. Uncertainty over the law to be applied to the interpretation of the policies can lead to disputes, and occasionally lead to the application of law having little or nothing to do with the parties or the policy. However, even if insurers may bridle at having the law of jurisdictions they view policyholder-friendly applied to policy interpretation, that does not make it right to have the law of insurer-friendly jurisdictions applied if the jurisdiction has nothing to do with the parties or the policy. I favor having the law of the jurisdiction of the insured entity’s U.S. corporate headquarters as the designated law; that is, the law of the place of contract delivery, the law that under standard choice-of-law principles actually should apply.

 

 

I also think there could be a useful dialog to consider whether the public company D&O insurance marketplace might usefully be stratified, so that some of the sub-limited coverage extensions that have become standard in recent years need not be offered to the very largest public companies. I agree that it is a reasonable question to ask whether these small, sub-limited coverage extensions make sense in the context of the very largest public companies’ D&O insurance programs, particularly if the removal of these terms actually would translate into meaningful cost savings for the insureds.

 

 

By the same token, there are other items on the wish list that that I think should not be on the table at all or by rights should quickly fall by the wayside.

 

For example, it took a long time to get it right with the after-adjudication trigger for the conduct exclusions.  The current standard formulation means that mere allegations of misconduct are not sufficient to preclude coverage, and the final adjudication requirement ensures that insured persons do not lose their coverage when they arguably need it most (say, when appealing from an adverse trial outcome). The current formulation is also consistent with advancement and indemnification requirements in Delaware and other jurisdictions. In my view, the after-adjudication requirement is where it should be and it should not go back on the table. Period.

 

Similarly, no one who has ever represented policyholder-side interests could ever consider removing the now-standard provisions implementing severability of warranties and of the exclusions. From the perspective of individual directors and officers – the people the insurers have undertaken to protect – these provisions embody basic principles of fairness; that is, that no person should not lose their rights and interests because of the actions of others.

 

There are a number of “turn back the clock” items on the list that in my view are also better left out of the discussion.

 

For example, I do not believe that D&O insurers should be able to deny coverage based on late notice in the absence of prejudice; without a prejudice requirement, the notice provision becomes a meaningless “mother may I” provision, in which substantive rights are subordinated to mere ritual. The now-frequent addition of notice prejudice requirements within policies represents a long-overdue change, and trying to turn back the clock on this issue would represent a regression of the first order.

 

Similarly, I believe insurers have all too convincingly demonstrated in the past that policy exclusions with a “based upon, arising out of” preamble often are applied overbroadly, in ways that lead to preclusion of coverage for the very types of claims for which the insurer purchased coverage.   As the Seventh Circuit recently said, exclusions with this preamble language can render coverage “illusory.”  Trying to turn the clock back on this issue could seem like a good idea only to someone nostalgic for the “good old days” when insurers regularly applied exclusions overbroadly in order to be able to deny a wide swath of claim that in fact the policy was meant to cover.

 

Finally, there are items on the list that I think should be up for discussion, just not in the way expressed on the wish list.

 

For example, I agree we need to revisit the Contract Exclusions and the Professional Liability Exclusions found in most private and non-profit D&O insurance policies, but they should be revisited in order to narrow them so that they preclude coverage only for the claims that rightfully should be excluded, and are not applied to preclude coverage for the very kind of claims for which the policyholder purchased the coverage.

 

All of that said, I want to thank John and Paul for their effort to launch a dialog. As I suggested at the outset, there should always be room in our industry for reasonable conversation among thoughtful professionals, even with respect to ideas that may be controversial.  Even though I believe a number of the items on their list belong in the dustbin, that is not a reason not to have a conversation.

 

In the end, conversation alone will not resolve the questions that John and Paul have posed. The items on the wish list ultimately can only be tested and addressed in the marketplace. One key consideration will be the relationship between any coverage changes and pricing. Ultimately, the refining fire of competition will determine whether any of the items on the wish list will go anywhere.

SEC Public Company Enforcement Actions Highest in Ten Years

Due to an increase in the number of enforcement actions resulting from an agency initiative during the year, the number of enforcement actions brought by the SEC against public companies was at the highest level in at least ten years, according to a recent report. The report, entitled “SEC Enforcement Activity: Public Companies and Subsidiaries Fiscal Year 2019 Update,” which can be found here, was prepared by the NYU Pollack Center for Law & Business and Cornerstone Research. According to the report, the agency’s public company enforcement action monetary recoveries during the fiscal year were consistent with long-term averages.  Cornerstone Research’s November 20, 2019 press release about the report can be found here. Continue Reading

Guest Post: Pyrrhic Victory For Shareholders in Epic Credit Crunch Claim against Directors   

Francis Kean

In the following guest post, Francis Kean takes a look at the November 15, 2019 U.K. High Court of Justice (Chancery Division) judgment in the long-running HBOS acquisition-related lawsuits brought by a large group of shareholders against Lloyds Banking Group and its directors. As Francis discussed below, the judgment has significant implications for these kinds of actions under U.K. law. Francis is Executive Director FINEX Willis Towers Watson. I would like to thank Francis for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Francis’s article.

 

***************************

 

In a recent judgment running to nearly 1000 paragraphs, a High Court judge has denied recourse to a group of almost 300 institutions and 6000 individuals, despite ruling that four of the most senior directors of a bank were in breach of their duty of care. The claimants who were claiming some £385 million from one of the UK’s largest High Street banks following the reverse take-over in 2008 of another very large financial institution have said they are considering an appeal. A copy of the court’s November 15, 2019 judgment can be found here.

 

Although this is only a first instance judgment, the case is noteworthy for a number of important reasons including the following:

 

  • It’s one of the very few judgments on the nature of the duties (if any) owed by a publicly listed company and its directors to shareholders in connection with formal circulars and announcements made under UK Stock Exchange Listing Rules created under part VI of the Financial Services and Markets Act 2000
  • Although seemingly resembling a US securities class action (at least in terms of its overall aims) the case in fact highlights the dangers, differences and difficulties for claimants in bringing this type of claim in the UK.
  • The judgment contains some important analysis of the English law approach to causation i.e. the principles under which (even assuming a duty of care is made out and found to have been breached) the court determines what else a plaintiff must do to establish a link with any damages allegedly suffered.

 

Background and nature of the claim

 

The facts to which the case gave rise took place in the middle of the 2008 credit crunch sparked by the collapse of Lehman Brothers. It concerned a unanimous recommendation by the board of the bank to its shareholders that they approve the acquisition of HBOS. The recommendation was accompanied by a Chairman’s letter which noted:

 

Whilst HBOS has been significantly affected by recent challenging marketing conditions, including the deteriorating economic environment which has negatively impacted its funding model, the Lloyds TSB Directors believe that HBOS remains an excellent franchise with the potential to contribute substantial value to the Enlarged Group.”

 

The acquisition was duly approved. The claim subsequently brought by a group of shareholders alleged in essence, as the judge summarised it, that :

 

“(a) The Lloyds directors should not have recommended the Acquisition because it represented a dangerous and value destroying strategy which involved unacceptably risky decisions (“the recommendation case”):

(b) the Lloyds directors should have provided further information about Lloyds and about HBOS, in particular about a funding crisis faced by HBOS and the related vulnerability of HBOS’s assets (“the disclosure case”).”

 

The claimants alleged that the directors were negligent, had breached their fiduciary duties and had actively misled the investors although they stopped short of making allegations of bad faith. They claimed that but for such negligence and breach of duty the acquisition would not have gone ahead.

 

The Judge’s Findings

 

The defendant bank and its directors conceded that they owed the claimants a common law duty to exercise reasonable care and skill with respect to any written statements or representations contained in the Circular. The judge embarked on a full review of the nature of that duty by reference to case law. He summarised the position thus:

 

“…where the opinions of reasonably informed and competent directors might differ over, for example, some entrepreneurial decision, the mere fact that a director makes what proves to be clearly the wrong choice does not make him liable for the consequences. When embarking upon a transaction a director does not guarantee or warrant the success of the venture. Risk is an inherent part of any venture (whether it is called “entrepreneurial” or not). A director is called upon (in the light of the material and the time available) to assess and make a judgment upon that risk in determining the future course of the company. Where a director honestly holds the belief that a particular course is in the best interests of the company then a complainant must show that the director’s belief is one which no reasonable director in the same circumstances could have entertained.”

 

This reaffirmation of the English common law approach to directors’ duties will be of comfort to UK based directors. It stands in stark contrast to the approach often adopted by regulators to the same question which tends to proceed from the presumption, in the event of a major problem or corporate loss, that director default must have occurred.

 

Having reviewed a mountain of evidence, the judge went on to conclude that the directors had in fact breached in two respects what he termed the “sufficient information duty.” He quoted the statement in the Circular to shareholders that:

 

To the best of the knowledge and belief of the [Lloyds] directors (who have taken all reasonable care to ensure that such is the case) the information contained in this document is in accordance with the facts and does not omit anything likely to affect the import of such information.”

 

Based on his review of the evidence, the judge concluded that the directors had not in fact taken all reasonable care to ensure that two discrete issues were adequately disclosed and dealt with in the Circular. (For balance it should be added that the claimants failed to make out a case of breach of duty in respect of a range of other allegations of negligence.)

 

Causation

 

This is where the claimants’ case fell apart. Their argument was that if the disclosures had been made, the board would have terminated the transaction, or it would otherwise have collapsed and/or the shareholders would have rejected it. After a detailed review, the judge concluded that there was simply not enough evidence on which to base such a conclusion. He pointed out for example that that there was no evidence before him as to how the major institutional shareholders would have acted differently had there been additional disclosures. The few claimants who gave evidence on this issue at trial accounted for just 0.37 % of the issued shares.

 

The Judge carefully examined the claimants case which hinged on the fact that one of the undisclosed matters which he had ruled should have been disclosed concerned an emergency lending facility which had been afforded to HBOS by The Bank of England. Their seemingly persuasive argument was that in every case in which such a facility had been rumoured or disclosed in the past, a run on the relevant bank had occurred. The judge rejected this inference based on (among other things) expert evidence as to the different nature of the circumstances that existed at the relevant time including the fact that liquidity issues concerning HBOS were already known to exist and that the disclosure, if made, would have been “controlled and not leaked” and “contextualised”.

 

He concluded:

 

“I am not persuaded that the two failures to provide sufficient information were in fact causative of any loss. The information ought to have been disclosed in the manner I have indicated in order to present a fair, candid and rounded view of the question before the Lloyds shareholders. But if the shareholders had been presented with that information they would not have reached a conclusion other than that which they did in fact reach. Despite the imperfections in the Circular the majority who approved the Acquisition did not do so under some misapprehension of the position. They knew the course recommended unanimously by the board. They knew the risks identified by the board. They knew that the board assessed the chance of advantage as outweighing the risk inherent in the transaction….”

 

Conclusion

 

This is not the first time a case has foundered on the rocks of the principles of causation as applied by English courts. Other systems of law tend to adopt a broader brush approach to this question.  Under such an approach, if a relevant breach of duty is made out, courts will generally  allow recovery of damages based on a “but for..” type approach to causation i.e. but for the defendants’ negligence the claimants would not have suffered a loss. English law requires the claimants to establish (a) a direct link between the breach and the loss and (b) that it was reasonably foreseeable at the relevant time that loss of that type would occur.

 

Although of cold comfort to the claimants in this case, they did at least succeed in scaling a difficult mountain in establishing that the directors of this publicly listed company  were in breach of their duties owed  to the shareholders as a whole in omitting relevant information from formal documents produced under The Listing Rules. It was accepted that directors must “give a fair, candid and reasonable explanation” of the purpose of any shareholders’ resolution.

 

Arguably though, the two biggest hurdles faced by the claimants in this case which they were never going to overcome under English law and procedure were:

 

  1. The absence of a statutory “continuous disclosure” obligation of the kind which exists in Australia. This would have created much more difficult problems for the bank and its directors at the time in terms of their statutory disclosure obligations.
  2. The absence of an ability to launch a class action on an opt out basis based on a “fraud on the market” theory of the kind which exists in the US. Remember that in this case although some 9000 shareholders were involved in the claim, for the resolution under which the acquisition of HBOS was approved, a total of 1.4 billion votes were cast! How were these claimants going to persuade the judge how those votes would have been cast had the information been disclosed?

 

Finally, a note about the infamous “Loser Pays” rule under English law. The defendants’ costs in this case have been estimated in excess of £25 million. The claimants will have taken out “After The Event Insurance” (LINK) to meet these costs and of course, the judgment is still subject to appeal but the fact that they may well need to make a substantial payment to the defendants will be concentrating their minds and those of their litigation funding backers.

 

A Rash of Cannabis-Related Securities Class Action Lawsuits

On November 21, 2019, when a plaintiff shareholder filed a securities class action lawsuit against Aurora Cannabis, Inc. and certain of its directors and officers, the company became the latest U.S.-listed Canadian cannabis company to be hit with a U.S. securities class action lawsuit. The lawsuit against Aurora came just one day after a different claimant launched a separate U.S. securities lawsuit against another Canadian-based and U.S.-listed cannabis company, Canopy Growth. These two companies join a growing list of cannabis-related firms that have been hit with securities suits this year. As discussed below, these cannabis-related company lawsuits are one of several factors contributed to the continued elevated level of securities class action lawsuit filings in the U.S. Continue Reading

Seeking Insurance for Cybersecurity-Related Losses

Many of you probably saw the news this past week that Target has filed a lawsuit against one of its insurers over losses the company sustained in connection with the company’s 2014 data breach. The Target lawsuit is the latest in a series of high profile insurance battles in which companies are seeking to recoup losses resulting from cybersecurity incidents. However, as my friend, colleague, and Cyber insurance maven Mickey Estey pointed out to me, in its lawsuit Target is in fact not seeking to recover its claimed losses under a cyber insurance policy; rather, in its latest lawsuit, Target is seeking to recover for certain of its losses under its general liability policy. The Target lawsuit is only the latest in a series of high-profile insurance disputes in which companies that have sustained losses from a cybersecurity event are seeking coverage under a variety of different types of policies. Continue Reading

The Complicated Threat of Biometric Data Privacy Class Actions

The Illinois Biometric Information Privacy Act (BIPA) has been on the books for more than a decade. However, as a result of a January 2019 decision by the Illinois Supreme Court, the statute’s requirements and potential liabilities have become a much more serious concern. Moreover, a number of states have passed or are considering legislation similar to or designed to address the same concerns as the Illinois BIPA. This kind of privacy legislation represents a significant potential corporate liability exposure. As discussed further below, biometric data privacy-related claims present some complicated insurance coverage issues. Continue Reading

SEC: Whistleblower Reports and Awards Continue at Elevated Levels

According to the latest annual report from the SEC’s Office of the Whistleblower, the number of whistleblower reports and the total value of whistleblower awards continued at elevated levels during fiscal 2019 (which ended September 30, 2019). Though the reports and awards remained high during the fiscal year, both were down relative to the prior fiscal year. And while the aggregate award values and even several individual awards during the fiscal year are impressive, the small number of awards relative to the vast numbers of whistleblower reports is noteworthy and striking, as is discussed further below. The Office of the Whistleblower’s November 15, 2019 report can be found here. Continue Reading

LexBlog