The world of directors’ and officers’ liability is always dynamic, but 2018 was a particularly eventful year in the D&O liability arena. The past year’s many developments have significant implications for what may lie ahead in 2019 – and possibly for years to come. I have set out below the Top Ten D&O Stories of 2018, with an eye toward future possibilities.

1. Securities Class Action Lawsuit Filings Remain at Near-Record Levels

The number of securities class action lawsuit filings remained close to record levels in 2018. There were 403 new federal court securities class action lawsuit filings in 2018. While the number of filings in 2018 was slightly below the 412 federal court securities suit lawsuits filed in 2017 (representing a decline of about 2%), the 2018 filing total is nearly 210% above the 1996-2016 average annual number of filings of 193.


As has been the case in the most recent years, a significant factor in the heightened level of securities lawsuit filings during 2018 was the number of federal court merger objection suits filed as class action lawsuits under the federal securities laws. In 2018, there were 185 merger objection lawsuits filed in federal court, representing about 46% of the federal court securities class action lawsuit filings.


However, even disregarding the merger objection lawsuits, the 2018 filings were significantly elevated compared to long-term averages. Of the 403 securities lawsuit filings in 2018, 218 were “traditional” securities class action lawsuit filings, which is nearly 13% above the 1996-2016 annual average number of filings (193).


Although the number of 2018 federal court securities class action lawsuit filings is near record levels, the tally may in fact underrepresent the level of securities class action litigation activity during the year. In March 2018, the U.S. Supreme Court held in the Cyan case that state courts retain concurrent jurisdiction over liability actions under the Securities Act of 1933. This statutory liability primarily affects IPO companies. As discussed further below, following the Cyan decision, plaintiffs’ lawyers filed a significant number of state court securities class action lawsuits against IPO companies. Some of these state court actions do not have parallel federal court actions. The state court actions are much harder to track than federal court actions. In the absence of complete and accurate information on state court securities litigation filings activity, the federal court-only tally arguably underrepresents the level of securities class action activity during the year.


While the number of lawsuits filed is of course significant, the rate of litigation — that is, the number of lawsuits relative to the number of listed companies — represents an even more meaningful comparison. The litigation rate has been increasing in recent years as the number of lawsuits has increased while the number of listed companies has decreased (owing to bankruptcy, mergers, and going private transactions).


Of the 403 defendant companies hit with securities suits in 2018, 385 are listed companies, which implies (using the 2017 year-end number of listed companies of 4,411) a litigation rate of 8.7%, the highest rate since at least 1996. In other words, the likelihood of a listed company getting hit with a securities suit arguably was higher in 2018 than it has even been. Even if the merger lawsuits are taken out of the equation, the litigation rate calculates to 4.6%, which is also the highest-ever level.


In addition to the merger objection lawsuits, there are several other factors that drove the increased level of litigation in 2018. One was the continued emergence of event-drive securities litigation, which is discussed further below. Other factors contributing to the heightened filings levels include the increased prevalence of securities class action litigation filed in the wake of a data breach disclosure and the rise of securities suits based on privacy-related concerns, both of which are also discussed below. Another factor is the rise in the number of securities suits relating to revelations of sexual misconduct, a topic that is also discussed below.


Looking ahead, there is every reason to expect that the elevated levels of securities class action activity will continue. Much of the activity in 2017 and 2018 was driven by the hyperactivity of a very small number of so-called “emerging” plaintiffs’ law firms, and there is every sign that these law firms will continue to pursue this active approach during 2019.


The significantly elevated level of securities class action activity is a serious problem both for publicly traded companies and for their insurers. The increased likelihood of a listed company getting hit with a securities suit is a significant threat for public companies. For their insurers, the heightened threat of securities litigation represents a significant challenge in an environment where abundant insurance capacity provides a check on any attempts to seek rate increases.


2. IPO Companies Face State Court Securities Lawsuit Risk

As noted in the preceding section, on March 20, 2018, the U.S. Supreme Court issued its unanimous decision in Cyan, Inc. v. Beaver County Employees Retirement Fund, holding that state courts retain concurrent jurisdiction with federal courts for liability actions under the Securities Act of 1933. The immediate practical consequence of this decision is that if a company is hit with a ’33 Act securities lawsuit in state court, the company can’t remove the state court lawsuit to federal court even if there is a parallel or even identical federal court action.


IPO companies now face the possibility of having to fight securities litigation in multiple jurisdictions. Indeed, IPO companies face the possibility not only of having to litigate claims in both state and federal court, but also face the possibility of having to litigate in multiple state courts at the same time.


When parallel cases are pending in both state and federal court, there is no procedural mechanism to consolidate or coordinate the cases. So unless one of the courts involved is willing to stay its proceedings in deference to the other court, both cases will go forward at the same time. The possibility of multi-jurisdiction litigation not only presents the prospect of increased attorneys’ fees as the defendant company is forced to fight a multi-front war, but it also presents the risk of logistical and procedural issues that could complicate the company’s defense. The overall prognostication is for more complicated and more costly IPO-related litigation.


It has only been a few months since the Cyan decision was handed down and there are not yet complete statistics showing how frequently IPO companies have been sued in state court or in both state and federal court, but there are several examples where IPO companies have been hit with separate lawsuits filed in state and federal court. For example, GreenSky, Inc., a fintech company that completed its IPO in April 2018, was first sued on November 17, 2018 in New York state court, and then on November 28, 2018, the company was sued in federal court in New York. Loma Negra Compania, an Argentinian construction company that listed its securities in the U.S. in November 2017, was sued in New York state court in June 2018, and was sued in New York federal court in December 2018.


By my informal and unaudited tally, during 2018, there have been as many as eleven Section 11 class actions filed in California state court and nine filed New York state court, most of also involve pending parallel federal court lawsuits. (Please note that these California and New York state court filing figures almost certainly are incomplete.) However, in both jurisdictions there are new Section 11 class action lawsuits that do not have parallel federal court lawsuits. In addition to California and New York, there also have been Section 11 lawsuits filed in state courts in Colorado, Texas, Massachusetts, and Tennessee, among other states.


Although much of the discussion about Cyan and its impact has focused on IPO companies, companies that conduct secondary offerings also incur potential liability under the ’33 Act. As a result of Cyan, a company sued for alleged misrepresentations in connection with a secondary offering could also face the possibility of having to litigate in multiple forums.


Companies involved in merger transactions that face merger objection litigation presenting claims under the ’33 Act could also face the risk of multi-jurisdiction litigation; indeed, as discussed here, there have already been several state court merger objection lawsuits filed under the ’33 Act, including at least one instance where there were actions filed in two different states.


One idea that has been circulating since even before the Supreme Court issued its decision in Cyan is that companies can adopt a bylaw specifying that all claims under the Securities Act of 1933 must be filed in federal court. As discussed here, a shareholder of Blue Apron, Stitch Fix and Roku (all recent IPO companies) filed an action in Delaware Chancery Court seeking a judicial declaration that the companies’ bylaws designating a federal forum for securities lawsuits are invalid and unenforceable. As discussed here, on December 19, 2018, Vice Chancellor Travis Laster issued a memorandum opinion agreeing with the plaintiff and holding that under Delaware law, Federal Forum Provisions are invalid and ineffective.


Because so many publicly traded companies are organized under the laws of Delaware, including most IPO companies, Vice Chancellor Laster’s ruling effectively eliminates the possibility of using Federal Forum Provisions for most companies. The bottom line is that IPO companies and other companies now continue to face the possibility of having to fight Section 11 litigation in state court, possibly as part of a multi-front war.


The D&O insurers have been trying to find an equilibrium solution to these issues, particularly for IPO companies. Many insurers will now only quote primary D&O insurance for an IPO company subject to a separate retention for state court securities lawsuits, and in some cases also subject to coinsurance. The retentions range as high as $10 million or more. (It is not entirely clear how this retention would work in the event of parallel state and federal litigation.) However, there are also carriers willing to quote D&O for IPO companies without a separate state court securities litigation retention. In any event, the cost of D&O insurance for IPO companies is higher than in the past, in many cases significantly so. As the litigation experience with these kinds of lawsuits develops, the insurers’ response is likely to evolve as well.


3. Event-Driven Securities Suits Represent a Serious and Growing Problem

There was a time in the not-too-distant past when securities lawsuits were primarily about financial or accounting misrepresentations. However, in recent years, the number of companies announcing financial restatements has declined; in 2017, the number of restatements hit a 17-year low. With fewer accounting scandals to try to exploit as the basis for securities lawsuits, the plaintiffs’ lawyers (or at least some of them) apparently changed their business model. A small group of plaintiffs’ lawyers now seem increasingly focused on pursuing securities suits filed against companies whose share prices have declined following a significant disruptive event in the company’s operations. These kinds of event-driven lawsuits were a significant factor in the heightened level of securities class action filings in 2018.


Here are just a few of the 2018 event-driven securities class action lawsuit filings: In November, after the devastating California wildfires, plaintiff shareholders filed securities lawsuits against Edison International and, separately, against PG&E after news reports that the company’s facilities may have caused the wildfires; also in November, a plaintiff shareholder filed a securities suit against Boeing after one of its planes was involved in the Lion Air Flight 610 air disaster; in December, one day after Marriott announced a massive data breach involving its Starwood division, a plaintiff shareholder filed a class action lawsuit against the company and certain of its executives.  (The wildfire lawsuits and the data breach lawsuit are discussed further below.)


The events behind these recently filed securities class action lawsuits represent a broad range of circumstances. What these lawsuits have in common is that none of them involve alleged accounting misrepresentations; instead, what they involve significantly negative events arising out of the company’s business operations that caused the company’s share prices to decline.


There are a few other things that these event-driven lawsuits have in common. Among other things, they are almost always filed by the same small group of plaintiffs’ law firms, a group that has been euphemistically referred to as “emerging” firms.


Another thing many of these cases have in common is that while the cases often involve a significant share price decline, the complaints often read more like mismanagement claims rather than claims alleging violations of the securities laws. The typical allegations that the defendant companies misled investors and that the companies acted with scienter often are not, shall we say, overwhelmingly convincing. As Columbia Law School professor John Coffee noted in an article discussing the event-driven securities litigation phenomenon, the plaintiffs’ theory of recovery in these cases is often “strained.”


To be sure, event-driven lawsuits are not always weak. The largest securities class action settlement in 2017, involving the securities lawsuit filed against BP following the Deepwater Horizon disaster, was an event-driven lawsuit. (The case settled for $175 million.) But though there may well be meritorious event-driven securities suits, many of these kinds of lawsuits are less so.


Even if these kinds of lawsuits often may be successfully defended, they still represent a significant problem of companies and their D&O insurers. Even if the suits lack merit, they still have to be defended. Just getting through a motion to dismiss can be expensive. Moreover, there are still going to be some cases that survive the motion to dismiss, and that then will need to be settled. (That is why the plaintiffs file these kinds of lawsuits; file enough of them, and some of them will survive long enough to reach a payday.) Taken collectively, these kinds of lawsuits represent both a frequency problem and a severity problem. Indeed, the increase in the number of these kinds of lawsuits is one of several factors that are eroding D&O insurers’ underwriting results.


The event-driven lawsuits represent a further problem. These cases involved large, unanticipated events. Though these kinds of suits represent a big and growing challenge for D&O insurers, these kinds of risks really are not susceptible to underwriting, at least using the kinds of financial analysis tools on which D&O underwriters rely. D&O underwriters may not be able to protect themselves from these kinds of losses using traditional risk selection and risk segmentation approaches. It may be that the only way D&O insurers can try to protect themselves is price their accounts factoring in the possibility of these unknown risks. However, as discussed below, given the current ample levels of insurance capacity available in the marketplace, the D&O insurers may have relatively little ability to price in an uncertainty cushion.


4. Companies Experiencing Data Breaches Get Hit With Securities Suits

It is not anything new that companies getting hit with data breaches may also have to deal with related D&O litigation. During the time frame 2014 to 2016, there were a number of shareholder derivative lawsuits filed against companies that had experienced data breaches, including, among others, Wyndham Worldwide, Target, and Home Depot. These lawsuits were largely unsuccessful, although the Home Depot case did settle for the defendants’ payment of the plaintiff’s attorneys’ fees while the dismissal was on appeal.


The picture for data breach-related D&O litigation changed this past year. In March 2018, the Yahoo data breach-related securities suit settled for $80 million. The settlement represents the first significant recovery in a data breach-related D&O lawsuit. The Yahoo case may have been somewhat unique, in that the announcement of the data breach caused demonstrable economic harm to Yahoo shareholders after Verizon insisted on renegotiating the price of its pending takeover of Yahoo. Just the same, the settlement represents a milestone because it constitutes the first evidence that plaintiffs’ lawyers might be able to make money on data breach-related D&O lawsuits.


Yahoo’s successor-in-interest Altaba was involved in another legal milestone of sorts in April 2018 when it became the first-ever company to settle a data breach-related SEC enforcement action.  Altaba paid $35 million to settle the enforcement action, relating to Yahoo’s delay in disclosing its massive data breach. The settlement and the agency’s earlier release of updated cybersecurity disclosure guidelines underscore the fact that data breach and cybersecurity disclosures remain a high priority for the SEC.


Whether or not the Yahoo settlement encouraged plaintiffs’ lawyers to pursue more data breach-related cases, there were several more data breach-related securities suits filed as the year progressed. The most notable example is the securities lawsuit filed at the beginning of December against Marriott following the company’s announcement of a massive, multi-year data breach of its Starwood reservation system.


In addition, as discussed here, in October 2018, a plaintiff shareholder filed a data breach-related securities suit against online educational service provider Chegg, Inc. and certain of its executives.  A few days later, a shareholder of China-based hospitality group, Huazhu, filed a securities class action lawsuit against the company and certain of its directors and officers, as discussed here. In October, a plaintiff shareholder also filed a data security lawsuit against Alphabet related to data security issues in connection with the company’s Google+ platform, although that lawsuit did not involve a data breach, as discussed here.


The settlement of the Yahoo securities lawsuit and related SEC enforcement action, along with the SEC’s emphasis on cybersecurity disclosure issues, suggests that data-breach and cybersecurity issues generally will continue to be an area of heightened risk for securities litigation. The several data breach-related securities suits filed during the year underscore this point. The recently filed Marriott litigation shows that these cases can be very serious. It seems likely that there will be further data breach and cybersecurity litigation ahead.


5. Privacy Issues Emerge As Another Area of D&O Exposure

The data breach and cybersecurity issues discussed in the preceding section relate to concerns surrounding the way data is secured. A related but different issue involves privacy concerns – that is, the way company’s use the data they have gathered. The Facebook debacle involving revelations that the company transferred user data to Cambridge Analytica highlights the ways the privacy concerns can lead to D&O litigation. The revelations about the transfer of user data to Cambridge Analytica led to a storm of outrage. In March 2018, the revelations also led to a securities class action lawsuit, in which the claimants allege that Facebook’s investors were misled about the company’s privacy policies and use of user data.


The important thing to note is that Facebook’s user data release to Cambridge Analytica did not involve a data breach. The outrage of consumers, politicians, and others, as well investors’ negative  reaction, involved concerns that the company was insufficiently protective of its users’ private personal data.


The Cambridge Analytica revelations came to light shortly before the EU’s updated General Data Protection Regulation went into effect in May 2018. These sweeping new regulations impose strict privacy protection requirements throughout the EU, and subject violators to stringent penalties. The regulations have a broad scope, applying to companies outside the EU that collect data on citizens within the EU.


Compounding the privacy-related concerns arising from the GDPR, in late June 2018, California enacted its own privacy legislation. The California bill imposes on businesses significant privacy obligations, creates a number of privacy rights, and provides for enforcement both through private right of action and regulatory enforcement. The Act’s passage arguably represents a significant step toward making privacy issues a prominent part of the liability landscape in the months and years ahead. Another related possibility is the prospect of comprehensive federal privacy legislation, a concept that Apple CEO Tim Cook and others have advanced.


The newly effective regulatory enactments ensure that privacy-related issues are going to be a significant business concern. Among other things, even though GDPR has been in effect only a few short months, it is already clear that regulators intend to use the regulations to impose fines on alleged violators.


A further development during 2018 and also involving Facebook suggests that the new regulatory measures could also involve potential liability and litigation concerns as well. In a quarterly earnings release at the end of July, Facebook disappointed analysts by reporting lower than expected earnings growth for the period. Among other things in explaining the results, company officials cited the unexpectedly high costs and complications associated with the company’s GDPR compliance. The announcement was followed by what is the largest single-day drop in shareholder value ever, as Facebook lost nearly $120 billion in market capitalization on the news. Securities class action lawsuits followed shortly behind.


Facebook is not the only company to be hit with a securities lawsuit after announcing unanticipated costs associated with GDPR compliance. In August 2018, investors filed a lawsuit against Nielsen Holdings plc after the media performance ratings company disclosed in its quarterly earnings release that GDPR-related changes affected the company’s growth rate, pressured the company’s partners and clients, and disrupted the company’s advertising “ecosystem.”


These two recent GDPR-related securities lawsuits highlight the ways in which the new regulations and related emerging concerns about privacy issues can give rise to potential liability. Facebook and Nielsen are far from the only companies that are going to struggle complying with the new regulatory privacy requirements. Other potential exposures arise from the possibility of follow-on civil lawsuits arising in the wake of privacy-related regulatory actions.


We are in the early days yet as this issue unfolds, but privacy-related concerns could prove to be a significant area of potential D&O liability exposure. The key here is to understand that this is a potential liability exposure that is separate and distinct from liabilities arising from data breaches and cybersecurity generally. This area of exposure involves the way companies use the data they are collecting from their customers and others. Many companies collect these kinds of data, and the ways the companies use this data are going to be a source of increasing scrutiny – and of potential liability exposure, as well.


6. D&O Lawsuits Continue to Follow Revelations of Sexual Misconduct

Late last year, the #MeToo movement passed its first anniversary. As revelations of sexual misconduct have continued to unfold, the accountability process has come to include not only efforts to hold wrongdoers liable, but also efforts to hold boards and corporate management accountable for permitting the behavior or turning a blind eye. There have now been a number of management liability lawsuits filed in the wake of revelations of sexual misconduct, and continuing revelations suggest there may be more to come.


The first of these recent sexual misconduct-related D&O lawsuits was filed late in 2017 against 21st Century Fox. The shareholder derivative lawsuit alleged that the company and its officials tolerated a long-standing culture of sexual harassment, and that the company continued to turn a blind eye to misconduct by high-profile media personalities, ultimately to the detriment of the company as it was forced to pay huge settlements to victims of the harassment. The derivative lawsuit settled for a payment of $90 million – one of the largest derivative lawsuit settlements ever — funded by the company’s D&O insurers.


There have now been a number of other D&O lawsuits filed against company officials in the wake of allegations of sexual harassment or discrimination. For example, during the course of 2018, a plaintiff shareholder filed a securities class action lawsuit against CBS following revelations of alleged sexual misconduct against the company’s CEO.  Other companies hit with D&O lawsuits during 2018 and arising out of sexual misconduct allegations include Papa John’s International (here); National Beverage Corp. (here); and Wynn Resorts (here). There was even a securities lawsuit filed in December against Teladoc Health based on revelations of an apparently consensual relationship between a male executive and a younger female subordinate (discussed here).


As time has gone by and as further lawsuits have been filed, the nature of the underlying allegations of wrongdoing has started to shift. For example, as discussed here, in August 2018, a Nike shareholder filed a derivative lawsuit against the company’s board, alleging that the board had permitted a “boys’ club” atmosphere in which men advanced but women were held back from advancement and pay increases. The allegations in the Nike lawsuit differ from the sexual misconduct allegations raised in earlier lawsuits.


In the prior cases, the alleged underlying misconduct involved alleged instances of unwanted advances, inappropriate touching, or the use of corporate power to try to extract sexual favors. The allegations at Nike are more in the nature of hostile work environment. In both cases, the women who were the victims were demeaned and disadvantaged; but the allegations at Nike do not turn so much as the other cases on specific allegations of unwanted sexual advances or inappropriate touching.


The fact that the Nike lawsuit arose in the wake of hostile workplace environment allegations suggests that the possibility of these kinds of lawsuits may extend beyond just companies at which executives engaged in unwanted sexual advances and sexual contact. The allegations that the Nike board failed in its oversight duties by permitting pay inequity and inequities in advancement and promotion suggests the possibility that the potential liability exposure could sweep much more broadly.


In any event, it does seem that we are going to continue to see management liability lawsuits arising out of sexual misconduct and disparate treatment. As two commentators put it in a recent guest post on this site, “With the increased focus on sexual harassment in the news, the apparent increased willingness of employees to report such behavior, and a climate where state and local governments are stepping up to support the movement, employers (including directors and officers) and insurers should recognize that an increase in sexual harassment claims and lawsuits may be inevitable.”


7. California Wildfires-Related Litigation Suggest Possible Direction of Future Climate Change-Related D&O Claims

For many years, the possibility of climate change-related D&O claims has hovered on the periphery of the discussion of D&O liability issues. By and large, however, concerns about the issue have not translated into claims. The one notable exception is the securities class action lawsuit investors filed against ExxonMobil and certain of its directors and officers in November 2016. Investors alleged that the company had a far different internal view of the potential impacts on the company’s future ability to realize the full value of its hydrocarbon assets than the one the company communicated publicly. In August 2018, the court denied the defendants’ motion to dismiss the lawsuit, suggesting at a minimum that the ExxonMobil lawsuit will go forward.


Though the ExxonMobil lawsuit has survived the initial pleading hurdles, there have not been other climate change-related cases filed in the U.S. There have been some examples from outside the U.S. where advocacy groups have filed litigation aiming to try to encourage reporting companies to beef up their climate change disclosure. For example, On August 2, 2018, the non-profit legal group Client Earth filed complaints with the U.K. Financial Conduct Authority (FCA) against three different U.K. insurers. The legal group contends that the insurers’ annual reports failed to meet the requirements of the Disclosure Guidance and Transparency Rules due to the absence in the reports of any climate change-related disclosures. A similar action seeking increased climate change-related disclosure was filed in Australia against one of the leading banks. But while these disclosure cases make for interesting discussion points, the fact is that there has not yet been a volume of climate change-related disclosure litigation.


However, a different development during 2018 suggests that climate change-related D&O litigation could develop from a completely different direction. Late last year, just after the devastating California wildfires, two of its leading California electrical utilities were sued in management liability lawsuits. In each case, the utilities’ electrical facilities or operations were alleged to have been involved in starting the wildfires, leaving the companies vulnerable to litigation based upon alleged wrongful deaths or property damage.


For example, in the securities class action lawsuit filed in November 2018 against the utility company Edison International, the plaintiff shareholder alleges that investorswere misled about the company’s fire safety readiness and vulnerability if there were to be a wildfire.


In a separate November 2018 development, a shareholder of PG&E, another California electrical utility, filed a shareholder derivative lawsuit referring to the company’s involvement in a series of wildfires, and alleging that the company had made misrepresentations about its fire safety management and fire readiness. PG&E had actually been the subject of another securities class action lawsuit filed earlier in 2018 relating to the company’s involvement in the 2017 California wildfires.


These lawsuits clearly represent examples of the kinds of event-driven litigation I discussed above. But in addition these cases arguably represent something else; these cases could represent examples of the kind of management liability litigation that could emerge as a result of changes arising from climate change.


In the recent report issued by the federal government’s interagency task force on climate change, among the potential risks the report noted might emerge as climate change progresses is an increase in the frequency and severity of wildfires. The recent lawsuits filed against the California electrical utilities show the kinds of claims that might emerge against company management if indeed wildfires were to become more frequent and more severe. And what is true of wildfires arguably is true of the many other risks that the government report said might arise from climate change.


Companies whose operations will be affected by the changing physical conditions arising from climate change could find themselves the target of claims from investors and other constituencies for failure to anticipate and guard against climate change-related conditions — not just with respect to wildfires alone, but also (for example) relating to coastal flooding, drought, supply chain disruption, political unrest, and the many other kinds of effects and consequences that climate change may cause.


These kinds of lawsuits might not only involve the kinds of underlying problems alleged in the cases involving the California utilities, where operations were affected by climate change-related conditions, but could also relate, for example, to supply chain disruptions; disruptions in supply of key materials or parts; failures to account for changing costs or contingent liabilities; as well as a host of other claims and assertions.


To be sure, climate change has been discussed as a potential source of management liability claims for many years, yet by and large the claims have not really materialized. It may be that the claims may not ever materialize, at least not in volume. But the recent lawsuits filed against the California electrical utilities suggest what the climate change-related D&O claims, if they do ever emerge, might look like.


8. SEC Enforcement Action Rebounds

In the 2017 fiscal year ending September 30, 2017, during the first full reporting year under the current Presidential administration, the SEC’s enforcement activity slumped significantly compared to prior years. Many commentators at the time speculated that the statistics could suggest that the current administration is taking more restrained enforcement approach. However, in November 2018, when the SEC released its enforcement figures for the 2018 fiscal year, the agency’s statistics for the year undercut the prior suggestion that the agency was taking a softer approach.  Both the volume of SEC enforcement activity and the level of financial recoveries increased in the 2018 fiscal year.


Though the SEC Enforcement Division’s co-directors cautioned against putting too much weight on quantitative measurements, the fact is that the enforcement numbers are very closely followed. As the Wall Street Journal noted in its November 3, 2018 article about the agency’s enforcement report, the SEC’s annual enforcement statistics “are a closely watched indicator of its oversight of public companies, financial institutions, and stockbrokers. The figures tend to be used, particularly by Congress, as a barometer of how aggressively the SEC is policing misconduct.”


The agency’s latest enforcement activity report shows that in the 2018 fiscal year, the agency brought 821 enforcement actions, compared to 754 in FY 2017, representing an increase of almost nine percent. Of the 821 enforcement actions in FY 2018, 490 were stand-alone actions, representing an increase of about 10% over the 446 stand-alone actions brought in the prior fiscal year.


A separate analysis of the SEC’s enforcement figures by the NYU Pollack Center for Law & Business and Cornerstone Research also found that SEC enforcement actions specifically against public companies and subsidiaries “jumped substantially” in the second half of FY 2018, reversing a decline in filings that began in the second half of 2017 and continued through the first half of 2018.


The NYU and Cornerstone Research report shows that of the 490 stand-alone enforcement actions the SEC initiated during the 2018 fiscal year, 71 involved new actions against public companies and subsidiaries, representing an increase of nine percent from FY2017. However, the FY2018 increase was largely a reflection of the activity during the second half of FY 2018, during which the agency filed 55 new actions against public companies and subsidiaries. By way of comparison, the two half-year periods preceding the 2H18 each had fewer than 20 public company enforcement actions. The 71 public company enforcement actions during FY2018 were well above the FY 2010- FY 2017 annual average of 58.


The NYU and Cornerstone Research report itself contains no analysis or speculation on why the numbers of public company enforcement actions jumped so significantly in the second half of 2018. The increase in public company enforcement actions mirrors the overall increase in SEC enforcement activity during the year’s second half.


The increased level of activity in FY 2018 presents quite a contrast with the reduced levels of enforcement activity during the 2017 fiscal year. The increase suggests that whatever the overall administrative view may be toward regulatory activity, the approach is not so comprehensive that it precludes an active enforcement approach from the SEC.


The interesting question is whether the heightened level of activity at the end of the 2018 fiscal year will continue during the current fiscal year. Without knowing for sure what caused the surge in the second half of 2018, it is hard to speculate about whether the increase level of activity will continue into the current year.


However, one detail in the SEC’s annual report may provide a glimpse of what we should expect. According to the SEC’s report, as of the end of the 2018 FY, the agency had over 225 cyber-related investigations pending.  This detail might suggest that we will be seeing a significant amount of cyber-related enforcement activity during FY 2019, which could drive the overall enforcement numbers for the fiscal year. In any event, the agency’s filing activity during the second half of 2018 suggests that it would be a mistake to assume that the agency will not be active in pursuing enforcement actions.


9. Social Media Communications Emerge as a Source of Potential D&O Liability

The possibility of a securities class action lawsuit based on alleged misrepresentations made on social media has been around as long as there have been social media. The possibility has been apparent at least since 2013, when Netflix CEO Reed Hastings used his Facebook account to announce that Netflix subscribers had surpassed 1 billion users. That sparked an SEC investigation looking into whether Hastings’ Facebook post violated Reg FD. The SEC ultimately concluded that companies can use social media to announce key information in compliance with Reg FD as long as investors have been told to look there.


The recognition that companies could use social media for company announcements raised the possibility that investors would later claim that a company statement on Twitter, Facebook, or other social media outlet was misleading and should be the basis of liability under the federal securities laws. That possibility became a reality this past August, when a Twitter storm by Tesla’s Chairman and CEO Elon Musk led first to a stock market rally and bust, and then to a group of securities class action lawsuits.


On Tuesday August 7, 2018, Musk set the securities markets and the business pages alight with an extraordinary series of Tweets on his Twitter feed, in which Musk stated, among other things, that he is “considering taking Tesla private” at a price that represented a substantial premium over the current share price; that “funding secured”; “shareholders could either sell to [SIC] sell at 420 or hold shares & go private”; and “Investor support confirmed.”


The company’s share price leapt upwards, to an inter-day high 13% above the prior day’s closing price. The trading volume in Tesla’s share rose to 30 million shares (compared to an average daily trading volume of 8 million), representing over $11 billion of purchases in the open market.


Almost immediately questions arose about the source of the funding Musk referred to, as well as the extent to which the company’s board had considered and approved the supposed take-private transaction. The company’s share price declined and within days investors had filed a series of securities class action lawsuits. Media sources also reported that the SEC was investigating Musk’s tweets and the supposed take-private deal.


The securities class action lawsuits were followed in September 2018 by an SEC securities fraud enforcement action against Tesla and Musk, in which the agency alleged that Musk’s statements in the Tweets were “false and/or misleading” because “he did not have an adequate basis in fact for making these assertions.” Just a few weeks later, the SEC announced that it has reached a settlement with Musk and the company, in which Musk agreed to change his role at the company, and in which Musk and the Company each agreed to pay $20 million, with the $40 million total to be paid to investors under a court-supervised process.


Tesla is far from the only company that uses social media to communicate with the investment community. Most of these corporate communications are entirely benign. However, using social media does involve certain risks. The media’s relative informality compared to traditional corporate communications methods creates the possibility of statements that are insufficiently filtered or reviewed. Musk’s take-private tweets certainly seem to illustrate these risks. Tesla may be the first company to get hit with a securities class action lawsuit based on allegedly misrepresentations made using social media, but it is unlikely to be the last.


The possibility that a company’s (or one of its executive’s) use of social media might give rise to a securities lawsuit is yet another headache for D&O underwriters. Underwriters already are compelled to review all of a public company’s SEC filings and financial statements. As the foregoing sections underscore, underwriters must now also consider, among other things, an applicant company’s data security, privacy protections, vulnerability to climate change, and human resource practices. If that were not enough, now underwriters must also consider a company’s social media approach and even review the social media entries, to consider whether opportunistic plaintiffs’ lawyers might be able to try to allege that a post violated the securities laws.


10. The Current Landscape Creates a Difficult Environment for D&O Insurers

As the above discussion shows, it is a difficult environment for D&O insurers. There are three specific challenges the insurers now face.


First, with the heightened volume of securities class action lawsuits over the last two years, the carriers are now carrying a massive load of unresolved cases. These cases all have to be monitored and administered. But of even more importance, the carriers have to estimate, establish and maintain appropriate reserves for all of these cases, with obvious negative consequences for the insurers’ underwriting results.


Second, many of the current claims trends present particular underwriting challenges for the insurers. In the past, D&O underwriting was focused almost exclusively on reviewing and assessing an applicant’s financial statements. But many of the emerging claims trends do not relate to companies’ financial condition or even financial performance. An applicant company’s potential exposure to claims arising from data breaches, privacy concerns, sexual misconduct allegations, climate change, or social media practices in most instances cannot be discerned from reviewing the company’s financial statements – indeed, those kinds of exposures may not be susceptible to being underwritten at all. At a minimum, the traditional approach to D&O underwriting may no longer be sufficient.


Third, the way D&O insurers would want to try to protect themselves from these emerging risks is by charging a premium sufficient to compensate the insurers for underwriting uncertainty. That is where the insurers face their biggest problem. The fact is that there is still abundant capacity in the D&O insurance marketplace.  The market remains competitive. Insurers’ ability to raise rates (at least without the willingness to risk losing business) is constrained. An insurer’s efforts to try to raise rates may not be supported in the marketplace.


Insurers these days are quite forward in complaining about the pressure they are under. Years of pricing decreases combined with increasing claims volumes, along with deteriorating results in prior underwriting years, present a pretty unattractive equation for the insurers. Many insurers are now saying that they intend to push for rate increases in 2019, particularly for larger market cap public companies and for private companies.


And in fairness to the insurers, there is some evidence to suggest that they did achieve slight rate increases in certain areas in 2018, particularly for smaller market cap public companies. There is also some evidence that with respect to certain difficult classes of business – for example, with respect to California-domiciled companies, life sciences companies, IPO companies – the insurers are achieving greater pricing power, at least with respect to the primary layers of some public company accounts.


Regardless of whether or not the insurers succeed in achieving across the board price increases in 2019, they can be expected to take a more defensive approach in certain situations – for example, with respect to IPO companies and with respect to life sciences companies. As always, companies in poor financial condition will continue to be viewed as distressed risks.


In any event, everyone in the D&O insurance industry – insurers, agents, and buyers – will continue to watch the emerging trends as we head into 2019. Will the elevated levels of securities class action lawsuit filings continue? Will we continue to see data breach D&O lawsuits and lawsuits following on sexual misconduct allegations filed? Will privacy issues emerge as an important source of D&O claims? Will climate change issues emerge as a significant area of management liability exposure? There will be much to watch in the months ahead.


Alternative Top Ten Lists: Over the holidays and in anticipation of this Top Ten post, I published a series of alternative top ten posts, dealing not, as is usually the case with this blog, with insurance or legal topics, but dealing instead with travel topics. Even though the holidays are over, I invite everyone to have a look at the alternative Top Ten Posts, to which I have linked below:

  • Top Ten Places (That You Might Not Think of) to Visit (including Top Ten Urban Hikes), here.
  • Top Ten Top Travel Destinations (including Top Urban Parks), here.
  • Top Ten: London (including Top Pictures of Animals), here.
  • Top Ten: Paris (including Top Pictures of Food), here.
  • Even More Top Ten Travel Lists! (including Top Ten Museums, Top Ten Places to Have a Beer, and Top River Pictures), here.

I had fun putting these lists together (especially the pictures), and I hope everyone will have a look.