The directors’ and officers’ liability environment is always changing, but 2020 was a particularly eventful year, with important consequences for the D&O insurance marketplace. The past year’s many developments also have significant implications for what may lie ahead in 2021 – and possibly for years to come. I have set out below the Top Ten D&O Stories of 2020, with a focus on the future implications. Please note that on Wednesday, January 13, 2021 at 11:00 AM EST, my colleague Marissa Streckfus and I will be conducting a free, hour-long webinar in which we will discuss The Top Ten D&O Stories of 2020. Registration for the webinar can be found here. I hope you will please join us for the webinar.
- Class Action Securities Lawsuit Filings Declined in 2020 After Three Years of Record Filing Levels
The number of securities class action lawsuits filed each year is a particularly closely watched metric in the D&O liability arena, because for most publicly traded companies securities suits are the most significant potential source of D&O liability, and because the number of suits filed directly affects the aggregate claims loss results of the D&O insurance industry. For these reasons, it is noteworthy that the number of federal court securities class action lawsuits filed declined in 2020 compared the most recent preceding years, although the number of 2020 filings was still well above the long-term historical annual averages. The details regarding the 2020 filings, summarized below, are examined in my recent annual federal court securities class action filings report, here.
There were 324 federal court securities class action lawsuits filed in 2020, representing just under a 20% decline from the 402 federal securities class action lawsuits in 2019. Though the number of federal court securities suits filed in 2020 was below the totals for each of the three years 2017 to 2019, the number of 2020 filings was still well above the 1997-2018 annual average of 215 filings. Indeed, the 322 filings during 2020 exceeded the annual number of filings in every year during the period 2002-2016. (Please note that these filing figures represent federal court filings only; the figures do not include separate state court class action lawsuit filings.)
Two factors contributed to the relative decline in the number of federal court securities lawsuit filings in 2020: first, there were two filing lulls during 2020, one in the second quarter and one in the fourth quarter. Thus, there were 43 federal court securities class action lawsuits filed in April, but only 16 in May and 24 in June. Similarly, there were 42 federal securities suits filed in September, but only 21 in October, 11 in November, and 18 in December. Although the cause of these lulls is not entirely clear, the likeliest explanation is disruption from the pandemic. Another factor in the 2020 filing decline was the reduced number of merger objection lawsuits filed during the year, due in part to reduced merger activity levels in the year’s first half and due in part to the fact that the plaintiffs’ lawyers increasingly are filing merger objection suits as individual actions rather than as class actions.
Three factors contributed to keeping the filing levels in 2020 above long-term historical annual averages. First, as discussed in the next section below, there were nearly two dozen coronavirus-related securities class action lawsuits filed in 2020. Second, on a single day in April, a plaintiffs’ law firm filed eleven securities class action lawsuits against cryptocurrency companies. And third, there was a surge during 2020 of federal court securities lawsuits filed against non-U.S. U.S.-listed companies. Of the 324 federal court securities class action lawsuits filed in 2020, 88 were filed against non-U.S. companies, representing about 27.1% of all 2020 federal court securities class action filings. By way of comparison, in 2019 there were 62 federal court securities suits against non-U.S. companies, representing about 15% of all federal court securities suit filings in 2019.
The 2020 federal court securities lawsuit filings hit companies in a wide variety of industries. The companies named as defendants in 2020 federal court securities suits represented 125 different Standard Industrial Classification codes. The industrial sectors hit the most frequently were the life sciences and high technology sectors. 67 companies with life sciences SIC Codes were hit with federal court securities suits in 2020, representing about 21% of all federal court securities suits in 2020. There were also 25 federal court securities lawsuits filed in 2020 against companies with the most frequently targeted high-tech industry SIC Codes, representing about 7.7% of all securities suits in 2020. The suits filed against life sciences and high-tech companies taken together represented about 28.5% of all 2020 federal court securities class action lawsuits.
While the number of lawsuits filed each year is of significant interest to companies, insurers, and other observers, the rate of litigation (that is, number of lawsuits relative to the number of listed companies) arguably is of much greater significance. As the number of lawsuits has increased in recent years and the total number of listed companies has declined, the litigation rate has been going up, especially compared to long-term trends.
As detailed in my recent annual report on 2020 securities class action filing activity, the litigation rate during 2020 taking into account all securities lawsuits including merger objection lawsuits was 6.99%, meaning that the chances of a U.S. listed company getting hit with a securities suit during 2020 was better than one in twenty. If the merger objection lawsuits are disregarded, the litigation rate translates to about 4.7%, which although below the record-level litigation rates during the period 2017 -2019 is still well above the 1996-2018 annual litigation rate of 3.0%.
The decline in the number of federal court securities class action lawsuits in 2020 relative to the annual filing figures for the years 2017 to 2019 is interesting, but it is hard to know what to make of the two lulls during 2020 that account for the filing drop off. The pandemic seems like the likely explanation for the lulls, but that answer seems less convincing for the lull during the fourth quarter. It is also hard to know what the lulls imply as far as future filing patterns as we head into 2021, as well. The fact that filings in all three months in the year’s final quarter were off the pace raises the question of what we might expect going forward. At this point, it is simply not possible to tell if the lulls – particularly the fourth quarter lull – were simply short-term artifacts of the pandemic, or if they represent longer-term filing trends that will affect filing levels going forward. My own view is that they are simply short-term patterns that suggest nothing in particular about likely filing patterns in the months ahead, but only time will tell if that is right or not.
Although some D&O insurance industry observers may hope that the relative drop off in federal court securities lawsuit filings last year should lead to a decline in pricing for D&O insurance for U.S.-listed public companies, the drop was not steep enough and has not lasted long enough to offset the extensive backlog of securities lawsuits that the D&O insurers are facing after years of record levels of securities class action lawsuit filings – although, as discussed further in the final section below, there may be other factors, such as new market entrants, increased insurance capital, and increased competition that could otherwise counter the increases that most D&O insurance buyers have faced since late 2018.
- The Coronavirus Outbreak Contributed to a Rash of Coronavirus Securities Suits and Other Claims
The most significant development during 2020 was the outbreak and spread of COVID-19. The coronavirus outbreak affected just about every aspect of the economy and had a significant impact in the D&O claims arena as well. Earlier this year, when the scale and potential impact of the coronavirus outbreak began to become apparent, many observers and commentators predicted that we could see a significant wave of COVID-19-related D&O claims. There have in fact been a significant number of COVID-19 related securities class action lawsuits filed so far, as well as several other types of pandemic-related D&O claims. However, the level of COVID-19-related D&O litigation, while not insubstantial, did not involve nearly the level of activity that some commentators had anticipated.
By my count, there were a total of 23 COVID-19-related securities lawsuit filed during 2020 – although over the course of the year disagreements emerged among observers about whether various lawsuits are or are not in fact pandemic-related. My tally of the COVID-19 suits differs from that of other publicly available sources, such as, for example, the Stanford Law School Securities Class Action Clearinghouse (whose tally can be found here).
Regardless of how they are counted, the coronavirus-related securities lawsuits tended to fall into one of three categories: first, the lawsuit filed against companies that experienced coronavirus outbreaks within company facilities (such as cruise ship lines and private prison systems); second, companies that had sought to tout their ability to profit from the coronavirus outbreak (such as vaccine developers, diagnostic testing services, manufacturers of personal protective equipment, and online education firms); and third, companies that experienced downturns in their operations or financial results due to the pandemic (for example, Hotel REITs and residential real estate development firms).
While there were nearly two dozen coronavirus-related securities suits filed during the year, it is worth noting that the filing pace on these kinds of lawsuits slowed as the year progressed. Most of these lawsuits were filed earlier on this year; in recent months, relatively few were filed. None at all were filed in September, and only one each was filed during in October, November, and December.
In addition to the securities class action lawsuits, there were other types of COVID-19-related D&O claims filed, including several shareholder derivative lawsuits and a small number of SEC enforcement actions. All of the companies hit with derivative suits are also involved in parallel securities litigation involving substantially the same allegations.
A total of 23 securities suits represents a substantial litigation phenomenon, and the coronavirus-related litigation was a significant contributing factor to the overall level of securities litigation filing activity in 2020. However, in the context of annual filing totals of several hundred lawsuits a year, a tally of 23 lawsuits over the course of nine months is a relatively modest number. There has not, at least so far, been anything that could be described as a wave of coronavirus-related litigation, particularly by contrast to the level of litigation that followed the global financial crisis more than a decade ago.
A couple of litigation developments relatively later in the year may suggest possible directions for future pandemic-related litigation. First, among the handful of COVID-19-related SEC enforcement actions filed this past year, one stands out. Five of the six enforcement actions involve smaller life sciences-related companies that made optimistic statements about the companies’ ability to profit from the pandemic. The sixth case, however, was different. It involved the pandemic-related disclosures of the restaurant chain Cheesecake Factory.
As discussed here, in December 2020, the SEC brought a settled enforcement action alleging the restaurant company made misrepresentations about the impact of the coronavirus outbreak on the company’s operations and financial results. Although the action settled for a modest $125,000 payment, the agency’s action nevertheless reinforced several interrelated messages: when companies are disclosing the impact of the coronavirus on company finances and operations, they have to be accurate; the disclosures have to be tailored to the specific company and industry involved; and if the statements are not accurate and company-specific, the agency will hold companies accountable. As the coronavirus crisis continues to evolve, company disclosures about the pandemic’s impact on operations and finances are likely to continue to face scrutiny, both from regulators and from private civil litigants.
A securities class action lawsuit filed in December provides one further signal about possible future coronavirus-related litigation. As discussed here, the lawsuit filed on December 17, 2020 in the Central District of California against Canadian diagnostic testing company Sona Nanotech involves statements the company made about its supposed ability to obtain accelerated regulatory approvals for its antigen diagnostic test. Regulators ultimately found that the company’s test did not qualify for accelerated approval. The key point here is that the complaint in the lawsuit relies on a series of statements the company made between early July and late November. That is, by contrast to many of the other pandemic-related securities suits, which were filed in reliance on alleged company statements made at or about the time of the pandemic’s initial U.S. outbreak in March and April, the lawsuit against Sona Nanotech was filed in reliance on company statements allegedly made later in the year.
The Cheesecake Factory enforcement action and the Sona Nanotech securities suit together suggest that possible future coronavirus-related securities claims and other actions may and likely will involve alleged misrepresentations made later in the pandemic event cycle, and may well involve statements about the pandemic’s impact on company operations and finances rather than about the company’s ability to profit from the pandemic. Claims based on these kinds of statements will likely increase as the pandemic’s public health crisis phases continues, putting further pressure on already stretched companies.
- The Racial Justice Movement Pushed Board Diversity to the Top of the Corporate Agenda
The biggest story of 2020 other than the pandemic was the rise of the racial justice movement and protests that followed in the wake of the May 2020 death of George Floyd. In response to the protests and social unrest, there was a renewed focus on equality and diversity issues. Among many other things, investors and activists raised concerns about the lack of racial diversity on corporate boards. During 2020, these concerns translated both into legislative initiatives and self-regulatory organization rulemaking, as well as litigation directed at companies lacking board diversity.
Perhaps the most significant development relating to board diversity in 2020 was the California legislature’s passage of A.B. 979, which requires that no later than the end of 2021 the approximately 625 companies with securities listed on U.S. exchanges and headquartered in California must have a minimum of one director from an “underrepresented community.” The Act’s requirements would apply regardless of where a company is incorporated. (A California taxpayer has filed a lawsuit challenging the legislation.)
The statute defines “underrepresented community” to mean a director who self-identifies as Black, African American, Hispanic, Latino, Asian, Pacific Islander, Native American, Native Hawaiian, Alaska Native, gay, lesbian, bisexual or transgender. A corporation may increase the number of directors on its board to comply with the new law.
The statute provides further that by the end of 2022, a corporation with more than four but fewer than nine directors will be required to have a minimum of two directors from underrepresented communities, and a corporation with nine or more directors will need to have a minimum of three directors from underrepresented communities.
The law also authorizes the Secretary of State to impose fines for violations of the statute’s requirements, $100,000 for the first violation, and $300,000 for each subsequent violation. Failure to timely file board member information with the Secretary of State is also subject to a $100,000 fine.
The board diversity initiative was further boosted in early December when, as discussed here, Nasdaq filed a proposed guidelines with the SEC that would require Nasdaq-listed companies to disclose whether the companies meet Nasdaq-specified board diversity requirements. If approved, the new listing rules would require companies to have at least one female director and one director who is a racial minority or who self-identifies as LGBTQ+, or to provide an explanation why they do not. The racial minority requirement relates to persons who self-identify as Black or African American, Hispanic or Latinx, Asian, Native American or Alaska Native, Native Hawaiian or Pacific Islander, or who self-identify as lesbian, gay, bisexual, transgender or queer.
All Nasdaq-listed companies would be required to publicly disclose board-level diversity statistics through the Nasdaq disclosure framework within one year of the SEC’s approval of the listing rule. The timeframe for compliance with the board composition requirements depends on each company’s listing tier. All companies are expected to have at least one diverse director within two years of the SEC’s listing rule, or to provide an explanation why they do not. Companies listed on the Nasdaq Global Select Market and Nasdaq global market will be expected to have two diverse directors within four years of SEC approval of the proposed rules, or to provide an explanation why they do not. Companies listed on the Nasdaq Capital Market will be expected to have two diverse directors within five years of the SEC’s approval, or to provide an explanation why they do not.
in addition to these legislative and market oversight efforts, activist investors seeking to advance board diversity launched a series of shareholder derivative lawsuits during 2020 against the directors of several companies, accusing the boards of violating their legal duties by failing to diversify the company’s board and otherwise failing to address diversity and equality issues. These lawsuits also allege that the boards misled investors about their companies’ diversity and inclusion practices. The lawsuits typically seek a variety of remedial measures, including the addition of African American directors to the companies’ boards; the creation of a fund to promote diversity and inclusion in the defendant company’s workforce; the setting of minority hiring goals, with executive compensation tied to achievement of the objectives; and institution of periodic board diversity training.
There were eight of these board diversity lawsuits filed during 2020. Most of the lawsuits were filed against technology companies based in California (such as Oracle, Qualcomm, and Facebook), although there were also lawsuits filed involving non-technology companies and companies located outside California as well (such as Danaher Corporation). The last of these eight lawsuits, which was filed against Cisco Systems, was filed on September 25, 2020, just days before California Governor Gavin Newsom signed AB 979 into law. The enactment of the California legislation seems to have interrupted the filings of the lawsuits, perhaps because the new statute requires at least part of the relief the claimants sought in filing the suits.
All of these various initiatives — including the litigation – arise out of the current heightened focus on racial justice issues, which casts a harsh light on the lack of African-Americans in corporate leadership and puts pressure on companies and other organizations to take remedial steps, even those not based in California or subject to the Nasdaq listing requirements. These developments show how the current racial justice movement in the U.S. not only has important implications for the social and political context for businesses in this country, but also creates dynamics – including the threat of litigation—that put pressure on businesses to reexamine past practices. At a minimum, the lawsuits demonstrate that among other things lack of board diversity may represent a D&O claim risk.
- After the Presidential Election, A Change in Administration is Coming
As a result the December 14, 2020 electoral college vote, the election of Joe Biden as the next President of the United States was officially confirmed. The outcome of the 2020 Presidential election means that following Biden’s January 20, 2021 inauguration, a new Presidential administration will be taking over. The change in administration will have many implications, including among many others things important implications for D&O claims. The likelihood is that we will see a more active SEC enforcement division and a shift back toward a more active regulatory approach. There may well be other important D&O claims implications, as well.
The changes at the Commission will start at the top. Former SEC Chair Jay Clayton’s term ran until June 2021, but shortly after the election Clayton announced that he would step down before year end. In a letter of resignation published on the SEC’s website, Clayton reported that December 23, 2020 would be his last day at the agency.
President-Elect Biden has yet to announce his nominee to replace Clayton but the likelihood is that a new Democratically-appointed Chair likely would join with incumbent Democratic Commissioners Allison Herren Lee and Caroline Crenshaw (who took office in 2019 and 2020, respectively) to alter the course the Commission followed under Clayton. A November 7, 2020 Bloomberg article (here) suggests that the new Democratic majority would likely “launch an active rulemaking agenda, roll back Trump-era regulations, and step up its enforcement and inspections program.”
The Bloomberg article notes that under Clayton the agency’s Enforcement Division “brought fewer cases than under the leadership of his predecessor Mary Jo White, with a lower number of cases brought against public companies or large Wall Street firms.” A November 23, 2020 Law360 article (here) quotes one commentator as saying, “You are likely to see a more aggressive enforcement approach under Biden, one that would likely be more willing to litigate aggressively against larger financial institutions.”
To the extent it may provide some useful perspective on what to expect from a Biden administration, it may be worth noting that the Obama administration ramped up SEC enforcement after it took over in 2009, and, following a reorganization of the Enforcement Division in 2010, the SEC brought a record number of enforcement actions in 2011 and 2012 – even though, as the Law360 article notes, the administration was criticized for not pursuing top Wall Street executives in the wake of the global financial crisis.
There may also be a change of enforcement focus under the Biden administration. As the Law360 article notes, under Clayton “the SEC’s enforcement division has primarily focused on the actions of investment advisers and scheme that target retail investors.” The Law360 article quotes a commentator as suggesting that under Biden, the Enforcement Division is likelier to have more of a focus on Wall Street, with an increase in investigations “especially of large publicly traded companies and a higher focus on insider trading.” The Bloomberg article adds that the COVID-19 pandemic “will almost certainly prompt extensive SEC investigative and enforcement actions, particularly with respect to health care and pharmaceutical issuers and profiteers pedaling bogus investments.”
From a regulatory standpoint, it seems likely that the Biden administration would roll back the deregulatory approach pursued during the Trump administration. Among other things, the Bloomberg article suggests, the Commission’s recent changes to proxy advisor rules and changes to shareholder proposal rules could be candidates for reversal.
The Bloomberg article also suggests that ESG-related issues could take a top priority. The article suggests that we should “expect a heightened focus on ESG and a top place on the Commission’s rulemaking to-do list at the outset of a Biden administration.” The article also suggests that the agency could also “amend Regulation S-K to require specific disclosures relevant to investors seeking out accurate, comparable, and actionable information for use in their analyses.”
Among other concerns, climate change-related disclosure may well be one of the Commission’s priorities. As discussed at length here, incumbent Commissioner Allison Herren Lee delivered a November 5, 2020 speech in which she warned that climate change represents a “systemic risk” to “markets, the financial system, and our economy.” After noting that climate change presents an even greater risk of “grave human and economic costs” than we experienced in the pandemic — and urging that we should learn the lessons that the pandemic presents — she called for a coordinated effort to create uniform climate change reporting and disclosure standards to ensure that investors and markets are better informed about the risks that climate change represents. Once the new SEC Chair is in place, Lee will be among the Commission’s Democratic majority, and in a position to try to drive her climate change disclosure agenda.
Another possible target for the Commission on the ESG agenda could be the board diversity issues discussed in the preceding section. While there have been significant recent developments on the board diversity front, there is still room for SEC action on these issues. Indeed, when Nasdaq announced the board diversity initiative described above, its press release quoted a statement from Nasdaq’s CEO saying that the “ideal outcome” would be for the SEC to set out its own board diversity compliance and disclosure requirements, since an SEC rule would be applicable to all companies. It may be that a Biden administration, eager to show its commitment to the minority communities that supported Biden’s election, will want to take up this challenge to try to further advance the board diversity initiative through SEC action.
The SEC is of course not the only agency whose changes under the Biden administration could have an impact on companies and their directors and officers. For example, changes at the U.S. Department of Justice could also have significant implications. To be sure, there are certain priorities that are unlikely to change. For example, the incoming administration seems likely to continue to advance cross-border enforcement cooperation, particularly with respect to corruption investigations and prosecutions. Other areas, such as immigration enforcement, may be de-emphasized, while yet other areas may be re-prioritized; for example, the DOJ’s civil rights division, nearly moribund for the last four years, may be re-activated. Other areas where increased activity seems likely is with respect to environmental enforcement and federal procurement fraud.
Biden will also have the power to make judicial appointments, which is of course significant. However, during his administration President Trump made so many judicial appointments – including but not limited to three appointments to the U.S. Supreme Court – that his selections will continue to shape the judiciary for many years to come. During his four years, Trump appointed 174, or roughly 25%, of the 677 federal district court judges. Over the course of his administration Biden’s appointments will begin to have an impact but it will be many years before the overall composition of the judiciary considered in the aggregate will change.
- SPAC IPO Activity Surged in 2020 and Securities Litigation Filing Activity Followed
2020 has been called “the year of the SPAC.” (2020 has been called a lot of other things as well, but for purposes of this post, I will discuss only the SPAC-related issues.) The reason for the fanfare about Special Purpose Acquisition Companies (SPACs) is that during 2020 there was a wave of SPAC offerings, raising tens of billions of dollars of capital. While the rush to conduct SPAC offerings this past year at times felt like a stampede, observers, commentators and regulators have already started raising questions about at least some SPAC transactions. As discussed below, there has been several recent lawsuits involving SPACs, and regulators have made it clear that they are concerned about some features of some SPAC transactions. These recent developments suggest that there could be trouble ahead for SPACs.
A SPAC is a “Special Purpose Acquisition Company,” an entity with no commercial operations formed for purposes of raising capital to be used to acquire an existing business. SPACs are formed by “sponsors,” often seasoned company managers with expertise in a specific industry or business sector. The SPAC raises the capital to make the acquisition by floating shares in the SPAC on a securities exchange through an initial public offering (IPO). Investors in the SPAC may not know, and usually don’t know, the identity of the company to be purchased, and that is why SPACs are sometimes referred to as “blank check companies.” The SPAC usually has two years to make an acquisition. If the SPAC does not complete a transaction in two years, the funds are to be returned to investors.
SPACs usually acquire privately held companies as part of a reverse merger, with the idea that the existing operating company would be the surviving entity, as a result of which that the previously private company becomes a publicly traded company through the transaction (often referred to as a “de-SPAC” transaction).
According to SPACInsider (here), there were 248 SPAC during 2020, raising total gross proceeds of over $82.8 billion. There was a total of 480 IPOs overall during 2020, meaning that the SPAC IPOs represented over half (51.6%) of all IPOs this past year. The 2020 SPAC IPO activity far exceeded the equivalent activity in any prior year; for example, there were only 59 SPAC IPOs during 2019 (the most in any prior year), and only 46 the year before that.
The sheer level of SPAC-related activity was bound to attract the interest of regulators. A September 24, 2020 Wall Street Journal article entitled “Blank-Check Firms Offering IPO Alternative Are Under Regulator Scrutiny” (here), reported that in televised remarks then-SEC Chair Jay Clayton said that the SEC is, according to the article, “examining how sponsors of blank-check companies disclose their ownership and how any compensation is tied to an acquisition.”
The article quotes Clayton as saying “One of the areas in the SPAC space I’m particularly focused on, and my colleagues are focused on, is the incentives and compensation to the SPAC sponsors.” The article quotes him as saying further, “How much of the equity do they have now? How much of the equity do they have at the time of the IPO-like transaction? What are their incentives?”
These questions and concerns culminated just before Christmas in the SEC’s Division of Corporate Finance’s release of disclosure guidance for SPACs, directing these companies to provide more detailed disclosures regarding potential conflicts of interests and other information, such as compensation incentives for SPAC sponsors.
In addition to the increased regulatory interest and scrutiny, some SPAC companies have begun to attract the interest of plaintiffs’ securities attorneys, particularly with respect to the de-SPAC transaction. For starters, in connection with a planned transaction, the SPAC must release a proxy document in order to support the vote of the SPAC shareholders in connection with the proposed transaction. Plaintiffs’ lawyers can and often do file the typical merger objection lawsuit under Section 14(a) in connection with the proposed transaction. (For a recent example of one of these merger objection lawsuits in connection with a proposed de-SPAC transaction, refer to the December 3, 2020 complaint filed in Schuman v. Hennessey Capital Acquisition, here.)
The litigation risk continues after the SPAC has completed the de-SPAC transaction. One recent high-profile example of a post de-SPAC transaction lawsuit in which former officers of the SPAC were named as defendants is the securities suit filed against electric vehicle company Nikola, which was a private company when it was acquired by a publicly traded SPAC in June 2020. The September 2020 lawsuit names as defendants not only directors and officers of Nikola itself but also former officers of the SPAC. The complaint quotes extensively from the SPAC’s pre-acquisition disclosures. The complaint alleges that the defendants violated Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 and Rule 10b-5 thereunder.
In addition to the lawsuit against Nikola, as discussed here, a plaintiff shareholder also filed a securities suit in December 2020 against online trade financing firm Triterras, which had been formed when its private company predecessor company was acquired in November 2020 by a publicly-traded SPAC. The lawsuit arose after the company announced that one of its key online trading platform partners was at risk of bankruptcy. The lawsuit named as defendants not only the Triterras and its CEO but also the former President of the SPAC that acquired the predecessor private firm.
One thing that is particularly important to note about the litigation discussed above is that in both of the types of D&O litigation described – that is, both the litigation raising objections in connection with the planned de-SPAC transaction and the litigation raising concerns about the post-transaction activities of the ongoing operating company – the lawsuits named as defendants executives from the SPAC company itself.
These regulatory and litigation developments have caught the attention of D&O insurance underwriters. The SPAC sector has always been somewhat of a specialized D&O insurance arena, with very few insurers willing to write the primary D&O insurance for SPAC companies. The recent developments have roiled this already limited marketplace. Over a very short time frame in the second half of 2020, the pricing for D&O insurance for SPAC companies — particularly the pricing for primary D&O insurance — shot up significantly, even by comparison to the already elevated pricing that was available for SPAC companies as recently as at the end of the summer. The insurers willing to write primary for SPAC companies also have signaled that they intend to reduce their limits exposed to any one company; for example, insurers that might have been willing to write a $10 million primary limit are now only willing to write $5 million.
As often happens when the D&O insurance industry responds to adverse developments, the insurers are sweeping with a very broad brush. The significant price increases and reductions in capacity are even being applied to SPAC transactions with experienced, seasoned management teams and focused acquisition plans and with transparent disclosures about sponsors’ arrangements within the SPAC and in connection with any SPAC acquisition transaction.
The interesting thing is that even as some questions have begun to be asked, and even as lawsuits have been filed and regulators have raised questions, the current wave of SPAC offerings – at least for now – seems poised to continue, at least for the foreseeable future.
With all of that SPAC IPO activity in 2020, and with further SPAC IPO activity ahead in 2021, there are going to be a ton of de-SPAC transactions coming down the pike for the foreseeable future. Many of the SPAC transactions will be successful. However, some will not. Some of the acquired companies will stumble or hit an obstacle after the de-SPAC transactions, and in some instances litigation will ensure. Many of these lawsuits will involve former directors or officers of the SPAC as defendants.
With all of the SPAC funding chasing promising private companies to acquire, it is entirely possible that the best deals have already been done or that after a while the best private companies will have been acquired. The risk is that the SPAC dollars might start chasing less promising options, which would increase the possibility that some acquired companies might stumble as post-transaction public companies.
All of these factors suggest that there could be more litigation in 2021 involving SPACs and the companies that are acquired by SPACs.
- State Courts Uphold Federal Forum Provisions Intended to Address the Cyan Problem
In March 2018, the United States Supreme Court held in Cyan, Inc. v. Beaver County Employees Retirement Fund that state courts retain concurrent jurisdiction for liability actions under the Securities Act of 1933. Following Cyan, there was a proliferation of state court securities suits, often parallel to and duplicative of federal court lawsuits based on the same essential allegations. There are no procedures to consolidate these parallel state court and federal court lawsuits. As a result, companies conducting IPOs and follow-on securities offerings face the possibility of having to fight a multi-front war in the event of securities litigation relating to their securities offerings.
In response to these concerns, a number of companies adopted charter provisions specifying that ’33 Act liability actions against the company must be brought in federal court. During 2020, a series of state court rulings upheld the validity and enforceability of these federal forum provisions (FFP).
In March 2020, the Delaware Supreme Court held in Sciabacucchi v. Salzburg that federal forum provisions are facially valid under Delaware law. Even after the Sciabacucchi decision, the question remained whether the courts of other states would find FFP to be valid and enforceable.
In separate rulings during the second half of the year, three different California courts held that FFP in the charters of three state court securities lawsuit defendants were valid and enforceable. First, in September 2020, a California court in the Restoration Robotics case held an FFP to be valid and enforceable and granted the motion of the defendants to dismiss the state court action. Second, as discussed here, in November 2020, a California Court in the Uber case also held an FFP in the company’s corporate charter to be valid and enforceable and granted the defendants’ motion to dismiss. In December 2020, as discussed here, a California state court judge held the FFP in Dropbox’s corporate bylaws to be valid and enforceable and dismissed the state court action.
(Although little noted, there was actually a fourth California ruling in December; days after the Dropbox ruling, the same judge who granted the motion to dismiss in Dropbox separately granted the motion to dismiss in the separate securities class action lawsuit against Sonim Technologies, Inc. Her order in the Sonim Technologies was entered in reliance upon and incorporated by reference her prior opinion in the Dropbox case.)
Among other things, the various California state court rulings suggest that a broad consensus is emerging in California courts to enforce federal forum provisions. The rulings suggest that Delaware corporations doing business in California and sued in California state court can rely on FFP to try to avoid the risk of facing parallel state and federal court litigation under the ’33 Act. However, while these decisions represent important milestones, they unfortunately do not mean that the Cyan problem has been put to rest.
For companies incorporated under the laws of states other than Delaware, the question of the validity and enforceability of FFP remains. While most U.S. public companies are incorporated in Delaware, many are not. Many tech companies are incorporated in Nevada; most REITs are incorporated in Maryland; many financial services companies are incorporated under the laws of New York. Then there are the many U.S.-listed non-U.S. companies that are not organized under the laws of any state, but that instead are domiciled in their home countries. For these companies and the many others organized under the laws of jurisdictions other than Delaware, the validity and enforceability of FFP in their corporate documents remains uncertain.
By the same token, even with respect to Delaware corporations, while there is an emerging consensus among California courts that FFP are enforceable under California law, it is not yet clear whether the courts of other jurisdictions will find FFP to be valid and enforceable under their respective law. Indeed, even saying there is a consensus in California might be overstating the matter, since all three of the decisions so far are only trial court rulings, lacking any precedential authority. The rulings are also subject to appeal; the intermediate appellate courts may have more to say on this topic, and indeed the California Supreme Court may ultimately have the final word.
One further potential remaining set of issues out there that may yet need to be resolved is the question of the constitutionality of the FFP. In both the Restoration Robotics and the Uber decision, the courts declined to reach the respective plaintiffs’ arguments that the provisions violate Commerce Clause and the Supremacy Clause of the U.S. Constitution. In the Dropbox case, the court did not decline to reach these issues but instead ruled that the plaintiff had failed to prove a constitutional violation. The court’s analysis of these issues in the Dropbox case is rather cursory. Claimants in other courts may continue to seek to press the constitutional issues, which at least to this point have not yet been addressed in any depth by any of the courts to take up these issues.
Eventually all of these remaining concerns and issues might be addressed, but even then it will only be after pain-staking, time-consuming, piecemeal process. Given these concerns, the preferred solution to address the Cyan problem – even after the various California state court rulings — is Congressional action. It would be a very simple matter for Congress to amend Section 22 of the ’33 Act to eliminate concurrent jurisdiction and to put an end to wasteful, inefficient parallel litigation. However, given the current division and distraction within Congress, not to mention the upcoming change in administration, Congressional action on this issue seems unlikely anytime soon. For that reason, all companies but particularly companies contemplating an IPO would be well-advised to adopt a federal forum provision.
- Privacy-Related D&O Exposures Continue to Expand
As reflected in such recent legislative and regulatory initiatives as the EU’s General Data Protection Regulation and the California Consumer Privacy Act, privacy issues represent an increasingly high-profile and high-priority concern. Privacy issues have already been and are likely to continue to be a source of D&O claims as well. And the range of issues encompassed under the heading of privacy continues to expand, even further increasing the possibility for future D&O related litigation involving privacy concerns.
A recent example of D&O lawsuit arising out of privacy issues involves the Internet video teleconferencing company, Zoom. Zoom of course has seen its fortunes enhanced by the pandemic, as digital video calls have proliferated the wake of office closures. However, Zoom also experienced a host of privacy issues as intruders managed to infiltrate a number of Zoom calls. In April 2020, Zoom was hit with a securities class action lawsuit based on allegations that the surge in Zoom platform usage following the coronavirus outbreak allegedly “revealed” allegedly undisclosed weaknesses in the company’s platform’s security, and that the company’s platform had privacy and security weaknesses that were contrary to the company’s alleged representations.
Another significant source of corporate liability risk arising from privacy concerns involves the Illinois Biometric Information Privacy Act (BIPA). BIPA provides for a private right of action and as a result it has proven to be a frequent source of claims, including class action claims. (Refer here for more detailed background regarding BIPA.) The threatening potential of BIPA claims was dramatically reinforced in July 2020 when Facebook agreed to settle BIPA claims related to the company’s use of facial recognition technology for $650 million. (The company had initially agreed to pay $550 million, but the trial court judge presiding over the case rejected the initial settlement proposal as too low.)
Biometric privacy issues are likely to remain a significant concern and an important corporate risk exposure going forward, for the very basic reason that the breach or disclosure of biometric data cannot be as easily remedied as are other types of data breaches; for example, while a consumer whose credit card data is breached can cancel the old card and get a new one, individuals whose biometric data is compromised cannot change their biometric data.
Beyond biometric data concerns, the range of issues encompassed within privacy concerns is likely to continue to expand. For example, on September 1, 2020, the California legislature passed a bill protecting the privacy of consumers’ genetic data. Though California Governor Gavin Newsom vetoed the bill on September 25, 2020, the California legislatures concerns about genetic data security represents a privacy-related issue that likely will continue to be the source of attention and scrutiny.
In addition to biometric and genetic data privacy issues, geolocation data is likely to be another source of privacy concern. Consumers are understandably concerned about having their movements and location surveilled and monitored. There have been a number of legislative efforts in the past to try to protect geolocation data (refer, for example, here). The gathering and use of geolocation data in connection with pandemic contact tracing has also raised concerns about potential litigation and liability risks.
The increasing numbers of data privacy laws and regulations may not always directly present a risk of D&O claims, but there is a risk of claims following on in the wake of a regulatory or governmental enforcement action (just as there have long been follow-on civil actions filed in the wake of anti-corruption investigations and enforcement actions). As the range of concerns encompassed under the heading of privacy expands, so too does the possibility of data privacy-related D&O claims.
- Cybersecurity Remains a Serious Operational Concern and Potential Source of D&O Liability
The revelation in December that state actors (believed to be agents of the Russian government) breached the networks of several U.S. government agencies as well as of numerous business organizations in what has been described as one of the “most sophisticated and perhaps largest hacks” in years underscores the fact that cybersecurity remains a critical operational concern for organizations of every type. Cybersecurity concerns not only represent a significant operational risk, they also represent a potential source of D&O claims.
The possibility that companies experiencing data breaches might get hit with a securities class action lawsuit is nothing new. Indeed, during 2020, Equifax agreed to pay $149 million to settle the securities class action lawsuit filed against the company relating to the massive data breach the company announced in September 2017. The Equifax settlement is only one of several high-profile securities class action lawsuit settlements involving companies that sustained significant breaches of the networks or information technology systems.
The most recent D&O claim to be filed against a company that had experienced a significant data breach is the October 2020 securities class action lawsuit a plaintiff shareholder filed a securities suit against title insurance and insurance services company First American Financial Corp., which experienced a significant cybersecurity incident first reported in May 2019.
The securities lawsuit complaint alleges that the defendants made false or misleading statements and failed to disclose that “(1) the Company failed to implement basic security standards to protect is customers’ sensitive personal information and data; (2) the Company faced a heightened risk of cybersecurity failure due to its automation and efficiency initiatives; and (3) as a result, Defendants’ public statements were materially false and misleading at all relevant times.”
In addition to securities class action lawsuits, companies experiencing a cybersecurity incident also face the risk of shareholder derivative litigation. An example of a cybersecurity-related derivative lawsuit is the suit filed in April 2020 against Laboratory Corporation of America in connection with two different cybersecurity-related incidents involving the company, one that the company discovered in May 2019 and another the company discovered in January 2020. The first incident involved a breach incident at a third-party debt collector AMCA, which is in the business of collecting patient receivables for medical labs, including Lab Corp. The AMCA breach affected more than 10.2 million Lab Corp patients. The AMCA breach was the subject of a separate consumer lawsuit filed on behalf of the affected patients. The derivative lawsuit alleged that that LabCorp’s “insufficient cybersecurity procedures and oversight of AMCA … permitted unauthorized access to LabCorp’s patients’ confidential, personal information.”
The derivative complaint also contained allegations relating to a second data breach in which an unprotected web address granted access to LabCorp documentation containing personal health information. The breach was reported in an article in TechCrunch, which claimed in the breach “at least 10,000 documents were exposed.” The derivative complaint alleges that LabCorp “failed to disclose this breach in any widely disseminated public release or SEC filings.”
While there have been several prior cybersecurity-related derivative lawsuits, the suit against LabCorp is the first of which I am aware filed against a company based on a cybersecurity incident that took place at one of the company’s third-party service providers. Most company officials are aware that they are accountable for maintaining and enforcing appropriate cybersecurity protocols and procedures at their company and that they could be the target of claims for breaches that result in the compromise of confidential information. It likely would come as a very unwelcome surprise to most company officials to learn that they could be the target of a claim for breaches of one of their company’s third-party service providers’ cybersecurity measures.
The plaintiff’s derivative complaint in the LabCorp case alleges, in effect, that companies must assess, scrutinize, and monitor their third-party service provider’s cybersecurity, as well as their own. The plaintiff’s allegations in this regard is based in part on AMCA’s alleged relation to LabCorp under HIPAA as a “business associate.” Under HIPAA, a company providing confidential information to a “business associate” must ensure that the business associate has appropriate safeguards in place to protect the privacy of the information. The plaintiff effectively alleges that this requirement is part of the defendants’ fiduciary duties. To the extent this plaintiff’s theory succeeds, it could represent a significant expansion of corporate officials’ potential cybersecurity-related liability exposures.
- Boards Face Increased Risk of Claims for Breach of the Duty of Oversight
Delaware’s courts have long recognized that the duties of corporate boards include a duty of oversight – that is, that directors have “a fiduciary obligation to adopt internal information and reporting systems that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.” Until recently, breach of oversight claims were notoriously difficult for claimants to sustain. As the Delaware courts themselves have said, the pleading burdens for plaintiffs seeking to assert these kinds of claims to be “onerous.”
Despite the difficulty for plaintiffs to surmount the initial pleading hurdles, the Delaware courts in two cases in 2019 – the Marchand v. Barnhill decision (discussed here) and the Clovis Oncology decision (discussed here) — found that the plaintiffs involved had sufficiently stated claims for breach of the duty of oversight. The outcome in these two 2019 cases suggested that oversight duty breach cases can be viable, and that plaintiffs might seek to press claims on these kinds of theories in a variety of contexts.
As it has turned out, claimants have indeed continued to pursue breach of the duty of oversight claims, and during 2020 there were two additional decisions in which duty of oversight claims were sustained.
First, on April 27, 2020, in Hughes v. Hu, the Delaware Chancery Court found that the plaintiff had stated a claim for breach of the duty of oversight. The Hughes decision is discussed in detail here. The lawsuit involved Kandi Technologies Company, a Delaware corporation based in China. The company’s SEC filings showed that the company struggled since 2010 with its financial reporting and internal controls. The company later was forced to restate several years’ worth of financial statements and to disclose that its internal staff lacked sufficient expertise sufficient for compliance with U.S. reporting requirements. The plaintiff alleged that the director defendants consciously failed to establish a board-level system of oversight for the Company’s financial statements and related third-party transactions, choosing instead to rely blindly on management while devoting patently inadequate time to the necessary tasks.
In rejecting the defendants’ motion to dismiss, Vice Chancellor Travis Laster acknowledged that the company “had the trapping of oversight,” including the existence of an Audit Committee, a Chief Financial Officer, and internal audit department, a code of ethics, and an external auditor. However, these “trappings” were insufficient, as “the Company’s Audit Committee met sporadically, devoted inadequate time to its work, had clear notice of irregularities, and consciously turned a blind eye to their continuation.” The mere existence of mechanisms charged with oversight was inadequate to rebut the existence of a Caremark claim. The Company’s directors, Laster concluded, simply failed to make a good faith effort to put in place a reasonable, board-level system of monitoring and reporting.
On August 24, 2020, in the most recent decision in which Delaware’s courts sustained a breach of the duty of oversight claim, the Delaware Court of Chancery denied a motion to dismiss in an action against the board of directors of AmerisourceBergen. The lawsuit, styled as Teamsters Local 443 Health Services & Insurance Plan v. John G. Chou, involved underlying allegations concerning the distribution of cancer medication at one of the company’s subsidiaries. The underlying proceeding ultimately resulted in the subsidiary pleading guilty to criminal charges and settling civil claims.
In denying the defendants’ motion to dismiss in the Chancery Court action, Vice Chancellor Sam Glasscock found plaintiff had sufficiently alleged that the directors ignored “red flags,” including the fact that an outside law firm’s report concluded the subsidiary’s compliance mechanisms had gaps, about which the board’s audit committee failed to follow-up; and the fact that a former executive of the subsidiary had filed a complaint under seal alleging that the subsidiary’s business was essentially an illegal operation – and though the company’s 2010 and 2011 10-Ks, signed by the directors, disclosed the former executive’s suit, the board failed to take any remedial steps. The court found that the plaintiff had raised sufficient allegations to suggest the possibility that the board didn’t take any action to respond to the compliance report or the 10-K disclosures.
Taken collectively, the four recent Delaware duty of oversight decisions underscore the conclusion that under Delaware law corporate directors have a fiduciary duty to oversee their companies by creating and implementing systems of control and by monitoring the company’s management and operations – particularly with respect to “mission critical operations” — and that the failure to take these steps – and in particular the failure to heed “red flags” — could result in the imposition of personal liability.
In thinking about the implications of these conclusions, it is worth noting that Vice Chancellor Glasscock observed in the recent AmerisourceBergen decision that “the facts of the case involve corporate misconduct that has led to material suffering among customers, or to the public at large.” Similar circumstances were also involved in Marchand v. Barnhill, which arose out of a listeria outbreak at the company’s ice cream facilities that resulted in multiple deaths.
Similar circumstances could arise in current pandemic, for example, if a company’s business activities or failure to take precautionary steps were to result in a COVID-19 outbreak among customers or employees. Under those circumstances, the company’s directors might well face allegations that the board had failed to oversee operations in order to prevent this foreseeable hazard. (For further discussion about the possibility of pandemic-related breach of the duty of oversight claims, refer here.)
More generally, and beyond just the possibilities that the pandemic presents, there are the larger challenges involved with the rise of event-driven litigation. These kinds of lawsuits, now being filed as securities class action lawsuits, are filed by investors after the defendant company has experienced a significant reverse in its business operations. These same kinds of circumstances might result in claims against the boards of the companies involved for alleged breaches of the duty of oversight, in addition to securities class action lawsuit based on the same circumstances.
Indeed, in at least one instance, different plaintiffs have separately filed a securities suit and a breach of the duty of oversight claim involving the same circumstances –that is, following the high-profile crashes of two of its planes, Boeing has been hit both with securities suits and, separately, a Delaware Chancery Court lawsuit alleging that its board breached its duty of oversight.
Time will of course tell, but there is a possibility that we could see more lawsuits based on allegations of the breach of the duty of oversight, possibly related to the coronavirus outbreak. At a minimum, recent evidence does suggest that claimants have recently enjoyed greater success in advancing these kinds of claims than in the past.
- Pandemic Deepens the D&O Insurance “Hard Market”
Even before the coronavirus outbreak this spring, the D&O insurance industry was in a “hard market,” characterized by rising prices, restricted capacity, and, in at least some instances, narrowing policy terms and conditions. The onset of the pandemic exacerbated all of these conditions. For policyholders, the D&O insurance acquisition process has now become time-consuming, labor-intensive, and unpredictable. The question for insurers and policyholders alike is how long the current hard market conditions will last.
The D&O insurance market began to turn in the latter half of 2018. Years of underpricing, heightened claim frequency, deteriorating prior accident year results, and accumulating underwriting losses caused several major insurers to begin pushing for rate increases. Unfavorable legal developments, such as the Cyan decision (discussed above) contributed to the tightening. By the beginning of 2019, there was general marketplace support among the insurers for price increases. As 2019 progressed, the level of price increases began to accelerate. By the end of 2019, the D&O insurance market had entered a true hard market, with many carriers actively seeking to reduce their limits, shrink their exposure to certain risk classes, and re-underwrite their books of business.
The arrival of COVID-19 and the ensuing economic disruption in early 2020 exacerbated all of these market conditions. The level of price increases accelerated further, and many insurers further restricted their capacity. In addition, in some instances, insurers have sought to narrow terms and conditions. In addition, new suspect classes emerged, including, for example, industry sectors such as travel, hospitality, and retail. Concerns about both the public health crisis and the pandemic’s economic fallout caused underwriters to significantly increase account level underwriting, as the underwriters attempted to determine the pandemic’s impact on applicant company’s business operations and financial condition. For D&O policyholders accustomed to years of declining prices and expeditious renewals, the current disturbed market conditions came as something of a shock.
D&O insurance is a cyclical business, and the periodic hard markets that arise eventually give way to more competitive conditions. Rising prices eventually stabilize, as insurers once again begin to compete based on prices. However, as things stand, there is nothing to suggest that this market softening process will kick in anytime soon. At least based on current indicators, the strong likelihood is that the current hard market will continue well into 2021.
The first sign that the market softening phase is approaching is that new participants with fresh capital emerge and begin to have a competitive impact. In fact, several existing insurers have already turned to the financial markets to raise capital. In addition, during 2020, there were several new D&O insurance underwriting facilities launched, both in London and in the U.S. These new players are only just getting started entertaining insurance submissions, and their footprint, both individually and collectively, is not yet large enough to have any significant impact on the market. However, as these new players gather momentum, as further new entrants enter the marketplace, and as existing players shift back to trying to capture market share rather than just stabilize their books, the market conditions will soften — eventually. Of course, only time will tell when these processes will play out.
In the meantime, the disrupted market conditions mean that now, more than ever, policyholders need the assistance of an experienced and knowledgeable adviser for their D&O insurance placement. This is a time when specialized D&O insurance expertise and deep knowledge of the insurance market are absolutely indispensable. Well-informed D&O insurance buyers will ensure that their adviser has the requisite capabilities to navigate this difficult market phase.
Don’t Forget!: On Wednesday, January 13, 2021, at 11 am EST, my colleague Marissa Streckfus and I will conduct a free, one-hour webinar discussing the Top Ten Stories in D&O in 2020. Information regarding the webinar, including registration instructions, can be found here.