weilOn September 22, 2015, in what has been described as the SEC’s first cybersecurity-related enforcement action, the SEC announced that it had entered a settlement St. Louis-based investment advisor R.T. Jones Capital Equities Management, Inc., based on charges that the company had failed to establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients.  A copy of the SEC’s order related to the settlement can be found here.

 

In the following guest post, David Wohl and Paul Ferrillo of the Weil Gotshal law firm take a look at the SEC’s settlement with R.T. Jones and examine the implications of the settlement, and of the recent guidance from SEC’s Office of Investor Education and Advocacy, for future regulatory action, from the SEC and other agencies. A version of the guest post previously was published as a Weil client alert.

 

I would like to thank David and Paul for their willingness to publish their article on this blog. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is David and Paul’s guest post.

 

****************************************

 

Just days after the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued its second round of cybersecurity guidance for its upcoming examinations of registered investment advisers and broker-dealers,[i] the SEC settled an administrative proceeding on cybersecurity issues arising out of a breach at a registered investment adviser, R.T. Jones Capital Equities Management, Inc.  (“R.T. Jones”).[ii]  As a result of the settlement, R.T. Jones was censured and fined $75,000.  On the heels of the recent OCIE guidance and following a year of major cybersecurity breaches (especially at financial institutions),[iii] this proceeding is instructive on a number of points, especially on the question “What happens when you don’t adopt policies and procedures to safeguard client data?” Continue Reading Guest Post: SEC’s Regulatory Action Against R.T. Jones: Did the Other Cybersecurity Shoe Just Drop?

vwThe news that Volkswagen employed sophisticated software-based “defeat devices” in order to permit a number of its diesel-engine models to appear to meet U.S. emissions standards has dominated the headlines in the business pages over the last few days. The news has already led to the resignation of its embattled CEO, Martin Winterkorn. In addition to regulatory enforcement proceedings, the company faces possible criminal action as well as a host of consumer lawsuits. In addition, on September 25, 2015, plaintiff’s lawyers filed a securities class lawsuit in the Eastern District of Virginia against VW, its U.S. operating divisions, and certain of its directors and officers, on behalf of investors who purchased VW’s American Depositary Receipts (ADRs) in the United States.  As discussed below, there are a number of interesting features to this new securities lawsuit. In addition, as also discussed below, a Dutch investors’ association has separately initiated an effort under Dutch collective action statutory provisions to pursue claims against VW, as well.  Continue Reading Volkswagen Vehicle Emissions Scandal Triggers U.S. Securities Suit, Dutch Collective Action Initiative

cyber risksWe live in a world in which rapidly shifting technologies and communications modalities have changed the way we interact and conduct business. These new media and means of interaction have introduced innumerable benefits and efficiencies. Unfortunately, these new alternatives have down sides; among other things, they mean new risks and even liability exposures for both individuals and companies that use them. We are all well aware of what can happen to a company that experiences a major data breach. But the new technologies and communications approaches also introduce a host of other potential business liability risks and exposures.

 

In the new 2015 edition of their interesting and readable book Cyber Risks, Social Media and Insurance: A Guide to Risk Assessment and Management (here), Carrie Cope, Dirk E. Ehlers and Keith W. Mandell take a comprehensive look at the new technologies and communications approaches, review the changed liability environment that these new alternatives present, analyze the current state of the insurance marketplace for these various exposures, and make some projections about what may lie ahead. Continue Reading Book Review: Cyber Risks, Social Media and Insurance

Clabby_Jack (1)
John E. Clabby
Swanson_Joseph
Joseph W. Swanson

As I noted in a September 9, 2015 post (here), a Home Depot shareholder has filed a data breach-related derivative lawsuit against certain of the company’s directors and officers, in which the plaintiff contends that the defendants breached their fiduciary duties by failing to ensure that customer credit card information was secure and protected. A copy of the complaint can be found here.

 

In the following guest post, John E. Clabby and Joseph W. Swanson of the Carlton Fields Jorden Burt law firm take a look at the Home Depot data breach D&O lawsuit and provide their views on what the lawsuit may foreshadow for future D&O litigation. Jack and Joe also  review what they think are the lessons for corporate boards and managers from the lawsuit’s allegations, as well as the implications of the lawsuit for companies that experience a data breach in the future.

 

I would like to thank Jack and Joe for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Please contact me directly if you would like to submit a guest post. Here is Jack and Joe’s guest post.

 

********************************************

 

Ending months of speculation, a shareholder has finally filed a derivative lawsuit against the directors and management of The Home Depot, Inc., in connection with the massive data breach the company suffered in 2014. The complaint, which alleges breach of fiduciary duty and corporate waste, fits the emerging template of shareholder derivative lawsuits after breaches at public companies. As such, it is worth a closer analysis for those whose jobs include protection of public companies and their boards from and during data breaches, both directly through more robust cybersecurity measures and indirectly through director and officer insurance and cyber-risk policies. Continue Reading Guest Post: Preparing for a Cyber Caremark Lawsuit: Lessons from the Home Depot Derivative Complaint

minnThe Insured vs. Insured Exclusion is a standard D&O insurance policy provision. The exclusion precludes coverage for clams brought by one “Insured Person” against another “Insured Person.” But what happens when the claimants suing an Insured Person include both individuals who are Insured Persons and other individuals who are not? In a September 22, 2015 opinion (here), District of Minnesota Chief Judge John Tunheim, applying Minnesota law, held that where the underlying claim involved a lawsuit by an Insured Person against other Insured Persons, the entire claim was precluded from coverage, even though the claimants in the lawsuit included other plaintiffs who were not Insured Persons. Continue Reading D&O Insurance: Insured vs. Insured Exclusion Applies Even When Claimants Include Both Insureds and Non-Insureds?

Burkhard (1)
Burkhard Fassbach
niklasrahlmeyer_ProfilePicture
Niklas Rahlmeyer

This blog’s primary focus is on developments in the directors’ and officers’ liability and insurance in the United States, but we do also try to cover important developments elsewhere. In the following guest post, Burkhard Fassbach, who is Of Counsel with the Dusseldorf based D&O-Specialist Law Firm Hendricks, and Niklas Rahlmeyer, who is an attorney in the corporate practice group of the Dusseldorf office of Field Fisher Waterhouse LLP provide their perspective on the German D&O insurance marketplace and discuss their views on the important insurance coverage issues there.

 

I would like to thank Burkhard and Niklas for their willingness to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Burkhard’s and Niklas’s guest post.

 

*****************************************

 

 

The following post sheds light on some of the latest topics of D&O insurance that keep the German market busy. It depicts the concept of manager liability and D&O insurance in Germany, reprimands the German insurers’ practice of settling claims and outlines a catalogue of important issues the policyholder and insureds should keep a wary eye on when taking out D&O insurance coverage. Continue Reading Guest Post: Marshall Plan for D&O Policies in Germany

courtofchancery
Delaware Court of Chancery

The fact that these days virtually every public company M&A transaction draws at least one merger objection lawsuit has provoked concern from many quarters. As I noted in a prior post, it recently became clear that among those concerned are the judges on the Delaware Court of Chancery. Based on developments last week, including in particular Vice Chancellor Sam Glasscock III’s September 17, 2015 opinion in the Riverbed Technology merger objection lawsuit (here), the days when merger objection suits in Delaware’s courts may be resolved through a disclosure-only settlement in which plaintiffs’ counsel gets their fees paid and the defendants get an “intergalactic” claim release may be over. As Alison Frankel put it in a September 18, 2015 post on her On the Case blog (here), last week’s Delaware Chancery Court developments may represent “a turning point in M&A shareholder litigation in Delaware Chancery Court.” Continue Reading Delaware: Time’s Up for Disclosure-Only Settlements in Merger Objection Suits?

Mike%20Biles[1]
Michael J. Biles
In the following guest post, Michael J. Biles of the King & Spalding law firm takes a look at the analysis of the materialization-of-the-risk issues in the Fifth Circuit’s September 8, 2015 decision in the BP Deepwater Horizon securities class action lawsuit. As Michael asserts below, the Fifth Circuit’s decision opinion essentially removes the risk of materialization-of-the-risk cases in the Fifth Circuit.

I would like to thank Mike for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to readers of this site. Please contact me directly if you are interested in submitting a guest post. Here is Michael’s guest post.

 

**************************************** 

 

Materialization-of-the-risk cases are a favorite of the securities class action plaintiffs’ bar.  The basic theory of fraud in these cases is that a company misrepresented or withheld information, causing the market to miscalculate the company’s exposure to a particular risk.  Every company is susceptible to risks, whether it be natural or man-made disasters, competition, labor disputes, technological obsolescence, currency fluctuations, supply-chain disruptions, etc. –the risks are endless.  When a company’s stock price declines following a disclosure that you-name-the-risk has materialized – as every company must do on occasion – plaintiffs’ lawyers will scour the company’s prior disclosures concerning the risk and allege (with the benefit of hindsight) that the company and its executives did not accurately explain the company’s exposure to the risk.  The damages in such cases are usually easy to calculate – plaintiffs say that the stock was inflated by the amount of the share price decline following the revelation of the risk.  And if the case is certified as a class action, the damages typically run in the hundreds of millions, if not billions.

The securities class action filed against BP plc following the 2010 Deepwater Horizon explosion and oil spill is a classic materialization-of-the-risk  case.  Before the spill, according to plaintiffs, BP touted the company’s safety plans and procedures as being more advanced on paper than they were in practice.  These pre-spill statements lulled the market into believing that BP was a safer company than it actually was.  According to plaintiffs, BP thus understated the risk of the Deepwater Horizon catastrophe, and when that risk materialized, investors were damaged by the full value of the decline in BP stock caused by the materialization of the risk of the spill.  The Fifth Circuit recently affirmed the district court’s order denying class certification of plaintiffs’ materialization-of-the-risk claims.[1]  Ludlow v. BP, PLC, — F.3d —, 2015 WL 5235010 (5th Cir. Sept. 8, 2015).  This opinion essentially removes the risk of materialization-of-the-risk cases in the Fifth Circuit. Continue Reading Guest Post: The Fifth Circuit Takes the Risk Out of Materialization-Of-The-Risk Cases

phoneThe Telephone Consumer Protection Act (TCPA) has proven to be a fruitful source of consumer class action litigation. Plaintiffs’ lawyers are attracted by the potentially lucrative recoveries under the statue, and indeed several recent settlements in TCPA class action lawsuits have run into the millions of dollars. The volume of litigation under the statute and the potential damages associated with the claims has inevitably led to insurance coverage questions. In the past, defendants in TCPA lawsuits looked to their Commercial General Liability (CGL) policies for their defense of these kinds of claims. However, CGL carriers increasingly are expressly excluding coverage for TCPA lawsuits, which has led other companies seeking insurance for TCPA claims to look to other coverages for possible insurance protection, including their D&O insurance policies. As discussed below, carriers may contend that standard D&O insurance policy exclusions preclude coverage for these kinds of claims, but courts continue to sort out the issues. Continue Reading D&O Insurance: The Question of Coverage for TCPA Claims

tyukody_j_daniel
Daniel Tyukody

Almost every securities class action lawsuit that is not dismissed eventually settles; very few of the cases actually go to trial. However, there have been the rare cases that have gone to trial and there are some important lessons to be learned from these cases. In the following guest post, Daniel Tyukody of the Goodwin Procter law firm takes a look at recent cases in which the plaintiffs prevailed at trial, and the ways that in the post-trial phase, the defendants were able to reduce the damages that the plaintiffs were able to secure. The lessons from these cases have important implications for negotiations in the many securities class action lawsuit cases that settle.

 

I would like to thank Dan for his willingness to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Dan’s article.

 

**********************

 

Introduction

 

Securities class actions that reach verdict are rare, but these rare events provide valuable insights for negotiating the roughly half of all cases that result in settlement.[1]  This article describes techniques for minimizing class damages following a judgment for plaintiffs, focusing upon two recent trial victories by plaintiffs, namely In re Vivendi Universal Sec. Litig. (Vivendi) [2] and Jaffe Pension Plan v. Household Int’l, Inc. (Household),[3] as well as the author’s experience defending an issuer with a final, nonappealable verdict in its post-judgment claims process, which resulted in a settlement and the vacating of the fraud judgment.[4] Continue Reading Guest Post: Winning the Securities Litigation Damages Battle After Losing the Liability War