insurancefilesIn many cases, companies’ D&O insurance programs are structured in several layers, with one or more policies of excess of insurance written over top of a primary layer. The excess insurance is often said to be written on a “follow form” basis, meaning that the primary policy’s terms govern the operation of the excess policies. However, even in programs that are intended to be “follow form,” the excess policies will sometimes have terms that cause them to operate differently, sometimes in unexpected and even undesirable ways. In addition, there are a number of other considerations to keep in mind when selecting the insurers to include in the excess layers.

 

In an interesting April 2014 article (here), Tom Bentz of the Holland & Knight law firm takes a look at the issues that can arise with excess D&O insurance. As Bentz correctly notes, “few excess D&O policies truly follow the terms and conditions of the primary D&O insurance policy.” Instead, the excess policies include various additional terms and conditions that “have the potential to significantly affect the overall protection” of the D&O insurance program.

 

In order to illustrate his point, Bentz identifies several of the kinds of excess insurance policy features that can be critical in the event of a claim.

 

First, Bentz refers to the excess D&O insurance policy provision that specifies when the excess insurance will “attach” – that is, what is required in order for the excess insurance to be triggered. In many instances, excess D&O insurance policies were written with a provision stating that that the excess insurer’s liability for any loss will attach only after the insurers of the underlying policies have exhausted their limits in payment of loss. The problem with this language is that if, for example, the policyholder is in a dispute with one of the underlying carriers and reaches a compromise to accept less than the full amount of the underlying insurance, there is an uninsured gap.

 

As I have discussed in prior posts (for example, here), a number of courts have now held that even if the policyholder funds the gap, the underlying insurance was not exhausted by the insurers’ payment of loss, and accordingly the excess insurer’s obligations have not been triggered.

 

As Bentz notes in his article “to avoid this unfair result, insureds need to negotiate excess insurance policies so that they recognize payments made by the underlying insurers, the insureds, or other source.” Indeed, this kind of provision has now become fairly standard. But as noted below, these kinds of provisions will not address all of the kinds of gaps that can arise and create questions as to whether the excess insurers’ policies have been triggered.

 

Another excess D&O insurance policy term that Bentz discusses in his article is the provision found in some policies requiring disputes between the insured and the insurer to be resolved by arbitration. This can be a problem if the separate excess policies in the different layers of insurance have separate arbitration provisions. It is possible that different policies could require that the arbitration take place in different geographic locations, using different arbitration processes and applying different jurisdiction’s laws. As Bentz notes, “the type of inconsistency could force an insured to fight multiple battles on multiple fronts with potentially inconsistent results.” Bentz suggests first attempting to have all of the arbitration provisions removed. If that is not possible he suggests  that “an insured should seek to have all of the insurers agree to one arbitration method with only on choice of law provisions and one required venue to resolve any potential coverage disputes.”

 

In addition to the items that Bentz identified in his article, there are several additional considerations that should be kept in mind with respect to excess D&O insurance.

 

The first is the excess carrier’s financial strength. All too often, excess D&O insurance is viewed as generic and fungible. However, the ability of any given excess D&O insurer to pay claims when the time comes should not be overlooked. It doesn’t happen often, but carriers do become insolvent, and when that happens, it makes a big mess. There are still cases working their way through the system because of the insolvency in the early 2000s of Reliance National and The Home. When a carrier in insurance program is insolvent and unable to pay a claim, it not only creates an uninsured liability exposure, but it also creates the kind of “gap” that avoids coverage for any carriers that were above the insolvent insurer in the insurance tower.

 

For example, as discussed here, in June 2013, the Second Circuit held in the Commodore International case that excess D&O insurance is not triggered even if losses exceed the amount of the underlying insurance, where the underlying amounts have not been paid due to the insolvency of underlying insurers. (Commodore had both Reliance and The Home in its insurance tower.)

 

It is important to think about the problems that can arise from this type of insolvency gap. This is not an issue that can be “fixed” with the type of wording cited above, which provides that the excess D&O insurance will be triggered if the underlying amount is paid by the underlying insurer, the insured, or any other source. When the underlying insurer is insolvent, there is just an underlying uninsured gap. The excess carriers will take the position that they have to obligation to “drop down” to take the place of or attach at the underlying carrier’s attachment point. For that reason, the financial stability of all of the carriers in the insurance program should be an important consideration. In particular, excess D&O insurance should not be viewed as generic and fungible. The excess carrier’s financial ability to honor its payment obligations is an important and potentially differentiating consideration.

 

It is also important to keep in mind that in the event of a significant D&O claim, the excess D&O insurer(s) may be directly involved in the claims resolution. The excess carriers’ responsiveness and claims handling capabilities could well affect whether or not a claim is resolved expeditiously. The claims handling capabilities of the primary D&O carriers are often considered and discussed, as they should be, because the primary carrier will take the lead in handling any claims that will arise. However, because of the role that excess insurers can play in the resolution of claims, the excess insurers’ claims handling experience and reputation should be kept in mind as well.

 

There is one final thing that should be considered with respect to the excess insurers. It is often a good idea to try to include in the line up of carriers on a D&O insurance program excess insurers who might be willing to move the primary position in subsequent years, if the primary carrier were to change its appetite for the risk or seek to get off the account. It is just a good idea to have an excess insurer as a reserve to take the primary position if the need should arise.

 

Another set of issues to keep in mind with respect to excess D&O insurance are the considerations involved in deciding how the excess insurance should be layered and structured, as I discussed in an earlier post, here.

del1In a detailed May 4, 2015 opinion (here), Vice Chancellor Travis Laster of the Delaware Chancery Court extensively reviewed the rights of an insolvent company’s creditors to pursue derivative claims against the company’s directors. As Francis Pileggi put it in a May 6, 2015 post on his Delaware Corporate and Commercial Litigation blog (here), Laster’s opinion in Quadrant Structured Products Company, Ltd. v. Vincent Vertin et al. is “destined to be cited as a seminal ruling for its historical and doctrinal analysis of important principles of Delaware corporate law.”

 

Background  

Prior to the credit crisis, Athilon Capital Corp. guaranteed credit default swaps that one of its subsidiaries wrote on senior tranches of collateralized debt obligations. To fund its operations, Athilon raised debt financing by issuing various notes. Athilon suffered significant losses during the financial crisis. In the wake of these events, one of Athilon’s debt holders (EBF) acquired all of Athilon’s outstanding equity securities. As the company’s sole stockholder, EBF reconstituted the board, after which it made a number of moves to address Athilon’s financial situation.

 

In October 2011, Quadrant Structured Products Company, another of Athilon’s noteholders, filed a derivative lawsuit in Delaware Chancery Court against Athilon’s board. Quadrant contended that the directors’ actions, which Quadrant alleged were made to benefit EBF and to the detriment of the company, breached their fiduciary duties. Quadrant argued that under Delaware law, it had the right as a creditor to assert a derivative claim against the Athilon directors because the company was insolvent.  In an earlier post (here), I discussed Vice Chancellor Laster’s October 2014 ruling in the Quadrant lawsuit, in which Laster denied in part the defendants’ motion to dismiss.

 

Following the motion to dismiss denial, Athilon made a number of additional financial moves that the defendants contend returned the company to solvency. The defendants then moved for summary judgment. The defendants argued that for a creditor to have standing to maintain a derivative action, the corporation on whose behalf the creditor sues must be insolvent at the time of the suit and continuously thereafter. The defendants argued that whether or not Athilon was insolvent at the time Quadrant filed suit, Athilon’s current balance sheet shows that it is now solvent, and therefore that Quadrant no longer had standing to pursue the derivative lawsuit.

 

The May 4 Ruling  

In his May 4, 2015 opinion, Vice Chancellor Laster denied the defendants’ motion for summary judgment. He said that the question of whether or not Delaware imposes a continuous insolvency requirement in order for creditors to have standing to assert a derivative claim is a “question of first impression.” In his ruling, he rejected “the defendants’ attempt to impose a continuous insolvency requirement for creditor derivative claims.”

 

He said that “to bring a derivative action, a creditor-plaintiff must plead and later prove that the corporation was insolvent at the time the suit was filed.” Because he found that Quadrant had introduced sufficient material to support a reasonable inference that Athilon was insolvent at the time Quadrant filed suit, and therefore he denied the defendants’ motion for summary judgment.

 

In making these determinations, Laster broadly surveyed the legal principles underpinning derivative litigation in Delaware, including the rights of creditors to assert derivative claims under some circumstances. He reduced the various principles pertaining to these issues to a succinct bullet point list:

 

  • There is no legally recognized “zone of insolvency” with implications for fiduciary duty claims. The only transition point that affects fiduciary duty analysis is insolvency itself.

 

  • Regardless of whether a corporation is solvent or insolvent, creditors cannot bring direct claims for breach of fiduciary duty. After a corporation becomes insolvent, creditors gain standing to assert claims derivatively for breach of fiduciary duty.

 

  • The directors of an insolvent firm do not owe any particular duties to creditors. They continue to owe fiduciary duties to the corporation for the benefit of all of its residual claimants, a category which now includes creditors. They do not have a duty to shut down the insolvent firm and marshal its assets for distribution to creditors, although they may make a business judgment that this is indeed the best route to maximize the firm’s value.

 

  • Directors can, as a matter of business judgment, favor certain non-insider creditors over others of similar priority without breaching their fiduciary duties.

 

  • Delaware does not recognize the theory of “deepening insolvency.” Directors cannot be held liable for continuing to operate an insolvent entity in the good faith belief that they may achieve profitability, even if their decisions ultimately lead to greater losses for creditors.

 

  • When directors of an insolvent corporation make decisions that increase or decrease the value of the firm as a whole and affect providers of capital differently only due to their relative priority in the capital stack, directors do not face a conflict of interest simply because they own common stock or owe duties to large common stockholders. Just as in a solvent corporation, common stock ownership standing alone does not give rise to a conflict of interest. The business judgment rule protects decisions that affect participants in the capital structure in accordance with the priority of their claims.

 

In summarizing his ruling on the issues raised in the defendants’ summary judgment motion, Laster said “in my view … to maintain standing to sue derivatively, a creditor must establish that the corporation was insolvent at the time the creditor filed suit. The creditor need not demonstrate that the corporation continued to be insolvent until the date of judgment.” Laster then added a note of modesty, with his observation that “to state the obvious, this is the opinion of one trial judge. The Delaware Supreme Court may well disagree.”

 

By contrast to Delaware law, courts applying Pennsylvania law have applied the “deepening insolvency” theory to hold that directors of a company in the zone of insolvency have duties for which the company’s creditors may seek to hold them liable. For a recent post discussing a decision in which the Third Circuit applied these principles in holding the directors of nonprofit entity liable, refer here.

ofacAs part of its conduct of foreign affairs and of its national security program, the U.S. government has instituted a series of economic and trade sanctions against a number of countries and a long list of designated individuals. The various sanctions programs are administered by the Office of Foreign Asset Control (OFAC) within the U.S Department of Treasury.  The sanctions programs OFAC administers include broad trade embargoes of Iran, North Korea, Sudan, Syria, Crimea and Cuba.

 

As part of its enforcement power, OFAC has authority to file civil liability actions. In collaboration with the U.S. Department of Justice, OFAC can also pursue criminal actions. OFAC’s exercise of its enforcement authority has recently resulted in a number of high profile penalties and settlements. These settlements have a number of significant implications, and, among other things, may raise concerns about the possibility of D&O insurance coverage for the companies involved.

 

Since 2008, OFAC has filed nearly 250 civil enforcement actions that have resulted in penalties or settlements. The aggregate amount of the enforcement action penalties and settlements during that period is over $3.8 billion. In 2014, the agency’s enforcement actions resulted in penalties and settlements of over $1.2 billion, the agency’s highest annual total.

 

Two recent enforcement actions illustrate the nature and scope of the government’s sanctions enforcement efforts.

 

On March 25, 2015, the U.S. Department of Justice announced that a subsidiary of Schlumberger Ltd. had entered a guilty plea and agreed to pay a $232.7 million penalty for conspiring to violate sanction programs by “willfully facilitating transactions and engaging in trade with Iran and Sudan.” Under the plea agreement, the subsidiary agreed to submit to a three-year probationary period during which it would agree to various types of government supervision. The DoJ’s March 25, 2015 press release can be found here.

 

The $232.7 penalty includes a $77.5 million criminal forfeiture and a $155 million criminal fine. According to a March 26, 2015 FCPA Blog post (here), the fine is the largest ever criminal fine in connection with a prosecution under the International Emergency Economic Powers Act.

 

In the Schlumberger action, the government alleged that between 2004 and 2010, a business unit of the subsidiary provided oilfield services to customers in Iran and Sudan. The government also alleged that while the subsidiary had policies and procedures to ensure that it did not violate U.S. sanctions, it failed to train its personnel to ensure that they complied with the sanctions requirements. As a result, the company approved capital expenditure requests from Iran and Sudan, made business decisions specifically concerning Iran and Sudan, and provided technical service and expertise in connection with drilling projects in Iran and Sudan.

 

In a separate sanctions-related enforcement action, on March 25, 2015, OFAC announced that PayPal, Inc. had agreed to pay the agency $7.65 million settle the company’s potential civil liability for processing 486 transactions totaling $43,934 in alleged violation of U.S. sanctions programs. Specifically, the company was alleged to have mailed to ensure that its payment processing operations blocked prohibited transactions with sanctioned countries (including Iran, Sudan, Cuba) and sanction-designated individuals. The company was also alleged to have processed 136 transactions for a PayPal account registered to Kursad Zafar Cire, an individual designated under a sanction program relating to “Weapons of Mass Destruction Proliferators and Their Supporters.” The agency’s March 25, 2015 press release regarding the PayPal settlement can be found here. The FCPA Blog’s March 27, 2015 post about the settlement can be found here.

 

The types of fines and penalties entered in these sanctions enforcement actions would not be covered by D&O insurance, as the typical D&O insurance policy definition of Loss covered under the policy expressly provides that Loss does not include fines, penalties and matters deemed uninsurable under applicable law.

 

However, as discussed in a May 8, 2015 post on the Orrick law firm’s Policyholder Insider blog (here), there may be coverage for the costs incurred in connection with the investigation that precedes the settlement or penalty. As the blog post puts it, “companies forced to incur costs responding to and defending against these investigations should closely inspect their D&O policies to determine whether they provide coverage.”

 

Depending on the specific nature of the sanctions enforcement investigation involved, the government’s investigation may constitute a “Claim” triggering the policy’s coverage. However, it should be noted that public company D&O insurance policies provide entity or company coverage only for “Securities Claims.” In most circumstances, a sanctions violation investigation or enforcement action would not meet the policy’s definition of a Securities Claim. Many carriers would like take the position that because a sanctions violation investigation or enforcement action does not meet the definition of a “Securities Claim,” there is no coverage under the policy’s entity coverage for the investigation or enforcement action.

 

As the blog post also notes, even if there is no formal proceeding and no subpoenas have been issued  the  “Pre-Claim Inquiry” costs coverage found in many more up-to-date D&O insurance policies these days could be triggered. This policy feature provides coverage for costs associated with interviews and responses to document requests from an “Enforcement Body,” as defined in the policy. The scope of the coverage available will of course depend both on the nature of the governmental inquiries and the specific policy wording involved. However, it should be noted that this coverage is typically available only to Insured Persons – that is, individual directors and officers. It is typically not available to the corporate entity itself.

 

Because there may be possibilities to find at least some coverage under the D&O insurance policy, the law firm blog post suggests, “policyholders should not assume that simply because the fines imposed for failure to adhere to economic sanctions would not be covered, other associated costs incurred by the company in connection with the OFAC investigations also are not.” As the blog post concludes, it always pays to think carefully about coverage and to read the policy carefully.

 

In addition to possible coverage for sanction-related investigative costs, the D&O insurance could also become relevant in the event of a follow-on civil lawsuit asserting claims against company officials in connection with a sanctions investigation and penalty. As noted in an earlier post  (here), there are examples of shareholders filing derivative lawsuits against company officials after the company has paid a sanctions-related penalty or settlement. The earlier post described a shareholder derivative lawsuit filed against the board of J.P. Morgan Chase after the company reached an $88.3 million settlement with OFAC. The company’s D&O insurance could be called upon to fund the defense of a claim of this type. In addition, the D&O insurance potentially could fund a settlement of the lawsuit as well, although, as I noted in my earlier post, there are some potentially interesting questions about the possibility of insurance funding the settlement of this this type of claim.

 

On a different but somewhat related topic, in an earlier post (here) I examined the personal liability of corporate officials under U.S. import laws.

 

Petrobras Scandal Roils Brazilian D&O Market: According to a May 6, 2015 article in Global Insurance Intelligence (here), the Petrobras scandal (discussed in a prior post, here) is “forcing the insurance industry in Brazil to rethink how it supplies directors and officers liability insurance (D&O) cover amid fears that loss ratios to rise.”

 

In the wake of the Petrobras scandal, demand for D&O insurance is soaring as buyers are becoming aware of the need for the product. At the same time, a debate has emerged on the question whether the policy should protect those who have admitted to bribery or even to those merely accused of bribery. At a minimum loss ratios are sure to rise as the costs associated with the scandal spill through the insurance market. So, the article concludes, “the future of D&O in Brazil looks turbulent. Demand will increase, yet higher loss ratios could also become the norm. Insurers and reinsurers alike will need to tread carefully to balance these two factors.”

weilBy now, everyone knows that the Internet can be a dangerous place. But while just about everyone knows about the pervasiveness of Internet scams, many users still fall prey to the tricksters’ latest ploys. In this guest post, Paul Ferrillo and Randi Singer of the Weil, Gotshal & Manges law firm take a look at the latest scams and how they succeed. They also discuss the steps that companies can take to try to protect themselves from these kinds of things. A version of this article previously was published as a Weil client alert

 

I would like to thank Paul and Randi for their willingness to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul and Randi’s guest post.

 

****************************************

 

It seems that just like in old times (in cyberspace that means last year) the existence of “snake-oil” salesmen[i] on the Internet is getting worse, not better.  Rather than selling something medicinal or at the very least useful, these snake-oil salesmen of today have one intent only:  to steal your personal information or worse, to distribute malware to your computer.  One recent report issued by Symantec in April 2015[ii] literally details scores of scams all designed to steal information and potentially ruin your computer (and others’ as well) and steal your personal information.  We detail them not out of morbid curiosity of the utter gall of the snake-oil salesmen, but to hopefully inform and prevent the inadvertent “click on the link” circumstances which you and your company would rather avoid. We also point to other recently issued reports noting that other scams like phishing and spear phishing continue to be a bothersome and dangerous component of company emails.[iii] At the end of the day, as we discussed in our last article,[iv] continuous employee training and awareness of these sorts of scams is truly a strong part of the Holy Grail of Cybersecurity, along with certain network hardware components that can help stop “bad” emails before they get to your employees’ desktops.

Social Media Scams

“Where attacks of yesteryear might have involved a foreign prince and promises of riches through shady exchanges of currency,…. today’s phishers scan social media for birthdays, job titles and anything else that can be used to create the appearance an email request is coming from a legitimate source.”[v] As the Symantec Report points out, a lot of these email scams and offers are now generated through the explosive growth of social media sites such as Facebook, Twitter, and Pinterest. Here are some of them:

  • Manual Sharing – These rely on victims to actually do the work of sharing the scam by presenting them with intriguing videos, fake offers, or messages that they can then share with their friends;[vi]
  • Fake Offerings – These scams invite social network users to join fake events or groups with incentives such as free gift cards. Joining often requires the users to share credentials with the attacker or send a text message to a premium rate number;[vii]
  • Likejacking – Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, thereby spreading the attack;
  • Fake Applications – Users are invited to subscribe to an application that appears to be integrated for use with a social network, but is not as described and may be used to steal credentials or harvest other personal data; and
  • Affiliate programs – When you click on the link, these might allow you to get a free smartphone, airline ticket, or gift card. Caveat emptor: Nothing in life is free, especially when malware is attached thereto.

Phishing Attacks – Email Scams – Email Hijacking

We have talked in the past about the prevalence of phishing or spear phishing attacks against U.S. public companies. As noted in the recently issued 2015 Verizon Data Breach Investigation Report,[viii]

Social engineering has a long and rich tradition outside of computer/network security, and the act of tricking an end user via e-mail has been around since AOL installation CDs were in vogue…

The first “phishing” campaigns typically involved an e-mail that appeared to be coming from a bank convincing users they needed to change their passwords or provide some piece of information, like, NOW. A fake web page and users’ willingness to fix the nonexistent problem led to account takeovers and fraudulent transactions.[ix]

Phishing campaigns have evolved in recent years to incorporate installation of malware as the second stage of the attack. Lessons not learned from the silly pranks of yesteryear and the all-but-mandatory requirement to have e-mail services open for all users has made phishing a favorite tactic of state-sponsored threat actors and criminal organizations, all with the intent to gain an initial foothold into a network.

Some of the statistics set forth in the Verizon Report are cause for concern:

  • 23% of recipients now open phishing messages and 11% click on the links;
  • 50% of the recipients open emails and click on the links within the first hour;
  • The median time to first click on the link: one minute, 22 seconds!![x]

How Do You Stop Malicious Social Media/Spear Phishing/Email Campaigns

Obviously there are no good answers to these questions, especially in an era when the bad guys are sending such socially engineered emails that they look like they could come from your husband, wife, son, or daughter. They are that good. But here are some points to consider:

  1. Anti-phishing training: As we noted in our previous article, many argue that the weakest link in cybersecurity is the person who is sitting in the chair in front of his or her computer. As such, we strongly advocate a consistent training program, as provided by various organizations,[xi] which can provide tailored solutions to your employee base, or specific sections of your employee base (like your IT department or your finance department), to help them change their behavior and discern between “good” emails and potential “really, really bad” emails which may contain malware packages just waiting to go off when someone opens the email or clicks on the link. Choose a program which can provide metrics and reports to either your compliance or IT security department, which might point out areas of risk such as divisions, departments, or employees who need further training.
  2. Increase user training and advise workers on safe practices when using Facebook, Twitter, Snapchat, and other online services: Simply put, there are bad actors out there who will attempt to lure your employees into doing things or sharing information which may, at its core, contain or share malicious code with others. Adopt policies and procedures to educate your employees on social media website scams, which may include limiting use of such sites to their own devices. “It is key that all staff receive security awareness training covering your acceptable usage policy for social networking. Promoting good practice and improving user behavior are the best methods of reducing the risks from this form of communication.”[xii]
  3. Employ DMarc Based Technology: Many companies have chosen to employ a technology-based solution founded on DMarc, or “Domain-based Message Authentication, Reporting & Conformance.”[xiii] “DMarc is an Internet protocol specification that … provides visibility into email flows, and can tell receiving servers to delete spoofed messages immediately upon receipt, thus ensuring that only legitimate emails are delivered to inboxes.”[xiv] Dmarc allows companies to “pre-qualify” email providers who are “approved” to send your employees emails from those who may be attempting to spoof or clone domain names to send your employees malicious emails.
  4. Sandboxing: Deploy a solution that checks the safety of an emailed link when a user clicks on it. The hardware solution that is employed[xv] examines the link-driven email and analyzes it against known malicious email threats and URLs and then “quarantines” them using anti-spam and anti-virus threat engines to see if those emails exhibit “bad” characteristics. These solutions can be used both “on premises” and if your email is handled by cloud mailboxes.[xvi] It is better to check and stop the email before it gets to an employee’s desk where it could be inadvertently opened and spread malware to your network. Beware that not all sandboxing technology works the same, and it may not be 100% effective against all threat vectors, especially as bad actors get more and more sophisticated in masking their attacks.

High profile attacks in 2014 and 2015 all have seemed to contain one common element: some employee, either high-level, low-level, or one targeted specifically for his or her password and administrative privileges information, opened a malicious email which set off a catastrophic set of consequences for a company. Though there are many solutions that can be potentially employed to stop this pattern of doom and gloom, not one can be said to be entirely effective. Instead, the set of approaches described above, when used jointly, may help companies reduce the risk of potentially being spear phished “to death” by bad actors.

[i] The existence of the first “snake-oil salesmen” date back at least to the time of the First Intercontinental Railroad in 1863.

[ii] See “Symantec Internet Threat Report 2015,” available at http://www.symantec.com/index.jsp (hereinafter, the “Symantec Report”).

[iii] See e.g. “Phishing Email Baits Indiana Medical Center, Health Data Exposed,” available at http://www.nextgov.com/cybersecurity/threatwatch/2015/04/breach/2233/; “SendGrid: Employee Account Hacked, Used to Steal Customer Credentials,” available at https://krebsonsecurity.com/2015/04/sendgrid-employee-account-hacked-used-to-steal-customer-credentials/.

[iv] See “Is Employee Awareness and Training the Holy Grail of Cybersecurity?” available at https://www.dandodiary.com/2015/03/articles/cyber-liability/guest-post-is-employee-awareness-and-training-the-holy-grail-of-cybersecurity/.

[v] See “Data Breach Methods Getting More Sophisticated, Report Says,” available at http://www.govtech.com/data/Data-Breach-Methods-Getting-More-Sophisticated.html.

[vi] See “Beware of Nepal charity scams,” available at http://www.usatoday.com/story/money/personalfinance/2015/05/03/weisman-nepal-charity-scams/26755507/ (highlighting that “Email and text message solicitations for charities as well as solicitations you find on social media are also not to be trusted. Once again, you cannot be sure as to who is actually contacting you and these solicitations carry the additional danger of having links or attachments that, if clicked on or downloaded, will install malware on your computer or smartphone that will steal the personal information from your device and use it to make you a victim of identity theft.”).

[vii] See “5 Scams to Watch for in 2015,” available at https://www.allclearid.com/blog/5-scams-to-watch-for-in-2015.

[viii] See 2015 Verizon Data Breach Investigations Report,” available at http://www.verizonenterprise.com/DBIR/2015/ (hereinafter, the “Verizon Report”).

[ix] See “Banking Malware Taps Macros,” available at http://www.databreachtoday.com/banking-malware-taps-macros-a-8186 (describing the Bartalex macro malware scheme, in which a social-engineering attack tells recipients that their Automated Clearing House electronic-funds transfer was declined, and invites the recipient to click a link to “view the full details,” which leads to a Dropbox page that lists specific instructions, including the need to enable Microsoft Office macros).

[x] See Verizon Report.

[xi] See, e.g. the comprehensive anti-phishing training services offered by www.phishme.com.

[xii] See “Social networking best practices for preventing social network malware,” available at http://searchsecurity.techtarget.com/answer/Social-networking-best-practices-for-preventing-social-network-malware.

[xiii] See “DMARC – What is it?” available at http://dmarc.org/.

[xiv] See “How To Reduce Spam & Phishing With DMARC,” available at http://www.darkreading.com/application-security/how-to-reduce-spam-and-phishing-with-dmarc/a/d-id/1319243.

[xv] For instance, one of these solutions is the FireEye EX prevention series. See “Threat Prevention Platforms that Combat Email-Based Cyber Attacks,” available at https://www.fireeye.com/content/dam/fireeye-www/global/en/products/pdfs/fireeye-ex-series.pdf.

[xvi] See e.g. “Email Threat Prevention Cloud,” available at https://www.fireeye.com/content/dam/fireeye-www/global/en/products/pdfs/fireeye-email-threat-prevention-cloud.pdf.

Burkhardniklasrahlmeyer_ProfilePictureIn the following guest post, Dr. Burkhard Fassbach and Dr. Niklas Rahlmeyer imagine a possible shareholder presentation about D&O insurance at an annual meeting of shareholders in Germany.  Fassbach is an Of Counsel with the Dusseldorf based D&O-Specialist Law Firm Hendricks. Rahlmeyer is an attorney in the corporate practice group of the Dusseldorf office of Field Fisher Waterhouse LLP. I would like to thank both for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Here is the guest post.

 

***********************************

 

In the wake of a significant increase of D&O claims, (activist) shareholders are determined to meticulously scrutinize D&O policies at shareholders’ meetings. The chairs presiding at such meetings as well as members of the supervisory and the executive board should be prepared accordingly.

 

The shareholders are likely to chime in with the following:

 

“Dear Mr. Chair, dear supervisory and executive board members,

 

as a stockholder of this corporation, I rise to speak at our today’s shareholder meeting so as to discuss the topic of D&O insurance. As you are all well aware, the D&O insurer’s promise to defend its insureds against unfounded claims for damages is at the heart of the insurance contract. If these claims turn out to be valid, the insurer’s ensuing duty is to indemnify its insureds by effecting payment to the policyholder. According to case law, the insurer’s promises to both defend and indemnify are conterminous and based on equal legal footing.

 

As a shareholder, I am deeply troubled with whether the D&O insurance coverage taken out for our company is going to protect our corporation’s assets when the chips are down. Please recall the slush funds at Siemens. In that case, where the damage amounted to EUR 1.6 billion and the insurance sum was set at EUR 250 million, the insurance carriers eventually paid out the petty amount of EUR 100 million. I, personally, am incapable of discerning asset protection here. Likewise, the shareholders of Deutsche Bank will have to dig deep into their pockets. When former chair Breuer, during a Bloomberg TV interview, rendered detrimental comments relating to media entrepreneur Kirch, this cost Deutsche Bank EUR 925 million. It is the shareholders who are most likely going to have to foot the bill resulting from this squander of capital.

 

As you all know: Executive board members and supervisory board members who commit a breach of duty are jointly and severally liable to the corporation for such damages as result from their breach of duty. Don’t get me wrong, dear members of the executive board: I have complete trust in the way you are conducting business. However, as a shareholder, I ought not to lose sight of the worst-case scenario. Since the worst case did not spare former icons of the German economy, it is potentially not going to halt here.

 

My first inquiry is this: Do you deem the insurance sum of the D&O policy that is currently in place appropriate with respect to the risks our company is exposed to? Secondly: Have you concentrated on analyzing current developments in the D&O insurance arena in Germany? Please bear with me while I would like to render some background information in this regard:

 

The product of D&O insurance has its origin in the U.S. Unlike German law, U.S. law does not know an institutionalized separation of monitoring and management.  As a consequence of the nonreflecting adoption of American coverage concepts in Germany, both the executive and the supervisory board members are insured persons that are commonly insured under the roof of the identical insurer.

 

Can this work? I raise this question, because, in a D&O damage event, members of the supervisory board and members of the executive board are potentially prone to having colliding interests. Reasoning that attack is the best form of defense, defendant members of the executive board, in a virtual routine of behavior, serve third-party notices on their supervisory board colleagues. To put it crudely: The D&O insurer then ‘represents’ two opposing parties. In this case, the insurer is ensnared in an inherent conflict of interest.  The only viable solution is to separate one party from the representing insurer.

 

This flows from the precept that, in accordance with the legal precedents set forth by Civil Division IV of the German Federal Supreme Court in charge of insurance law matters, the insurer shall protect the interests of the insured person in the same way a lawyer retained by that person would do. On these grounds, insurance coverage concepts are under debate in Germany that forestall conflicts of interest between executive and supervisory board members. Following those concepts, insurance coverage for both organs is separately placed with different carriers. In D&O lingo this is called ‘Twin-Tower’ or ‘Two-Tier-Trigger’-concept.

 

There are strong arguments backing this concept: It is upon the supervisory board to monitor management. The inherent crux of this duty to monitor has been appositely couched in an expert opinion to the 70th German Legal Colloquium. May I quote: ‘As the monitoring of management rests with the supervisory board, any mistake made by management is theoretically susceptible to being converted into a mistake by the supervisory board’, which amounts to the statement that, had the supervisory board lived up to its monitoring duty, the mistake would have been averted in the first place.

 

According to the German Federal Supreme Court’s ‘ARAG doctrine’, a supervisory board is subject to the duty to independently investigate the viability of a corporation’s compensation claims against executive board members. If the supervisory board does not fulfill its duty to pursue viable claims, this constitutes a breach of duty vis-à-vis the corporation, and the corporation, in turn, has a claim against the blundering supervisory board members.

 

The question inevitably becomes: Is it apt to perceive the supervisory board as a huntsman such as would reflect the ideal laid down by the German Federal Supreme Court? Or does the supervisory board feel inhibited due to potentially becoming the hounded through third-party notices? Indeed, the supervisory board’s independence with respect to the review of potential claims and their out-of-court assertion is most naturally heavily compromised for ‘fear of third-party notices’.

 

The residual risk bearers, the shareholders, take the greatest interest in the replenishment of the assets of the damaged corporation. Accordingly, we, the shareholders, take a fundamental interest in a supervisory board’s acting independently. For that matter, separate D&O coverage for members of the supervisory board works as a valuable contribution to effective corporate governance, because the supervisory board’s independence in pursuing claims against executive board members is ensured at the level of D&O insurance. Thus, I ask you: Do you share my view in light of a shareholder-value concept?

 

Thank you very much for your attention.”

floridaAt a time when cyber liability and other hot topics dominate the discussion, potential corporate liability arising from environmental disclosures often does not receive the attention it should. However, as I have previously noted on this blog, environmental issues have been and remain an area on which plaintiffs’ lawyer have been focused. A recently filed securities class action lawsuit underscores the significance of environmental issues and the connection of these issues to corporate liability exposures.

 

On April 30, 2015, plaintiffs’ lawyers filed a securities class action lawsuit in the Middle District of Florida against Rayonier Advanced Materials (RYAM) and certain of its directors and officers. RYAM is a relatively new publicly traded company. It was formed as a result of the June 30, 2014 spin-off of the Performance Fibers Division of Rayonier, Inc.

 

The securities class action lawsuit relates to RYAM’s January 28, 2015 fourth quarter and full year earnings release (here). Among other things, in the press release, RYAM announced that it was increasing its reserve for environmental liabilities associated with discontinued operations by $69 million. This reserve represents the company’s estimate of its likely costs associated with the remediation and maintenance of disposed operational sites.

 

According to the plaintiffs’ lawyers’ May 4, 2015 press release (here), RYAM’s financial statement were misleading because the company had improperly recorded or failed to record its liabilities for environmental remediation and related obligations and failed to provide sufficient disclosures to investors to permit “meaningful evaluation of the true scope and extend of the environmental remediation and related liabilities, which were associated with decades of environmental pollution.”

 

The plaintiffs’ complaint (which can be found here) specifically alleges that:

 

(1) Defendants incorrectly accounted for RYAM’s remediation and long-term monitoring and maintenance for environmental liabilities; (2) as a result, the Company understated its Environmental Reserves; (3) as a result, the Company did not record appropriate reserves as required by GAAP; (4) as a result, the Company did not disclose a range of possible reserves for probable and reasonably estimable environmental remediation and related liabilities as required by GAAP; (5) as a result, RYAM did not properly estimate known and probable environmental remediation obligations as required by GAAP; and (6) as a result, RYAM did not maintain adequate internal and financial controls.

 

The complaint also alleges that RYAM misled investors about the demand for its product, and that contrary to the company’s representations, demand for acetate was slowing. The complaint further alleges that the company made misrepresentations regarding the debt incurred in connection with the spin-off.

 

As this case and other recent case filings show, environmental issues are an area of increasing focus for plaintiffs’ lawyers. As I have noted, a number of these environmentally focused shareholder lawsuits have proven to be viable. At a minimum, these cases underscore the fact that reporting companies’ environmental compliance disclosures are facing increasing scrutiny, making the quality of the environmental disclosures increasingly important. As I noted in connection with the recent shareholders derivative lawsuit involving Duke Energy, environmental concerns can also lead to mismanagement claims based on alleged breaches of fiduciary duties.

 

The typical D&O liability insurance policy will contain an exclusion for loss arising from claims for pollution and environmental liabilities. However, many of these exclusions also contain a provision carving back coverage for shareholder claims. This case shows the importance of this kind of coverage carve back. The carve back ensures that directors and officers hit with this kind of shareholder suit filed in wake of an environmental incident are able to rely on their  D&O insurance to defend themselves against the shareholder suit.

 

In recent years, a number of D&O insurance carriers have introduced policy forms that eliminate the pollution exclusion altogether but that also incorporate into the policy’s definition of “Loss” a provision stating that Loss will not included environmental remediation or cleanup costs.

 

An April 28, 2015 article in Corporate Counsel entitled “D&O Insurance for Environmental Liability Exposures” (here) discusses the D&O insurance issues relating to environmental liability in more detail

dealReps and Warranties insurance has been available for several years now, but there is no doubt that more recently there has been an increase in the product uptake. Indeed, according to an April 29, 2015 article from George Wang of the Haynes and Boone law firm (here), reps and warranties insurance “has gained popularity as a tool to decrease transaction liability exposure in M&A transactions” and more recently there has been a “dramatic increase” in the use of reps and warranties insurance products.

 

As I have detailed in prior posts (for example, here), reps and warranties policies can preserve deal value by shifting potential liability for breaches of transaction representations and warranties discovered after deal closing. In exchange for an upfront payment, the policy may reduce or eliminate the need for seller escrows or holdbacks for contingent liabilities – an arrangement that could be particularly attractive in the current low interest rate environment. Although the policies are available either for the buyer or the seller, most policies are buyer-side policies.

 

According to the law firm memo’s author, there are a number of reasons why these insurance products have become more popular. The most basic reason involves simple economics – “the cost to obtain coverage today is significantly lower than the premiums charged even five years ago.” At the same time, the market for reps and warranties has “expanded greatly” (and is growing larger all the time).

 

In addition to these economic considerations, there are several other reasons why the product has become more popular: first, there has been an increase in what the author describes as “middle-market deals” (that is, deals ranging from between $25 million and $2 billion), as opposed to “mega public deals.”

 

Second, private equity sellers increasingly are trying to limit their indemnity exposure and limit escrow and holdback obligations. In addition, these private equity sellers may want to be able to close out their funds and fully distribute sales proceeds to their investors.

 

Third, in a consideration that I have seen becoming increasingly important, buyers in a competitive auction process are trying to use the inclusion of a reps and warranties policy (which would reduce the need for seller escrows and holdbacks) in a competitive auction process, as a way to enhance their bid relative to competitors.

 

Fourth, in what is also an increasingly important consideration, where a transaction involves a seller that the buyer considers a high-risk indemnitor or a foreign seller, the buyer may want to implement the reps and warranties insurance to avert a possible collection risk (such as when a seller based in a jurisdiction that my not offer reassuring means of recourse if a breach occurs). The law firm memo’s author notes that reps and warranties policies “can be particularly useful in the context of cross-border transactions … to facilitate middle-market transactions involving foreign buyers or sellers of domestic U.S.-based businesses.”

 

Fifth, reps and warranties insurance “may be attractive in situations involving multiple sellers who may have different levels of indemnity obligations to a prospective buyer (i.e., several versus joint and several liability) or in the case of an equity rollover transaction or partial management buyout situation in which a majority buyer may not want to seek post-closing claims against a continuing management team that comprises the selling group.” The insurance product avoids the possibility that the buyer might have to assert a claim against, and thus demotivating, the post-deal management team.

 

Another reason for the increased uptake of the product is that a recurring past concern about the insurance product can now be addressed through policy wording (at least when the product is properly put together). As I noted in prior posts (here and here), the have been recurring questions whether the product would provide appropriate protection for multiple-based damages – for example, where the damages are expressed as a multiple of a negotiated EBITDA. It is now possible in the marketplace for a buyer to obtain a policy allowing the recovery of damages based upon a multiple of earning, “but the parties must take care in negotiating the specific terms of the [insurance] and waiver of consequential, special, and indirect damage provisions, lost profits and diminution of earnings provisions in the underlying acquisition agreement to obtain the intended deal consequences.”

 

There are two more practical reasons why the product is increasingly popular. First, the process for obtaining a reps and warranties binder has been streamlined, and, second, there is now more of a track record of the insurers actually paying claims. The law firm memo’s author notes that “while claim history information is anecdotal, it is generally understood that claims are asserted in about 20 percent of issued policies and that most claims fall within the self-retention loss of the issued policies (1-2 percent of the enterprise value).” At the same time, “insurers recognize the necessity to pay, and to maintain their reputation for responding to, legitimate claims.”

 

M&A Transactions: Important Run-Off Insurance Issues: There are other important insurance issues involved when companies enter an M&A transaction. Care must be taken to ensure that the acquired entity is properly incorporated into the acquiring company’s D&O and E&O insurance. In addition, the acquired company’s D&O insurance and E&O insurance programs must be restructured into a run-off, or “tail” policies, so that liabilities relating to the acquired company’s operations prior to its acquisition are properly insured.

 

In an interesting May 1, 2015 memo (here), Thomas S. Novak of the Sills, Cummis & Gross law firm takes a look at the issues that can arise in connection with the selling company’s liability insurance program. The memo is interesting and addresses the key considerations that arise in connection with the selling company’s run-off insurance. The article also discusses related issues, such as the question of whether the insured should give a notice of circumstances that could give rise to a claim prior to the deal date. Novak is correct when he states at the conclusion of his memo that “careful consideration of your existing insurance program, risk profile and future business strategy is essential to avoid unexpected gaps in coverage.”

 

While I recommend Novak’s memo, I do disagree with him on one issue that is a point of emphasis in his memo. Indeed, in memo’s title, he asserts that “delegating M&A insurance issues to a broker is risky business.” He adds, to underscore how supposedly risky it is to rely on an insurance broker, that “the bottom line is that an insurance broker does not know corporate law or your business as well as you do.”

 

With all due respect to Novak, I think his emphasis on the danger of relying on an insurance broker is off the mark. It has been my privilege as an insurance broker to work with many outside counsel while they represented many different companies, and in many cases these lawyers are quite knowledgeable about insurance issues. By and large, however, these lawyers generally lack day-to-day knowledge of the insurance marketplace. Even lawyers that have very detailed knowledge about the insurance issues and other legal considerations have limited knowledge about the mechanics of the D&O insurance procurement process; of the various carriers in the marketplace and of their peculiarities of their expectations and practices; and of the range of likely possibilities available from any given carrier in any given circumstances. Only a knowledgeable and experienced insurance broker can address these and the many other practical factors involved in any insurance transaction.

 

Novak would have been providing better advice if, rather than trying to scare company officials about how dangerous it is for them to rely on their insurance brokers, he had communicated that the best approach is for companies to ensure that their brokers and their outside counsel work together collaboratively.

 

The most important consideration when it comes to insurance brokers is for companies to make sure that they have knowledgeable and experienced brokers involved in their insurance placement. Indeed, if companies have appropriately knowledgeable and experienced brokers involved, there usually is no need for the companies to incur the additional expense of involving outside counsel – as in fact is the case for many of our clients and the clients of other knowledgeable and experienced brokers.

 

Ten FCPA Facts You Need to Know: Here at The D&O Diary, we are big fans of the FCPA Professor Blog (here), which is written by Southern Illinois University Law School Professor Mike Koehler. We recommend the blog as one of the best resources available on all things relating to the FCPA. In addition, Professor Koehler has also published an interesting May 1, 2015 paper entitled “Ten Seldom Discussed Foreign Corrupt Practices Act Facts that You Need to Know” (here). His paper provides a number of interesting observations about the FCPA, including its limitations and its differences from similar anti-corruption laws in other jurisdictions, and what he characterizes as the SEC’s and DoJ’s questionable track record in enforcing the statute. The article is worth a read.

insurancepolicyI make it my business on this blog to try to write about the latest developments and current trends in the world of D&O, but I think that every now and then it is a good idea to step back and take a look at the bigger picture. For example, let’s consider the standard D&O Insurance policy form. A D&O insurance policy is usually a lengthy document with detailed terms and conditions. The details are extremely important. But when you boil it all down, the insurance provided by the D&O policy comes down to a few very basic things.

 

The basic value proposition of D&O Insurance is that, subject to all of the other policy terms and conditions, it provides coverage for

  • Loss
  • Arising from Claims made during the policy period
  • Alleging a Wrongful Act
  • Against an Insured acting in an Insured Capacity
  • That is not otherwise excluded under the policy

These five items are easily stated, but they are also the source of a very large percentage of the coverage disputes that arise under D&O policies.

 

For starters, in order for there to be coverage, all five of these requirements must be met. To cite one recurring example, it is not enough to trigger coverage merely that Loss has been incurred; there must also be a Claim. Policyholders sometimes struggle with this, out of the belief that if they are incurring legal fees, they ought to be able to recover under the insurance policies. However, it is not enough to trigger coverage if the policyholder is incurring legal fees. There must also be a Claim within the meaning of the policy. The policyholder may have concerns, say, about a possible legal dispute, and as a result, the policyholder may have hired counsel. But the concern itself is not a claim. The concern may be sufficiently concrete for the policyholder to provide the carrier with a notice of circumstances that may give rise to a claim. But the provision of a notice of circumstances only establishes the claims made date (as any subsequent claim will be deemed first made as of the date of the notice). The provision of a notice of circumstances by itself in not a Claim and does not trigger coverage. Not only would there be no coverage for any legal fees incurred before there is a Claim, but the fees incurred before a Claim is made would not even be applied to satisfy the retention amount.

 

Another example of a situation where there is no coverage unless all five requirements are met is a situation where there is a Claim but no Wrongful Act has been alleged. This might happen if, say, the policyholder is served with a subpoena. The carrier may contend that the subpoena is not a Claim. Some policyholders have succeeded in arguing that a subpoena is a Claim. However, even if a policyholder is successful in arguing that the subpoena is a Claim, the policyholder may face the further argument from the carrier that the subpoena does not allege a Wrongful Act.

 

In addition to the requirement that the action involved must meet the policy’s definition of Claim, the Claim must be first made during the policy year in order for there to be coverage. While it might seem that figuring out the claims made date should be pretty straightforward, it can often be a source of problems. An example of a situation where problems might arise is when the lawsuit is merely the final step in the course of a long-running dispute that involved numerous threatening letters and demands that took place before the policy incepted. Another example of a situation where problems can arise is where a complaint is filed before the policy period but not served until after the policy has incepted  (an example of this situation is when a claimant files a qui tam action; the complaint may be filed years before it is finally served on the policyholder, as discussed here).

 

Coverage is also available only for Insured Persons. Questions can sometimes arise about the status of persons who are named as defendants in a complaint. For example, as discussed here, is the individual an officer of the company or merely an employee? Is the person an officer of a joint venture or other enterprise that is not a subsidiary of the company?

 

In order for the claim against an individual to be covered, the Insured Person must also have been acting in an Insured Capacity at the time of the alleged Wrongful Acts. Problems can emerge, for example, if at the time of the alleged Wrongful Acts the person was acting in a personal capacity rather than in their capacity as a director or officer of the company. Another example involves a situation where a representative of a private equity firm sits on the board of one of the firm’s portfolio companies. Questions may arise, depending on what is alleged, about whether at the time of the alleged Wrongful Acts the person was acting as a representative of the private equity firm or in his capacity as a director of the portfolio company. These kinds of issues can be a particular problem if the policy is worded so as to require that the insured person was acting “solely” in an Insured Capacity (which in turns shows why the inclusion of the word “solely” is so undesirable).

 

The policy exclusions obviously can also be important to the question of whether or not there is coverage. Some exclusions are simply meant to make the D&O Insurance policy fit in with policies in the policyholder’s insurance program. For example, the typical D&O insurance policy will exclude bodily injury and property damage, as those matters are addressed in the policyholders CGL policy. The D&O insurance policy will also exclude claims under ERISA, as those claims are covered under the fiduciary liability policy.

 

Some exclusions are meant to preclude coverage for certain kinds of claims. For example, most D&O insurance policies preclude coverage for claims by one insured against another insured. The purpose of the exclusion is to preclude coverage for claims that involve in-fighting or that may be collusive. However, the exclusion usually has numerous exceptions that carve-back coverage for certain types of claims. Whether or not any particular claim is precluded from coverage will depend not only on what is alleged and by whom and against whom, but also the specific wording of the exclusion.

 

In some instances, it may not be clear at the outset of the claim whether or not a particular policy exclusion is applicable. An example of this is a claim alleging fraud. Most D&O insurance policies have exclusions precluding coverage for fraud. However, mere allegations alone are not sufficient to trigger the exclusion. Depending on the specific wording of the clause, the exclusion may only be triggered if there has been an adjudication that the fraud has taken place. That is why at the outset of the claim the insurance carriers will issue a so-called reservation of rights letter. The carrier’s letter is meant to inform the policyholder that in the event it turns out that the events involved in a claim do in fact trigger the exclusion, the carrier will then seek to deny coverage and enforce its other rights under the policy.

 

In the end, while the basic value proposition of a D&O insurance policy simply stated , the actual operation of the policy will still depend on a wide variety of factors. Whether or not any particular matter is covered could prove to be a complicated question. Thus, even though the basic insurance mechanism of the D&O Insurance policy can be boiled down to a short list of items, the policy itself and its operation can be complicated. The specific wording of these basic provisions, and of all of the other policy terms and conditions, can determine whether or not the policy’s coverage is triggered.

 

Because of this complexity, it is critically important for insurance buyers to enlist the assistance of an experienced and knowledgeable insurance advisor in their purchase of D&O insurance. Among the most important ways for policyholders to try to ensure that the policy responds when a claim arises is enlist the assistance of a knowledgeable advisor in their insurance purchase, so that the policy contains the terms and conditions most favorable to coverage.

 

Readers interested in reading more about the basic nuts and bolts of D&O insurance will want to review my “Nuts and Bolts of D&O Insurance” series, which can be found here.

 

Skadden logo 5.1.2015On April 30, 2015, the New York Court of Appeals heard oral argument in a mortgage-backed securities-related case in which the court must consider when the statute of limitations begins to run for claims of breach of contractual representations and warranties. The range of possible outcomes of the case include an interpretation of the statute of limitations that could  lead to a new wave of RMBS repurchase litigation that otherwise would be time-barred.  In the following guest post, Robert Fumerton and Alexander Drylewski of the Skadden, Arps, Slate Meagher & Flom law firm discuss the oral argument and consider the possible implications. A version of this post previously was published as a Skadden client alert.

 

I would like to thank Robert and Alexander for their willingness to publish their article as a guest post on this site. I welcome guest posts from responsible authors on topics of interest to readers of this blog. Please contact me directly if you would like to submit a guest post. Here is Robert and Alexander’s guest post.

 

***************************************** 

 

On Thursday, April 30, the New York Court of Appeals heard oral argument in ACE Securities Corp. v. DB Structured Products, Inc., a closely-watched case that will have far-reaching implications for residential mortgage-backed securities (RMBS) repurchase litigation and potentially beyond.  While it is impossible to predict with certainty how the Court will ultimately rule when it issues its decision (which likely will be later this year), the key points raised by the Court during oral argument suggest that it may be leaning towards a ruling that accords with New York’s long-held goals of promoting finality and predictability in commercial business affairs.

 

The critical question in ACE is when the statute of limitations begins to run for claims of breach of contractual representations and warranties.  Defendant DB had argued – and the New York Appellate Division, First Department, held – that the six-year limitations period begins to run on the date that the representations and warranties were breached (i.e., on the date that they were first made).  The trustee, on the other hand, argued that the limitations period does not begin to run until the plaintiff demands that the defendant cure or repurchase the allegedly breaching loans pursuant to the contract’s remedy provision and the defendant refuses to comply.  Because the vast majority of RMBS transactions that are the subject of repurchase litigation closed in 2007 or earlier, any new repurchase actions would be time-barred by New York’s six-year statute of limitations if that limitations period began to run upon closing.  If, however, the Court of Appeals holds that the limitations period does not begin to run until a defendant refuses to comply with plaintiff’s repurchase demand, we could expect to see a new wave of RMBS repurchase litigation that otherwise would be time-barred.

 

Breaches Occurred At Closing

 

During Thursday’s oral argument, much of the discussion focused on whether the alleged breaches of representations and warranties occurred on Day 1 of the RMBS transaction (i.e., upon closing), or whether they could occur at some later point in time.  DB argued that the representations and warranties were either true or false on the date they were made.  As a result, any alleged breaches could only occur on Day 1 of the transaction and the statute of limitations for breach of contract must expire six years from that date.  Indeed, RMBS representations and warranties typically relate to the characteristics of the mortgage loans, including the loan-to-value ratios and occupancy status of the underlying properties, as well as whether the loans complied with the applicable originator underwriting guidelines.  These are static characteristics that cannot be altered or change in the future.

 

Many of the Court’s questions centered around this issue.  Significantly, the trustee had no answer to the most critical question raised by the Court – i.e., whether it could provide any example of a breach of representation or warranty that could occur after the transaction closed.  The only specific example that the trustee offered was a situation where the borrower’s employment status was misstated.  But this is precisely the type of representation that is either true or false on Day 1 – a borrower’s employment status at the time of closing cannot later “become” false through subsequent events.

 

The trustee also argued, in vague terms, that the materiality of any breaches of representations and warranties may not become known until some time after closing.  In support of this position, the trustee emphasized that RMBS investors had no duty to conduct due diligence on the loans at issue.  But this argument is, in essence, an attempt to import a “discovery rule” into New York’s statute of limitations.  New York case law is well-settled that the limitations period for breach of contract claims begins to run on the date of breach regardless of whether or when the plaintiff may have discovered the breach.  This principle is further reflected in N.Y. CPLR 206(a), which states that where a demand is necessary in order to institute a breach of contract suit, “the time within which the action must be commenced shall be computed from the time when the right to make the demand is complete” – not the time when demand is actually made.  By focusing on the investors’ inability to discover potentially breaching loans, the trustee framed its position as contrary to long-standing New York law regarding statute of limitations accrual.

 

Separate Breach or Remedy?

 

The trustee repeatedly emphasized during oral argument that its claims were not for breach of representations and warranties, but for the failure to repurchase the breaching loans.  A defendant’s obligation to repurchase breaching loans, however, is an agreed-upon contractual remedy for breaches of representations and warranties – not an independent promise.  Put another way, any dispute over whether a defendant should repurchase a breaching loan is really nothing more than a dispute over whether that loan in fact breaches the defendant’s representations and warranties in the first place.

 

In light of this, the Court of Appeals’ decision could have consequences that go well beyond the world of RMBS litigation.  It is commonplace for parties to include in their contracts exclusive remedy provisions similar to the cure-or-repurchase provision at issue in ACE.  Parties generally agree to such provisions as a way of limiting the potential liability of a party making representations and warranties in the event that any representations or warranties turn out to be untrue.  A ruling by the Court of Appeals that these remedy provisions can trigger a new, independent limitations period would run contrary to the parties’ intent to limit liability, and could result in parties to such provisions facing increased liability through an indefinite statute of limitations.

 

Policy Considerations

 

One of the well-established goals of New York’s statute of limitations jurisprudence is to promote certainty and predictability in commercial business affairs, as evidenced by New York courts’ rejection of the “discovery rule” for breach of contract claims.  Indeed, Chief Judge Lippman appeared to recognize this important consideration during the oral argument in ACE.  Delaying accrual of the statute of limitations until a time when the plaintiff discovers the breach could lead to open-ended potential liability and raise concerns regarding the degradation of sources of proof.

 

Despite these concerns, the trustee argued that RMBS plaintiffs should have the unilateral right to determine when the statute of limitations begins to run simply by deciding when to demand repurchase.  The mortgage loans underlying most RMBS transactions, however, have 30- or 40-year terms.  If the Court of Appeals were to rule that the statute of limitations does not begin to run until repurchase is demanded and refused, RMBS defendants could potentially face liability for decades after the transactions closed.  Such a regime is antithetical to the certainty and predictability for which New York jurisprudence strives.

 

In response to these policy considerations, the trustee argued that the inability to demand repurchase throughout the life of the underlying loans would negatively affect investors’ willingness to purchase RMBS.  But in 2007, RMBS investors were presumably aware that under New York law, the statute of limitations begins to run on the date of breach without regard to their discovery.  If the parties had wanted to ensure protection for the life of the loans they could have drafted contractual language giving rise to a continuing obligation by DB to repurchase the loans.

 

*   *   *

The issues raised by the Court of Appeals during oral argument suggest that it is keenly focused on New York’s longstanding jurisprudence regarding accrual and its goals of finality and predictability.  In light of those goals, as well numerous other legal and policy considerations, the Court of Appeals should hold that New York’s six-year statute of limitations for breach of contract claims begins to run on the date that the contractual  representations and warranties were first made, not on the date of a defendant’s refusal to comply with the parties’ agreed-upon remedy provision.

 

 

 

–By Robert Fumerton and Alexander Drylewski, Skadden, Arps, Slate, Meagher & Flom LLP

 

Robert Fumerton is a partner and Alexander Drylewski is an associate at Skadden, Arps, Slate Meagher & Flom’s New York office.

Scotusseal
U.S. Supreme Court

On April 27, 2015, in a development that could have significant implications for a wide variety of class action lawsuits, the United States Supreme Court granted the petition of for a writ of certiorari of online search firm Spokeo. The cert grant sets the stage for the Court to consider whether Congress may confer Article III standing on a plaintiff who had suffered no specific or concrete harm but who alleges a violation of a federal statute. Depending on which way the Court rules, it could have very significant impact on class action lawsuit under a wide range of consumer protection statutes. It could also have significant implications for the proliferating lawsuits alleging online privacy violations.

 

Well-established and time-honored legal principles have established  that Article III of the U.S. Constitution requires that  in order for a claimant to be able to pursue an action in federal  court, the claimant must have “standing” – that is, as discussed here, “the party seeking to sue must personally have suffered some actual or threatened injury that can fairly be traced to the challenged action of defendant and that the injury is likely to be redressed by a favorable decision.”

 

In the Spokeo case, an individual sued the company under the Fair Credit Reporting Act, claiming that information Spokeo had gathered about the plaintiff and published on its website was incorrect. Spokeo argued that the plaintiff lacked standing to assert his claim because he did not allege any concrete harm. The district court agreed and granted Spokeo’s motion to dismiss, holding that the plaintiff had failed to allege an “injury-in-fact” and therefore lacked Article III standing. However, in a February 4, 2014 opinion (here), the Ninth Circuit reversed the district court, holding that the plaintiff’s allegations that his statutory rights had been violated alone were sufficient to satisfy Article III’s standing requirement.

 

In its cert petition, Spokeo framed the question it sought to have the Court address as follows: “Whether Congress may confer Article III standing upon a plaintiff who suffers no concrete harm, and who therefore could not otherwise invoke the jurisdiction of a federal court, by authorizing a private right of action based on a bare violation of a federal statute.”

 

As Alison Frankel notes in her April 27, 2015 post on her On the Case blog (here), Spokeo’s counsel in the case had argued in Spokeo’s cert petition that the Supreme Court’s answer to the question the company has posed will affect class action lawsuits not only under the Fair Credit Reporting Act, but also the Telephone Consumer Protection Act, the Americans with Disabilities Act, the Truth-in- Lending Act and numerous other federal statutes authorizing consumers to file damages actions.

 

Several technology companies, including Facebook, eBay, Yahoo, and Google, submitted a joint amicus brief in support of Spokeo’s petition in which they argued that they would be particularly harmed if plaintiffs who have not been injured can file class action lawsuits for damages. They argue that if any of the hundreds of millions of their daily users can file a damages lawsuit based solely on alleged statutory violations without any actual injury, they could be subject to massive class actions filed purportedly on behalf of many users who suffered no harm and may even be unaware the alleged statutory violation took place.

 

Another important area to consider with respect to the potential impact of this case is discussed in an April 27, 2015 post on the Privacy & Security Law Blog (here). As the blog’s authors note, this case could have “vast consequences for online privacy cases.” In an April 28, 2015 post on the McDonald Hopkins law firm’s litigation blog (here), Richik Sarkar adds that the case could have important implications for cases “stemming from data breaches and cyber-attacks.”

 

As Alison Frankel observed in her blog post, “Big businesses have been complaining for years that these laws give plaintiffs and their lawyers an unfair advantage because they can assert statutory damages claims for hundreds of millions of dollars on behalf of thousands of consumers who suffered no concrete harm.”

 

If the Supreme Court reverses the Ninth Circuit and holds that a plaintiff must alleged an a concrete injury in order to establish Article III standing, and that a mere alleged statutory violation alone is insufficient to establish standing, it could, as discussed in an April 28, 2015 memo from the Troutman Sanders law firm (here), “mean the death-knell of ‘no harm’ class action lawsuits that have proliferated under statutes that allow for statutory damages without proof of actual harm.”

 

For their part, the plaintiffs’ advocates who oppose Spokeo’s position argue that the supposed distinction between injuries-in-fact and injuries-in-law are meaningless, and that the availability damages for violations of legal right has long been a part of our legal system. When Congress statutorily classifies identified matters as legally cognizable injuries it is merely codifying principles of harm.

 

In any event, this case, which will be argued and decided in the Court’s term beginning in October 2015, will be one to watch. Big business has a rooting interest in this case, in which they hope to see Spokeo prevail. There is of course no way of knowing for sure, but the mere fact that the Court granted cert in this case could be interpreted to suggest that the Court will reverse the Ninth Circuit and lower the boom on these type of “no injury” lawsuits. In its brief submitted in response to a request from the Court in connection with Spokeo’s cert petition, the U.S. Solicitor General’s office had argued that the Court should not grant the cert petition because the Ninth Circuit had correctly decided the issue. The fact that the Court granted the cert petition despite the SG’s brief suggests, at a minimum, that the cert grant is at odds with the government’s position, and may also be interpreted to suggest that at least four members of the Court (the number required to grant cert) disagree with the SG and consider the Ninth Circuit’s opinion to be wrong.

 

SEC Chair Mary Jo White Praises and Defends  Whistleblowers: In an April 30, 2015 speech  on the topic of the SEC whistleblower program delivered at the Corporate and Securities Law Institute at Northwestern University Law School (here) , SEC Chair Mary Jo White  said, among other things, “in the post-financial crisis era when regulators and right-minded companies are searching for new, more aggressive ways to improve corporate culture and compliance, it is past time to stop wringing our hands about whistleblowers.  They provide an invaluable public service, and they should be supported.  And, we at the SEC increasingly see ourselves as the whistleblower’s advocate.”

 

Delaware Bill to Ban Fee-Shifting Bylaw Introduced: On April 29, 2015, a bill was introduced in the Delaware Senate that would ban fee-shifting bylaws for Delaware stock corporations (non-stock corporations would continue to be able to adopt fee-shifting bylaws). Even though the bill was just introduced, the battle over the bill has already begun. The U.S. Chamber of Commerce’s Institute for Legal Reform is circulating a letter from its President criticizing the proposed legislation, and arguing that the ability to adopt fee-shifting bylaws will help companies fight abusive litigation. The debate over the proposed legislation, which has in fact been going on for months, is likely to get louder as the proposed legislation moves forward.

 

Disability Lawsuits: The April 25, 2015 issue of Economist Magazine has an article entitled “Hobbling Businesses: A  Law Designed to Help People with Disabilities Enriches Lawyers Instead” (here), which comments on the growing phenomenon in the U.S. of lawsuits seeking damages for alleged violations of the American with Disabilities Act. The article notes that the Department of Justice’s ADA implementing regulations, which went into effect in 2012, are “well-meaning but confusing.” The government largely leaves that enforcement of the regulations up to people with disabilities, using litigation as the enforcement mechanism. The result is what the article describes as a “cottage industry” of ADA lawsuits.

 

Specifically, the article notes, with respect to lawsuits filed by disabled persons, that

 

More than 4,430 reached federal courts in 2014 – a 63% rise in one year, according to new data from Seyforth Shaw…. Many more cases rattle around state courts; most end in a confidential settlement. The lion’s share took place in California … and Florida (which has a high concentration both of lawyers and of frail elderly residents). … More lawsuits may soon be on the way, as the Justice Department is expected to apply new ADA rules to websites in June. For example, each picture must have text describing it, so that the screen-reader programmes can tell blind people what is there.

 

Readers will note that in anticipation of the new ADA rules, I added a caption to the image at the top of the post. The new rules may not go into effect until June, but might as well get used to the requirements now.

 

Blessed Be the Peacemakers: Overheard today — “I’m still hoping Mayweather and Pacquiao can figure out a way to settle their differences without fighting.” Amen, brother. Too much violence in the world as it is.