illinois3Under the applicable Illinois statute, an insurer may seek to rescind a policy if it was procured by an application misrepresentation if the misrepresentation was “made with the actual intent to deceive or materially affects either the acceptance of the risk or the hazard assumed by the company.” But even if rescission is otherwise warranted, may the insurer rescind the policy even as to an “innocent insured” who was unaware of the application misrepresentation? That was the question raised before the Illinois Supreme Court in Illinois State Bar Association Mutual Insurance Company v. Law Offices of Tuzzolino and Terpinas. In a February 20, 2015 opinion (here), the Court rejected the ruling of the intermediate appellate court, which had applied the “innocent insured” doctrine to preserve coverage for a law firm partner who was unaware of the a misrepresentation in the law firm’s legal malpractice insurance renewal application, and held that the insurer was entitled to rescind the policy as to all insured persons, even the innocent insured. As discussed below, I have a problem with the circumstances this case presents.  

Background 

Sam Tuzzolino, a partner in the law firm of Tuzzolino and Terpinas, represented Anthony Coletta in a several lawsuits referred to as the Baja litigation. Coletta later alleged that his claim in one of the Baja lawsuits was undermined because Tuzzolino failed to timely identify an expert witness on valuation issues. Coletta also alleged that in a separate lawsuit Tuzzolino failed to file the complaint before the statute of limitations expired. When Coletta confronted Tuzzolino about these concerns, Tuzzolino allegedly offered $670,000 to settle any potential claim of legal malpractice. (Coletta never received the money.)

 

Less than three months later, Tuzzolino completed an application to renew the law firm’s malpractice insurance. Question 4 on the form asked “Has any member of the firm become aware of a past or present circumstance(s), act(s), error(s) or omission(s), which may give rise to claim that has not been reported?” Tuzzolino checked “no” and signed his name as “owner/partner,” beneath the following statement “I/We affirm that after an inquiry of all the members of the applicant firm that all the information contained herein is true and complete to the best of my/our knowledge and that it shall be the basis of the policy of insurance and deemed incorporated therein upon acceptance of this application by issuance of a policy.”

 

Terpinas contends he first became aware of Tuzzolino’s malfeasance shortly after the application was submitted, when the law firm received a lien letter from an attorney representing Coletta. Terpinas reported the claim to the malpractice insurer, which in turn filed a lawsuit seeking rescission of the policy based on the application misrepresentation.

 

The circuit court granted the insurer’s motion for summary judgment holding that the insurer was entitled to rescind the policy. However, the intermediate appellate court reversed the lower court, holding that because Terpinas was an “innocent insured,” the policy should not have been rescinded as to him, based on its conclusion that a common law “innocent insured doctrine” applied to misrepresentations made on the renewal application. The insurer appealed the intermediate appellate court’s ruling to the Illinois Supreme Court.

 

The February 20, 2015 Opinion

On February 20, 2015, in a majority opinion written by Justice Charles Freeman, the Illinois Supreme Court reversed the intermediate appellate court’s opinion and affirmed the judgment of the circuit court rescinding the policy in its entirety. Justice Thomas Kilbride dissented.

 

Terpinas argued that it would be “patently unfair” to apply the rescission to him, as he was unaware of the application misrepresentation. In making this argument, he relied on the common law innocent insured doctrine, which as recognized by Illinois courts allows an insured who is innocent of wrongdoing to recover despite the wrongdoing of other insureds.

 

The Court rejected the applicability to the innocent insured doctrine to the rescission question in this case. The Court said that coverage cases applying the doctrine “usually involve the enforcement of policy exclusions” adding that “the innocent insured doctrine makes sense in that context because the insured’s innocence is relevant to whether an intentional act invokes an exclusion to coverage. But the innocent insured doctrine appears irrelevant to rescission, a recognized remedy for even innocent misrepresentations.”

 

The Court said that “unlike in a rescission case, the innocence of an insured matters a great deal when another insured’s wrongdoing triggers a policy exclusion, and a dispute arises over whether the insured has a duty to defend the innocent insured under a policy that indisputably was in effect.” But the issues of insurance coverage governed by common law rules of policy language interpretation are “significantly different from the question of whether an insurance policy should be enforced in the first place.” The court added that 

 

In the case of a misrepresentation that materially affects the acceptance of the risk, the issue is the effect of that misrepresentation on the validity of the policy as a whole. A misrepresentation on the policy application goes to the validity of the policy as a whole. The innocent insured doctrine, on the other hand, has a narrower focus, typically dealing with situations where an insured’s wrongdoing triggers a policy exclusion, and the question is whether the insurer has a duty to defend the innocent insured under a policy that is still in effect.

 

The Court also rejected the argument of Terpinas that the clause the Court described as the “severability clause” requires a different result. The clause provides, among other things, that “The particulars and statements contained in the Application will be construed as a separate agreement with and binding on each Insured.” The court concluded that “even if the policy is treated as a separate contract with each insured, there is nothing to permit the application – or the misrepresentation it contains – to be split off from an individual contract it contained.”

 

In dissent, Justice Kilbride said he would have applied the innocent insured doctrine here, reasoning that the doctrine “operates to preserve insurance coverage if a reasonable person would not have understood that the wrongdoing of a coinsured would be imputed to him.” Justice Kilbridge said that, because the coverage had first incepted in 2005 and had been continuously in place through the time of the 2008 application that had the misrepresentation, Terpinas had a “reasonable expectation” that he was insured and that his policy would remain in effect.

 

Justice Kilbride added that “nothing in the policy explicitly stated each insured would face rescission of their professional liability insurance coverage due to a misrepresentation by another member of the firm.” If the insurer intended to impute the wrongdoing of Tuzzolino onto Terpinas, Kilbride reasoned, it should have expressly stated so in the terms of the policy.

 

Finally, Justice Kilbride said that he was “troubled by the scope of the consequences resulting from the majority’s holding on other law firms and especially midsize and large firms,” where an application misrepresentation could cause rescission as to each and every attorney.

 
Discussion 

There is a serious problem with what happened here, but it isn’t any of the concerns that Kilbride identified in his dissent, or at least the problem isn’t exactly the ones Kilbride identified – although the anxiety Kilbride expresses about the possibility that in a larger law firm, every attorney’s legal malpractice coverage could be a risk of rescission if the application contains even a negligent misrepresentation, is as Kilbride correctly says, troubling.

 

Before I get to the serious problem lurking here, I want to comment on Kilbride’s suggestion that if the insurer intended to impute the application misrepresentation of one partner in the law firm to another partner at the law firm, it should have said in the policy that it was going to do so.

 

Kilbride could review a universe of policies before he would find any policy with the type of imputation clause he proposes. Indeed, in recent times, quite the reverse type of clause has become common in many types of management and professional liability insurance policies. In these types of provisions, the policy states that in determining the effect of an application misrepresentation, coverage is precluded only for individuals with knowledge of the misrepresentation, and further that the knowledge of others will not be imputed to anyone else. So, rather than the type of imputation clause Kilbridge proposes many policies now have non-imputation clauses. (Many policies are also expressly non-rescindable, and a misrepresentation only precludes coverage, but it does not vitiate the contract of insurance). If this law firm’s policy had had this type of non-imputations provision, Terpinas might have been able to preserve his coverage under the policy.

 

Which brings me to what I see as the real problem here – the misrepresentation on which the insurer relied in seeking rescission was in a renewal application. In an application for the renewal of a claims- made insurance policy, the insurer should not be asking and the policyholder should not be answering a question about the existence of acts, circumstances, errors or omissions that could give rise to a claim. 

 

A claims made insurance policy covers claims made during the policy period based on acts that occurred at any time (usually subject to a past acts or retroactive date). It is appropriate for the insurer to ask the known circumstances question when the coverage first incepts, as the insurer should not be asked to cover known claims. But after the coverage is in place, when it comes up for renewal, it is no longer appropriate for the insurer to ask the known circumstances question. The renewal policy should provide coverage for claims made during the renewal policy period, even if the claims involve wrongful acts that occurred before the renewal policy incepted (and after the retroactive date). 

 

If the insurer is able to ask the known circumstances question in a renewal application and use that as a defense to coverage – or as here as the basis of a policy rescission — the claims made policy is converted into a sort of hybrid occurrence/claims made policy, where coverage is secure only when a claim made during the policy period involves only acts that occurred during the policy period. At a minimum, by asking the known circumstances question, the fundamental notion that coverage under a claims made policy should apply to claim made during the policy period regardless of when the acts underlying the claim occurred is defeated. 

 

In my humble opinion, the problem with this case is that the insurer should not have been asking the known circumstances question. If as should have been the case the question had not been asked, there would have been no misrepresentation on which the insurer could base its rescission case.

 

I do not mean to find fault with anyone who was involved in this policy renewal. The insurance marketplace in 2008 was different than it is today, and the marketplace for small law firms is in some ways its own sphere. I do not mean to judge former circumstances by today’s standards or by conditions applying elsewhere but perhaps not here. But even allowing for all of that, I find the inclusion of the knowledge question in a claims-made policy renewal application surprising, troubling, and arguably inconsistent with the very nature of claims made coverage.

 

In his dissent, Kilbride sensed this problem. He pointed out that the coverage had been in place for three years prior to the renewal in connection with which the application misrepresentation had been made. He didn’t get to the point that the known circumstances question should not have been asked in the first place, but he was on the right track with his suggestion that after the renewals the insureds had a reasonable expectation of coverage. Of course, even though the question shouldn’t have been asked, it was answered, and there was little that could be done about it by the time the case came before Justice Kilbridge and the other members of the Illinois Supreme Court.

 

Rescission has been a hot button issue in the management liability insurance industry for nearly fifteen years. Policy language and policy practices about insurance application and application misrepresentations have evolved significantly during that time. Many of the industry changes in recent years have made rescission much less likely than it once was. However, as this case demonstrates, rescission remains a very serious issue. For that reason, the importance of the relevant language and of the application process cannot be overlooked. 

For an earlier post in which I discussed the problem with asking the prior circumstances question in a renewal application, refer here

Break in the Action: I am on the road for the rest of this week so there will be a break in the publication schedule for The D&O Diary. Normal publication will resume next week.

 

gavelnewOne of the most distinctive corporate and securities litigation trend in recent years has been the surge in M&A-related litigation, with virtually every deal attracting at least one lawsuit. This trend continued again in 2014, according to a recently updated study from Matthew Cain, an economic fellow at the SEC, and University of California Berkeley law professor Steven Davidoff Solomon. As reflected their February 20, 2015 paper entitled “Takeover Litigation in 2014” (here), takeover litigation continued at a “steady state” and at an extremely high rate during 2014. Lawsuits were brought in 94.9% of takeovers in 2014 versus 39% in 2005. The 2014 figures are consistent with but slightly down from the filings in 97.3% of all takeovers in 2013. Continue Reading Takeover Litigation Continued at Heightened Levels in 2014

stocks_bondsWhen the topic is securities class action litigation, what is usually considered are lawsuits brought under the federal securities laws by shareholders. By way of illustration, when considering the extent of a company’s potential exposure to a future securities class action lawsuit, the starting point is usually the company’s market capitalization (that is, the number of its publicly traded shares multiplied by its current share price).

 

However, holders of publicly traded debt also have rights to pursue liability claims under the federal securities laws for material misrepresentations and omissions. According to a recent academic study, bondholder securities suits are more significant than may be recognized, and they could become increasingly important in the future. The extent of this potential liability exposure to bond holders could require a recalibration of the securities litigation risks of companies that have publicly traded debt.

 

In a February 19, 2015 post entitled “Bondholders and Securities Class Actions” on the Harvard Law School Forum on Corporate Governance and Financial Regulation (here), UCLA Law Professor James Park summarizes his longer scholarly paper of the same title. Based on his analysis of securities class action lawsuit settlements, Professor Park concludes that “bondholders are playing a greater role in securities class actions than previously recognized” and that this role “is likely to grow.”

 

Park examined 1660 securities lawsuits filed from 1996 through 2005. Park found that it was difficult to determine just from the initial filings whether or not bondholders were part of the class. In addition, he determined that looking only at cases where bondholders explicitly are named as plaintiffs underestimates the number of bondholder plaintiffs because some classes are defined in a way that might include bondholder plaintiffs. Park concluded that the most accurate way of measuring bondholder involvement in securities class actions was to search for bondholder recoveries by reviewing notices of settlement. In this way, Park identified many more cases where bondholders recovered than cases where bondholders were named as plaintiffs.

 

Of the 1660 securities cases in Park’s database, 1152 settled for some amount. Of those 1152 settled cases, 64 involved a bondholder recovery, a substantially higher number than cases where bondholders were specifically named as plaintiffs. In addition, the settlements of the later filed cases reflected a higher level of bondholder participation in the settlements than did the settlements of the earlier filed cases. Park found that for cases filed during the 1996-2000 period, three percent of cases involved bondholder recoveries. However, for cases filed during the period 2001 to 2005, nearly eight percent of the settlements involved bondholder recoveries. (The number of cases with settlements in the two periods was slightly different but fairly close; there were 542 settlements of cases filed during the period 1996 to 2000 and 610 settlements of cases filed during the period 2001-2005.)

 

In addition, Park also found that settlements involving bondholder recoveries were frequent in the largest securities class action lawsuit settlements. Four of the five largest securities class action lawsuit settlements involve bondholder recoveries, as did seven of the top ten and nineteen of the top thirty settlements. (In a footnote, Park says only that “it is unclear whether there is any causal relationship between bondholder recoveries and the size of securities class action settlements.”)

 

Many of the bondholder class actions raise allegations of distinct harm to bondholders. For the largest settlements, bondholder recoveries are primarily driven by credit downgrades, where a rating agency concludes that the issuer is at greater risk of defaulting on its debt. Fifteen of the nineteen largest bondholder settlements (79%) involved a credit downgrade. Bondholder class actions also often arise out of bond sales where risks were not adequately disclosed to bond purchasers. Both situations can involve transfers of wealth from bondholders to shareholders – as, for example, where a troubled company attempts to keep itself afloat (protecting shareholders) through an debt offering, or where a company pursues a risky strategy (which if successful would reward shareholders, through a higher share price) financed by a debt offering.

 

Park concludes that the growing involvement of bondholders in securities class action actions is likely to continue. Park found that in 1996, the first year in his securities suit filings database, less than 10 % of suits filed sought a recovery for non-shareholder plaintiffs. Over the next decade, however, it became routine for a securities class action lawsuit to allege claims on behalf of all investors of the company’s publicly traded securities. By 2005, close to half of securities class action lawsuits brought claims on behalf of such a broader class.

 

Professor Park’s paper also makes a number of interesting observations about the corporate governance implications of the bondholder involvement in securities class actions. Among other things, he notes that bondholder class actions highlight how fraud harms non-shareholder constituencies. A bondholder class action provides a remedy for reckless decisions that might well have benefitted shareholder, arguably providing a deterrent to this type of conduct.

 

Finally, Park suggests that certain aspects of these bondholder lawsuits arguably militate in favor of treating bondholder class actions differently than shareholder class actions. Among other things, the fraud-on-the-market hypothesis might have to be modified for bondholder claims, since bondholders rely not on the market price and the integrity of the market (since bond trade much less frequently than shares); rather, bondholders rely on credit ratings. Park argues that to the extent a fraud substantially distorts a credit rating, courts ought to presume that bondholders uniformly relied on the credit rating. Park also contend that in cases where bondholders rely on theory of harm distinct from that of shareholders, bondholders ought to be represented in a distinct sub-class with its own separate and independent counsel.

 

Discussion

Park’s analysis is very interesting and provides a different perspective on the potential securities litigation exposure that companies with publicly trade debt may face. The reason the article’s perspective feels so different may be owing to the fact that there has been little prior research on the topic of the settlement of securities claims by bondholders. Indeed, Price himself states that his article is “the first to present extensive data on bondholder actions.”

 

At a minimum, it is clear that Park’s conclusions need to be taken into account when assessing the potential securities litigation exposure of companies that have publicly traded debt securities. For starters, Park’s analysis underscores the fact that companies whose only publicly traded securities are debt securities may face securities liability exposures to debt holders. In addition, Park’s analysis highlights the fact that when assessing the extent of the potential securities liability exposure for a company that has both publicly traded shares and publicly traded debt, the debt needs to be considered.

 

This latter point may have important implications when it comes to limits selection issues. (By “limits selection,” I mean the process of determining the appropriate D&O insurance limits of liability for any given publicly traded company.)

 

Typically, the starting point for thinking about limits selection is a company’s market capitalization – that is, the number of its shares that trade publicly multiplied by its share price. The company’s market cap is typically used as the starting point of the analysis because it is basis on which the potential settlement of a future class action lawsuit might be conjectured. Professor Park’s analysis suggests that market capitalization alone is not a sufficient starting point for thinking about the potential securities litigation exposure. His analysis suggests that the extent company’s publicly traded debt also needs to be taken into account.

 

This potential importance of taking publicly traded debt into account for purposes of limits selection is underscored by the fact that, as Park’s analysis shows, bondholder participation in class action settlements tends to be associated with the larger settlements. This suggests that in assessing worse and worst case scenarios – always an important part of limits selection analyses – the possibility and extent of bondholder participation in a possible future securities class action settlement needs to be taken into account. That is, in order to select limits likeliest to be able to respond to those worse and worst case scenarios, the possibility that bondholder claims as well as shareholder claims will have to be funded as part of a class action settlement will need to be taken into account.

 

Break in the Action: The D&O Diary is going to be out of the office on travel next week (the week of Feb. 23 to Feb. 27) and during that period the normal publication schedule will be disrupted. The normal publication schedule should resume in early March, when I will be back in the office.

 

 

 

filings piileIt is now well-established that pretty much every M&A deal attracts at least one lawsuit from a shareholder objecting to the transaction. According to research by Notre Dame business professor Matthew Cain and Ohio State law professor Steven Davidoff, 97.3% of all takeovers in 2013 with a value of over $100 million experienced at least one shareholder lawsuit. The lawsuits usually are filed almost immediately after the transaction is announced. Whether or not all of the transactions actually warrant litigation is a topic worthy of a separate blog post, but the fact is that in each case at least one shareholder is prepared to allow his or her name to be put on the lawsuit — which in turns raises the question of how it comes about that the shareholders in whose name the lawsuits are filed become plaintiffs in these cases.

 

The role of the named plaintiffs in these cases is an interesting one, and anyone interested in the topic will want to review Reuters reporter Tom Hals’ February 18, 2015 Special Report entitled “TV Stock Picker Leads Onslaught of Class Action Suits” (here). In his article, Hals take a close look at the M&A litigation blitz that has been waged in the name of Hilary Kramer, an investment newsletter author who has published a number of financial books and articles and who appears on Fox Business News.

 

Kramer, Hals reports, is “the most litigious of all American individual investors who have sued to block buyout deals,” according to a Reuters analysis of court cases dating back to 2011.

 

According to Hals, Kramer has been the named plaintiff in over 40 merger objection lawsuits since 2011. At least six more were filed either by her husband or her hedge fund, Greentech Research. Their total of 46 lawsuits, which were filed in 17 states, is at least 50 percent greater than that of the individual who had filed the second-most lawsuits in the Reuters analysis. Most of the cases were filed within six days of the deal announcement and settled within two months of being filed. In all of the cases, Kramer, her husband and her firm were represented by the same law firm.

 

Kramer and her husband were appointed lead plaintiff or co-lead plaintiff at least 19 times. Fifteen of the 19 cases in which she or her husband were named as lead or co-lead plaintiff settled for the disclosure of more details about the deal negotiations, with no money going to shareholders. The four other cases were dismissed at the plaintiffs’ request.

 

While neither the shareholders nor the companies involved in Kramer’s lawsuits received any payment in the settlements of these cases, the law firm that filed all of the lawsuits earned at least $14 million in fees in the cases in which Kramer or her husband had the lead role.

 

As Hals puts it, “it is unclear exactly what Kramer gained from all this.” Hals found from searching court records only once instance where Kramer received a payment, a $2,000 fee award given by a California judge to compensate her for her time in one of the lawsuits she filed. Kramer told Hals that she was upset by the terms of the transactions that led to the lawsuits she filed. She also said that she wanted to show the subscribers to her newsletter that “I’m going to flex my muscles and show strength and lead for them.”

 

However, Hals was able to find only one reference to an investor lawsuit in her investor newsletter; in December 2011 she mentioned in connection with the sale of the Morton’s Restaurant Group that “an investor has sued” but that “these types of suits almost never have any impact.” Hals notes that Kramer did not mention in the newsletter that she was the investor who brought the suit.

 

Hals also recounts an instance where one day after “trumpeting” a buyout in her newsletter, Kramer filed a lawsuit against the company involved, alleged that the company had agreed to a sale price so low that it would cause shareholders “irreparable harm.”

 

There are a number of problems when a single investor becomes a serial plaintiff. The first is that it creates the impression that the law firm is making use of the plaintiff rather than the other way around. In his article, Hals recounts that in a 2013 hearing , then Delaware Chancellor Leo Strine refused to accept a settlement in a merger objection case that Kramer had filed. The lawsuit related to a merger transaction involving Transatlantic Holdings, a company in which Kramer held only two shares. Strine reportedly said, of Kramer’s small holdings in the company, “I think that makes plaintiff Kramer not typical of any kind of rational investor in the company,” adding that “I don’t have any confidence, unfortunately, that there is a real plaintiff behind this.” Kramer told Reuters that she was unaware of Strine’s ruling and that she was a valid investor advocating on behalf of other Transatlantic shareholders.

 

There have been more insidious relations between plaintiffs firms and repeat plaintiffs in the past. As Hals notes in his article, several partners of the Milberg Weiss law firm were indicted in 2006 based on allegations of improper kickbacks from the law firm to plaintiffs on whose behalf the firm had filed lawsuits.

 

Hals says that in an interview, Kramer said she did not receive any money from the plaintiff law firm that who filed the suits on her behalf.

 

Hals’s article quotes a lawyer from the law firm that represented Kramer in the merger objection lawsuits as saying that “Kramer is a sophisticated investor who has pursued shareholder advocacy through litigation,” adding that “A lot of well-know activists employ the same law firms to file lawsuits against multiple companies.”

 

However, while it may be as the lawyer asserts that activist shareholders employ the same law firm on multiple occasions, others have raised concerns before about the reappearance of the same investor as a shareholder lawsuit plaintiff. These concerns have arisen even when the serial plaintiffs is an institutional investor, and even when the source of the objection is another plaintiff law firm.

 

For example, in the 2012 battle between plaintiffs’ firm to try to represent that plaintiff class in the J.P Morgan Chase “London Whale” lawsuit, one of the competing plaintiffs’ firms objected to the other firm’s involvement in the case because (as discussed in an article in Forbes at the time), the other firm represented what the objecting firm called a “professional plaintiff,” the Louisiana Municipal Policy Employers’ Retirement System. The Forbes article’s author commented that the objection “has some merit,” noting that the fund is “either the unluckiest or most litigious investor in America,” given that it has filed 49 securities lawsuits over the preceding two years, sometimes at a rate of two or three a week. On the other hand, the article’s author notes, the plaintiff that the objecting firm represented had filed more than 40 suits since 2003.

 

Our system of civil litigation operates on the assumption that a lawsuit begins only when an aggrieved party feels that the appropriate redress for a perceived wrong is to invoke the judicial authority of our courts. This assumption includes the expectation that a person who is motivated enough to file a lawsuit will be committed to controlling the lawsuit and to directing his or her lawyer. The presence of a serial plaintiff not only raises the inevitable question of the independence and volition of the actor on whose behalf the lawsuit nominally is brought. It also tends to undermine the seriousness or arguably even the legitimacy of the supposed wrongs that are the alleged basis of the lawsuit. When a plaintiff alleges the same legal violation over and over again, it degrades the value of allegation and threatens to bring the entire system into disrepute. More to the point, the repetition of the same allegation by the same claimant raises the question of whether there is in fact a real dispute.

 

There are some procedural controls that are intended to try to manage this sort of thing, at least in securities class action lawsuits filed in federal court. The Private Securities Litigation Reform Act has a provision that limits a shareholder to acting as a lead plaintiff five times in a three-year period. The concerns about the institutional investor plaintiff in the London Whale case noted above does, as the Forbes article notes, make something of a “mockery” of the rule. In addition, this provision only applies to federal court securities suits. It doesn’t apply to state court merger objection lawsuits.

 

While there are no state law provisions of the type found in the PSLRA that might constrain a serial merger objection lawsuit plaintiff, companies have started to take steps to try to protect themselves from these kinds of suits. Concerns about the kind of litigation that Kramer filed are what has been motivating companies to adopt litigation reform through the revision of their bylaws. For example, concern about multi-forum merger objection litigation is one of the motivations for companies to adopt forum selection bylaws. In addition, other companies have adopted “fee shifting” bylaws that would require unsuccessful claimants in shareholder suits to pay their adversaries fees. Other proposed bylaw provisions include mandatory arbitration provisions (about which refer here) and even minimum stake to sue bylaws (refer here).

 

Shareholder advocates may decry these kinds of litigation reform bylaws as inconsistent with shareholders rights and as inimical to shareholders’ ability to supervise company management through litigation. However, the movement toward the adoption of litigation reform bylaws is an understandable response to a situation where every transaction attracts a lawsuit. The attempt by shareholder rights activists to try to resist these provisions and to try to uphold the rights of shareholders to pursue lawsuits against company managers are seriously undermined by the situation that Tom Hals describes in his interesting and well-written article.

 

 

seclogoA number of factors might be supposed to affect the SEC’s exercise of its judgment in deciding which firms to investigate. Some possibilities that immediately come to mind are the nature and seriousness of the suspected problem; the way the problem came to the agency’s attention; and the availability of resources to investigate the problem. However, at least according to a recent academic study, some other, more unexpected factors might be at work as well. Among other things, the SEC’s determination of which companies to investigate may be the result of political pressure arising from the electoral process.

 

In his December 22, 2014 paper entitled “Government Preferences and SEC Enforcement” (here), Harvard Business School Professor Jonas Heese examines the question whether the SEC’s determinations of which firms to investigate reflect political pressure on the SEC from the White House and Congress in response to voters’ interests, and in particular voters’ interests in full employment.

 

Because prior electoral research shows that employment conditions significantly affect electoral outcomes, elected government officials have an incentive to foster employment to ensure political support. An SEC enforcement action can significantly affect a company’s financial health and thus its ability to continue to maintain its labor force, and so the SEC’s enforcement actions could significantly interfere with the goal of elected officials of promoting employment. Heese asked whether political pressure as a response to voters’ interests for employment is reflected in the SEC’s decisions of which firms to investigate.

 

Heese used “labor intensity” as a proxy to identify firms that contribute to employment conditions and examined whether the SEC reduces its enforcement actions for labor-intensive firms. In his paper, Heese uses the term “labor intensive” to mean large employers and smaller businesses that employee a large number of people in relative terms and contribute to future employment. In the paper’s appendix, Heese explains that labor intensity itself is measured as a ratio of a firm’s number of employees to its total average assets, as compared to the comparable ratio for firms within the same SIC Code category.

 

Heese reviewed a sample of firms from the period 1982 to 2012 that were sanctioned by the SEC for violating Generally Accepted Accounting Principles as reported in Accounting and Auditing Enforcement Releases (AAER) and all other firms that did not receive an AAER over that period. He found that labor-intensive firms were less likely to be subject to an AAER. This conclusion held even after controlling for a firm’s size, performance, accounting quality, political contributions, the government’s partisanship, union membership, and other factors. This conclusion, Heese says, is “consistent with my hypothesis that voter’s interests drive political pressure on the SEC.”

 

Heese then sought to determine if he could identify any variations in the apparent enforcement sensitivity to voters’ interests. What he found was that SEC enforcement behavior changed during presidential election years. Specifically, the lower likelihood of SEC enforcement actions against labor-intensive firms is more pronounced in presidential election years and is concentrated in “politically important states” – i.e., closely contested states with high Electoral College counts.

 

Moreover, Heese also found that the lower-likelihood of SEC enforcement for labor-intensive firms is more pronounced if the firm is headquartered in a district of a senior congressman who serves on a committee that oversees the SEC.

 

In order to determine the stage in the process at which the SEC adjusts its enforcement actions against labor-intensive firms in order to accommodate elected officials’ preference for employment, Heese also examined whether labor-intensive firms are less likely to receive a comment letter. He found that labor-intensive firms are less likely to receive a comment letter, “suggesting that the SEC allocates fewer resources to reviews of labor-intensive firms, which might lead to fewer enforcement actions against those firms.”

 

There is the possibility of course that labor-intensive firms were investigated less frequently because of higher quality accounting at those firms. Heese used several various accounting quality factors that other academics have developed to control for a firm’s accounting quality. After running several tests to investigate whether labor-intensive firms have a better accounting quality and therefore fewer SEC enforcement actions, Heese found consistent evidence across all of the various factors used that labor-intensive firms actually have a lower accounting quality than their less-labor intensive peers. This suggests that the lower level of enforcement activity against labor-intensive firms cannot be explained by these firms having a higher accounting quality.

 

Heese suggests there are a number of ways the political pressures might influence the SEC’s decisions on which firms to investigate. The SEC is of course dependent on Congress’s budget decisions, and the budget decisions can be used to reward or punish agency decisions. With the advice and consent of the Senate, the President appoints SEC commissioners and can thus impact which political views are represented in the SEC. The commissioners and other key SEC employees often have political careers and their careers often depend on political support from the incumbent government. Finally, congressman and members of the presidential administration can actively intervene with an SEC investigation. As a result, Heese says, the SEC is likely to act in accordance with the preference of elected officials to foster employment, and thus to exercise its judgment of which firms to investigate in a way that favors labor-intensive firms.

 

It is hardly a surprise that an agency that is run by political appointees might be subject to politics. However, the suggestion that the political process might regularly influence the determination of which firms the SEC might investigate is something of a surprise. It does seem that if the regulated firms are to respect the SEC’s investigative and enforcement processes, the SEC should work hard to maintain the appearance of impartiality and even-handedness.

 

I will say that this paper, likely many academic papers these days, is thick with the language of mathematics. Because of the technical nature of much of the paper, it is very difficult for me to assess many of the critical aspects of the author’s analysis. Essentially, I am able to read and understand only his conclusions. As for the validity of his techniques and analysis, I am simply unable to judge.

 

Special thanks to Joe O’Neil of the Peabody & Arnold law firm for sending me a copy of Professor Heese’s paper.

weilThe disclosure of yet another massive cyber breach at yet another company has become a weekly occurrence. These recurring events have a number of implications, which include not only what companies need to do to try to prevent these kinds of events, but also how companies need to prepare in order to be able to respond if they are hit with a cyber breach. In the following guest post, Paul Ferrillo and Randi Singer of the Weil Gotshal & Manges law firm describe how company officials can evaluate their company’s cyber breach incident response and business continuity plans. A version of this article was previously published as a Weil client alert.

 

I would like to thank Paul and Randi for their willingness to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest blog post. Here is Paul and Randi’s article.

 

************************************************ 

 

“By the time you hear thunder, it’s too late to build the ark.” – Unknown

In November 2014 – just two weeks after Admiral Michael Rogers, director of the National Security Agency, testified to the House Intelligence Committee that certain nation-state actors had the capability of “infiltrating the networks of industrial-control systems, the electronic brains behind infrastructure like the electrical grid, nuclear power plants, air traffic control and subway systems”[i] – Sony Pictures announced it had experienced a major cyber-attack, one many sources believe was likely perpetrated by or on behalf of a nation-state. This destructive cyber-attack was a game-changer for corporate America because it became clear that hackers are not simply focused on credit card numbers or personal information. Indeed, the attack on Sony was designed to steal the Company’s intellectual property, disseminate personal emails of high-ranking executives, and destroy Sony servers and hard drives, rendering them useless.[ii]

What the events of 2014 proved to corporate America is that there are no fool-proof methods for detecting and preventing a devastating cyber-attack. As FBI Director James Comey eloquently put it, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”[iii]

Thus, it is absolutely critical to understand what kind of data a company collects, how the company uses, stores, shares, processes, protects, and disposes of information, and how to develop and evaluate a plan to respond to attacks that target these data. Proper planning can mean the difference between a news story that begins, “Sony has just announced that Sony Pictures Entertainment co-chairman Amy Pascal is stepping down from her post,”[iv] and one that announces a major cyber-attack, but concludes, “Anthem said it doesn’t expect the incident to affect its 2015 financial outlook, ‘primarily as a result of normal contingency planning and preparation.’”[v]

Proper planning includes incident response and information management business continuity planning, which are mission-critical. They are (or should be) part of a Board’s enterprise risk management duties, and they are particularly vital for certain federally-regulated entities with an obligation to protect consumer and client information and to keep it private. We have written in-depth elsewhere about incident response plans and their elements.[vi] Here, we set forth a high-level summary designed to help evaluate a company’s incident response and business continuity plans.

Incident Response Planning – You Can’t Defend What You Can’t See

            Given that 97 percent of the IT systems of companies surveyed globally have been breached,[vii] the question of how to protect a network from a breach is effectively a moot point. The better question is, how do you respond in the event of a breach when it occurs despite your best prevention efforts?

Incident response planning is exactly what it sounds like – a plan to detect and respond to indicators or actual evidence found on a network server or alert system that a malicious intrusion may be occurring.

In general, there are many indicators or precursors of a potential cyber-attack. Though there are far too many to list, potential triggers for a robust incident detection and response plan include:

  • A network intrusion detection sensor alerts when a buffer overflow attempt occurs against a database server.
  • Antivirus software alerts when it detects that a host is infected with malware.
  • A system administrator sees a filename with unusual characters.
  • An application logs multiple failed login attempts from an unfamiliar remote system.
    • An email administrator sees a large number of bounced emails with suspicious content.
    • A network administrator notices an unusual deviation from typical network traffic flows.[viii]

This non-inclusive list, based on the National Institute of Standards and Technology Computer Security Incident Handling Guide, illustrates one of the most basic challenges of working with advanced incident intrusion detection systems: they often generate thousands, if not tens of thousands of alerts of potential intrusions into a company’s computer network every day. In fact, one recent report notes that potentially actionable (i.e., “we better take a look at this”) malware intrusions could number in the thousands per day.[ix]

Even in the largest companies, resources are not unlimited, particularly given the shortage of skilled IT professionals in the marketplace today, so each company’s incident response plan will necessarily reflect certain compromises. However, recent events offer some basic principles as to how companies can and should lay out their incident detection and response plans from a “process perspective”:

  • Incident responders need to understand the “normal” behavior of their network. Logs kept by intrusion detections systems provide detailed reports from firewalls, intrusion detection devices, and network traffic flow activity meters.
  • Incident response handlers need to fully understand what is “normal” behavior on any given day and time, so that they then can determine what is “not normal” based upon any one particular alert. Visibility is one of the key issues to emphasize because no security system in the world will mean much if you can’t tell the difference between alerts to which you should respond and alerts to which you must respond. Often, breaches happen because critical alerts are overlooked amid the noise of numerous other alerts of lesser importance.
  • Firewall, intrusion detection, and network activity logs need to be maintained and accessible, so efforts can be made to correlate potentially malicious current activity with network activity in the past. It may be necessary to keep these logs handy for months, since many attacks take that long to be “noticed” by an unsuspecting company.
  • Cyber events need to be correlated quickly. Many times, this function can either be outsourced to a third party vendor, or it can be performed mechanically with an appropriate hardware solution that can analyze all of the alerts in real time.[x]
  • After reviewing evidence supplied by each of the above steps, incident response teams need objective criteria to determine which intrusions need to be escalated to a higher level and/or investigated further.[xi]
  • Finally, when a breach and/or exfiltration of customer or protected data is confirmed, a plan should be in place to quickly minimize the damage to your network infrastructure, your brand, and your customers and employees.

As there is no silver bullet in a constantly-evolving environment where hackers are often several steps ahead of cybersecurity professionals (or at least adapt quickly to new security measures), a lawyer conducting due diligence on a company’s incident response plan should evaluate the approach and process of the plan. Malware leaves signs or indicators of “bad behavior” on logs. Network traffic monitors may show spikes at unusual times, or even better, at regular intervals. A robust plan will have a process in place to correlate all of the indicators as quickly as possible and then escalate those more “suspicious” events for further review. In many cases, automated processes that correlate aggregated log data using “big data” analytics may be of particular benefit given the time-sensitive nature of event-response: any particular piece of malware could have devastating consequences if it is not quickly captured and eradicated.[xii]

Business Continuity Planning

Information management business continuity planning requires implementing procedures to recover data and information from a backup source as quickly as possible in order to get systems back online.[xiii] Business continuity planning was once the province of preparations for hurricanes, fires, and earthquakes, but in the wake of the devastating attack on Sony Pictures – as well as the companion announcement of the wiper malware attack on the Las Vegas Sands[xiv] – it is incumbent upon a company (and its board) to plan for the consequences of a severe cyber-attack, which might involve the loss of data, the loss of servers, the loss of computer hard drives, and even the loss of VoIP-based phone systems. As many have noted, “The biggest risk a company faces in today’s uncertainty of cyber-attacks is not being prepared.”[xv]

Volumes can be (and have been) written about business continuity planning in general. Vendors abound in this area, many claiming to offer the “best” back-up and business continuity procedures. And of course, every company (whether it is U.S.-based or multi-national, or a financial institution, broker-dealer or “brick-and-mortar”) is different when it comes to determining the most important elements of a business continuity plan, including which systems are critical to the organization, and how and when to bring them online. But in examining a company’s continuity planning for a cyber-attack, at least the following issues should be addressed:[xvi]

  1. Does the company have a written Business Continuity Plan?
  2. Has the company done a Business Impact Analysis that identifies the company’s most critical systems and the maximum downtime that can be tolerated if they go down?
  3. What are the company’s systems back-up procedures? How often is the full system backed up? Are back-ups maintained on the network? Has an “air gap” architecture been built into the company’s back up-procedures so that a cyber-attacker cannot attack system back-ups because they are segregated and being held off of the network?[xvii]
  4. Where are the back-ups held and how are they stored (network storage, external hard drives, or even in the cloud)?
  5. How long will the back-up media be maintained? How quickly can the company get to the back-up data when it is needed?[xviii]
  6. Once the back-ups are accessible, what are the company’s exact procedures for (A) obtaining whatever hardware is needed for the system restoration, (B) the restoration of the company’s critical operating systems and applications, (C) restoring other data to their then-known back-up state, and (D) testing the restored system to make sure everything is working properly?
  7. Finally, as many telephone systems are internet-based, a telephone recovery strategy also needs to be in place.[xix]

Like an incident response plan, a business continuity plan needs to be tested, the personnel responsible for implementing it need to be trained, and it should be periodically rehearsed so that all involved (including third-party or outsourced vendors) know their roles in getting the organization’s information management system back on line.[xx] Ideally, a plan should be put to the test through a full-scale functional exercise that includes a “full cut-over” and recovery to back-up data.

*          *          *          *

In many cases, the company that you are diligencing may be your own. It is indisputable that enterprise risk management is part of a director’s fiduciary duty to the organization and its shareholders. And cybersecurity today is undoubtedly part of enterprise risk management, and thus within a board of director’s oversight role:

The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control and expected standards of conduct. Management and the board of directors have the authority and responsibility to set the top priorities of the company. If being secure, vigilant, and resilient is not defined as a priority and communicated within the organization, there is little hope that the organization will deploy sufficient resources to protect its information systems and to respond to cyber events appropriately.[xxi]

Though the drafting of incident response plans and business continuity plans can be complex, the last 13 months of cyber-attacks have taught us both types of plans should be in writing, in place, practiced, tested, and ready to implement at any time. Taking the time to plan may well determine the fate of a company following a cyber-attack.

 

[i] See “NSA Director Warns of ‘Dramatic’ Cyberattack in Next Decade,” available here.  

[ii] See “Devastating malware that hit Sony Pictures similar to other data wiping programs,” available here.

[iii] See “Cyber Attacks on U.S. Companies in 2014,” available here.

[iv] See “Amy Pascal out as Sony Pictures co-chair,” available here.

[v] See “Health Insurer Anthem Hit by Hackers: Breach Gets Away With Names, Social Security Numbers of Customers, Employees,” available here.

[vi] See “The Importance of A Battle-Tested Incident Response Plan,” available here.

[vii] See “FireEye suspects FIN4 hackers are Americans after insider info to game stock market,” available here.

[viii] See NIST Computer Security Incident Handling Guide, Special Publication 800-61 (Rev.2) (2012), available here.

[ix] See “Security Case Study: Responsys,” available here. The same study notes that one large network it studied was getting 100,000-150,000 cyber “events” per day.

[x] See e.g. “An Adaptive Approach To Cyber Threats For The Digital Age,” available here (discussing one such advanced solution).

[xi] Indeed, for regulated investment advisers and managers, the April 2014 SEC Office of Compliance and Examinations announcement listed most of these process steps as “required” answers that a regulated entity will have to give at its next annual examination. See “OCIE Cybersecurity Initiative,” available here.

[xii] See e.g. “Big Data Analytics for Security Intelligence,” available here (noting “Big Data tools have the potential to provide a significant advance in actionable security intelligence by reducing the time for correlating, consolidating, and contextualizing diverse security event information, and also for correlating long-term historical data for forensic purposes.”).

[xiii] Note that both incident response planning and business continuity planning are both questions that are required to be answered as part of the SEC Office of Compliance and FINRA Street sweep programs that are currently ongoing as respects cybersecurity.

[xiv] See “Now at the Sands Casino: An Iranian Hacker in Every Server,” available here.

[xv] See “Why Companies Need a Business Continuity Plan,” available here; “Hurricane, Fire… DDoS? Make Cyber Threats Part of Business Continuity Planning,” available here.

[xvi] We again note the concept of business continuity planning is “fair game” when dealing with regulators. See SEC OCIE Cyber Security Risk Alert, at pg. 2 (“Please provide a copy of the Firm’s written business continuity of operations plan that addresses mitigation of the effects of a cybersecurity incident and/or recovery from such an incident if one exists.”).

[xvii] See e.g. “Black Hat Keynoter: Beware of Air Gap Risks,” available here (noting the positives and potential negatives of an “air-gapped” based back up system).

[xviii] The NIST “Contingency Planning Guide for Federal Information Systems,” Publication 800-34 Rev. 1, available here, also suggests that certain organizations may also consider an off-site facility to not only keep their back up data, but keep hardware available so that they can resume business operations from the off-site facility. Such a site would obviously be more expensive, but for larger companies it would certainly be a feasible option to resume critical options as soon as possible.

[xix] Id.

[xx] See SEC OCIE Cyber Risk Alert, at pg. 3 (“[Does] the Firm periodically tests the functionality of its backup system. If so, please provide the month and year in which the backup system was most recently tested.”).

[xxi] See “COSO in the Cyber Age,” available here.

gavel2015Over the past fifteen years, there has been a steady progression of corporate scandals, from Enron to options backdating to the excesses that led to the global financial crisis. These debacles were followed by waves of shareholder litigation. However, according to one legal scholar, the shareholder lawsuits all too often concentrate on enforcing legal duties on and imposing liabilities on the board of directors of the involved companies, to the exclusion of the officers whose misconduct led to their companies’ problems. As a result, the enforcement mechanism that shareholder litigation represents has not been effective in deterring corporate officer misconduct.

 

In a February 2, 2015 blog post on the CLS Blue Sky blog entitled “Legal Agency Costs: Our Preference to Sue Directors” (here) Oklahoma Law School Professor Megan Shaner contends that in pursuing shareholder litigation, plaintiffs’ lawyers tend to focus on director-specific actions. As also set out in greater detail in her longer scholarly article entitled “The (Un)Enforcement of Corporate Officer Duties” (here), Professor Shaner says that, despite the many high profile examples of officer misconduct, there is a near absence, even in Delaware, of case law discussing officers’ fiduciary duties. This suggests that these duties are not being enforced, at least by way of bringing lawsuits for violations. Shaner contends that in the absence of a functioning enforcement mechanism to hold officers accountable, the fiduciary duties imposed on officers will not have their intended constraining effect. She proposes several reforms to shareholder derivative litigation procedure, in order to remove possible impediments and disincentives for shareholder enforcement of officer fiduciary duties.

 

Shaner begins her longer article with a discussion of how over time a “culture of deference” to the actions and decisions of corporate officers has evolved. Senior corporate officials have, she contends, “all but subsumed” the board of directors’ role at the central corporate decision-maker. This in turn has led to all too many situations in which senior managers have put their interests ahead of those of the corporation. She cites as examples of this the Enron scandal, the options backdating scandal, and the events at Lehman Brothers and other firms the led to the financial crisis.

 

Shaner says “the recurring theme of officer malfeasance winding its way through the past fifteen years should not be ignored.” These events, she says, “raise corporate governance concerns and questions about perceived shortcomings in the current system of checks and balances on management power intended to deter misconduct and hold misbehaving managers accountable.”

 

Our legal system imposes fiduciary duties on corporate directors and officers. However, Shaner contends, the majority of decisions regarding the fiduciary duty doctrine has developed in the director context. There is “surprisingly little case law of commentary on the exact nature and scope of officer fiduciary duties.” The lack of officer fiduciary duty case law “raises questions regarding the effectiveness of the enforcement scheme.” It is, she says, not the fiduciary duties themselves but rather “the failure to enforce those duties as a constraint on officer power that has contributed to these instances of disloyalty and corruption.”

 

Shaner sees a direct link between the absence of fiduciary duty enforcement against corporate officers (as opposed to directors) and the recurrence of corporate scandals. The enforcement of legal obligations not only provides the means for punishing failures to discharge legal obligations, it also has “the corresponding benefit of incentivizing compliance with rules and regulations.” In order for fiduciary duties to have their “intending constraining effect on officer conduct – deterring misconduct and encouraging compliance ex ante as well as detecting and sanctioning misconduct ex post – it is important that the mechanisms in place to enforce those duties function effectively.”

 

Because, in the current corporate environment boards often lack the incentive and informational means to monitor management effectively, shareholders often provide the most effective monitoring of corporate officers and enforcing officer fiduciary duties. The primary enforcement mechanism available to stockholders, she says, is the derivative lawsuit. However, procedural rules often create significant hurdles for shareholders seeking to pursue derivative litigation.

 

Specifically, the demand requirement – taken together with the business judgment rule standards for the assessment of boards’ responses to shareholder litigation demands and the high standards associated with pleading demand futility – – mean at a minimum that the derivative lawsuit process is complex, lengthy and expensive, and ultimately very difficult to pursue successfully.

 

Shaner proposes reevaluating derivative litigation burdens in an effort to ensure stockholders have a meaningful enforcement mechanism available. In proposing derivative litigation procedural reforms, Shaner acknowledges “abuses by the defendants’ and plaintiffs’ bar, imposition of high litigation costs on the corporation, [and the] limited actual impact on promoting desirable behavior and agency costs.” Nevertheless, Shaner contends, the derivative lawsuit plays an important role in corporate governance, because “it is the most powerful tool available to stockholders in checking management power.”

 

In order to improve the ability of shareholders to monitor and enforce officer fiduciary duties, Shaner proposes two derivative litigation procedural reforms. First, she suggests that the demand requirement should be modified to excuse the demand requirement in certain circumstances and, second, that the role of the special litigation committee should be limited.

 

With respect to the demand requirement, she recommends excusing the demand requirement for stockholders that have one percent interest in the corporation, which she says would allow long-term holders of a corporation’s stock to file a derivative lawsuit without first having to satisfy the demand requirement. She proposes further that the extent of the ownership requirement would ratchet down as the length of the period of the shareholder’s ownership increases.

 

Shaner also proposes to limit or eliminate the role of the special litigation committee. She suggests that there should be a stronger presumption in favor of continuing derivative litigation lawsuits and a more searching judicial inquiry into special litigation committee, with a heavier burden on a committee to justify dismissal. She suggests as an alternative that the board’s ability to make use of a special litigation committee could disappear when the suit is brought by shareholders holding a certain percentage of the corporation’s stock pursues the suit.

 

In conclusion, Shaner contends that “reevaluating and relaxing derivative lawsuit requirements for stockholders will improve enforcement incentives and aid in ensuring that officers are being held accountable for their fiduciary obligations.”

 

Discussion

Shaner’s blog post is interesting and her longer article is scholarly and well-written, and I recommend both. However, while I recommend the articles, I must respectfully dissent from at least some parts of her analysis. In my view, the last thing the American economy needs is more litigation or litigation against more people.

 

First, I must admit my biases. The way I see it, our litigation system is the creation of lawyers – lawyers acting as legislators, lawyers acting as judges, lawyers acting as law school professors, lawyers acting as, well, lawyers. Not too surprisingly, the one group that litigation regularly and reliably rewards is the lawyers. From time to time there are meritorious lawsuits. All too often, however, litigation is a costly and burdensome waste of time, money and effort.

 

In my view, the ex post rationalization for derivative litigation is only arguable at best. The ex ante rationalization is even weaker. (By the way, why can’t legal scholars just say “before” and “after” like normal human beings?) Reducing her position to its bare essentials, Professor Shaner basically contends that there would be less corporate officer misconduct if there were more litigation against corporate officers, which would happen if it were easier to sue corporate officers. Her proposal is built on the presumption that more litigation against officers would deter officer misconduct. Personally, I think the conjecture that more litigation against officers would deter officer misconduct is speculative at best.

 

Let’s take a look at the record. After the era of corporate scandals such as Enron and WorldCom, there was a flood of litigation. A few short years later, we were treated to the unedifying spectacle of the options backdating scandal. The flood of litigation following the corporate scandals didn’t do anything to prevent or deter the subsequent backdating scandal. And by the same token, there was a massive amount of litigation following the options backdating scandal – almost all of it filed as shareholder derivative litigation – yet only a short time later, the global financial crisis followed. There were over 160 options backdating-related derivative lawsuits, but they did nothing to reform corporate behavior in the run up to the financial crisis.

 

The massive amounts of shareholder litigation following each of these scandals seem to have had little deterrent effect. The successive scandals happened just the same. Moreover, given the scale and nature of each of the succeeding scandals, I think it has to be seriously questioned whether the later misconduct could have been avoided if only a few more officers had been named as defendants in the earlier lawsuits. (And I should add here as an aside that in almost all of the more than 160 shareholder derivative lawsuits that were filed in the wake of the options backdating scandal, many of the corporate officers who received the backdated options were named as individual defendants. Their inclusion as defendants had no impact on the subsequent corporate misconduct that led up to the global financial crisis.)

 

I have spent much of the last twenty years since I left the active practice of law interacting with corporate officers and directors. I have to say that the deterrent effect from the threat of shareholder litigation is far weaker than legal academia assumes. Most directors and officers believe they will never get sued in a shareholder lawsuit. They look at the conduct that led to the scandals and to the lawsuits, and they say, I would never do anything like that, so I will never get sued. I will agree that those who have gotten caught up in litigation before take a different view, although even there many come away from the litigation convinced only that the system is flawed. Some former litigants are receptive to counsel on how to avoid future lawsuits, and so in that sense the shareholder litigation may have the kind of motivating and incentivizing effect that Shaner believes it to have. Overall the effect is far less than Shaner assumes.

 

I agree with Shaner that shareholder oversight may be the best way to avoid corporate officer misconduct. However, there are better ways to encourage and achieve shareholder oversight than through even more shareholder litigation against even more defendants. The solution (or at least a solution) may be through the involvement of more engaged activist shareholders.

 

Coincidentally, the cover story in last week’s Economist magazine addressed this very topic. In the February 7, 2015 magazine’s leader, entitled “Capitalism’s Unlikely Heroes: Why Activist Investors are Good for the Public Company” (here), the magazine discussed the increasingly effective new generation of activist investors that increasingly are a “force for good.” These activist investors have stepped forward to “fill a governance void,” which in turn has forced previously passive index fund and public pension fund investors to “become more active and more forward-looking.” According to the magazine’s longer cover article, activism is “a breath of fresh air in the stuffy, complacent world of the big American corporation.” Moreover, analysis shows that activist investor involvement has led to “a sustained, if modest, improvement in operating performance and better shareholder returns.”

 

Shareholder oversight through activism has advantages over oversight through litigation. Because an activist campaign cannot prevail without the support of other shareholders, there are natural mechanisms in place to constrain the process. There is less of a problem with agency costs and the kind of agency co-option that can happen in litigation when the lawyers take over the process.

 

Shaner does acknowledge — in the second paragraph of footnote 196 of her article — that “the emergence of institutional and activist shareholders as active participants in corporate governance has compensated for some of the collective action problems” that constrains shareholder oversight. However, in the text of her article, she says – explaining her preference for reformed derivative litigation as the preferred tool to improve shareholder oversight of corporate officer misconduct – that “the lack of economic incentives and other time, money and resource constraints continue to deter individual, institutional and activist shareholders alike, from engaging in consistent, meaningful monitoring of management.”

 

The recent Economist article is less skeptical about the promise and possibilities of activist shareholder involvement. Given the excesses to which shareholder litigation is prone, I would much rather see efforts to improve shareholder oversight focus on the proactive involvement of shareholders, rather than through further expansion of our litigation system.

 

To be sure, shareholder activism has its critics. The Economist article quotes the prominent corporate lawyer Martin Lipton as saying that activist shareholders are “having a serious impact on the economy and are an aggressive deterrent to investment, research and development and employee training.” The methods of many activist investors are not immune to excess, and can lead to even well-performing companies being targeted. But, again, because the activist investors can only succeed with the support of other shareholders, there are natural checks in the system against the worst of these effects. And the checks on activist shareholders are much more effective and direct than the checks on shareholder litigation excess.

 

I agree with Professor Shaner that more needs to be done to try to prevent corporate officer misconduct. Where she and I diverge is that I am against any proposed solution that will lead to more rather than less shareholder litigation. Litigation will not suddenly become a more effective deterrent mechanism if there is more of it or if corporate officers are named as defendants more frequently. Improved monitoring through increased shareholder involvement is a more promising method of trying to prevent corporate officer misconduct than is increased or expanded shareholder litigation, and it is less likely to lead to the inefficiencies and excess to which shareholder litigation is prone.

can flag 2The number of securities class action lawsuit filed in Canada during 2014 was consistent with the recent annual average number of filings, and because case filings exceeded case resolutions, the aggregate total of unresolved class actions continued to grow during the year, according to a February 10, 2015 report from NERA Economic Consulting. According to the report, which is entitled “Trends in Canadian Securities Class Actions: 2014 Update” (here), there are now a total of 60 pending securities class action lawsuits in Canada representing more than $35 billion in total claims. NERA’s February 10, 2015 press release about the report can be found here.

 

According to the report, there were eleven securities class action lawsuits filed in Canada in 2014, the same number as in 2013. While the number of filings last year is consistent with the average annual number of filing during the period 2009-2013 (11.4), it is below the record number of filings in 2011 (when there were 15 new cases filed). Of the 123 Canadian securities class action lawsuits filed between 1997 and 2014, 68 (or 55 percent) were filed just in the last six years.

 

In addition, over the last six years a total of 46 class actions have been filed against companies listed on the Toronto Stock Exchange (TSX), representing about three percent of that average number of companies listed during that time, for an annual average litigation risk of approximately 0.5 percent. (By way of comparison, in its 2014 report of U.S. securities class action litigation activity, NERA reported that the probability of a U.S. listed company being sued in a securities class action lawsuit was about 4.2% in 2014.)

 

Of the eleven securities suits filed in 2014, eight were filed in Ontario; one was filed both in Alberta and British Columbia; one was filed only in British Columbia; and one was filed in Quebec. Historically, 78 percent of all new securities class action lawsuits involve a filing in Ontario; 24 percent involve a filing in Quebec; and 20 percent involve filings in provinces other than Quebec. About 23 percent involve filings in more than one province.

 

Four of the eleven new lawsuits filed in 2013 also involve parallel class action lawsuits in the U.S. At the same time, there were five other U.S. securities class action lawsuits filed against Canadian-domiciled companies where there was no equivalent lawsuit filed in Canada. Since 2006, approximately half of all U.S. filings against Canadian companies correspond to a parallel claim in Canada.

 

Unsurprisingly given the importance to the Canadian economy of the mining and the oil and gas sectors, cases involving companies in those sectors “continue to account for a substantial share of new filings.” Seven of the eleven 2014 securities suit filings involved companies in the energy and non-energy mineral sectors. On the other hand, filings against companies in the financial sector have declined compared to prior years. During the period 2010 to 2014, about 14 percent of all new filings involved companies in the financial sector, compared to about 31 percent during the period 1997 to 2009.

 

Almost all of the 2014 filings involved claims asserted under the secondary market civil liability provisions of the provincial securities acts. In 2014, ten of the 11 new filings were Statutory Secondary Market cases, consistent with the filing trends since the statutory provisions came into force at the end of 2005. There have now been 63 cases filed asserting claims under these statutory provisions.

 

Of the 123 securities class actions filed in Canada between 1997 and 2014, nine (7.3 percent) have been dismissed as of the end of 2014. Of the 63 Statutory Secondary Market cases, three (4.8 percent) have been dismissed so far.

 

During 2014, a total of six Canadian class action lawsuits settled, for a total of approximately $38.4. Both the median settlement and the average settlement during 2014 were $6.4 million. Five of the six cases settled during 2014 were Statutory Secondary Market cases, for which the average settlement was $5.7 million and the median was $5.9 million.  

 

For the 50 settlements in NERA’s database that were entered between 1997 and 2014, the median settlement is $10.7 million. The average settlement among those 50 cases is $79.5 million, a figure that is inflated by two very large settlements involving Nortel Networks Corp.

 

Of the 50 settlements, 22 resolved Statutory Secondary Market cases, with an average settlement of $8.7 million and a median settlement of $7.0 million. Of these 22 settlements, 15 were domestic only cases and seven were cross-border cases. The 15 domestic only settlements averaged $6.8 million and had a median settlement value of $3.9 million. The seven settlements involving cross-border actions had an average settlement of $12.8 million – “about twice the amount of the typical settlement in domestic-only cases.” The median settlement value of these cross-border cases was $9.5 million.

 

At the end of 2014, 60 Canadian securities class action lawsuit remained unresolved, the largest number ever, and more than double the number of cases pending just five years ago and nearly three times the number as of the end of 2006. The 60 unresolved cases represent more than $35 billion in claims, including both claims compensatory and punitive damages. All but six of the 60 pending cases were filed in 2007 or later. As of the end of 2014, there were also a total of 21 cases pending in the United States against Canadian domiciled companies.

 

 

The report concludes by noting that the oil and gas sector is under pressure, as are the Canadian and world economies in general. The report notes that in the U.S. class action lawsuit filings have tended to increase during periods of economic upheaval. The report states that “Whether we will see a similar increase in filing in Canada following the next episode of economic volatility remains to be seen.”

japanJapanese companies have not always had set the standard for corporate governance, but a current initiative of the current governmental administration is trying to change that. As part of ongoing  efforts to try to revitalize the Japanese economy, an advisory committee to the country’s Financial Services Agency (FSA) has introduced a draft proposed corporate governance code that, when finalized, will apply to all companies listed on Japanese exchanges.

 

 

The current draft of the code, published in December 2014 and entitled “Japan’s Corporate Governance Code: Seeking Sustainable Corporate Growth and Increase Corporate Value over the Mid- to Long Term” (here), is presently in a public comment period. The final code is scheduled to take effect on July 1, 2015. A February 2015 memo from the Jones Day law firm entitled “Japanese Corporate Governance is Changing with the Adoption of a New Code in 2015” and describing the current draft of the code can be found here.

 

Japanese Prime Minister Shinzō Abe’s economic revitalization policies place a priority on the corporate governance of Japanese companies. As part of his administration’s revitalization strategy, a committee, known as the Council of Experts Concerning the Corporate Governance Code, was formed in June 2014 to propose a revised corporate governance code. The Council introduced the current draft for public comment in December 2014. The final version of the code will be announced in March 2015 and it will take effect on June 1, 2015.

 

The current draft identifies the objectives of the Code as follows:

 

It is important that companies operate and manage themselves with the full recognition of responsibilities to a range of stakeholders, starting with fiduciary responsibility to shareholders who have entrusted the management. The Code seeks “growth-oriented governance” by promoting timely and decisive decision-making based upon transparent and fair decision-making through the fulfillment of companies’ accountability in relation to responsibilities to shareholders and stakeholders. The Code does not place excessive emphasis on avoiding and limiting risk or the prevention of corporate scandals. Rather, its primary purpose is to stimulate healthy corporate entrepreneurship, support sustainable corporate growth and increase corporate value over the mid- to long-term.

 

Because the code aims to allow governance to be adapted to each company’s particular situation, the code takes a “principles-based approach” rather than a rules-based approach. The code is not legally binding, but it does take a “comply or explain” approach, pursuant to which companies must either comply with a principle or explain the reasons why it has not done so.

 

The current draft of the code provides five General Principles, each of which has several specific supplemental principles. The five General Principles are: Shareholder Rights and Equal Treatment of Shareholders; Proper Cooperation with Stakeholders; Proper Disclosure and Transparency; Responsibilities of the Board; and Shareholder Engagement.

 

General Principle 4 specifies that company board will fulfill their responsibilities in three ways: setting the broad direction of corporate strategy; establishing an environment where appropriate risk-taking by the senior management is supported; and carrying out effective oversight of directors and management from an independent and objective standpoint. The code also addresses the board’s role in the appointment and dismissal of management as well as with respect to executive compensation.

 

Interestingly, with respect to executive compensation, the Council of Experts expressed their concern that Japanese companies are too risk averse, and they suggest that the code should send a clear message about risk-taking in business operations and that executive compensation should provide proper incentives for healthy entrepreneurship. The Council urges boards to strike the proper balance of cash and equity compensation, and proposes that the compensation policy should be clearly disclosed.

 

In describing general principles regarding appropriate information disclosure and transparency, the draft proposes that companies should “strive to actively provide information beyond that required by the law,” including not only financial information, but also non-financial information “such as business strategies and business issues, risk and governance.” Because the information will serve as the basis for a dialogue with shareholders, the board should ensure that the disclosed information “particularly non-financial information, is accurate, clear and useful.”

 

Among other things, the draft code proposes “in order to enhance transparency and fairness in decision-making and ensure effective corporate governance” that companies should provide information about company objective; the company’s policies and procedures in determining remuneration of senior management and of the directors; and board policies and procedures for the appointment of senior management as well as for the nomination of directors.

 

The draft code contains a number of specific principles that are of particular interest. For example, Principle 2.4, entitled “Ensuring Diversity, Including Active Participation of Women,” states that “companies should recognize that the existence of diverse perspectives and values reflecting a variety of experiences, skills and characteristics is a strength that supports their sustainable growth. As such, companies should promote diversity of personnel, including the active participation of women.” This principle is particularly interesting in light of what the Economist recently called the “lowly status” of women in the Japanese workforce.

 

Principle 2.5 addresses the issue of corporate whistleblowing. The provision states that “companies should establish an appropriate framework for whistleblowing such that employees can report illegal or inappropriate behavior, disclosures or any other serious concerns without fear of suffering from disadvantageous treatment.” 

 

ausThere were a number of key class action litigation developments in Australia during 2014, according to a recent memo from the Jones Day law firm. Among other things, there were significant developments in particular in the securities class action litigation arena, according to the memo. The memo, which is entitled “Class Actions in Australia: 2014 in Review,” can be found here.

 

According to the memo, the largest class action settlement in Australia history took place in the 2014, in the Kilmore East-Kinglake bushfire class action. The case arise out of a 2009 fire in the state of Victoria in which 119 people died and many others were injured and over 1,800 homes and other properties were destroyed. The class action lawsuit was brought against the owner and operator of a power line, the company responsible for inspecting and maintaining the power line, and various entities of the State of Victoria responsible for managing forest lands, on behalf of those killed or injured or who suffered property damage in the fire. Following a 208-day trial, the case settled for A$494 million (including fees).

 

With respect to securities class action litigation, the memo states that “it remains clear that shareholder claims are very strong, with new entrants and established plaintiffs’ law firms and funders attempting to build class actions against a number of corporations.” The memo notes that “the first half of 2014 saw a spike in shareholder class actions, with a number of new entrants threatening or commencing proceedings, mainly around alleged continuous disclosure breaches.” In total during the year, nine actions were threatened and four were commenced.

 

The memo also discusses the A$69.45 million settlement of the Leighton Holdings Ltd. securities class action litigation. The claim was a follow-on lawsuit from a regulatory action taken by the Australian Securities Investment Commission which had resulted in A$300,000 in fines. The class action settlement amount is inclusive of A$3.9 for the applicant’s legal costs. The memo’s authors note that the Leighton class action provides “yet another example of regulatory action acting as a class action compass for plaintiffs law firms and litigation funders.”  The settlement, the memo notes, was noteworthy for a number of reasons, including in particular “the speed of the settlement” – the case had been subject to mediation within five months of commencement and the settlement had been reached within seven months of commencement.

 

 

As I have noted in the past, litigation funding is an important part of the class action litigation landscape in Australia. During 2014, there were a number of decisions from the Supreme Court of Victoria on the question of the roles that lawyers can take in funding class action litigation.

 

In the Treasury Wine Estates Limited litigation, a solicitor acting for the representative party that had commenced the shareholder litigation was also the representative party’s sole director and shareholder. The court found that in these circumstances there was a real risk that the solicitor could not give detached, independent and impartial advice, taking into account both the interests of the representative party and of the interests of group members. The trial court order that the solicitor be restrained from acting as solicitor for the class and that the proceedings be stayed while the individual acted in tandem as solicitor and shareholder.

 

The trial court declined to permanently stay the proceeding as an abuse of process.  However, the Court of Appeal ruled that because the litigation had been commenced for the purpose of generating legal fees rather than vindicating legal rights, it did represent an abuse of process and the action was permanently stayed.

 

In the Banksia Securities Class Action, the court was asked to consider whether a solicitor may properly act on behalf of representative party where the solicitor was the secretary and a director of the litigation funder. (The specific solicitor involved in the Banksia case was the same individual that had tried to act on behalf of the representative party in the Treasury Wine Estates Limited litigation.) The court held that a solicitor with a pecuniary interest in the outcome of the case, beyond their legal fees, should be retrained from acting for the lead plaintiff. The court found that the arrangement impinged – or had the appearance of impinging – on the integrity of the judicial process.

 

The authors note that in neither of these two cases did the courts find that the solicitor involved had actually violated a law or professional duty. Rather, the authors note, “the risk or appearance of a conflict was sufficient to require the lawyers to be restrained to protect the integrity of the judicial process.”

 

The memo suggests that “the debate over the funding of litigation, by both lawyers and third parties, will continue in 2015.”