californiaA probable accompaniment of the increased IPO activity during 2013 and 2014 is an increase in IPO-related litigation, as I have previously noted. There has already been one high-profile IPO-related securities suit filed this year, the securities class action lawsuit filed last week against the Chinese e-commerce giant Alibaba. And if the two additional new filings late last week are any indication, we are likely to see further IPO-related securities suit activity involving the IPO classes of 2013 and 2014. But interestingly, though the two most recent IPO-related securities suits allege violation of the federal securities laws, the cases themselves were not filed in federal court. Instead, the cases were filed in state court, in California.

 

A little bit of background will help explain these recent developments. Section 22(a) of the Securities Act of 1933 provides for concurrent state court jurisdiction for civil actions alleging a violation of the ’33 Act’s liability provisions. Section 22(a) specifies further that when an action is brought in state court alleging a ’33 Act violation, the case shall not be removed to federal court.

 

These provisions were significantly litigated in connection with state court lawsuits filed during the financial crisis, as discussed here. One question in particular was whether the provisions of SLUSA, requiring “covered class actions” to be litigated in federal court, pre-empt the concurrent state court jurisdiction provisions in the ’33 Act.  Suffice it to say here that the determinations of these issues were not uniform, but that in the Ninth Circuit, the state of the law seems to be that ’33 Act cases filed in state court in reliance on Section 22’s concurrent jurisdiction provisions are not removable notwithstanding the provisions of SLUSA. (I will stipulate that there is probably a great deal more that might be said on all of these issues, I am trying to summarize here so that the context of the recently filed cases may be generally understood).

 

In apparent reliance on the concurrent jurisdiction provisions, plaintiffs filed two IPO-related securities class action lawsuits last week in California state court.

 

First, on February 5, 2015, plaintiffs filed a securities lawsuit in California (Santa Clara County) Superior Court against A10 Networks, Inc. and certain of its officers. A10 completed its IPO on March 21, 2014. According to the plaintiffs’ lawyers’ February 5, 2015 press release (here), the company sold nine million shares in the IPO at $15 per share, and certain “Selling Shareholders” sold another 3.855 million shares, including the underwriters’ overallotment. The lawsuit purports to be filed on behalf of a class consisting of all persons or entities who purchased A10 Networks securities pursuant and/or traceable to the Registration Statement and Prospectus issued in connection with A10’s initial public stock offering.

 

The press release states that the complaint alleges that on October 8, 2014, the Company announced third quarter revenue of approximately $43.0 million to $43.5 million, below the company’s prior guidance of $48.0 million to $50.0 million. On this news, shares of A10 Networks fell $3.35, or 42%, to close at $4.55 on October 8, 2014, or more than $10 per share below the company’s IPO share price.

 

Second, on February 6, 2015, plaintiffs filed a securities class action lawsuit in California (San Francisco County) Superior Court against Xoom Corp. and certain of its directors and officers. Xoom completed its IPO on February 14, 2013. The complaint purports to be filed on behalf of all shares purchased in or traceable to the initial public offering.

 

The complaint against Xoom relates to the company’s January 5, 2015 filing on form 8-K (here), in which the company announced that “On December 30, 2014, Xoom Corporation (the “Company”) determined that it had been the victim of a criminal fraud. The incident involved employee impersonation and fraudulent requests targeting the Company’s finance department, resulting in the transfer of $30.8 million in corporate cash to overseas accounts. As a result, the Company expects to record a one-time charge of $30.8 million in its fourth quarter of 2014.” The Company also announced that its Chief Financial Officer had resigned and that the board’s audit committee had launched an independent investigation.

 

According to the plaintiff’s lawyers’ February 7, 2015 press release (here), the complaint alleges that the company and certain of its directors and officers “made false and misleading statements and failed to disclose that its internal controls were deficient.”

 

There are a number of interesting things about these two new lawsuits. I should hasten to add that at this point I have only seen the plaintiffs’ law firms’ press releases about the suits. I have not yet been able to get my hands on the actual complaints that were filed. (I would be grateful if any readers out there that have a copy of either complaint would be willing to forward me a copy. I will of course update this post with links once I do get copies of the complaints.)Based on the press releases, I note the following.

 

UPDATE: The Xoom state court complaint can be found here. Interestingly, and notwithstanding the non-removal provision in Section 22 and the current state of case law in the Ninth Circuit, the defendant has filed a petition to remove the Xoom state court action to United States District Court for the Northern District of California. Thanks to a loyal reader for sending me both documents.

 

FURTHER UPDATE: The A10 Networks state court complaint can be found here. Thanks to yet another loyal reader for sending me the A10 Networks complaint.

 

First, though I expect that the securities lawsuit against A10 was filed in reliance on the ’33 Act’s concurrent jurisdiction provision, the press release at least says not that action asserts liability claims under the ’33 Act; rather, the press release says that the complaint alleges “violations of the federal securities laws under the Securities Exchange Act of 1934.” I have to assume that this was an error in the press release. (There are, in fact, some other rather obvious errors in the press release; for example, the press release says that the complaint was filed in the “United States California Superior Court, Santa Clara County,” which obviously is a goof.) I suspect that contrary to the press release the complaint itself asserts claims not under the ’34 Act, but rather under the ’33 Act. It is not just that the claimants’ claims purport to relate to the company’s IPO, and therefore presumably would support ’33 Act claims, but also if the complaint asserts only ’34 Act claims, the claimants would not have benefit of Section 22’s non-removal provisions and the state court action would be immediately removable to federal court.  UPDATE: As expected, the A10 Networks complaint to which I linked above does indeed assert claims under the ’33 Act, not under the ’34 Act.

 

Second, although the facts that Xoom disclosed in its January 5 filing on Form 8-K are quite sensational, and although it may not be surprising that allegations of this type might lead to litigation, it is less than clear, at least from the plaintiff’s lawyers’ press release, that there is a link between the events reported in the 8-K and the company’s IPO. Obviously, the claimants have every incentive to try to invoke the company’s IPO in order to try to assert claims under the ’33 Act, with its lower standard of liability, and they also appear motivated to invoke the IPO in order to try to rely on the ’33 Act’s concurrent jurisdiction provision. However, the filing of the 8-K took place nearly 23 months after the IPO and the complaint was filed just a week short of two years after the IPO. The plaintiffs will have to show how the fraudulent transfers that are at the heart of the complaint are connected to the company’s IPO nearly two years prior. UPDATE: The state court complaint, to which I linked above, does not in fact shed all the much light on the connection that the plaintiff seeks to draw between events described in the Form 8-K and Xoom’s IPO offering documents. The complaint says only that the events described in the 8-K “are a result of seriously deficient internal controls at the Company, which the Company failed to disclose during [sic] in its Registration Statement and Prospectus.”

 

As I noted in connection with the recent lawsuit against Alibaba, well over 500 companies completed their IPOs during 2013 and 2014. Because companies within three years of their IPOs are susceptible to IPO-related securities suits, and because plaintiffs’ lawyers will be attracted to potential suits in which they can assert ’33 Act liability claims (which have a lower standard of liability than ’34 Act claims), it seems probable that in 2015 and even on into 2016 we will see an upsurge of IPO-related securities lawsuits. If these two most recent cases are any indication, some of these upcoming IPO-related securities suits will be filed in state court, at least where plaintiffs’ lawyers have a basis to file their suits in a state court in one of the states within the Ninth Circuit.

 

I would be very interested in hearing from readers out there on a question that has always puzzled me about these state court suits – that is, why is state court preferable for the plaintiffs’ lawyers? I guess I can understand it if the plaintiffs think there is some “home court” advantage to proceeding in the local state court courthouse. I also recall from when these issues were debated during the financial crisis that there is an argument that certain of the PSLRA’s requirements do not apply to actions filed in state court. (My recollection of this argument is that some of the PSLRA’s provisions apply by their own terms only to actions “filed in federal court,” so the argument is that these provisions do not apply to actions filed in state court.) I welcome comments from anyone who can shed any light on the supposed advantage the plaintiffs’ lawyers think they can gain by proceeding in state court rather than in federal court.

 

In any event, I note here a concern that I previously noted when these issues came up in connection with the financial crisis lawsuit filings. My concern has to do with the fact that while Ninth Circuit has held that neither SLUSA nor CAFA preempt Section 22’s non-removal provisions, other federal circuit courts (particularly the Second and Seventh Circuits) have held that SLUSA’s provisions or CAFA’s provisions should prevail over Section 22’s non-removal provisions. It is an uncomfortable situation when federal court jurisdictional provisions are not applied uniformly across the federal circuits. Given the United States Supreme Court’s recent enthusiasm for taking up securities cases, particularly where circuit splits are involved, it may be that this issue will eventually make its way to the Supreme Court at some point in the future.  

 

victoriaMany contemporary management liability insurance policies draw distinctions between types of directors. For example, many private company D&O insurance policies provide additional excess defense expense coverage for the benefit of “non-executive directors.” However, these kinds of provisions beg the question of who exactly is a “non-executive director”? A recent decision by an appellate court in the Australian state of Victoria construing this type of provision– in a case in which an individual director was seeking access to the excess defense cost protection available only to “non-executive directors” — underscores how difficult this determination can sometimes be. 

 

A copy of the Supreme Court of Victoria Court of Appeal’s December 16, 2014 opinion can be found here. Francis Kean’s February 9, 2015 post about the decision on the Willis Wire blog can be found here. A January 27, 2015 memo about the decision by Kathryn Rigney of the Colin Biggers and Paisley law firm in Sydney can be found here.

 

Background

Australian Property Custodian Holdings Limited was the responsible entity for and trustee of a property unit trust owning retirement and aged care facilities. Many of the property management functions for the unit trust’s various properties were undertaken by entities that, while characterized by overlapping ownership, were separate companies from Holdings.

 

Kim Samuel Jacques was a director of Holdings. He and other members of the Holdings board were subject to various claims for alleged wrongful acts that allegedly took place during the period 2006-08.

 

Holdings maintained an Investment Management Insurance Policy at the time the claims were made. The defendants’ costs of defending themselves from the claims exhausted the policy’s $5 million limit. Jacques sought the protection of an additional $1 million excess defense cost limit that was available under the policy for the benefit of “non-executive directors.” The insurance carrier denied that Jacques had the right to access the $1 million limit, contending that at the critical period, Jacques was an executive director and not a non-executive director. Jacques filed an action against the insurer seeking a judicial declaration that he was entitled to the benefit of the additional $1 million excess defense expense limit.

 

The policy defined “Director” as “any person who was, now is, or during the policy period becomes, an executive or non-executive director” of Holdings. The policy defined a “Non-Executive Director” as “any natural person who serves as a non-executive director of” Holdings. The policy definitions did not specify any criteria to be used in determining whether or not a director is a non-executive director.

 

The parties agreed that Jacques has been a non-executive director of the company before April 6, 2004 and that he functioned as an executive director of the company after June 26, 2007. The issue at trial was whether Jacques was a non-executive director during the period between those two dates.

 

The trial court determined that there were two issues to be decided: first, the court had to decide the meaning of the phrase “non-executive director” in the policy; and second, the court had to make a factual determination whether Jacques met the definition during the relevant time period. The trial court said that for purposes of interpreting and applying the policy language the critical inquiry was whether the company approved or acquiesced in the assumption by the director of the powers of an executive director, or whether there is evidence that the delegation of executive function to that director.

 

Following trial, the trial judge held that Jacques was not an executive director during the relevant period and was entitled to the benefit of the excess defense cost limit under the policy. The insurer appealed.

 

The December 16, 2014 Opinion

On December 16, 2014, a three-judge panel of the Victorian Court of Appeal dismissed the insurer’s appeal and affirmed the lower court’s ruling.

 

The insurer had tried to argue on appeal that in addition to the issues considered by the trial court, the determination of whether or not Jacques was an executive director during the relevant time period, the court should also consider how Jacques’s role was portrayed to investors; how his role was perceived internally within Holdings; and how he perceived his own role. In support of these arguments, the insurer relied on documents that were provided to investors identifying him as an executive director and on board of directors’ minutes that described him as an executive director. The insurer also relied on testimony that Jacques had provided under oath in an Australian Securities and Investments Commission examination, in which he described his role during the relevant time period as that of an executive director.

 

The Court of Appeal essentially found that the views of the board itself or even of the director himself are of “limited relevance.” While the company’s records and documents may be relevant, they are relevant only to the extent they help to determine whether or not the individual was “performing executive functions in the management or administration of the company.” The Court of Appeal also found that the way a director’s status as depicted to investors obviously might be of relevance in other circumstances, it is of “limited relevance” for purposes of construing the meaning of the term “non-executive director” in the policy.

 

The “essential element” to be considered, the Court of Appeal said, for purposes of construing the term “non-executive director” in the policy is not necessarily how he is described but rather “whether the director is performing executive functions in the management and administration of the company.”

 

The Court of Appeal said that the various statements to investors, in board minutes and even by Jacques himself in his examination testimony fell short of providing evidence of any delegation to Jacques of authority to perform executive functions. The Court of Appeal said that while the record showed that Jacques was performing an operational role in the management of the retirement villages, the record did not establish that this was done as part of the business of Holdings, rather than for the separate business enterprise by which he was employed. The Court of Appeal rejected the appeal and affirmed the trial court.

 

Discussion

I think that the language included in insurance policies drawing the distinctions between executive and non-executive directors (or similar language distinguishing “outside directors” or “independent directors”) is incorporated with an unconscious assumption that distinguishing between these types of directors will be clear or even self-evident. As this court found, there is not even that much case authority that is helpful on this issue, because, as Francis Kean notes in his memo about this case, under the common law all company directors are subject to the same duties and are judged by the same standard, so the need for judicial pronouncements in this area has been limited.

 

At a minimum, as the law firm memo to which I linked above puts it, this case “demonstrates” that “it is not always easy to determine whether a particular individual is acting as an executive director.”

 

You can certainly see how the carrier might have felt that Jacques was an executive director. After all, materials provided to investors identified him as an executive director. The company’s board minutes identified him as an executive director. He even testified under oath that during the relevant time period he was an executive director. (Jacques testified at trial in the insurance coverage action that his prior answer was wrong and that he had been confused in a stressful environment.)

 

The Court of Appeal said that these various instances in which Jacques was identified or described  –both externally and internally — as an executive director were not only not determinative but were of “limited relevance.” The more important was how he actually functioned and whether he participated in the management or administration of the company.

 

The larger question this case asks is how can parties to an insurance contract avoid these kinds of disputes. As the law firm memo puts it, “it is in the interests of both insurers and insureds to make sure that the relevant policy wording makes it clear which individuals are entitled to access the additional cover.”

 

So how can the parties avoid the kind of dispute that arose in this case? The law firm memo suggests that the way to solve the problem is to name the non-executive directors in a schedule to the policy. My experience suggests that this approach would be fraught with potential problems. For one thing, the inclusion of a list of specified individuals does not allow for the possibility that new non-executive directors might be added during the policy period. In addition, individuals might change their status during the policy period. Even worse, names can be omitted by oversight.

 

Compounding the difficulty of trying to solve this issue through policy language is the fact that, as this case makes clear, the question of whether or not a person was an executive director is highly factual issue. It really depends on how the individual functioned within the company.

 

It is possible that the policy could specify the criteria that are to be used in determining whether or not an individual was functioning as an executive director. My concern there is that the specific facts at different companies and for different individuals will vary – and will change over time. It might be very difficult to provide specific criteria that accurately encompass any given individual’s function at any given company. And as the specific facts of this case show, an individual’s function in an enterprise may change over time.  

 

While it may be difficult to eliminate these kinds of disputes through policy language alone, there may be things companies can to try to try to help avoid trouble. The first is for companies themselves to understand the differences between the various director roles and to be careful in maintaining the distinction between the roles, particularly in the ways in which directors are identified or described. If this company had been more attentive to the way Jacques was described, perhaps some of the trouble here could have been avoided. As Kean puts it in his blog post, “it is important to ensure that any transition from executive to non-executive function or vice versa is carefully and accurately reflected in the company documentation.”

 

In the end, it may be very difficult to avoid these kinds of disputes under the particular circumstances of a given individual and company. However, the possibility of avoiding these kinds of disputes begins with the understanding that the distinction between who is and who is not a non-executive director may not be self-evident. An appreciation for this fact will be the starting point for trying to find a solution and it can be hoped avoiding disputes in the future.

 

Special thanks to Francis Kean for calling my attention to this decision and for providing me with a link to his blog post.  

 

Like many of this site’s regular readers, I am at the PLUS D&O Symposium this week. Because the activities at the Symposium have disrupted my normal opportunities to blog, I thought I would fill the gap with some poetry.

 

These two winter poems come to us from Lucy Griffiths, Age 9, of Arlington, Virginia. Lucy is the daughter of my good friends and former colleagues, Stacey McGraw, of the Troutman Sanders law firm, and John Griffiths, of the U.S. Department of Justice. Here are Lucy’s winter poems.

 

MYSTERIOUS SNOW

Whispers are spoken
as flurries fall

Secrets are broken
while the snow grows tall

Feet wander making tracks
all while the snowflakes start to pack

                 WINTER WIND

The winter wind is crisp to your cheeks

The wind calls like a bird’s beak

The winter wind wonders what to do,
Should it snap?
Should it crackle?
Should it flow into your shoe?

The winter wind blows through the trees

It will never do as you please

Lucy is an award-winning poet. Last year, one of her poems won first prize in the Arlington County Public Schools Dr. Martin Luther King Jr. Visual and Literary Arts Contest. Here is her prize-winning poem “How Will I Rid the World of Hate”:

 

How I will rid the world of hate?

Wandering, wondering

How will I rid the world of hate?

Hate won’t get you anywhere.

Hate will keep you in the hatred zone.

 

Love will give you happiness

as merry as a sunny day.

Love brings joy

as strong as a lifelong friendship.

Love warms your heart

like the warm sun that beats down on my face.

 

Love gives you the faith to get rid of hate.

If you’re lost in the hatred zone,

replace your hatred with love.

 

Dr. King, Nelson Mandela and Mahatma Gandhi were great leaders

they taught us it is our responsibility to

bring love to the world and be leaders.

Dr. King taught to us to treat all people fairly

Nelson Mandela taught us

 apartheid was treating people improperly

And

Gandhi taught us to act peacefully.

CS Business Descr. logo 286PMS-2Anderson Kill Logo (2014)(USE)A frequently recurring management liability insurance coverage issue involves the question of whether or not the policyholder has given timely notice as required under the policy, as I have discussed in prior posts on this blog (most recently here). Among the many kinds of notice issues that can arise are questions involving multiple or interrelated disputes. In the following guest post, Pamela Hans of the Anderson Kill law firm and Terrence Tracy and Heather Steinmiller of Conner Strong & Buckelew take a look at the steps companies can take to protect themselves when interrelated disputes arise.

 

I would like to thank Pamela, Terry and Heather for their willingness to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Please contact me directly if you would like to publish a guest blog post. Here is Pamela, Terry and Heather’s guest post.

 

*******************************************************************

 

A ballgame isn’t over till it’s over.  All too often, an insurance company will treat a D&O Claim as if it began before it began.  You need to be ready for that possibility.

Most D&O policies contain some form of an “interrelated wrongful acts” provision that can effectively render timely notice requirements retroactive.  What this means for Policyholders is that you may have to give notice of a claim before it is made if it is related to claims that were previously made.  While policy language varies, one typical provision states, “[C]laims based upon or arising out of the same act, error or omission or related acts, errors or omissions shall be deemed to be a single claim . . . all such claims shall be deemed to be first made as of the date that the earliest of such Claims was first made.”  Paradigm Inc. Co. v. P&C Ins. Sys., 747 S. 2d 1040, 1042 (Fla. Dist. Ct. App. 2000).

When a claim is asserted against your company, it may be natural to assume that only the claims listed in a demand letter or complaint will be those that proceed in litigation.  However, it is common for a claimant to amend its claims and assert a new claim based upon the same set of facts that were originally alleged.  If the amended claims include claims against your company’s directors or officers or allegations that now trigger your D&O coverage, you may run into a coverage roadblock if you did not notify your D&O insurance company of the original statement of claim.  That is, the insurance company may take the position that you were required to give notice of a claim before that claim was actually made.

How can you protect your company from the potentially punishing application of the “interrelated wrongful acts” provision in a Directors and Officers insurance policy? 

Help Your Broker Spread a Wide Net When Reporting the Claim

When your company receives a claim, complaint or other demand, your immediate reflex may be to send a copy of that document to your broker so that “the appropriate” insurance companies may be notified.   Perhaps you direct your broker to notify “all appropriate insurance companies” and leave the decision on whom to notify entirely to your broker without providing the broker with all the necessary information.     

It is essential to provide all the information that may help your broker determine which policies are triggered and may be triggered.  That means sharing with your broker all of the information you have about the claim, including factual information about the claims, your company’s defenses and the general background facts that may not be contained in the demand.  If you do not provide all pertinent and potentially pertinent information to your broker, your broker may not realize that insurance policies other than the “obvious” ones may be triggered.

Indeed, it is those facts that may or may not be known or raised by the claimant at the initial pleading or demand stage that may cause the claimant to amend its demand to add additional claims.  If those newly asserted claims trigger coverage under your D&O insurance policies but you have not placed your D&O insurance company on notice of the initial demand – as opposed to the amended demand – you may be surprised to receive a denial from your insurance company on the basis that you failed to give timely notice.

Frank discussions with your trusted professionals about those “silent facts” can help you to avoid the pitfall of inadvertently failing to put all appropriate insurance companies on notice – not just those that may be the obvious choices based on the original demand or statement of claim.

Playing Games with the Policy Period

By projecting the start of a claim against your directors and officers back to the start of a prior and allegedly “related” claim, an insurance company may feel empowered not only to assert that the policyholder failed to provide timely notice but also that the claim occurred outside the policy period.

A typical notice provision requires notice “of any Claim as soon as practicable after the Company’s general counsel, risk manager, chief executive officer or chief financial officer (or equivalent positions) first becomes aware of such Claim, but in no event later than sixty (60) days after the end of the Policy Period.”

In the insuring agreement, the insurance company typically agrees to pay the loss for a “wrongful act” that takes place during the policy period.   A wrongful act may be defined as “any actual or alleged error, omission, misleading statement, misstatement, neglect, breach of duty or act negligently committed or attempted” by any Director or Officer while acting in their capacity.”

Consider the scenario in which you receive a demand from a claimant but decide not to give notice to your D&O insurance company because the demand does not clearly assert a claim against your Directors and Officers or a claim under the terms and conditions of the policy.  What happens if the claimants amend their initial demand a year or two later to allege new claims based upon the facts contained within the original demand? 

Even if the newly asserted claims fall within the policy period, if they arise out of the same set of facts as initially alleged, then the new claims, as one interrelated wrongful acts provision phrases it, may “be deemed to constitute a single Claim and shall be deemed to have been made at the earliest of the following times regardless of whether such date is before or during the Policy Period:  (a) the time at which the earliest Claim involving the same Wrongful Act or Interrelated Wrongful Act is first made; or (b) the time at which the Claim involving the same Wrongful Act or Interrelated Wrongful Act is first made.” 

If you become aware of a claim against your Directors and Officers after the end of the policy period, your insurance company may deny coverage because the claim was not reported during the policy period.  Even if you provide notice on a current policy promptly after becoming aware of a claim newly filed against your Directors and Officers, the insurance company may deem the claim to have occurred prior to the policy period, when the alleged “interrelated wrongful act” first occurred.

Further Steps To Avoid Late Notice Defenses

In addition to providing your broker with all relevant information when you receive notice of a claim, you can take further steps to avoid “interrelated wrongful acts” coverage defenses.  All of them involve understanding the claim against you as broadly as possible and casting the notice net as widely as possible.  They include: 

(1)     Have a candid discussion with your trusted counsel about the claims asserted, your company’s defenses, and claims that could be asserted based upon the facts as you know them to be.  This can help you understand the potential amendments to the stated claims and understand whether your Directors and Officers have potential liability down the road.

(2)    Communicate with your insurance broker — not only about the claim in question but about the scope of all your insurance policies.  Be sure that you understand the notice requirements in all of your insurance policies, particularly those policies that you may not initially consider to be triggered by a claim. 

(3)    Consult with trusted coverage counsel on the policy provisions regarding claims, notice and interrelated wrongful acts.  Understanding these provisions, including how courts have interpreted them, will assist you in evaluating the insurance coverage available for the claims asserted. 

(4)    When in doubt . . . notify.  Policyholders may be reluctant to notify insurance companies whose policies are not obviously triggered by a claim.  Factors motivating that reluctance to notify often include a belief that policy premiums will increase because of notice of a claim.  However, generally, notice only with no monies spent will not affect premium and on balance, even if the insurance company increases the policy premiums at renewal because of notice of a claim, generally that increase is small relative to the coverage that may be lost if notice is not given. 

(5)    Don’t keep your professionals in silos; let them talk to each other to fully protect your interests.  Your broker, defense counsel and coverage counsel should talk to one another to ensure all appropriate steps are taken.  

Read the claim, read the policy

Policyholders often fail to read their insurance policies until there is a loss.  However, the interrelated wrongful acts provision in many D&O insurance policies, combined with the notice requirements in those policies, highlights the importance of understanding the constraints your insurance policies may place on coverage if you decide not to provide notice of a claim.  One way to avoid inadvertently forfeiting coverage is by understanding the claims that are asserted – and those that could be asserted, as well as the notice and insuring agreement provisions in your insurance policies. 

About the Authors:  Pamela D. Hans is the managing shareholder of Anderson Kill’s Philadelphia office. Her practice concentrates in the area of insurance coverage exclusively on behalf of policyholders. Her clients include utilities, mining companies, home builders, non-profit organizations, ethanol producers, commercial lenders, and hog processors, whom she has represented in disputes with their insurance companies.  Ms. Hans can be reached at (267) 216-2720 or at phans@andersonkill.com. Terrence Tracy serves as Managing Director, Executive Vice President of Conner Strong & Buckelew, a leading insurance, risk management and employee benefits brokerage and consulting firm.  He leads the commercial insurance services operation.  Mr. Tracy can be reached at (267) 702-1458 or at ttracy@connerstrong.com.  Heather A. Steinmiller serves as Senior Vice President and General Counsel for Conner Strong & Buckelew.  In additional to her corporate responsibilities, Ms. Steinmiller provides support to the Commercial Lines Division.  She can be reached at (267) 702-1366 or at hsteinmiller@connerstrong.com.

 

 

 

alibaba2The year just completed was a banner year for IPOs in the U.S., with more companies completing their initial public offerings on U.S. exchanges in 2014 than in any year since 2000 (as detailed here). But as I have previously noted (here), with an increase in IPO activity comes the likelihood of IPO-related securities class action litigation. The largest IPO of them all during 2014 was the high-profile launch of Chinese e-commerce giant Alibaba, whose September 2014 initial public offering was the largest IPO ever. Given the size and high-profile nature of the Alibaba offering, it may have been inevitable that the company’s IPO might attract the attention of plaintiffs’ lawyers.

 

On January 30, 2014, an Alibaba shareholder launched a securities class action lawsuit against the company in the Southern District of New York. A copy of the shareholders’ complaint can be found here. The plaintiffs’ lawyers January 30 press release can be found here.

 

Alibaba completed its IPO listing its American Depositary Shares on the New York Stock Exchange on September 19, 2014. After the offering underwriters exercised their “greenshoe” option, the amount the company raised in the offering reached $25 billion, making it the largest IPO ever, and giving the company a market capitalization at the time of its IPO of $231 billion.

 

As reported in a front-page article in the January 29, 2015 Wall Street Journal (here), the prior day China’s State Administration for Industry and Commerce posted on its website a white paper accusing Alibaba of failing to crack down on the sale of fake goods, bribery and other illegal activity on its web sites.  The Journal article reports that Alibaba has long grappled with allegations that Taobao, its biggest e-commerce platform, is rife with counterfeit goods. Though the white paper was not posted on the agency’s website until last week, the Journal article reports that it was based on discussions the agency has been having with the company since July, prior to the company’s IPO.  In response, the company accused a senior official at a government agency of misconduct and threatened to file a formal complaint.

 

A January 30, 2015 Marketwatch article (here) reported that the SAIC  said in a statement late Friday that it met with Alibaba’s executive chairman, Jack Ma, on Friday, resulting in an agreement to tackle fakes and boost consumer protection online. Alibaba agreed to “actively cooperate” with the SAIC to strengthen investment capital and technology and expand its anticounterfeit measures, the statement said. Alibaba also agreed to routine inspections of products sold on its site, the statement said. According to a January 30, 2015 Wall Street Journal article (here), the company claimed that this arrangement with the SAIC represented a “vindication” for the company.

 

Meanwhile, while these details regarding the company’s dispute with the government agency were circulating, the company released its financial results for the year. According to a January 29, 2015 Wall Street Journal article (here), “profit fell 28% from a year earlier for the quarter ended Dec. 31, a drop it largely attributed to expenses from giving shares to employees. But investors focused on its revenue growth, which—while sizable—disappointed analysts.”

 

On January 30, 2015, a holder of the Alibaba ADSs filed a securities class action lawsuit in the Southern District of New York against the company and four of its directors and officers, including Jack Ma, the company’s founder and Chairman. According to the plaintiff’s lawyers’ January 30, 2015 press release, the Complaint alleges “Alibaba failed to disclose that Company executives had met with China’s State Administration of Industry and Commerce (“SAIC”) in July 2014, just two months before Alibaba’s $25+ billion initial public offering in the United States (the “IPO”), and that regulators had then brought to Alibaba’s attention a variety of highly dubious – even illegal – business practices.” The complaint alleges, among other things, that in the offering Ma and Joseph Tsai, the company’s co-founders, sold millions of the personal holdings in the company’s stock in the offering.

 

The press release also states that the complaint alleges that:

 

On January 28, 2015, before the opening of trading, various members of the financial media reported that SAIC had released a white paper accusing Alibaba of engaging in the very illegal conduct disclosed to Alibaba executives in July 2014.  On this news, the complaint alleges that the price of Alibaba ADSs declined unusually high trading volume.  Then, the complaint alleges, on January 29, 2015, before the market opened, Alibaba issued a press release announcing its financial results for the quarter ended December 31, 2014.  The complaint alleges that revenue growth missed the target defendants had led the investment community to expect and that profits declined 28% from Alibaba’s fourth quarter 2013 results.

 

The complaint alleges that as a result of these disclosures, the price of Alibaba ADSs plummeted further and collectively the two drops erased more than $11 billion in market capitalization from the ADSs Class Period high.

 

Interestingly, though the complaint makes numerous references to the company’s IPO, the complaint alleges violations only of Sections 10 and 20 of the ’34 Act. The complaint does not allege violations of Sections 11, 12, and 15 of the ’33 Act as would typically be expected in a complaint filed against a recent IPO company. Indeed, the class period that the complaint proposes does not even extend all the way back to the company’s September 19, 2014 IPO – the proposed class period commences on October 21, 2014. Although there is no way to know for sure, I am guessing that the complaint does not assert ’33 Act claims and does not propose a class period including the IPO date and immediately following period because, I suspect, the named plaintiff did not buy shares in the offering or immediately afterward, but only purchased shares on or about October 21, 2014, the beginning date of the purported class period. If that is the case, one would expect other claimants to come forward who did purchase shares in the IPO. NOTE: Several readers have suggested that even after the disclosures the company’s share price remained above the price at which the stock debuted, which would explain the absence of a ’33 Act claim.  

This new lawsuit against Alibaba is merely the latest example of a securities litigation filing trend that was apparent during 2014, largely as a result of the uptick of IPO activity in 2013 and 2014, and that has been the increase in IPO-related securities class action litigation. During 2014, there were 17 securities lawsuit filed against IPO companies, representing 10% of all filings during the year.

 

Given the increase in the number of IPOs during 2013 and 2014 and in light of the usual lag time between the IPO date and the date of lawsuit filings, it seems probable that there will continue to be significant numbers of filings in the months ahead involving IPO companies. Alibaba may have been the largest of the recent IPOs – indeed the largest of all time – but it only one of the over 280 companies that completed initial offering on the U.S. exchanges in 2014, following 225 companies that completed U.S. IPOs in 2013. With over 500 newly listed companies just in that two-year period, it seems likely that there will be more IPO-related securities suits to follow. The Alibaba lawsuit may be the first of a host of IPO-related lawsuits to be filed this year.

 

Alibaba’s Fee-Shifting Provisions:  The shareholder filed this lawsuit against Alibaba notwithstanding the fact that Alibaba has a fee-shifting provision in its Articles of Association. (Alibaba is organized under the laws of the Grand Caymans.) As discussed at length in a recent post on the Race to the Bottom blog (here), Alibaba’s charter has a provision requiring a shareholder who initiates a claim against the company who does not prevail in a judgment on the merits to reimburse the company for its fees and costs (including attorneys’ fees) incurred in connection with the claim. Whether or not this provision ultimately becomes relevant remains to be seen, but it would have to be expected that the company’s lawyers could attempt to rely on this provision, if, for example the defendants were to prevail on a motion to dismiss. The plaintiff and their attorneys would of course resist any such effort, and, among other things, would rely on the language of the provision that limits its effect “to the extent permitted by law” and undoubtedly would attempt to raise a number of arguments that the provisions cannot be enforced in connection with a claim under the federal securities laws. It will be interesting to see the extent to which these issues actually come into play in connection with or as a consequence of this lawsuit. NOTE: One alert reader has suggested that the term”shareholder” as used in the company’s charter provision does not include ADS holders.

 

Because Alibaba is organized under the laws of the Grand Caymans, the legislation pending in the Delaware legislature with respect to fee-shifting bylaws would be irrelevant, regardless of what the Delaware legislature may ultimately decide to do.

stock tablesThe global financial markets have been rocked in recent years by revelations of market manipulations involving personnel from some of the world’s largest financial institutions. The scandals have included alleged manipulation of the Libor benchmark rates, of the foreign exchange benchmark rates, and of the metals trading markets. Relatedly, there have also been allegations of market manipulation through high frequency trading and through trading on dark pool platforms. These revelations have been followed by massive regulatory investigations as well as by significant civil litigation.

 

The first of these follow-on civil actions to go forward, involving the alleged manipulation of the Libor benchmark rates, hit a significant roadblock in March 2013, when Southern District of New York Judge Naomi Reice Buchwald  dismissed the consolidated Libor antitrust action based on her determination that the plaintiffs had not alleged an antitrust injury (as discussed here). This ruling seemed to represent a setback for the claimants in the other market manipulation civil lawsuits as well.

 

However, a series of developments over the last several days in both the consolidated Foreign Exchange Benchmark Rates Antitrust Litigation and in the consolidated Libor antitrust litigation appear to have changed the environment for these cases. Notwithstanding Judge Buchwald’s 2013 decision in the Libor antitrust case, on January 28, 2015, Southern District of New York Judge Lorna Schofield denied the motion to dismiss in the consolidated foreign exchange benchmark rates case, in a decision that expressly said that Judge Buchwald’s reasoning on the antitrust injury issue was “unpersuasive.” A copy of Judge Schofield’s opinion can be found here.

 

In addition, in Libor antitrust litigation, a unanimous January 21, 2015 opinion written by Justice Ruth Bader Ginsburg, the U.S. Supreme Court ruled that the Second Circuit had erred in dismissing the appeal by the plaintiffs of Judge Buchwald’s dismissal ruling. A copy of the U.S. Supreme Court’s opinion can be found here. As a result, the plaintiffs’ appeal of Judge Buchwald’s ruling will now go forward in the Second Circuit. And as Alison Frankel suggests in her January 29, 2015 post on her On the Case blog (here), Judge Schofield’s analysis in denying the motion to dismiss in the foreign exchange litigation may provide the Libor antitrust lawsuit plaintiffs a “roadmap” of arguments to follow in seeking to have Judge Buchwald’s dismissal of their case overturned.

 

The Consolidated Foreign Exchange Benchmark Rates Antitrust Litigation  

In this consolidated action, the plaintiffs allege that the twelve defendant banks conspired to manipulate the benchmark rates for the foreign currency exchange market. The plaintiffs allege that the defendants used a variety of concerted trading strategies to manipulate the daily benchmark currency exchange rate (the “Fix”) which is published each afternoon by WM/Reuters. Among other things, the plaintiffs allege that currency traders for various of the defendant banks communicated through online chat rooms with names such as “The Cartel,” “The Bandits Club,” and “The Mafia.” The plaintiffs allege that the defendants’ concerted activities violated the Sections 1 and 3 of the Sherman Antitrust Act. The defendants moved to dismiss.

 

In her January 28 opinion, Judge Schofield denied the defendants’ motion to dismiss, finding that the plaintiffs had sufficiently alleged the existence of a conspiracy and that all of the defendants were part of that conspiracy. Among other things, she noted that names of the traders’ chat room groups, as well as the settlements several of the defendants have reached in the parallel regulatory investigations to support the inference of anticompetitive activity. She said that the plaintiffs allegations “plausibly alleges a price-fixing conspiracy among horizontal competitors, a per se violation of the antitrust laws.”

 

In concluding that the plaintiffs had also sufficiently alleged an antitrust injury, Judge Schofield declined to follow the analysis of Judge Buchwald in her ruling dismissing the Libor antitrust litigation. Judge Schofield “respectfully disagreed” with Judge Buchwald’s conclusion about the absence of antitrust injury, saying that Judge Buchwald’s analysis “blurs the lines” between two analytic categories (that is, the sufficiency of the pleading under Twombley and antitrust injury).

 

Judge Schofield also said that Judge Buchwald’s conclusion that the antitrust injury analysis should be conducted at the pleading stage is “unpersuasive” because it relied on two “inapposite” U.S. Supreme Court cases – Atlantic Richfield v. USA Petroleum and Brunswick v. Pueblo Bowl-o-Matic — neither of which, Judge Schofield said, addressed the sufficiency of a complaint on a motion to dismiss. In the Atlantic Richfield and Brunswick cases, the U.S. Supreme Court based its decision on a factual record following the completion of discovery. Judge Schofield noted that if Judge Buchwald’s reasoning in the Libor case “would doom almost every price-fixing claim at the pleading stage.”

 

Judge Schofield also noted other differences between the conspiracies alleged in the two cases, including the competition for customers among traders in the foreign currency exchange market, even while the defendants allegedly were conspiring to rig the “Fix.” Judge Schofield concluded that the result of the plaintiffs alleged from the price-fixing conspiracy represented “the quintessential antitrust injury.”

 

The Libor Antitrust Litigation 

Judge Schofield’s ruling followed shortly after a significant development in the Libor antitrust litigation. On January 21, 2015, a unanimous U.S. Supreme Court ruled that the Second Circuit had erred in refusing to hear the plaintiffs’ appeal of Judge Buchwald’s dismissal ruling in their case. The Court held that Judge Buchwald’s dismissal with prejudice of the plaintiffs’ antitrust claims triggered the plaintiffs’ right to appeal even though other claims in the multidistrict litigation pending before Judge Buchwald are continuing to go forward.

 

The case has now been returned to the Second Circuit, which will now hear the plaintiffs appeal. Other litigants whose antitrust claims were also dismissed by Judge Buchwald’s ruling but who have other claims continuing in the district court have asked Judge Buchwald for leave to participate in the appeal, as discussed in a January 26, 2015 Law 360 article (here, subscription required).

 

As Alison Frankel noted in her blog post to which I linked above, Judge Schofield in her ruling in the foreign exchange litigation “provided the Libor plaintiffs with invaluable guidance for their arguments before the 2nd Circuit.” Judge Schofield’s opinion, the title of Frankel’s article suggests, provides the Libor litigation plaintiffs with a “roadmap” for their appeal. Judge Schofield’s reasoning, Frankel said, “should give the 2nd Circuit something to think about when it hears the Libor appeal.”

 

Discussion 

There was a time when the prospects for the various market manipulation cases did not appear particularly promising, as I noted in an earlier blog post (here). The claimants nevertheless continued to press on, and indeed new claimants have even joined the fray (refer here). The recent developments s seem to have breathed new life into the market manipulation cases. While the plaintiffs in the Libor antitrust litigation have merely won only the right to appeal and are still a long way from seeing their antitrust claims reinstated, Judge Schofield’s ruling may give them reason to be positive.

 

The Libor plaintiffs may be hoping they can follow a similar path to the one that the plaintiffs in the Libor scandal-related securities class action lawsuit that Barclays shareholders filed against the company and certain of its directors and officers. As discussed here, Southern District of New York Judge Shira Scheindlin had originally granted the defendants’ motion to dismiss in that case. However, as discussed here, on appeal, the Second Circuit reversed the district court’s dismissal of the securities lawsuit. In October 2014, after the case was remanded to the district court, Judge Scheindlin denied the defendants’ renewed motion to dismiss (as discussed here).

 

As apparent recognition that the prospects for the claimants in the market manipulation cases may have improved, some of the defendants are taken steps to reach settlements with the plaintiffs. As discussed here, in October 2014 (that is, even before the more recent developments in the case), Barclays notified the court that it had reached an agreement with the plaintiffs in the consolidated Libor antitrust litigation to pay $19.975 million to settle the claims against the bank. And on January 30, 2015, J.P. Morgan filed a motion with the court seeking approval for its agreement to pay $99.5 million in settlement of the claims against it in the Foreign Exchange Benchmark Rates Antitrust Litigation, as discussed here.

 

At a minimum, these individual settlements will provide the claimants with a war chest to draw upon to continue wage their battles with the other defendants. More generally, the settlements, along with the developments described above, will hearten the claimants and encourage the claimants to press on.

 

It is interesting to note that though many of the Libor rate-setting banks are located outside the U.S., so far the civil litigation arising out of the scandal has been concentrated in the U.S. There are signs that some of the foreign banks may be facing claims outside the U.S. as well (refer for example here).

 

In any event, it seems clear that civil litigation surrounding these various market manipulation scandals will continue. There undoubtedly are many other significant procedural developments in these cases ahead. It will be interesting to see whether other individual banks decide that it is might be in their best interests to seek to a settlement of the claims against them.

 

Special thanks to a loyal reader for providing me with a copy of Judge Schofield’s opinion.

 

The Week Ahead: This week, I will be attending the annual Professional Liability Underwriting Society D&O Symposium in New York. While I am on travel, there will be a brief interruption in The D&O Diary’s publishing schedule. The regular schedule will resume at the end of the week.

 

I know that many readers will also be at the Symposium. If you see me at the conference, I hope you will take a moment and say hello, particularly if we have not met before. I always enjoy the chance to meet readers in person.

 

In the afternoon on Wednesday, February 4, 2014, I will be moderating a panel at the conference on International D&O. Joining me on the panel will be my friends Arati Varma (Chubb Singapore), Cris Baez (QBE Paris), Marcus Smithson (Generali, Sao Paulo) and Andrea Orviss (Marsh Vancouver). We have spent a great deal of time and effort preparing for this session (in several conference calls that set a record for sheer time zone complexity). Everyone attending the Symposium will want to sure to attend the panel, which is going to be excellent. I am looking forward to this session as much as any other event I have ever participated in.

 

I look forward to seeing everyone in New York.

floridaIn prior posts, I have noted the growing phenomenon of companies adopting various types of bylaws as a self-help version of litigation reform. Delaware’s courts have already approved the facially validity of both forum-selection bylaws and of fee-shifting bylaws, although measures pending in Delaware legislature in 2015 could address the fee-shifting bylaw. Other courts have considered mandatory arbitration bylaws as well (as discussed here). Now, add another type of bylaw to this list – the minimum-stake-to-sue bylaw.

 

As Alison Frankel noted in a January 21, 2015 post on her On the Case blog (here), life insurance settlement company Imperial Holdings has adopted an “apparently unique tactic to rein in suits by shareholders.” The company has amended its bylaws to require shareholders to deliver written consents representing at least three percent of the company’s outstanding shares in order to bring a class action or derivative suit.

 

Imperial Holdings has itself previously been the target of a derivative lawsuit. The case ultimately settled for $13.6 million (although as Frankel notes most of the settlement amount was paid to resolve a parallel securities class action lawsuit). After the earlier case settled, the company adopted the minimum-stake-to-sue bylaw, which a company representative told Frankel was “intended to stop shareholders without a real financial interest in the outcome of their own case from hijacking deals and forcing the company to defend meritless litigation.” Frankel quotes the company’s chairman as saying that “the bylaws are like a cooling-off period. We’re saying ‘Slow down, get support from other shareholders.’” Frankel’s article also notes that a similar minimum-stake to sue bylaw has been adopted by two other companies on whose boards Imperial’s Chairman also serves.

 

At least one Imperial Holdings shareholder has a problem with the new bylaw. On January 16, 2015, the named plaintiff from the earlier lawsuit filed a new action against the company and its directors in the Palm Beach County (Florida) Circuit Court, seeking a judicial declaration that the minimum-stake-to-sue bylaw was adopted illegally under Florida law, as well as an injunction against the provision’s enforcement.

 

The complaint in the new lawsuit (which can be found here) alleges that the bylaw was adopted in breach of the directors’ fiduciary duties because their “sole intent was to reduce their risk of being held accountable to the Company or its shareholders for any violation of law, including criminal law, breaches of fiduciary duties or other misconduct.” The complaint asserts that the pre-filing requirement is “so onerous” that it “effectively guarantees that, notwithstanding the provisions of state and federal law, no class or derivative action can be filed against Defendants, no matter how egregious their conduct may be.” The complaint alleges that the directors “acted disloyally and in bad faith and placed their own interests in avoiding liability to shareholders over the interests of both the Company and the public shareholders to who they owe fiduciary duties.”

 

In her article, Frankel quotes a statement from the company’s Chairman as saying that the new lawsuit is “exactly what the bylaw is supposed to prevent.” He also noted that the bylaw had been adopted with the advice of counsel and that the company’s shareholders will have a chance to vote on the measure at the company’s shareholder meeting in the spring. The plaintiffs counsel, in turn argues that the bylaw should have been put to shareholder vote before it was adopted. He also argues that even if a majority of shareholders approve the bylaw, it is still impermissible, arguing that “the federal and state securities laws do not permit the tyranny of the majority when it comes to shareholder rights.”

 

The complaint in the lawsuit has only just been filed; indeed, at the time Frankel spoke to the company’s Chairman, the company still had not yet even been served with the complaint. It remains to be seen how the lawsuit challenging the bylaw will fare. The case will of course be decided primarily on the basis of Florida law, so the outcome of the case will not necessarily be determinative of the question whether or not companies organized under the laws of other states could adopt a minimum-right-to-sue bylaw. Many publicly traded companies in the U.S. are organized under the laws of Delaware and at least at this point there is not way of knowing whether a bylaw of this type would survive scrutiny under Delaware law.

 

While it remains to be seen how the new lawsuit will fare and whether or not the validity of this type of bylaw will be upheld as a matter of Florida law, it is in any event clear that companies are continuing to experiment with the possibilities of litigation reform through bylaw revision. The fact that this case involves a Florida corporation and Florida law underscores the fact that these issues involve more than just considerations of Delaware law, and even the pending developments in the Delaware legislature regarding fee-shifting bylaws will not necessarily be determinative of the issue, as developments in other states could overtake the developments on these questions.

 

At a minimum, this company’s adoption of these new types of litigation reform bylaws shows that the phenomenon of the adoption of litigation reform bylaw has significant momentum. It is clear that companies will continue to experiment and new types of litigation reform bylaws are likely to continue to appear. Whether the various types of bylaws ultimately will survive judicial scrutiny remains to be seen, but if the courts confirm the validity of any of the various litigation reform bylaws under discussion, there could be some various significant changes in the shareholder litigation environment. Stay tuned, because depending on how all of this plays out, the D&O litigation arena could be entirely transformed.

 

Federal Preemption and Fee-Shifting Bylaws: While as noted above the various kinds of litigation reform bylaws under discussion could transform the litigation environment, there are a number of important considerations that could militate against this transformation. As discussed in a January 26, 2015 post on the CLS Blue Sky Blog (here), Columbia Law School Professor John Coffee believes that few companies will attempt to use board-only approved fee-shifting bylaws, because the major proxy advisory firms have made it clear that they will oppose the re-election of any board that approves the adopting of such a bylaw. Accordingly, Coffee suggests that the likelier future scenario is that IPO companies will insert fee-shifting bylaw provisions in the corporate charters.

 

Coffee contends that the attempt to adopt these kinds of bylaws through corporate charter provisions raises a number of concerns, including the possibility that this issue may be preempted by federal law, at least with respect to the application of such a provision in federal court. Coffee notes that the federal preemption issues will inevitably have to be litigated regardless of what the Delaware legislature ultimately does on the pending fee-shifting bylaw issues, because even if the Delaware legislature votes to curb the use of fee-shifting bylaws by Delaware corporations, issuers organized under the laws of other jurisdictions have already adopted these kinds of provisions.

 

As the type of bylaw discussed above, this issue is not just a question of the laws of one particular jurisdiction and is not just a question of one type of bylaw. The whole topic of litigation reform bylaws is likely to continue to percolate for some time to come. As Professor Coffee’s article demonstrates, there are a number of questions surrounding the enforceability of these types of bylaws that will have to be sorted out. But at this point, the smart money is betting that these issues will become increasingly common and that courts will increasingly be called on to address these kinds of issues.

 

I will say that the developments involving litigation reform bylaws may be among the most interesting developments in the corporate and securities litigation arena in many years.

Boeck_head_shot[1]Without a doubt, during 2014, cyber security emerged as one of the critical topics for discussion. In the following guest post, Bill Boeck, who is  senior legal and claim resource worldwide for cyber and executive risk coverages and claims at Lockton Financial Service, takes a look at the top cyber risk developments to watch in 2015. This guest post previously appeared as a Lockton white paper available here

 

I would like to thank Bill for his willingness to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this site. Please contact me directly if you would like to submit an article for consideration as a guest post. Here is Bill’s guest post. 

 

***************************** 

 

Cyber breaches, cyber attacks, and related developments frequently dominated the news in 2014.   Looking back can help us anticipate and prepare for what may happen in 2015.  Here are the most important developments of 2014 and the trends we are likely to see in 2015 related to cyber risk and insurance. 

 

1.    Big Data Breaches 

 

Any look back at what happened in 2014 would have to begin with the large number of significant payment card data breaches that hit retailers including Target, Home Depot, and, Staples.  Apart from the effects these breaches have had on the companies involved (such as lost income, executives losing their jobs, and shareholder lawsuits) these  large breaches may be most noteworthy for their effect of raising the level of attention given to cyber risks within companies, and for spurring changes to payment card systems in the U.S. and beyond.  These breaches have also had important ramifications in the cyber insurance market. 

 

While payment card data breaches grabbed most of the headlines, it is important to note that other significant breaches took place involving other types of data. 

 

In May 2014, eBay announced that employee login credentials had been breached which could allow criminals to access personally identifiable information (PII) of eBay users. 

 

JPMorgan Chase disclosed that information for 83 million accounts had been breached.

 

On the healthcare front, roughly 4.5 million patient records were breached at Community Health Systems.  That could be the largest reported breach of protected health information (PHI) ever.  The breach reportedly was the result of a cyber attack originating from a country more often associated with industrial espionage than the compromise of individuals’ personal information. 

 

2.    Aggressive Regulators 

 

2014 saw US regulators become even more aggressive with respect to data privacy and security issues.  The FTC at least temporarily weathered a challenge by Wyndham Hotels to its ability to regulate cyber security matters, and has continued to be very active in this space.  Notable FTC actions last year include: 

 

•      The first enforcement action involving the Internet of Things

 

•      Increasing focus on enforcing companies’ compliance with their information privacy policies

 

•      Bringing an action against a company and its former CEO in connection with the collection of health information (unusual because the claim is brought against a corporate officer and because the Office of Civil Rights (OCR) in the federal Department of Health and Human Services typically gets involved with PHI risks, not the FTC)

 

•      Actions against Apple and Google in connection with in-app purchases by children without parental consent 

 

The Federal Communications Commission (FCC) showed up at the cyber security regulators party last year, and has issued millions of dollars in fines.  The fines stem from companies’ failure to implement appropriate protections for consumer information, use of consumer information for marketing purposes, and do not call list violations.  The FCC could be a significant regulator going forward. 

 

The Office of Civil Rights (OCR) in the Department of Health and Human Services has stated that they are bringing more data privacy and security enforcement actions than ever.  They aren’t focused only on big breaches either.  For example, the OCR reached a settlement with QCA Health Plan, Inc. involving a stolen laptop with unencrypted PHI of only 148 people.  This resulted in a $250,000 fine and a number of corrective measures. 

 

The SEC has also joined the party.  In 2011 the SEC issued guidance on cyber security issues for companies.  In 2014, they took action.  In April, the SEC Office of Compliance Inspections and Examinations (OCIE) announced that it would be auditing 50 broker-dealers and investment advisors to assess their cyber risks and preparedness.  The SEC has made clear what it expects companies to do to prepare for cyber risk;  well-informed commentators say that this is a prelude to enforcement actions in 2015. 

 

Regulators outside the US are also gearing up to become more aggressive.  A few examples:

 

The European Parliament has updated its laws to provide for fines of up to €100 million for violation of data protection laws. 

 

In Germany, the Commissioner for Data Protection and Freedom of Information for the state of Rheinland-Pfalz imposed a fine of €1.3 million on Debeka Health Insurance AG (Debeka) to resolve issues regarding misuse of protected consumer data.  Debeka also agreed to pay €600,000 to endow a university chair to study data protection. 

 

The Australian government has amended the Privacy Act of 1988 to include the Australian Privacy Principles.  The Office of the Australian Information Commissioner (OAIC) has published guidance for data breach notifications that stress the ability of the OAIC to bring enforcement actions and assess fines where appropriate.

 

In the UK, the Information Commissioner’s Office has continued to be active in enforcing data privacy rights and obligations. 

 

3.    The Right to Be Forgotten 

 

2014 was a year when the “right to be forgotten” took important steps forward.  In May, the European Court of Justice ruled that Google must remove information about an EU citizen that was no longer relevant and that could reflect badly on him.  Since then, Google and others have received hundreds of thousands of requests to remove information that was once public.  While the EU has issued guidelines to assist companies in deciding what to remove, the difficulties the requests present for companies receiving them are nevertheless significant. 

 

Lest anyone think the right to be forgotten is a non-US issue, it is worth noting that aspects of it are creeping into US laws.  As of January 1, 2015, California law requires websites to include an “eraser button” that allows children under the age of 18 to delete information they have created on web sites where they are registered users. 

 

4.    NIST Cyber Security Framework 

 

In February 2014, the U.S. National Institute of Standards and Technology (NIST) published its Framework for Improving Critical Infrastructure Cybersecurity.  The Framework is intended to provide companies with a description of what a comprehensive cyber security program should contain.  Further development of the Framework by NIST is encouraged in the recently passed Cybersecurity Enhancement Act of 2014.  Given that the NIST Framework is quickly becoming a baseline for companies to follow, the Framework will be important to watch in 2015.

 

5.    Cyber Extortion On the Rise 

 

As Brian Krebs of KrebsOnSecurity.com put it, 2014 was the year cyber extortion went mainstream.  2014 saw significant growth in extortion scams by criminals that infected a victim’s computer system with ransomware that will corrupt or delete data unless the ransom is paid.

 

A typical scam would be one where the victim’s files are encrypted and cannot be restored without the encryption key.  The criminals provide the key in return for the ransom payment.  Unfortunately, the ransom demanded is often small enough that companies elect to pay it (often by Bitcoin) rather than take on the expense and headache of recovering data by other means.

 

While there were notable successes in combatting cyber extortion scams in 2014, such as the takedown of the botnet that made distribution of the Cryptolocker ransomware possible, as long as extortion scams continue to succeed, their prevalence in 2015 seems assured.  The moral of the story is (a) back up your data, and (b) carry cyber policies that will respond to an extortion event. 

 

6.    Mobile Payments and Digital Wallets 

 

In 2014, Apple introduced Apple Pay.  For those unfamiliar with it, Apple Pay involves giving your credit card information to Apple which will then place a token associated with that number in an encrypted chip on an iPhone 6.  The phone can then be used to pay for purchases without the credit card or credit card number ever being disclosed to the merchant or to criminals that have compromised the merchant’s systems.  Apple Pay, and other existing or upcoming systems designed for the same purpose, appear likely to reduce or eliminate the risks inherent in using payment cards today.  These systems seem certain to become more widely adopted in 2015, with the result being that payment card data breaches should eventually become smaller and less severe. 

 

7.    EMV Payment Card Migration 

 

One of the most important events that will take place in 2015 is the migration of payment cards in the U.S. from magnetic stripes to chip-and-pin EMV cards.  EMV cards are considered more secure because they require thieves to have more than the card number to make fraudulent charges.  To make a charge with an EMV card the user must also input a PIN associated with the card. 

 

The migration to EMV cards will take place this year because the card brands are imposing a liability shift on October 1, 2015.  If a merchant has not installed equipment to handle EMV card payments, and a customer has an EMV card, the merchant will be liable for any resulting fraud on the customer’s account.  If the merchant has installed the necessary equipment to handle EMV card transactions, but the customer’s bank hasn’t issued him or her an EMV card, the bank is liable.  If the merchant is set up to handle EMV cards, if a customer uses an EMV card, and if fraud nevertheless takes place, the card brands will be liable. 

 

The importance of the EMV card migration and the liability shift cannot be overstated.  It is absolutely essential that every business that accepts payment cards understand and prepare for this now. 

 

8.    International Conflicts Over Privacy Rights 

 

In 2014 the US and EU collided over the disclosure obligations of Microsoft concerning data pertaining to EU citizens that Microsoft stores in the EU. 

 

A  US Government agency (we don’t know which one) served Microsoft with a search warrant for the content of an individual’s email account.  The contents are stored on a server in Dublin, Ireland. 

 

Microsoft has resisted the warrant on the grounds that US search warrants don’t apply to locations outside the United States.  As Microsoft’s Deputy General Counsel put it, the “U.S. government doesn’t have the power to search a home in another country, nor should it have the power to search the content of email stored overseas.” 

 

Predictably, the European Commission agrees.  The EC takes the view that the information can only be obtained via established legal frameworks that provide access to it. 

 

The US government has argued (successfully so far) that the warrant applies to any location under Microsoft’s control. 

 

Microsoft (with the active support of Ireland and the EU) is continuing to resist efforts to obtain the data because providing it would violate EU law.  This battle will continue in 2015 and will be interesting to watch, given the ramifications the case is likely to have on the legal frameworks governing the cross-border transmission of information subject to privacy protections. 

 

9.  Physical Damage From Cyber Events 

 

Many people will recall the Stuxnet worm that infected computers in Iran that controlled nuclear centrifuges and physically destroyed a large number of them.  In 2014 it was reported that an attack on a steel mill in Germany resulted in serious damage to blast furnaces there.  The possibility of similar future attacks on industrial control systems is real and must be taken seriously.  This will be an issue to watch in 2015. 

 

10.  Changes In the Cyber Insurance Market 

 

As a consequence of the large and expensive retail breaches over the past year, the cyber insurance marketplace changed dramatically in late 2014. 

 

Cyber coverage for companies with payment card data is becoming more expensive and harder to get.  Underwriters are asking deeper questions and are asking for more information than they have in the past.  Some insurers are no longer willing to cover such companies; others are reducing the policy limits they are willing to provide.  In addition to underwriting becoming more stringent, pricing is going up (even on, and sometimes especially on excess layers).  All of this comes at a time when there is unprecedented demand for cyber insurance. 

 

Companies that don’t have payment card data exposures are not facing the same problems.  For them the availability and cost of cyber insurance has changed little in the past year. 

 

Cyber underwriters continue to innovate.  In 2014, AIG introduced its CyberEdge PC policy that for the first time in a form for general use can cover property damage and bodily injury resulting from a cyber event.  It does this by providing excess DIC coverage over a company’s existing insurance programs.  Some underwriters continue to be willing to push the envelope on cyber policy terms and conditions in order to provide solutions, not just policies, to clients.  That is essential at a time when the cyber risks companies face are so dynamic. 

PrintNew corporate and securities lawsuit filings and enforcement actions were down for the third consecutive year in 2014, according to the latest annual report from the insurance information firm, Advisen. According to the report, which is entitled “D&O Claims Trends: 2014 End of Year Wrap-Up,” and which can be found here, the decrease in the number of new filings was spread across almost every major lawsuit and enforcement action category. The report does note that though the number of lawsuits and enforcement action is down compared to the immediately preceding years, the activity levels are still elevated compared to the years immediately preceding the financial crisis.

 

Unlike other published litigation reports, many of which track only securities class action lawsuit filing and settlement activity, the Advisen report attempts to track filing trends across several types of corporate and securities litigation, including but not limited to securities class action lawsuit filing activity. However, readers should be cautioned that the report uses its own unique names to describe the various different categories of litigation and enforcement activity. Because of this definitional issue, the report must be read very carefully.  

 

According to the report, the number of new corporate and securities lawsuit and enforcement action filings declined by ten percent between 2013 and 2014, from 1,492 in 2013 to 1,342 in 2014. These figures for both years are well below the 2011 peak of 2,059. While the 2014 activity was below recent years, the 2014 activity level still exceeds the totals from the period before the financial crisis prior to 2009. The report suggests that the decline in activity can be attributed to a number of factors, including the continued wind down of the financial crisis-related litigation and the fact that there are fewer U.S. public company litigation targets.

 

The report notes that the sector with the greatest number of corporate and securities lawsuit filings during 2014 was the financial sector, as has been the case every year since 2006. However, the spike in actions against companies in this sector during the period 2008 through 2011 has subsided.

 

With respect to securities class action lawsuits, the report notes that while the number of filings in the category has remained steady over the past three years, the number of 2014 filings (183) remained well below the 10-year annual average of 199. (To see my commentary on the significance and possible interpretation of the drop in filings below the long-term historical average, please see my own report on the 2014 securities class action lawsuit filing activity, here). The report notes that for many years, the number of securities class action lawsuit filings as a percentage of all corporate and securities litigation had been declining, as other types of litigation and enforcement activity increased. For example, in 2010, securities class action lawsuit filings represented only ten percent of all corporate and securities lawsuit filings. However, in the past three years, the securities class action lawsuit filings as a percentage of all corporate and securities filings has been increasing. The 183 securities class action lawsuit filings that Advisen tallied in 2014 represented 13.6 percent of all corporate and securities lawsuit filings during the year.

 

According to the report, the number of shareholder derivative lawsuit filings has “declined every year since 2011.” The 164 shareholder derivative lawsuit filings in 2014 is nearly 30 percent below the ten year annual average number of shareholder derivative lawsuit filings of 233. The number of derivative lawsuit settlements has declined as well; Advisen tracked only 38 derivative lawsuit settlements in 2014 compared to 64 in 2011. But though the number of derivative lawsuit settlements has been decreasing, the number of jumbo derivative settlements has increased. The report notes that during 2014, two massive shareholder derivative settlements were announced – the $275 million settlement in Activision, the largest derivative settlement ever, and the $137.5 million Freeport McMoRan settlement, the third largest derivative settlement every. (My discussion of the Activision settlement can be found here. My discussion of the Freeport McMoRan settlement can be found here. My running tally of the largest derivative lawsuit settlement can be found here.)

 

The report contains a number of interesting observations about FCPA enforcement activity. Among other things, the report notes that the number of FCPA enforcement actions increased by 57 percent in 2014, from 7 filings in 2013 to 11 in 2014. The number of settlements of FCPA enforcement actions also increased, from 11 in 2013 to 16 in 2014. Companies also paid more in 2014 than ever before to settle FCPA actions, including the $772 that Alstom agree to pay in settlement with the SEC, the $135 million that Avon Product agreed to pay, and the $97.3 million that Weatherford International agreed to pay. The report also  notes that anticorruption enforcement has become a priority area in a number of other countries, including China, Brazil and Canada.

 

The report includes a number of interesting comments from my friends Joe Monteleone of the Rivkin Radler law firm, Rick Bortnick of the Traub Lieberman law firm, and Priya Cherian Huskins of Woodruff Sawyer.

 

Discussion of 2014 Litigation Trends: On January 28, 2015, I will be participating in an Advisen webinar discussing the 2014 Corporate and Securities Litigation Trends. The webinar, which will take place at 11:00 am EST, is free. The webinar panel will also include Steve Shappell of JLT Specialty, Kathryn Walker, of Travelers, and Jim Blinn of Advisen. Information about the webinar including instructions on how to register can be found here.

cornerThe number of securities class action lawsuit filings in 2014 was about the same as in 2013, but the cases that were filed were smaller than in the past, according to the annual securities litigation report from Cornerstone Research. However, the likelihood that a public company will be the subject of a filing remained above the historical average in 2014, as it has in each of the past five years.

 

The Report, entitled “Securities Class Action Filings: 2014 Year in Review,” can be found here. Cornerstone Research’s January 27, 2015 press release about the report can be found here. My own analysis of the 2014 securities class action lawsuit filing can be found here.

 

According to the report, there were a total of 170 securities class action lawsuit filings in 2014. While this figure represents an increase of four lawsuits over 2013, it is ten percent below the 1997-2913 average annual number of 189 filings.

 

However, while the annual number of filings is down compared to the historical average number of filings, the number of publicly traded companies has declined significantly from the early years in the measuring period. The report notes with respect to the decline in the number of annual filings compared to historical average, “The declining long-term trend in the total number of filings from the late 1990s through today is a result of a decline in the number of public companies rather than a decreased likelihood of being the subject of a class action.”

 

To put the relative likelihood today of a U.S.-listed company being hit with a securities lawsuit into perspective, the percentage of U.S. listed companies hit with securities suits was 3.6% in 2014, compared to the annual average percentage of 2.9% during the period 1997-2013. In other words, though the annual number of filings overall is down in more recent years  compared to the historical annual average number of filings, due to the lower number of public companies, “the likelihood that a public company was the subject of a filing remained above the historical average in each of the past years.”

 

But while the overall likelihood of a U.S.-listed company becoming involved in a securities class action lawsuit is above long-term historical averages, companies in the S&P 500 were less likely to be targeted by a securities class action lawsuit in 2014 than in any year since 2000. Only 2.2 percent of S&P 500 companies were hit with lawsuits in 2014, compared to the annual average during the period 2000-2014 of 5.7%. In addition, the size of the S&P 500 companies involved has also changed. In the past, the larger companies in the S&P 500 were more likely to be targets of securities suits. However, during 2014, only 1.3 percent of the S&P 500 market capitalization was subject to new filings in 2014, the lowest on record, and well below the historical annual average of 10.1%.

 

As a general matter, the sizes of the companies and of the disputes involved in the lawsuits were smaller in 2014 compared to prior years. The report’s measure of the largest amount that plaintiffs, in the aggregate, might seek to recover  from cases filed in 2014 (what the report calls Maximum Disclosure Dollar Loss) sank to the lowest level since 1997. In a press release accompanying the report, a Cornerstone Research spokesman is quoted as saying that “for the first time since 1997, there were not mega filings with investor losses of greater than $5 billion at disclosure.” 

 

The press release also quotes Stanford Law School Professor Joseph Grundfest as saying that “although the number of lawsuits filed is little changed, the cases filed are much smaller and will lead to smaller recoveries for the plaintiff class down the road.” Professor Grundfest suggests that the data raise an interesting question of whether “large-scale securities class actions against corporate America are on the decline.”

 

While the long-term trend has been toward a declining number of publicly traded companies, the number of listed companies actually increased in 2014, due to increased IPO activity. According to the report, there were 206 IPOs in 2014, representing an increase in the number of IPOs in 2013 of 31%, and representing the highest level of IPO activity since 2000. However, number of IPOs during 2014 was still well below the 1996-2000 average annual number of IPOs of 458 IPOs. The report notes that the IPO activity in 2014 has “potential implications for future litigation.”

 

The report also contains an analysis of the status and disposition of securities class action lawsuit filings during the period 1996-2014. Among other things, the analysis shows that “dismissals were increasingly common for filings in the cohort years after 2003.” The aggregate dismissal rate for cases filed during the years 2003-2012 was 52 percent, compared to percentage well below that level prior to that period. The report suggests that the “underlying characteristics of the complaints” may help explain this increase. During the years 2008-2012, there were significant numbers of filings involving Chinese Reverse Merger companies, M&A lawsuits and credit crisis cases. These three categories of cases were dismissed at a 58% rate, compared to a 50% rate for all cases excluding these three categories. Other characteristics that can affect the likelihood of dismissal are: how quickly the case was filed, the length of the class period, and the size of the potential claims.

 

The number of filings against non-U.S. companies increased to 34 in 2014, well above the average historical average from 1997 to 2013 of 22 filings. The percentage of filings against foreign issuers was 20 percent in 2014 compared to the 1997-2013 historical average of 11 percent.