ncOn September 11, 2014, in a sharply worded order that will give heart to the FDIC’s many other failed bank litigation targets, Eastern District of North Carolina Judge Terrence Boyle, applying North Carolina law, granted the summary judgment motion of the former directors and officers of the failed Cooperative Bank of Wilmington, N.C., in the lawsuit the FDIC had filed against them in its capacity as the failed bank’s receiver. Judge Boyle rejected all of the FDIC’s claims against the former bank officials. The defendants in other failed bank lawsuits undoubtedly will seek to rely on Judge Boyle’s ruling that the loan underwriting actions on which the FDIC sought to base its liability claims are protected by the business judgment rule. A copy of Judge Boyle’s order can be found here.

 

A September 15, 2014 memo about Judge Boyle’s opinion from Mary Gill and Laura Tapson of the Alston & Bird law firm entitled “Bank Directors and Offices Win Summary Judgment on All FDIC Claims” can be found here. (Alston & Bird was not involved in the case.)

 

Background

After the Cooperative Bank of Wilmington, N.C. failed in June 2009, the FDIC as the failed bank’s receiver initiated a lawsuit against certain former directors and offices of the bank, asserting claims for negligence, gross negligence, and breaches of fiduciary duty in connection with the defendants’ approval of 86 loans between January 2007 and April 2008. The FDIC alleged that in making the loans, the defendants had deviated from prudent lending practices established by the bank’s own loan policy, published regulatory guidelines and generally accepted banking practices. In its lawsuit, the FDIC sought to recover approximately $40 million in losses the bank sustained in connection with the subject loans.

 

Earlier on in the case, Judge Boyle had denied the defendants’ motion to dismiss the FDIC’s lawsuit. Following discovery, the defendants filed a motion for summary judgment on all claims against them. .

 

The September 11 Order 

In his September 11 Order, Judge Boyle granted the defendants’ motion for summary judgment, dismissing all of the FDIC’s claims against the former directors and officers.

 

With respect to the FDIC’s claims for ordinary negligence and for breach of fiduciary duty, Judge Boyle ruled that “the business judgment rule applies and shields the defendants from liability.”

 

Judge Boyle said that under North Carolina law the business judgment rule “serves to prevent courts from unreasonably reviewing or interfering with decisions made by duly elected and authorized representatives of a corporation, “ adding that “absent proof of bad faith, conflict of interest, or disloyalty, business decisions of officers and directors will not be second-guessed if they are the product of a rational process and the officers and directors have availed themselves of all material and reasonably available information.” (Citations omitted) There can be no liability even if a subsequent finder of fact considers a decision “stupid, egregious, or irrational” so long as the court determines that “the process employed was either rational or employed in a good faith effort to advance the corporate interest.”

 

Judge Boyle first concluded that “the FDIC failed to reveal any evidence that suggests that defendants engaged in self-dealing or fraud or that any defendant was engaged in any unconscionable conduct that might constitute bad faith.” While the wisdom of the lending decisions may “raise interesting questions in hindsight,” the business judgment rule precludes the court from “delving into the whether or not the decisions were ‘good’.”

 

Given that Judge Boyle found no indication that the decisions were the result of bad faith, conflict of interest or disloyalty, the only question left was whether the decisions were the result of a rational process and in furtherance of a rational business purpose.

 

In concluding that the loan decisions that are at the heart of the FDIC’s case were the result of a rational process, Judge Boyle relied in particular on the FDIC’s own Reports of Examination during the period when the loans were made,  in which the bank’s management had been graded as “satisfactory” and not requiring “material changes.” The CAMELS ratings in the ROE of “2” for management, asset quality and sensitivity to market risks “show that the process the defendants used to make the challenged items were expressly reviewed, addressed and graded by the FDIC regulators in the 2006 ROE, adding that for the FDIC “to now argue that the process behind the loans is irrational is absurd.” (Judge Boyle noted in a footnote that CAMELS ratings are given on a scale of 1 to 5, with 1 being the highest. Banks scoring a 1 or a 2 “are considered well-managed and presenting no material supervisory concerns.”)

 

Based on these examination ratings and the comments of the bank’s independent auditors in 2006, 2007 and 2008, Judge Boyle found “as a matter of law, that defendants’ processes and practices for the challenged loans were rational.”

 

Judge Boyle also concluded that the challenged loans could be attributed to a rational business purpose, noting that while there were “clearly risks” associated with the bank’s goal of growing to be a $1 billion institution and to stay competitive with other banks that were making inroads into its territory, “the mere existence of risks cannot be said in hindsight to constitute irrationality.” He added that “where as here, defendants do not display a conscious indifference to risks and where there is no evidence to suggest that they did not have an honest belief their decisions were made in the company’s best interests, then the business judgment rule applies even if those judgments ultimately turned out to be poor.”

 

Judge Boyle also granted the defendants’ motion for summary judgment on the FDIC’s gross negligence claims, based on his finding that “the FDIC has presented no evidence that any of the defendants approved the challenged loans and made policy decisions knowing that these actions would harm Cooperative and breach their duties to the bank.” He added that “the FDIC cannot show that any of the defendants engaged in wanton conduct or consciously disregarded Cooperative’s well- being.”

 

In closing, Judge Boyle went out of his way to express his disdain for the FDIC’s contention that not only was the global financial crisis foreseeable, but it was actually foreseen by the individual defendants, a contention on which he felt compelled to comment because of the “absurdity of the FDIC’s position.” Judge Boyle reviewed numerous public comments made by various government officials before and after the financial crisis, including then-U.S. Secretary of the Treasury Hank Paulson and Federal Reserve Chairman Ben Bernanke, to the effect that regulators could not have seen the financial crisis approaching, and then commented that

 

The FDIC claims that the defendants were not only more prescient than the nation’s most trusted bank regulators and economists, but that they disregarded their own foresight of the coming crisis in favor of making the risky loans. Such an assertion is wholly implausible. The surrounding facts … belie the FDIC’s position here. It appears that the only factor between defendants being sued for millions of dollars and receiving millions of dollars in assistance from the government is that Cooperative was not considered “too big to fail.”

 

Judge Boyle concluded saying that for big banks to be forgiven for their role in the financial crisis because of their size while the directors and officers of small banks are pursued for monetary compensation “is unfortunate if not outright unjust.”

 

Discussion

In assessing Judge Boyle’s ruling here, it needs to be kept in mind that the kinds of claims the FDIC asserted against the former directors and officers of Cooperative Bank are pretty typical of the kinds of claims the agency has asserted against the former directors and officers of many other failed banks in the FDIC’s various failed bank’s lawsuits. For Judge Boyle to characterize the FDIC’s various positions as “absurd” and “implausible” is extraordinary. Judge Boyle not only dismissed the FDIC’s claims but seemed to reject the very premises on which the claims were based. It is fair to say – and I suspect that individual defendants in other failed bank cases will try to say – that if the FDIC’s position in this case is “absurd,” then its position in many other cases where it has asserted the same basic claims is also absurd.

 

There is another feature of Judge Boyle’s decision that is noteworthy, and that is his willingness to refer to the FDIC’s own Reports of Examination, made prior to the bank’s failure, as evidence that the bank’s lending practices involved rational processes. In its many failed bank lawsuits, the FDIC takes great pains to try to distinguish between its role and activities as a regulator and its role and activity as receiver. The debate on this distinction often takes place in the context of a debate over whether defendants can assert affirmative defenses against the FDIC. Judge Boyle determinations in the course of reviewing the defendants’ summary judgment motion simply disregards the distinction on which the FDIC so frequently seeks to rely; if the question is whether or not the bank’s lending practices were rational, then the FDIC’s pre-failure assessment of the bank’s lending practices are relevant.

 

The Alston & Bird memo to which I linked above states that Judge Boyle’s decision is “the first summary judgment ruling to address the business judgment rule in the wave of FDIC litigation following the financial crisis.” Other defendants will undoubtedly seek to rely on Judge Boyle’s rulings in the Cooperative Bank case as they seek to obtain summary judgment in their own cases. The ruling will obviously be of greatest use in other cases to which North Carolina law apply. As it turns out, that is a relatively small number of the pending cases. My information review of the FDIC’s online listing of its failed bank lawsuits suggests that there may be as few as only two other failed bank lawsuits pending in North Carolina federal courts.

 

Whether Judge Boyle’s ruling will prove to be useful or influential in cases to which the law of jurisdictions other than North Carolina law apply remains to be seen. The Alston & Bird memo suggests that even outside North Carolina, Judge Boyle’s application of the business judgment rule to grant summary judgment here “should provide strong support for granting summary judgment in favor of the D&Os in other cases as well.” While it can be argued that North Carolina’s version of the business judgment rule is not dissimilar to that applicable in other jurisdictions, the difference in applicable law might be enough for other courts to use as a basis to distinguish Judge Boyle’s analysis.

 

Where Judge Boyle’s decision might be most useful in other cases is the use he made of the FDIC’s Reports of Examination and CAMELS ratings. Many of the banks that failed collapsed quickly. Many of the institutions that failed appeared to be healthy only a short time before the closed, particularly at the outset of the financial crisis. The defendants in many of the other failed bank cases will be able to show that their management and lending practices were regarded as satisfactory by regulators just prior to the onset of the crisis. At least in the many pending cases where there are no allegations of self-dealing or conflict of interest, the defendants in other cases like the defendants here may be able to rely on the regulators’ own pre-failure positive assessment of their banks’ lending practices to refute the FDIC’s hindsight attempt to characterize those same practices as negligent.

 

Special thanks to Mary Gill of Alston & Bird for sending me a copy of Judge Boyle’s decision as well as providing me with a copy of her law firm’s memo.

 

A Note about Banks and Cyber Disclosure: According to its review of 10-Ks and 10-Qs of 575 publicly traded banks, LogixData concluded that 303 of the banks’ (52%) SEC reports had “absolutely no mention of anything related to cyber security.” (Hat Tip: The CorporateCounsel.net blog, here).

 

Living on Earth: This is what life is like sometimes. You are in Room 342, and this is the only available information to help you find your way:  

Hotelroom

 

 

nomura1As the litigation wave arrived following the global financial crisis, many financial institutions were hit with multiple suits that arrived piecemeal and over time. For D&O insurance coverage purposes, these lawsuits were filed across multiple policy periods. A recurring question as the subprime litigation has worked its way through the system is whether the various lawsuits trigger only a single policy or multiple policies (refer, for example, here).

 

The question arose again in the D&O insurance coverage litigation related to the various RMBS-related securities lawsuits that were filed against Nomura Holding America, Inc. and certain of its operating subsidiaries. In a September 11, 2014 opinion (here), Southern District of New York Judge Katherine Polk Failla ruled that — because she found that the five subsequent lawsuits filed against the Nomura entities were related to a prior securities lawsuit previously pending against the firms — the five subsequent claims related back to and were deemed made at the time of first  lawsuit. Based on this determination, she ruled that there was no coverage for the subsequent suits under the D&O insurance policies in place at the time the subsequent suits were filed.

 

Though Judge Failla’s ruling in the Nomura coverage dispute, like outcomes in many of the cases involving interrelatedness issues, reflects circumstances specific to the situation involved, her ruling nonetheless has important lessons for parties that find themselves involved in a relatedness clash. In addition, her separate ruling that the applicable policies’ specific litigation exclusion does not preclude coverage for the subsequent claims has important lessons for anyone attempting to draft a similar exclusion.

 

Background

Prior to the financial crisis, Nomura, through its operating subsidiaries, organized and issued residential mortgage-backed securities (RMBS) backed by mortgages originated by third-party lending institutions. In 2008, various Nomura subsidiaries and certain of the subsidiaries officers and directors were named as defendants in a securities class action lawsuit styled as Plumbers’ Union Local No. 12 Pension Fund v. Nomura Asset Acceptance Corp. (the “Plumbers’ Union” lawsuit). The Plumbers’ Union lawsuit alleged that the defendants had made various misrepresentation or omissions in the offering documents provided in connection with certain RMBS offerings. Nomura submitted the Plumbers’ Union lawsuit as a claim to the insurer providing Nomura’s D&O insurance at the time.

 

During the period July 1, 2010 to July 1, 2013, Nomura purchased three successive one-year D&O insurance policies from a different carrier than the one whose policy was in force at the time the Plumbers’ Union lawsuit was first filed. Between 2011 and 2012, five additional securities class action lawsuits were filed against Nomura and various of its subsidiaries, containing allegations that the named defendants had breached the securities laws in connection with the entities’ RMBS operations and issuance. Nomura provided notice of these five subsequent lawsuits to the D&O insurer whose policies were in place at the time the subsequent lawsuits were filed.

 

The D&O insurer to whom the five subsequent suits were submitted denied coverage for the claims. The insurer asserted two grounds for its denial. First, the insurer asserted that coverage was precluded by a manuscript endorsement that had been added to the policies the carrier issued to Nomura; the endorsement (referred to in the coverage lawsuit as the “Plumbers’ Union Exclusion”) provided that no coverage would be available under the policies for any claim that was

 

based upon, arising from, or in consequence of any fact, circumstance, situation, transaction event or matter described or cited below or the same or any substantially similar fact, circumstance, situation, transaction, event or matter:

 

Amended Complaint for Violation of Section 11, 12 (a)(2) and 15 of the Securities Act 1933 (USA), PLUMBERS’ UNION LOCAL NO. 12 PENSION FUND, individually and on behalf of all Others Similarly Situated vs. NOMURA ASSET ACCEPTANCE CORPORATION et al, United States District Court for the District of Massachusetts, No. 06-10446-RGS.

 

The D&O insurer also denied coverage in reliance Section 13(g) of its policies, which provides that “All Related Claims shall be treated as a single Claim first made on the date the earliest of such Related Claims was first made … regardless of whether such date is before or during the Policy Period.”

 

The term “Related Claims” is defined as “all Claims for Wrongful Acts based upon, arising from, or in consequence of the same or related facts, circumstances, situations, transactions, or events or the same or related series of facts, circumstances, situations, transactions or events.”

 

In response to the insurer’s coverage denial, Nomura filed a separate lawsuit seeking a declaratory judgment that the D&O insurer had wrongfully denied coverage for the five subsequent actions and that the carrier had breached its duty to provide coverage. The parties filed cross-motions for summary judgment.

 

The September 11 Opinion 

In her September 11 Opinion, Judge Failla denied the insurer’s summary judgment motion with respect to the Plumbers’ Union exclusion, holding that the insurer had failed to meet its burden of showing that the exclusion precludes coverage, but granted the insurer’s summary judgment motion with respect to section 13(g), based on Nomura’s “failure to show that the Policies provide coverage for the Underlying Actions.”

 

In support of its reliance on the Plumbers’ Union Exclusion, the insurer had argued that the subsequent lawsuits involved “the same or any substantially similar fact circumstance, situation, transaction, event or matter” as the “event or matter described or cited below” – that is, the Plumbers’ Union lawsuit. Nomura argued in opposition that the exclusion precluded coverage only for events or matters the same as or similar to the event or matter cited (that is, the Plumbers’ Union amended complaint itself) and not to factual matters contained in the Amended Compliant or legal arguments raised in that case. In making this argument, Nomura referenced the policies’ Prior and Pending Litigation exclusion, which, by contrast to the Plumbers’ Union Exclusion, precluded coverage not only for claims pending on the prior and pending litigation date, but also “circumstances or situations underlying or alleged therein.”

 

Judge Failla agreed that the Plumbers’ Union Exclusion referenced only the “matter” cited but not to “the factual allegations contained in the Plumbers’ Union Amended Complaint,” yet she also observed at the same time that “it is difficult to imagine how an action, but not necessarily its underlying factual allegations, could be the ‘same’ or ‘similar’ to the Plumbers Union Amended Complaint without also being ‘based upon, or arising from’ the Plumbers’ Union Amended Complaint.” In the end, because she found that the carrier’s interpretation depended on “adding words and phrases that are simply not there,” she concluded that the carrier had not carried its burden of showing that the Plumbers’ Union Exclusion precluded coverage.

 

With respect to the insurer’s reliance on Section 13(g), Judge Failla said that the subsequent complaints and the Plumbers’ Union lawsuit would be “substantially similar” within the meaning of the provision if they arose out of a common “factual nexus.” In order to determine whether a sufficient factual nexus exists, the Court, she said, must undertake a “side-by-side review” of the factual allegations to determine their relationship. Based on this analysis, she concluded that “the relevant complaints contain overlapping (and frequently identical) factual allegations, arising from strikingly similar circumstances, alleging similar claims for relief.” She separately identified six categories of alleged misrepresentations that the plaintiffs in each of the actions relied upon. She summarized her conclusions this way:

 

Plumbers’ Union and the Underlying Actions are each brought by similarly-situated investors against the same group of defendants who participated in the same types of securities offerings pursuant to nearly identical offering documents involving the sale of interests in pools of mortgage loans that were made, poled and securitized in strikingly similar ways. What is more, the factual allegations in the complaints are more than overlapping, they are nearly identical. On this basis, the Underlying Actions clearly allege facts which are the “same” or “similar to” those alleged in Plumbers’ Union.

 

Discussion

I have referred numerous time on this blog (for example here) to the difficulty and vexatiousness of interrelatedness disputes. The difficulty arises from the fact that it is always possible to find similarities between two actions and it is always possible to find differences. The outcomes of interrelatedness cases tend to be all over the map and it is very difficult to draw any generalizations about the cases, except that they tend to be very situationally and factually specific. This case is no exception. But while there arguably may be no general principles to be drawn from Judge Failla’s rulings in this case, there are certain lessons that may be discerned for parties caught up in an interrelatedness dispute.

 

With respect to the lessons to be learned, I note at the outset that Judge Failla was even handed – she dished in equal measures on both parties and their counsel for making or failing to make various arguments. I happen to know the lawyers representing the parties here, either personally or by reputation, and I know them to be excellent, skilled practitioners. The various chastisements Judge Failla dispensed in the course of her opinion (for example, “the Court will not do Nomura’s work for it”) say more about her judicial temperament than about the quality of the advocacy involved.  

 

Before getting to the lessons to be learned for parties engaged in relatedness disputes, there is one preliminary lesson to be learned for those responsible for drafting manuscript endorsements. I have no doubt that the intent of the Plumbers’ Union exclusion was to preclude coverage for any subsequent lawsuits involving the same or similar factual allegations as the Plumbers’ Union lawsuit. But as Nomura was able to argue here, that is not what the exclusion actually said. The exclusion referred only to the Plumbers’ Union Amended Complaint, but it did not refer to “the factual allegations or the claims alleged therein.” It is not that the exclusion was not very carefully written; indeed, the Plumbers’ Union lawsuit itself is described in the exclusion in excruciatingly specific detail. But in the end the exclusion itself did not actually say what was intended. So the lesson for draftsman of manuscript endorsements is, first, to take care that the exclusion says that was intended – here, that what was meant to be excluded was any lawsuit containing the same or similar allegations as the Plumbers’ Union lawsuit – but also that if the exclusion is a specific litigation exclusion, that the exclusion precludes not just the referenced lawsuit itself, but also the facts alleged and claims asserted.

 

Now, for the lessons to be learned by those involved in interrelatedness disputes. First, for those parties seeking to establish that a prior and subsequent lawsuit are interrelated, the argument will be advanced to the extent that the similarities are demonstrated in a detailed, side-by-side comparison of the relevant allegations. Judge Failla chided the insurer for failing to provide this type of comparison, noting that “it was not until the Court requested supplemental briefing that Defendant submitted an in-depth, allegation-by-allegation review of the operative complaints in support of its argument.” In the absence of this specific documentation, the insurer was left to argue based “solely upon similar categories of misrepresentations,” which, Judge Failla noted, “could be applied so expansively that entire business lines could be precluded from coverage based on a single lawsuit.” The lesson, then, is that the party seeking to establish relatedness should provide a detailed, side-by-side comparison of the allegations in the complaints the party contends are related.  

 

Second, it is not enough for a party seeking to argue that different claims are unrelated to identify differences between the claims. Here, Nomura noted numerous differences between the various complaints – they involved different claimants, different defendants, different offerings, different underlying mortgages, and different underlying mortgage originators. Judge Failla was unpersuaded by existence of these differences, noting that “Nomura did nothing to demonstrate that these identified differences mattered, i.e., that they were anything other than differences in name only.” The lesson for the party seeking to show that separate lawsuits are unrelated is that it is not enough to show that there are differences; the party must also show why the differences matter, particularly with respect to the question of whether or the lawsuits involved a common factual nexus.

 

It is interesting to note that in rejecting Nomura’s arguments, Judge Failla rejected a specific argument Nomura had tried to make based on the language used in the policies’ definition of relatedness. Nomura had tried to argue that the policies had a narrower definition of relatedness than that involved in many of the other relatedness cases. Nomura made this argument because the definition of relatedness in the policies at issue, by contrast to the language found in the policies involved in the other cases, did not contain the words “or in any way involving” (i.e., the other policies in the other cases provided that the two matters are related if they are “arising from, based upon, arising out of, directly or indirectly resulting from or in consequence of, or in any way involving, the following, etc.”) Judge Failla expressly acknowledged that the policies at issue did not include the “or in any way involving” language, but that did not affect here analysis of the factual nexus issues.

 

While the absence of this language did not affect Judge Failla’s analysis in this case, it is interesting that Nomura tried to make the argument. There is nothing to provide assurance that the absence of this language might not make a difference in another case (indeed, Judge Failla noted that other courts have found the presence of this language to be significant). The lesson here seems to be that, at the time of placement, policyholder advocates would seek to have this language removed while insurer representatives would seek to have it included. In the event of a coverage dispute, policyholder advocates will argue with respect to a relatedness definition lacking this language that the definition is narrower and not as inclusive; while carrier advocates will argue that whether or not the language is present, the only operative question is whether not there is a common factual nexus between the two matters.

 

A Creature That Prospers Regardless of Circumstance: Here at The D&O Diary, we have been watching the build-up to next week’s referendum on Scottish independence with a mixture of fascination and trepidation. We understand the romantic appeal of an independent Scottish state yet fear what unanticipated circumstances it might bring as well. For all the reasons mustered for and against independence, the argument in support of independence that strikes us as the strangest is the one put forth in September 12, 2014 Bloomberg article entitled “Scottish Lawyers Say Referendum May Transform Legal Industry” (here).

 

It seems that some of the local lawyers support dumping a union that has lasted more three centuries because independence will mean more legal business. (I am not making this up.) According to the article, Scottish lawyers see a Yes vote in the September 18 referendum as “an opportunity to take their rule of law to the world, transforming a distinctly local market into an international one.” Another commentator is quoted as saying that “the impact of independence on the legal industry in Scotland and the rest of the U.K. will result in a very busy time for lawyers. “ (Others cautioned, however, that a Yes vote could lead to a prolonged period of stagnation – and that would be bad for business.)

 

What of questions of defense, trade, taxation and currency; what of generations of mutual struggle through wars, crises and change; what of ties based on a union that has lasted longer than that of the United States? What could be more thrilling than the possibility of billable hours?

 

“I Found a Picture of You”: While trying to follow the ins and out of the Scottish independence debate, I have taken up listening to the BBC World Service News using the BBC app on my iPad. I have wound up hearing a lot more than news about the referendum. Just the other day, I heard a very interesting interview of Chrissie Hynde, the rock vocalist and lead singer in The Pretenders. I confess that I have always had a fascination with Hynde, in part because I have never been able to figure out how someone from Akron, Ohio managed to transform herself into a British rock star. It was a good interview, but they didn’t play any of her music, so after it was over, I went to YouTube to see what I could find.

 

I have always like Hynde’s voice, so confident and so cool. She and her music may now be vestiges from an earlier time, but I think she is still worth listening to. So, to get your Monday morning started right, here’s a bit of music from Chrissie Hynde and The Pretenders – and what could be more appropriate for a Monday morning that “Back on the Chain Gang”?: 


 

londonOn September 29, 2014, I will be in London to participate in the Professional Liability Underwriting Society (PLUS) regional symposium. The luncheon event, which is entitled “Dangers of Long Arm Enforcement in a World WIthout Borders” will take place at Gibson Hall. I will be making a presentation at the event on the topic of “The Dangerous Cross-Border Regulatory Environment.” The keynote speaker at the event will be the author and consultant David Berminham, best known as one of the NatWest Three, who will be presenting his own personal perspective on cross-border enforcement based on his extradition to the U.S. on charges related to the Enron scandal. Following the keynote address, Berminham and I will discuss the evolving challenges in an increasingly global regulatory environment.

 

Background details about the event, including registration information, can be found here.

 

I have participated on a panel with David Bermingham in the past and I can assure everyone that this will be a lively and interesting event. I hope all of my UK readers and friends will plan on attending. I look forward to seeing you there. 

 

inshights2012Every year after Labor Day, I take a step back and survey the most important current trends and developments in the world of Directors’ and Officers’ liability and D&O insurance. In the latest issue of InSights (here), I review this year’s survey. Once again, there are a host of things worth watching in the world of D&O.

 

ICYMI: If you have not yet seen my recent travel posts, you can find the post about Singapore here and about Mumbai here.

gavel1In several posts of the last several months (most recently here), I have commented that with the increased number of IPOs, an increase in IPO-related securities litigation would likely follow. If the securities litigation filing activity over the last couple of weeks is any indication, the anticipated increase in IPO-related securities litigation has arrived. Interestingly, most of the recent activity involves companies that completed their IPOs in 2013, suggesting that IPO-related securities litigation involving the increased numbers of 2014 IPOs is largely yet to emerge.

 

The most recent IPO-related securities suits within the last week. The first involves Enzymotec, Ltd., an Israeli-based company that completed its IPO in the U.S. on September 27, 2013. In his complaint filed in the United States District Court for the District of New Jersey on September 5, 2014, the plaintiff alleges that in its offering documents, the company, a worldwide supplier of nutritional products whose primary source of revenue is through its baby formula business, had failed to disclose that its Chinese baby formula business was jeopardized by increased regulatory pressure and subject to increased volatility and increased revenues. The complaint also alleges that company’s joint venture was crumbling which subjected the company to liability and further decreased revenues. A copy of the complaint can be found here.

 

The second of the most recent IPO-related securities lawsuit was filed on September 8, 2014, and involves SeaWorld Entertainment, Inc. which completed its IPO on April 18. 2013. The complaint, which was filed in the Southern District of California, and which can be found here, alleges that the company completed its offering while failing to disclose to investors that the company’s theme park was experiencing falling attendance numbers after the release “Blackfish,” a documentary about the alleged mistreatment of orca whales at the company’s theme park. The complaint alleges that the company failed to disclose the alleged mistreatment of the whales in the company’s offering documents.

 

These two most recent lawsuits follow closely after the filing of two other IPO-related lawsuits in the days just prior to the most recent filings. The first of these two prior lawsuits was filed on August 28, 2014 in the Southern District of New York against Santander Consumer USA Holdings, Inc., certain of its directors and officers and its offering underwriters. A copy of the complaint can be found here. The company is engaged in the indirect provision of auto loans. The company completed its IPO on January 23, 2014.The lawsuit followed after the company announced that it had received a Department of Justice subpoena relating to its underwriting and securitization of subprime auto loans since 2007.

 

The second of these two prior lawsuits was filed on September 3, 2014 in the Northern District of California against Rocket Fuel, Inc., certain of its directors and officers and its offering underwriters. A copy of the complaint can be found here. The company completed its IPO on September 20, 2013. The company Is engaged in managing Internet marketing, which it accomplished by operating a media-buying platform across various video and social media. The lawsuit alleges that while the company reassured investors that it could identify and manage threats to its model from bot-driven traffic, it was unable to eliminate ad fraud and bot traffic in its advertising campaigns. The complaint alleges that the company overstated its ability to manage bot-generated ad fraud and understated the seriousness of the problem. The company’s share price declined in early August 2014 when the company announced customer concerns about the company’s inability to identify and eliminate fraudulent ad traffic.

 

The filing of these IPO-related securities suits in quick succession may be something of a coincidence. However, because IPO activity picked up in 2013 and has increased again 2014, it is hardly a surprise that we are seeing an uptick in IPO-related litigation. IPO companies tend to be more vulnerable to securities suits for at least three reasons. First, there is a lower standard of liability for securities suits under Section 11 of the ’33 Act, which is applicable to claims based on the public offering of securities, than is applicable to open market trading securities suits under Section 10 of the ’34 Act, and so lawsuits involving IPO companies are just more inviting the plaintiffs’ lawyers. Second, because IPO companies have little track record and experience as reporting companies, and because they sometimes (although not always) are relatively new or developmental stage companies, IPO companies sometimes stumble in the early reporting periods after the IPO. Third, because of IPO companies’ relatively short trading history, the markets tend to react more precipitously to any adverse developments.

 

It is interesting that all but one of these new lawsuits involves companies that completed their IPOs in 2013, and only one involves a 2014 IPO. That means that even though the IPO-related litigation activity is picking up we are really not even seeing the litigation activity from the increased numbers of IPOs in 2014. Given the lag between the dates of the 2013 IPOs and the filing of these lawsuits, it would seem that we will see more securities suits related to the 2014 class of IPOs beginning in 2015. In any event, it seems likely that in the coming months and into to 2015, we will continue to see a number of securities suits involving IPO companies.

 

In any event, the numbers of companies that recently completed IPOs that are finding themselves caught up in securities litigation serves as a reminder of how important it is for companies in the IPO process to carefully attend to the placement of the public company D&O insurance that will be in place following the offering. The careful structuring of the D&O insurance could turn out to be a very important planning step that, if properly completed, can make a significant difference in the company’s experience if it should get hit with a securities suit after the IPO. For that reason, it is particularly important for companies planning an IPO to carefully select and knowledgeable and experienced broker as part of the planning process.

 

Website Upgrade for The 10b-5 Daily: For those of you who like me follow The 10b-5 Daily blog, you will be interested to note that the blog has recently completed a significant upgrade to is website, which can be found here. I congratulate Lyle Roberts, the site’s author, on the great new site. While the new site is great, if like me you want to continue to receive email updates when new content is posted on the site, you will need to reregister your subscription, by entering your email address in the Subscribe box and then clicking on the link in the confirmation email you will receive. (You need to update the subscription even if you subscribed to the site in the past, if you want to continue to receive emails.) I have already updated my subscription, I hope other readers will do the same.

 

D&O Liability and Insurance Issues in Germany:  Those readers interested in D&O liability and insurance issues in Germany will want to read the recent article by Dr. Burkhard Fassbach of the Hendrdicks & Co. GmbH law firm in Dusseldorf, entitled “D&O (Directors & Officers) Liability in Insurance in German Supervisory Board Practice” (here). In the article, Burkhard discusses the interest of German Supervisory Board members in their companies’ obtaining D&O insurance as a prerequisite to their board service. The article also discusses the conflicts of interests that can arise between the Supervisory Board and the Executive Board from the dual board structure under German corporate in liability cases. The article concludes by examining the question whether the two boards require separate insurance policies provided through distinct insurance companies. The law firm’s September 10, 2014 press release about the article can be found here. I would like to thank Burkhard for sending me a link to his interesting article.

 

 

  del1Following the Delaware Chancery Court’s June 2013 ruling upholding the facial validity of the bylaw of Chevron Corporation designating Delaware as the exclusive forum for intra-corporate disputes, the adoption of forum selection bylaws has become mainstream. But while a number of companies have now adopted forum selection bylaws, the circumstances surrounding the adoption by First Citizens BancShares (“FC North”), a North Carolina-based bank holding company, were a little unusual. Not only did the did FC North, a Delaware corporation, designate North Carolina courts as the preferred forum, rather than the courts of Delaware, but it adopted the forum selection bylaw the same day as it announced its intent to acquire First Citizens Bancorporation (“FC South), a South Carolina-based bank holding company. A family group holds controlling interests in both banks.

 

Despite these circumstances, in a September 8, 2014 opinion (here), Delaware Chancery Court Chancellor Andre G. Bouchard upheld the bylaw both facially and as applied. Although there Chancellor’s opinion held open the possibility that there could be circumstances when an otherwise valid bylaw might not be valid as applied, he found no basis to withhold the enforcement of the bylaw here. The opinion represents an important affirmation of the Delaware courts’ general support for these types of bylaws and of the authority of boards of Delaware corporations to specify the exclusive forum of their choice for resolution of intra-corporate disputes, even if the forum specified is not Delaware and even if Delaware law governs the dispute.

 

On June 10, 2014, FC North’s board adopted a bylaw provision designating as the specified forum the United States District Court for the Eastern District of North Carolina, or if that is not available, any North Carolina state court with jurisdiction. That same day, FC North announced that it had entered into a merger agreement with FC South. The plaintiff then filed two complaints in Delaware Chancery Court, one challenging the bylaw as invalid and seeking a declaratory judgment that the Chancery Court may exercise jurisdiction, and a second complaint asserting against the FC North board various alleged breaches of fiduciary duty in connection with the merger. Among other things, the merger objection complaint alleges that members of the control group of both companies breached their fiduciary duties as controlling shareholders and unjustly enriched themselves.

 

FC North moved to dismiss the first complaint for failure to state a claim, and moved to dismiss the second complaint, on the basis of the forum selection bylaw, for improper forum.

 

In his September 8 order, Chancellor Bouchard granted both of the defendants’ motions to dismiss. With respect to the validity of the bylaw, the Chancellor said that the question presented was whether a board of a Delaware Corporation could adopt a bylaw that designates an exclusive forum other than Delaware for intra-corporate disputes. The Chancellor said that the same analysis of Delaware law outlined in the Chevron case “validates the bylaw here” and that nothing in Chevron or in Delaware statutory law prohibits directors from designating an exclusive forum other than Delaware, and particularly given that North Carolina is the “second most obviously reasonable forum,” there was no reason to call into question the facial validity of the bylaw here.

 

The Chancellor declined to address the various “as applied hypotheticals” the plaintiff had raised to try to challenge the bylaw, particularly given that the FC North bylaw was only enforceable by its own terms “to the fullest extent permitted by law.” He found no reason why the Delaware common law claims could not be addressed and resolved in another forum.

 

The Chancellor also rejected the plaintiff’s claims that the FC North board had breached its fiduciary duties by adopting the bylaw because the board had been motivated by a desire to protect the interests of certain board members and in order to insulate itself from the jurisdiction of Delaware’s courts. The Chancellor observed that the bylaw does not insulate the board’s approval of the proposed merger from judicial scrutiny, since the scrutiny may get take place in North Carolina’s courts. The Chancellor held that the plaintiff had failed to rebut the business judgment rule relating to the board’s adoption of the forum selection bylaw.

 

Finally, the Chancellor granted the motion to dismiss for improper venue based upon the forum selection bylaw, finding that no Delaware public policy would require the bylaw to be disregarded in order for the merger objection suit to be heard in Delaware. He noted that there may hypothetically be circumstances under the “as applied” standard where enforcement of a bylaw would not be appropriate, but even notwithstanding the timing of the bylaws adoption, he found no reason to conclude it would be inequitable to require the merger objection suit to be litigated in North Carolina.

 

In closing, Chancellor Bouchard emphasized that principles of judicial comity also weighed in favor of the enforcement of the bylaw. As he said, “if Delaware corporations are to expect … that foreign courts will enforce valid bylaws that designate Delaware as the exclusive forum for intra-corporate disputes, then as a matter of comity, so too should the Court enforce a Delaware corporation’s bylaw that does not designate Delaware as the exclusive forum.” To do otherwise would “stray too far from the harmony that fundamental principles of judicial comity seek to maintain.”

 

It is interesting to note that the plaintiff here was seeking to have its case heard in Delaware while the defendants sought another forum. In most of the discussions about forum selection bylaws, the presumption is that the companies would choose to be in Delaware while prospective plaintiffs would seek to be in other courts. This case serves as a reminder that Delaware is not a forum where plaintiffs would never want to proceed, nor is it a forum where defendants would always want to litigate over any other forum. Here, where FC North knew its proposed merger would draw a lawsuit (as does virtually every other merger announced these days), the FC North board simply made a move to ensure that the inevitable lawsuit would take place in a court convenient to the anticipated defendants, the witnesses and the documents. Just the same, it is interesting to wonder why the plaintiff had such a strong preference for Delaware, as opposed to North Carolina. (I don’t think it is too cynical to conjecture that the Delaware and New York lawyers representing the plaintiff saw their own advantage in the case proceeding in Delaware rather than NC.)

 

The thing that is clear is that the facially validity of forum selection bylaws seems well established now in the Delaware courts and it seems that the Delaware courts are inclined to enforce the bylaws subject only to (so far) purely hypothetical limitations. This may mean an end to the curse of multi-ijurisdiction litigation, but as this case shows it may not necessarily mean that all intra-corporate litigation will now go forward in Delaware. Other companies may now consider whether or not there is another court they would prefer to designate as their preferred forum, rather than the Delaware courts. Delaware law would of course still govern disputes involving Delaware corporations, but the defendant company could at least preserve the opportunity to litigate cases in courts closer to their offices and officials, reducing the burden on the company from intra-corporate litigation.

Collins_J_06_14(2)[1]In this guest post, Joseph Collins, a partner at the DLA Piper law firm, examines the extent to which mismanagement claims can be brought directly against directors of a Maryland corporation, as opposed to derivatively. I would like to thank Joe for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Anyone interested in submitting a guest post should contact me directly. Here is Joe’s guest post.  

************************** 

Maryland’s “direct claim bar” set forth in § 2-405.1(g) of the Maryland Corporations and Associations Article provides that any mismanagement claims against directors of Maryland corporation must be brought by or on behalf of the corporation, i.e., as a derivative claim.[1]  In 2009, Maryland’s highest court recognized an exception to the direct claim bar, holding that it “is inapplicable to decisions made outside the purely managerial context, such as negotiating the price shareholders will receive in a cash-out merger transaction.” Shenker v. Laureate Educ., Inc., 983 A.2d 408, 427 (Md. 2009).  In the context of a cash-out merger transaction, where the directors already made a decision to sell the corporation, the Shenker court held that the directors owe additional common law fiduciary duties of candor and maximization of shareholder value directly to the shareholders themselves.  Under Shenker, claims for breach of those common law duties may be brought directly against the directors, notwithstanding the direct claim bar.[2]

 

In 2014, five years after Shenker, two decisions from two different federal district courts addressed whether additional exceptions to the Maryland direct claim bar should be made, including where a shareholder alleges a “direct” injury from board mismanagement, and where a shareholder alleges that the board owed common duties of candor or maximization of share value outside of the cash-out merger context.  Both courts refused to create any additional exceptions.

 

In Hohenstein v. Behringer Harvard REIT I, Inc.,[3] two shareholders directly filed suit against the board of a Maryland REIT, alleging that the directors breached their managerial duties to the shareholders, including the duty of candor.  The Hohenstein court refused to recognize a duty of candor outside the cash-out merger context. “To date, Shenker’s holding has been limited to its narrow set of circumstances, and courts have not imposed a fiduciary duty of candor in other situations.”[4]  The Hohenstein court further held that the shareholders’ remaining mismanagement claims are subject to the direct claim bar: “Lawsuits against directors in their managerial capacities … cannot be done directly by the shareholders.”[5]  Because the shareholders could not meet the requirements for a derivative action under Maryland law,[6] the Hohenstein court dismissed their lawsuits with prejudice.

 

In Sadler v. Retail Properties of America, Inc.,[7] several shareholders directly filed suit against a Maryland REIT and its board, alleging that the directors breached their managerial duties to the shareholders, including the duties of candor and maximization of share value.  Like the court in Hohenstein, the court in Sadler refused to recognize additional duties outside the cash-out merger context, noting that “most of the courts that have interpreted Shenker have held that the duties outside § 2-405.1(a) only arise in a ‘change of control’ transaction.”[8]  Regarding the shareholders’ alleged direct injuries, the court in Sadler held that “if a suit is based on duties contained in § 2-405.1(a), it does not matter whether the Plaintiffs suffered a direct injury; the claims can only be brought through a derivative suit.[9]

 

Hohenstein and Sadler reaffirm the general rule that mismanagement claims against directors of Maryland corporation may only be brought as a derivative claim.  In the wake of these decisions, shareholder plaintiffs are required to make a demand on boards of directors of Maryland corporations or plead demand futility, a much higher pleading hurdle than they would otherwise face.

 

[1] The duties owed to a corporation by its directors in undertaking their managerial decisions are codified in § 2-405.1 of the Maryland Corporations and Associations Article:

(a) A director shall perform his duties as a director, including his duties as a member of a committee of the board on which he serves:

(1) In good faith;

(2) In a manner he reasonably believes to be in the best interests of the corporation; and

(3) With the care that an ordinarily prudent person in a like position would use under similar circumstances.

MD. CODE ANN., CORPS. & ASS’NS § 2-405.l(a)(1)-(3).

[2] The Shenker court also found that the alleged injury was direct in nature: “In addition, it is clear that, here, the injury alleged, namely, a lesser value that shareholders received for their shares in the cash-out merger, is an injury suffered solely by the shareholders and not by [the] corporate entity. Such an injury, if suffered, is a direct one, separate from any injury suffered by the corporation….” 983 A.2d at 425.

[3] 2014 WL 1265949 (N.D.Tex. March 27, 2014).

[4] Id. at *5.

[5] Id. at *6.

[6] See Werbowsky v. Collomb, 766 A.2d 123 (Md.2001).

[7] 2014 WL 2598804 (N.D.Ill. June 10, 2014).

[8] Id. at *9.

[9] Id. at *10.

econmagOne trend in recent years that has been impossible for anyone following the business pages to miss has been the steadily increasing numbers of huge monetary settlements that companies have reached with U.S. regulators and prosecutors. These settlements often involve staggeringly large amounts of money, often funded by shareholders.  The Bank of America’s recent $17 billion settlement with the U.S. Department of Justice is merely the latest example. Yet the bases for these settlements and the justifications for the massive payments often are obscure. The settlements often arise because the companies must settle to avoid the potentially ruinous consequences of a trial; the settlements also allow enforcement authorities a basis from which to assert their regulatory effectiveness.

 

In the leader for the cover story in its August 30, 2014 issue (here), the Economist magazine asserts hat these attributes make the American regulatory system “the world’s most lucrative shakedown operation.” The vast range of rules and regulations to which businesses are subject means that even the most diligent company cannot be free of scrutiny. While there undoubtedly are companies whose activities merit censure and punishment, when the enforcement process takes place entirely behind closed doors and often depends for its basis more on the coercive power of the regulator rather than the merits of the case, the result is a “criminalization of corporate behavior in American” that is “bad for the rule of law and for capitalism.” 

 

By any measure, the numbers of regulatory and prosecutorial actions filed against companies has grown at an alarming rate in recent years, as has the size of the fines and penalties imposed. The legal bases for government action range across a broad range of topics, including antitrust, bank secrecy, trade sanctions, bribery, environmental or food and drug safety, and consumer lending requirements.  As the Economist says in its cover article (here), the “deeply troubling” result is that “companies are ever more frequently treated as criminals,” yet the crimes they are accused of “are often obscure and the reasoning behind the punishments opaque.”

 

Among other things, these governmental enforcement activities raise questions “about the role of the state as an increasingly active participant in many areas of business.” The article quotes a forthcoming book by University of Virginia Law Professor Brandon Garrett as saying that the enforcement activity represents an “ambitious new approach to governance,” in which governmental enforcement authorities “help to reshape the policies and cultures of entire institutions” based on complex agreements between prosecutors and companies,” governing new compliance procedures, curtailment of business activities and operational and managerial changes.”

 

Even more troubling are the uses to which the monetary recoveries are being put. The article cites examples showing how regulators and prosecutors view their corporate enforcement activities as, in effect, a profit center. Rhode Island’s attorney general’s office was, for example, able to fund a significant expansion of its office facilities as a result of the proceeds of a settlement with Google. A settlement earlier this year involving BNP Paribas set off an unseemly squabble among New York officials eager to hive off a larger portion of the settlement proceeds. As the Economist puts it, “why a state government should get any share at all of a French firm’s fine for defying a federal government’s foreign policy is not clear.”

 

In a January 2014 Harvard Law Review article entitled “For-Profit Public Enforcement” (here), Duke University Law School Professor Margaret Lemos and New Mexico Law School Professor Max Minzner argue that “public enforcers often seek large monetary awards for self-interested reasons divorced from public interest in deterrence. The incentives are strongest when enforcement agencies are permitted to retain all or some of the proceeds of the enforcement – an institutional arrangement that is common at the state level and is beginning to crop up in federal law.” In a system where companies calculate that they have no choice but to try to reach a settlement from which the enforcement authorities themselves will benefit, the process can begin to resemble what the Economist describes as a “shakedown.”

 

The “most troublesome” aspects of these enforcement developments are the “secrecy and opacity.” Because the cases almost always settle and never go to court, precedent is not established, “so it is unclear what exactly is illegal,” which in turn enables “future shakedowns” but “hurts the rule of law and imposes enormous costs.” Even with respect to the most culpable companies, the system is a failure, as it allows the companies and their senior officials to evade the scrutiny and censure that would follow “an unequivocal criminal conviction.”

 

These circumstances create enormous challenges for companies. Given the vast numbers of regulations to which companies are subject, the costs of compliance involved are huge. Yet, as the article states, “even the most diligent company may not escape censure.” The article quotes Larry Thompson, a former U.S. attorney general as saying that “no matter how gold-plated your corporate compliance efforts, no matter how upstanding your workforce, no matter how hard one tries, large corporations today are walking targets for criminal liability.”

 

The vast array of regulation to which companies are subject raises another problem, which is that the rules are so numerous and complex that “enforcing them becomes discretionary.” The discretionary nature of enforcement authority not only undermines the “predictability and clarity” that “serve as the foundation of the rule of law,” but it also “risks the prospect of a selective – and potentially corrupt system of justice in which everybody is guilty of something and punishment is determined by political deals.”

 

The Economist article paints a vivid and disturbing picture, but offers relatively little in the way of remedies. The article suggests only briefly, and without elaboration of how the suggested remedies are to be brought about, that the division between civil and criminal law should be more faithfully maintained, and that the excessive amounts of regulation should be cut back in the interests of clarity. With relatively little focus on the remedies but with a closing observation that perhaps the situation is, if anything, getting worse, the article’s overall effect is chilling.

 

The magazine’s cover refers to the “Criminalization of American Business,” but there is a very important sense in which this description is inaccurate. The article neglects to mention that often many of the targets of the U.S. enforcement activity are non-U.S. companies.  U.S. regulators may indeed be criminalizing businesses, but often the companies involved often are not, as the article’s title would suggest, American. The list of companies mentioned by name in the article silently makes the point; among the companies named in the article are BNP Paribas, BP, Standard Chartered, HSBC, Credit Suisse, UBS, Barclays, Toyota, Marubeni, and Rabobank. While there are also many U.S. companies named as well, the significant number of non-U.S. companies involved is potentially troublesome and opens the regulators to potential questions of whether their regulatory activities are selective or whether they are targeting foreign competitors. At a time when many Western companies and governments are expressing alarm over the way China is targeting non-Chinese companies for, among other things, antitrust, environmental and corruption enforcement, the apparent propensity of U.S. regulators to target non-U.S. companies represents a potential problem.

 

Another aspect of the problem that the article does not address is the fact that regulators around the world have been paying attention, and are in fact attempting to borrow some strategies from the U.S. regulators’ playbook. As mentioned, China is newly assertive in extracting fines, particularly from Western companies. European authorities have also become increasingly active in enforcing and seeking fines under antitrust, privacy, taxation and anti-bribery laws.  In August, automobile racing mogul Bernie Ecclestone agreed to pay $100 million to secure the discontinuance of bribery proceedings pending against him in Germany. The problems detailed in the Economist article are most advanced in the U.S, but the problems are not limited just to the U.S., and increased regulatory enforcement activity, often motivated by the same objective as U.S. authorities, is a growing problem around the world.

 

This brave new world of coercive regulatory enforcement has important repercussions for D&O insurance. The increasing activity of regulators, both inside the U.S. and around the world, has resulted in a significant increase in claims activity. To be sure, many of the significant monetary costs arising from this regulatory activity are not insured or insurable; the massive fines and penalties the targeted companies pay would not be covered under the typical D&O insurance policy. However, the defense expenses involved, which often are also massive, may be insured in whole or in part, at least where individual directors and officers are named as defendants in regulatory actions. By the same token, however, significant questions can arise when the corporate entity is the only defendant or when the regulatory action does not involve alleged violations of the securities laws (as entity coverage is often limited to alleged violations of the securities laws only). Difficult questions also arise with respect to defense expenses incurred during the phase when potential violations are under investigation and have not yet ripened into an actual enforcement action.

 

One sidelight on these issues that should not be overlooked is that the governmental enforcement actions can also lead to follow-on civil actions. Indeed, it is increasingly clear that the follow-on civil suit can arise – in the U.S., at least — whether or not the enforcement action arises in the U.S. or outside the U.S. To cite two recent examples, earlier this year investors filed securities class action lawsuits in the U.S. against Nu Skin Enterprises (refer here) and China Mobile Games and Entertainment Group (refer here) following anticorruption enforcement actions in China. Setting aside the question of the D&O insurance implications of the initial governmental enforcement activity, these follow-on civil actions clearly would implicate the involved company’s D&O insurance policies.

 

The battle lines on these questions about the scope and availability of D&O insurance coverage have already been drawn and are likely to become more fraught as regulatory and enforcement activity increases. For insurance buyers, the increased regulatory and enforcement activity has important implications as well, particularly with respect to questions of limits selection and limits adequacy, among other things. For the D&O Insurers, the increased regulatory and enforcement activity raises important questions about pricing adequacy and about the limits of underwriting. For both buyers and insurers, the regulatory and enforcement activity may raise important questions about policy terms and conditions, as the marketplace grapples with the issues of how much of the costs associated with this regulatory activity should be within the scope of the insurance.

 

The solutions to the problems described in the article likely are political. The political solutions may be a long time coming, as all too often bashing business is a convenient talking point for populist politicians. It may be that eventually, as the global financial crisis recedes further into the past, that the pendulum may swing the other way. In the meantime, regulators’ coercive enforcement powers will present a significant challenge for all companies, not just those based In the U.S. These issues have many important implications, and among many other things, present important issues for the D&O insurance industry.

 

bkrOn September 4, 2014, in the latest in a series of rulings on the issue of whether MF Global’s D&O insurers may pay the defense expenses the company’s former officers and directors are incurring in the various lawsuits pending against them, Southern District of New York Bankruptcy Judge Martin Glenn held that the insurers may pay the individuals’ defense expenses without restriction and he ruled further that payment of the individuals’ defense expenses should not be subject to any further bankruptcy court oversight, except with respect to $13.06 million of the D&O insurance proceeds that the bankrupt estate could claim under the policy if the estate were to pay indemnification to certain individuals. The detailed opinion makes for instructive reading for anyone interested in knowing how the issues affecting the operation of a D&O insurance policy in a bankruptcy context. A copy of Judge Glenn’s opinion can be found here.

 

MF Global had filed for bankruptcy in October 2011 after concerns about the company’s investments in European sovereign debt had set in motion a series of events that led to the company’s collapse. In the wake of the company’s failure, a series of claims were filed against the company’s former directors and officers. The former directors and officers sought to have the stay in bankruptcy lifted so that the company’s D&O insurer could lfund their defense in the litigation.

 

At the relevant time, MF Global had maintained a $225 million D&O insurance program, consisting of a primary policy of $25 million and various layers of excess insurance totaling an additional $200 million. As discussed here, in April 2012, Judge Glenn had ruled, over the objection of various claimants who had asserted claims against the individuals, that the D&O insurers could advance the individuals’ defense expenses subject to a “soft cap” of $30 million. The court did not at the time make any determination whether the policy proceeds were part of the bankrupt estate. In a subsequent ruling, Judge Glenn raised the amount of the cap to $43.8 million.

 

The individual defendants then filed a motion with the court seeking a ruling that the payment of their defense fees under the D&O insurance policies should no longer be subject to a cap. The defendants argued that because the bankrupt companies were unlikely to be subject to any claims that would trigger the policies’ entity coverage and and because the bankrupt entities’ indemnification obligations were unlikely to give rise to a claim under the D&O policy, the individuals should have access to the D&O insurance proceeds without further limitation.

 

In his September 4 opinion, Judge Glenn said that the individuals had “advanced compelling arguments that the proceeds should not be subject to further bankruptcy court oversight.” He said that “at least with respect to insurance policies to which the Debtors have no direct claims to policy proceeds, the Court has no legal basis to limit or restrict claims by the Individual Insureds that are within the coverage.”

 

The Court did express alarm about the rate at which the defense expenses are accumulating. He noted that “the amount of insurance proceeds expended to date for the defense of the Individual Insureds has been staggering.” He noted that more than $48 million had been incurred already “even before the first deposition has been taken,” adding that this fact “is of great concern to the Court.” But despite his alarm over the amount of the defense expenses, Judge Glenn said that “it is not the proper role of the bankruptcy court to police litigation in other courts that does not directly affect that property of the estate.” Judge Glenn said he does not believe the law “supports placing the bankruptcy court as the overseer of defense costs.”

 

Observing that the Debtors (that is, the bankrupt companies) had “negotiated the insurance policies that provide their former officers, directors and employees with protection against the kinds of litigation claims that have been asserted,” Judge Glenn held that the individuals were entitled to the full amount of the D&O Insurance proceeds – with the exception of $13.06 million he reserved for reimbursement of future indemnification payments by the bankruptcy estate.

 

This exception for future indemnification payments is interesting. The administrator of the court-approved bankruptcy plan had argued that the individual defendants should not have unrestricted access to the policy proceeds because of the possibility that the bankrupt estates could have claims under the policy for indemnification amounts it might pay to or for the benefit of the former MF Global directors and officers. Judge Glenn said that likelihood of any such indemnification is “speculative” other than with respect to specific amounts of indemnification for which certain of the individuals had filed claims in the bankrupt estate. The court had in fact entered an order in which these indemnification claims had been estimated at a total of $15.56 million.

 

 The bankruptcy estate has not yet provided any actual indemnification to the insureds. If the estate were to pay the indemnification and seek reimbursement out of the D&O insurance proceeds, the estate’s claim against the insurance would be subject to the applicable $2.5 million retention, meaning that the most the bankrupt estates could seek would be $13.06 million. Judge Glenn said that “it would be premature to label [an indemnification] payout as purely hypothetical.” He added that the individuals “will not be prejudiced by establishing a $13.06 million reserve in light of the substantial unused amounts available under the D&O insurance policies.”

 

There are a number of interesting features of Judge Glenn’s ruling, The first is his clear sense that in allowing the individual insureds to have access to the policy proceeds to fund their defense, he was merely providing the benefit of the bargain that MF Global had struck when it purchased the policies. The policies’ inclusion of a provision that gives priority of the payment of the insurance proceeds for the protection of individual insureds in preference to the protection or reimbursement of the entity means that the policy was designed to provide the very benefits that the individual insureds were seeking. Jude Glenn noted, significantly in my view, that it “would be fundamentally unfair to allow the litigation to proceed while denying the individual insureds coverage for the defense cost.”

 

It is also significant that Judge Glenn mostly rejected the suggestion that he should retain control over the policy proceeds because of the possibility of future payments by the bankruptcy estate of indemnification to the individual defendants. He called this possibility “speculative” and not a valid reason for the court to retain control over the proceeds – except with respect to the specific amounts for which the individuals had actually filed a claim in the bankrupt estate and with respect to which the court had entered an order estimating a value. While indemnification claims generally were speculative, Judge Glenn was prepared to preserve a portion of the policy proceeds for which an estimated amount had been established in a court order.

 

But though Judge Glenn reserved this amount of the policy proceeds, his willingness to reserve these amounts was a reflection of several very specific conditions. First, he noted that any request by the bankrupt estates for reimbursement of indemnifications amounts paid would be subject to the policy’s priority of payments provision. In other words, the application of the insurance proceeds to the payment of the nsureds’ defense expenses would take priority to any reimbursement of indemnification amounts paid by the bankrupt estates. Second, his willingness to set aside the reserve was justified in part because doing so would not prejudice the individuals, due to the “substantial unused amounts” of insurance available. These determinations imply that he might not have been willing to reserve the $13.06 million if the individuals were to be prejudiced thereby or if there were not ample amounts of unused insurance proceeds. Finally, in establishing the reserve, he noted that it was “premature” to conclude that the possibility of an indemnification payout was purely hypothetical. This suggests that a time may come when the possibility of an indemnification payment may be assessed and disregarded if it appears at that time to be only hypothetical or unsubstantiated. .

 

I have highlighted the very specific factors surrounding the $13.06 million Judge Glenn reserved in order to emphasize the limited basis on which he made the reservation. I frankly believe the purpose of the insurance in this context is to provide defense expense protection for the individuals without limitation, and I hope it is clear that in most instances potential future claims against the bankruptcy estate for indemnification should not serve as a basis for restricting the payment of individual insureds’ defense expenses. The existence of the prior bankruptcy court order estimating the indemnification amounts and the absence of prejudice to the individuals are important factors that should limit the extent to which insurance proceeds are reserved from payment of the individuals’ defense expenses due to hypothetical future indemnification requirements.  

 

I also think it is interesting that Judge Glenn concluded that there was no basis for the bankruptcy court to continue to exercise oversight over the payment of the insurance proceeds, notwithstanding his concerns about the alarming rate at which the defense expenses are accumulating. The involvement of bankruptcy courts in the process of payment of individual insureds’ defense fees can be a complicating factor that sometimes muddles or unnecessarily adds expense and uncertainty to the process of claims administration in the bankruptcy context. In many instances, it would be helpful if other bankruptcy courts were to conclude that there is no basis for the court’s to maintain an oversight role.

 

I have often thought that the whole question of whether or not the proceeds of the D&O insurance policy should be allowed to be applied to the payment of individual insureds’ defense expenses has been belabored unnecessarily. As I have emphasized in numerous posts on this site, including even a prior post about  the payment of the individual defendants’ defense fees in the context of the MF Global bankruptcy (here), the failure to allow the individuals access to the insurance proceeds in order to be able to defend themselves would frustrate the very purpose of the insurance. Claimants often confuse the purpose of liability insurance and argue that it should be preserved for their protection or benefit. The fact is that policyholders buy insurance for their own protection not for the protection or benefit of third-parties that might file claims against them. The insurance is there to protect the insured persons from liability, not to create a pool of money for the benefit of prospective claimants. To be sure, payment of insured persons’ defense expenses reduces the amount of insurance remaining to fund any settlements or judgments, but that is in the nature of the insurance. The payment of the insurance proceeds for this purpose is merely putting into effect the benefit of the bargain the policyholder bought when it acquired the insurance.

weiIt seems that every day there is yet another story in the business pages about a significant data breach at a major company. Cybersecurity is an increasingly important topic for companies and their shareholders, and the problems with cybersecurity are an increasing concern in Washington as well. In the following guest post Paul A. Ferrillo and David J. Schwartz of the Weil Gotshal law firm take a look at the ways that various federal regulatory agencies are dealing with companies under their specific regulatory authority related to cyber security.

 

I would like to thank Paul and David for their willingness to publish their article on this blog. I welcome guest post contributions from responsible authors on topics of interest to this blog’s readers. If you are interested in submitting a guest post, please contact me directly. Here is Paul and David’s guest post.

 

*********************************

 

In our June 4, 2014 article on cyber security and cyber governance[i] we noted that for many reasons, boards of directors and executives of U.S. companies needed to reexamine how they protect (and respond to the successful hacking of) their most critical intellectual property and customer information. One of the reasons was that all signs out of Washington, D.C. pointed towards increasing federal regulation and oversight of cyber security for public and private companies, and particularly for those in the financial services sector. Further, we foresaw not only heightened scrutiny from regulators, but increasing class action litigation, with plaintiffs accusing boards and management of not taking the appropriate steps to protect company and client data. Our predictions were correct on all fronts.

 

Just six days after our article, Luis Aguilar, a Commissioner of the United States Securities and Exchange Commission (SEC), stated very clearly in a speech entitled “Cyber Risks in the Boardroom,”[ii] that,

 

[B]oards must take seriously their responsibility to ensure that management has implemented effective risk management protocols. Boards of directors are already responsible for overseeing the management of all types of risk, including credit risk, liquidity risk, and operational risk and there can be little doubt that cyber-risk also must be considered as part of board’s overall risk oversight. The recent announcement that a prominent proxy advisory firm [Institutional Shareholders Services (ISS)] is urging the ouster of most of the Target Corporation directors because of the perceived “failure…to ensure appropriate management of [the] risks” as to Target’s December 2013 cyber-attack is another driver that should put directors on notice to proactively address the risks associated with cyber-attacks.

 

Id. (alteration in original) (emphasis added) (footnotes omitted).

 

Without equivocation, Commissioner Aguilar stated that cyber security was a board responsibility. Likewise, ISS has signaled that directors could or should be held personally accountable for cyber security breaches if they fail to keep their eye on the ball.[iii] So too has the plaintiffs’ bar recognized that cyber security breaches may become a lucrative addition to their class action litigation practices.[iv]   

 

In response to this quickly evolving area of federal regulation and oversight of cyber security, and the ever-increasing scrutiny by multiple constituencies of boards of directors and public companies on cyber security issues, we provide this short, non-exclusive list of how the U.S. government and its agencies are dealing with companies under their specific regulatory authority related to cyber security.[v]

 

The SEC

Certainly the majority of the federal activity on cyber security issues has come from the SEC. The genesis of its involvement began on or about October 12, 2011, when the SEC issued guidance regarding the disclosure obligations of public companies relating to cyber security risks and cyber incidents. The focus of this guidance was on whether information concerning cyber security and cyber incidents rose to the level of a disclosure obligation either as a risk factor under Regulation S-K Item 503(c) or in the MD&A Section of a Company’s mandatory SEC disclosure. One of the critical determining factors for the SEC was whether:

 

[T]he costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.[vi]

 

Id. (emphasis added). If the registrant does determine its cyber security risk or previous cyber incidents rise to the level of a disclosable event, the SEC guidance notes that such disclosure might contain information reflecting:

  •  Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences;
  • To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks;
  • Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences;
  • Risks related to cyber incidents that may remain undetected for an extended period; and
  • Description of relevant insurance coverage.

Id.

 

The SEC’s October 2011 cyber guidance was just that – guidance. The question of “materiality” is and was purely left within the discretion of the company. There was no discussion about when the risk of “potential incidents” rose to the level of disclosure. Fueled by continuing major cyber breaches, on March 26, 2014 the SEC organized a “cyber roundtable” among industry groups and public and private sector participants in order to consider, among other things, whether or not additional SEC guidance related to the level of disclosure in a company’s public filings was necessary. It will be interesting to see how events develop at the SEC, particularly as cyber breaches continue to increase in number and scope.

 

SEC Office of Compliance, Inspections and Examinations (OCIE)

On April 15, 2014, the OCIE issued a National Exam Program Risk Alert, entitled “OCIE Cybersecurity Initiative,” announcing it would conduct examinations of more than 50 registered broker-dealers and investment advisors “designed to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types of cyber threats.”[vii] Importantly, this alert came with an extensive list of questions requiring registrants to respond to various areas of their cyber security preparedness. The list requires information such as the registrant’s adoption of any “published cybersecurity risk management process standards, such as those issued by the National Institute of Standards and Technology (NIST),”[viii] employee training, vendor management, the firm’s practices to detect “unauthorized activity on its networks and devices,” and specific information, if applicable, concerning any cyber breaches which the registrant experienced since January 1, 2013.

 

Financial Industry Regulatory Authority (FINRA)

In January 2014, FINRA announced a “sweep” program, similar to OCIE’s, whereby firms under FINRA’s authority would be receiving targeted examination letters requiring them to respond to questions relating in general to their cyber preparedness.[ix] FINRA’s targeted examination letters seek very similar information as the OCIE cybersecurity initiative.

 

Other Federal Regulations Related to Cyber Security

Gramm-Leach Bliley Act (GLBA)

Perhaps most famous for repealing part of the Glass-Steagall Act of 1933, the GLBA, also known as the Financial Services Modernization Act of 1999, has a cyber-data component and applies to “financial institutions,” i.e. “any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution.” Under the GLBA, financial institutions are required to “establish appropriate standards” to safeguard a customer’s personal financial information, in order: “(1) to insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.”[x] Under the GLBA, financial institutions, in actions brought by the Department of Justice only (there is no private right of action under GLBA), can be fined up to $100,000 for each violation, and directors and officers of financial institutions could be held personally liable for civil penalties of up to $10,000 for each violation.

 

Payment Card Industry Data Security Standard (PCI DSS)[xi]

The PCI DSS is not necessarily a “law” but a list of cyber security standards applied to any U.S. company that processes credit cards, such as a retailer or a financial institution. The list focuses on, among other general requirements, the need to “develop and maintain secure systems and applications,” and the need to “track and monitor all access to network resources and cardholder data.” These standards provide an “actionable framework for developing a robust payment card data security process – including prevention, detection and appropriate reaction to security incidents.”[xii] PCI DSS 3.0, adopted in November 2013, enlarges the scope of data security requirements upon retailers and financial institutions.[xiii] It will be interesting to see whether “3.0,” when implemented by retailers, will have any material effect on an industry sector that continues to experience major cyber security breaches along the lines of Target or Neiman Marcus.

 

Health Insurance Portability and Accountability Act of 1996 (HIPPA)

HIPPA requires, in general, the protection and confidentiality of all electronically protected healthcare information that is created, received, maintained or transmitted. Under HIPPA, a healthcare facility must protect against any reasonably anticipated threat or hazard to the security or integrity of such healthcare information. Under HIPPA, fines can range from $50,000 to $250,000 as well as civil litigation exposure.

 

Health Information Technology for Economic and Clinical Health Act (the HITECH Act)

The HITECH Act expands the scope of the institutions covered under HIPPA to now include any organization or individual who handles protected healthcare information, which could now include banks, businesses, schools and other organizations.[xiv]

 

Today and Tomorrow

Cyber security is the buzzword of the day, year, and maybe the decade. Well-publicized cyber breaches at major U.S. companies are now becoming the norm and have caused not only tremendous anxiety for executives, but reputational damage and material revenue loss for many companies.[xv] These breaches have not only caused both consumer and securities class and derivative actions, but have caught the eye of both federal and state regulators. And Congress will soon get in the game with additional legislation. 

 

In response to this ever changing landscape, directors and officers, and their companies’ CISOs and CIOs, must adapt daily, and continue daily discussions about how to improve their company’s cyber security procedures and detection/incident response plans of action. Adaptation means real discussion about allocating real physical and financial resources to protect the company’s most valuable IP and customer information. Adaptation means that companies and firms need to continue to adopt demonstrable processes and procedures which provide evidence to all constituencies that they are paying attention and responding to the cyber security threat with actionable measures, and not just talking points. Whether that means adopting the NIST cyber security framework or continuing to improve upon their own cyber security procedures in a demonstrable fashion, directors and officers must consider the consequences of failing to act. Even in the face of seemingly unimaginable technological threats (the recent hacking of JPMorgan Chase & Co. by Russian hackers as a possible retaliation for U.S. government sponsored sanctions comes to mind), directors and officers will likely be looked at with ever increasing scrutiny by regulators, customers, and investors.

 

[i] See here.

[ii] Available here.

[iii] See Paul Ziobro & Joann S. Lublin, ISS’s View on Target Directors Is a Signal on Cybersecurity, Wall St. J., May 28, 2014, available here.

[iv] See Jeffrey Roman, Supervalu Hit With Lawsuit After Breach, Bank Info Security (Aug. 20, 2014), available here; see also the following recently filed complaints in Davis v. Steinhafel, Case Nos. 14-cv-00203-PAM-JJK et seq., 2014 WL 3853976 (D. Minn. July 18, 2014) ; Diana v. Horizon Healthcare Servs., Inc., Case Nos. 2:13-CV-07418-CCC-MF, 2:14-cv-00584-CCC-MF, 2014 WL 3351730 (D.N.J. June 27, 2014).

[v] We leave for another day how various state agencies and authorities (e.g. the New York State Department of Financial Services) are simultaneously dealing with cyber security related issues. See, e.g., New York State Department of Financial Services’ Report on Cyber Security in the Banking Sector (2014), available here.

[vi] Securities and Exchange Commission, CF Disclosure Guidance: Topic No. 2 (Oct. 13, 2011), available here.

[vii] Office of Compliance Inspections and Examinations, 4 National Exam Program Risk Alert, no. 2, Apr. 15, 2014, available here.

[viii] Id.; see, e.g., this article.

[ix] See FINRA, Target Examination Letters re: Cybersecurity (Jan. 2014), available here.

[x]15 U.S.C. § 6827(4)(a); 15 U.S.C. § 6801(b)(1)-(3).

[xi] The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. See this link.

[xii] PCI Security Standards Council, Navigating PCI DSS, Understanding the Intent of the Requirements, version 2.0 (Oct. 2010), available here; PCI Security Standards Council, PCI SSC Data Security Standards Overview, available here.

 

[xiii] Available here.

[xiv] It should also be noted that federal legislation concerning cyber security has been promulgated to protect government data. The Federal Information Security Management Act was enacted in 2002 namely to “enhance the management and promotion of electronic Government services and processes by establishing a Federal Chief Information Officer within the Office of Management and Budget, and by establishing a broad framework of measures that require using Internet-based information technology to enhance citizen access to Government information and services.” E–Government Act of 2002, Pub. L. No. 107–347, 116 Stat. 2899. 

 

[xv] For example, Brian Yarbrough, a research analyst with Edward Jones, predicted that after Target’s cyber breach, “Probably 5% to 10% of customers will never shop there again.” Hadley Malcolm, Target sees drop in customer visits after breach, USA Today, Mar. 11, 2014, available here.