aigAIG has agreed to pay $960 million to settle the consolidated securities class action lawsuit that had been filed against the company and certain of its directors and officers in the wake of the company’s near collapse at the peak of the credit crisis. The settlement, which AIG disclosed in its August 4, 2014 filing on Form 10-Q (here, see footnote 10 to the financial statements), is one of the largest to arise out of the wave of litigation that followed the global financial crisis. While other credit crisis related lawsuits remain pending, this settlement may represent just about the last of the major credit crisis-related securities lawsuits to be resolved. The settlement is subject to court approval

 

In the plaintiffs’ lawyers’ August 4, 2014 press release about the settlement (here) the amount of the “settlements” in the case are described as  “totaling $970.5 million.”  According to a statement by one of the plaintiffs’ lawyers quoted in Law 360’s August 4, 2014 article about the settlement (here, subscription required), the additional amount above the $960 million to be paid by AIG represents a payment from a defendant  (not identified in the article) against whom the plaintiffs’ claims had already been dismissed.

 

 

As discussed here, the consolidated AIG litigation has a long history going all the way back to May 2008, when the first of the lawsuits were filed. After the company’s near collapse and massive government bailout in September 2008, the company’s share price plummeted and further securities class action litigation ensued.  In their consolidated amended complaint (here), the plaintiffs alleged that the defendants violated the securities laws through various disclosures and omissions related to the company’s securities lending program and its credit default swap portfolio.

 

Both the credit default swap portfolio and the securities lending program entailed exposures to subprime mortgages. In many instances, the CDSs were placed in connection with securities backed by subprime mortgages. In the securities lending business, the cash received in exchange for the loaned securities was invested in mortgage-backed securities. Additional collateral requirements for these transactions triggered by the subprime mortgage meltdown led to the government bailout. The plaintiffs contend that these exposures were not adequately disclosed. The defendants moved to dismiss.

 

As discussed here, on September 27, 2010, Southern District of New York Judge Laura Taylor Swain denied the defendants’ motions to dismiss. Judge Swain held that the plaintiffs’ allegations were “adequate to plead material misrepresentations and omissions on the part of AIG,” particularly with respect to the company’s exposure through its CDS portfolio to subprime mortgages.

 

Judge Swain rejected the defendants’ contention that the allegedly misleading statements were forward-looking statements protected by the bespeaks caution doctrine, observing that “generic risk disclosures are inadequate to shield defendants from liability for failing to disclose known specific risks” and that “statements of opinion and predictions may be actionable if they are worded as guarantees or supported by specific statements of fact.” Judge Swain cited in particular the defendants’ alleged failure to disclose a litany “of hard facts critical to appreciating the magnitude of the risks described.”  

 

With respect to scienter, Judge Swain, after reciting a list of adverse undisclosed facts and developments allegedly known to defendants, concluded that the plaintiffs had “satisfied their burden of alleging facts giving rise to a strong inference of fraudulent intent,” adding that “no opposing inference is more compelling.”

 

Finally, Judge Swain also denied the defendants’ motion to dismiss on loss causation grounds. The defendants had argued that AIG’s stock price decline was “attributable to the decline experienced in the stock market generally, and in the financial services sector specifically.” Judge Swain found that “the sharp drop in AIG’s stock price in response to certain corrective disclosures, and the relationship between the risks allegedly concealed and the risks that subsequently materialized, are sufficient to overcome the argument at the pleading stages” – although she added that the defendants ultimately may be able to prove that “some or all” of plaintiffs’ losses are “attributable to forces other than AIG.”

 

According to AIG’s recent 10-Q, further proceedings followed after Judge Swain’s ruling on the motion to dismiss. The case had been stayed earlier this year at the parties request during the pendency of the Supreme Court’s reconsideration of the fraud on the market theory and class certification issues in the Halliburton case.

 

The 10-Q also states that on July 15, 2014, the parties accepted a mediator’s proposal to settle the consolidated litigation for a cash payment by AIG of $960 million. The plaintiffs’ lawyers’ press release states that the mediation process had been spread over a period of two years.

 

According to the company’s SEC filing, the amount of AIG’s settlement contribution “has been accrued.” Neither the SEC filing nor the plaintiffs’ lawyers’ press release makes any mention of a contribution to the settlement by AIG’s insurers or, for that matter, by any other named defendant. There are as yet no filings related to the settlement available on the electronic court docket.

 

A settlement of $970.5 million obviously is massive, but it is still not large enough to crack the Top Ten list of all-time largest securities class action settlements. As reflected on the Stanford Law School Securities Class Action Lawsuit Clearinghouse list of the Top Ten securities class action settlements (here), a settlement would have to exceed $1.1 billion to crack the Top Ten list.

 

The plaintiffs’ lawyers’ press release does assert that ““the proposed securities class action settlement is one of the largest ever achieved in the absence of a criminal indictment or an SEC enforcement action.”

 

The $970.5 million is, in any event, one of the largest settlements to arise out of the wave of securities litigation that followed in the wake of the global financial crisis. By my reckoning, this settlement is exceeded among credit crisis-related securities suit settlements only by the $2.43 billion BofA/Merrill Lynch securities suit settlement (about which refer here). This latest AIG securities suit settlements far exceeds the other credit crisis-related securities suit settlements, including the $730 million Citigroup bondholders’  action settlement (about which refer here), the $627 million Wachovia Preferred Securities and Bondholder action settlement  (refer here) and the $624 Countrywide securities suit settlement (here).

 

There is of course further credit crisis-related securities litigation that remains pending. However, with the settlement of the consolidated AIG securities litigation, all or almost all of the highest-profile securities suits to arise out of the credit crisis have now been resolved. Or at least it seems unlikely that there will be many further settlements of securities suits from that era that would rival the size of the largest credit crisis-related settlements.

 

 

caliIn a July 31, 2014 opinion (here), Central District of California Judge Fernando M. Olguin, applying California law, granted a professional liability insurer’s motion for summary judgment in a coverage lawsuit brought by the Blum Collins LLP law firm and Craig M. Collins dba the Collins Law Firm for breach Judge Olguin agreed that because of a material misrepresentation in law firm’s application for insurance, coverage was precluded under the policy.

 

The plaintiffs contended that the insurer had wrongfully refused to defend and indemnify them in a legal malpractice lawsuit brought by Cynthia Beck, whom Collins had represented in a property dispute.  In her lawsuit, Beck alleged that Collins’s negligence has resulted in a $7 million judgment against her. Judge Olguin ruled that coverage under the policy for the malpractice claim was precluded due to the Blum Collins law firm’s omission from  its insurance application of the existence of a tolling agreement that had been entered with Beck ten months before the application was completed.

 

Background

In December 2004, Cynthia Beck retained Craig Collins in his capacity as a partner of the Collins Law From to represent her in a property dispute. In September 2007, Beck and Collins terminated their attorney-client relationship and entered into an Agreement (the “September 2007 Agreement”) whereby “Collins agreed to furnish Beck with time to evaluate her assertions [of malpractice] and her potential damages without filing an action during the time period are in place.” In October 24, 2007 judgment was entered against Beck in the property dispute. The judgment was affirmed on appeal in January 2009. In February 2009, Beck’s representative sent Collins an email alleging that the judgment against Beck had been caused by Collins’s malpractice. In March 2009, the plaintiffs gave notice of Beck’s claims to its professional liability insurer.

 

Collins had completed an application for the professional liability insurance on July 23, 2008 (that is about ten months after the entry into the September 2007 Agreement). Application Question 10.C. asked the following question: “After enquiry, are any persons listed on Supplement 1 aware of any circumstances, allegations, tolling agreements or contentions as to any incident which may result in a claim being made against the Applicant or any of its past or present Owners [or] Partners ….?”  The response given to Question 10.C. was “No.”

 

On July 27, 2008, the insurer issued a professional liability insurance policy, designating Blum Collins LLP as the “Named Assured.” The policy defined the term “Named Assured” as the partnership as such, as well as “any lawyers who are partners in the Named Assured.”

 

The application stated in pertinent part that the insurer “reserve[s} the right to deny or rescind coverage on any Policy that is issued as a result of this Application if, in the statements set forth herein and in any attachments made hereto it is found that material information has been omitted, suppressed or misstated.” Policy Exclusion I precludes coverage for any loss arising from any Claim “arising out of any acts, errors, or omissions which took place prior to the effective date of this insurance, if any Assured on the effective date knew or could have reasonably foreseen that such acts, errors, or omissions might be expected to be the basis of a Claim.”

 

In January 2011, Beck filed a professional negligence lawsuit against Craig Collins and Blum Collins LLP. The law firm sent the complaint to its insurer seeking a defense to the lawsuit and seeking indemnification. The insurer denied coverage for the claim. In June 2012, the plaintiffs filed their coverage lawsuit against the insurer. The parties filed cross-motions for summary judgment.

 

The July 31 Order

In his July 31, 2014 order, Judge Olguin granted the insurer’s summary judgment motion and denied the plaintiffs’ motion.

 

In their motion papers, the plaintiffs had disputed whether or not the plaintiffs’ alleged failure to give the insurer notice of the potential lawsuit was such a material omission as to warrant the insurer’s refusal to defend, arguing that the refusal to defend was a breach of contract.

 

In support of this position, the plaintiffs made three arguments. The plaintiffs’ first argument was based on the fact that application question 10.C. had asked whether “any persons listed in Supplement 1 are aware of any … tolling agreements … as to any incidents which may result in a claim.” The plaintiffs argued that they were not provided with Supplement 1 and “thus it would be impossible for Plaintiffs to know how to have answer the question.”

 

Judge Olguin characterized these arguments as “utterly meritless.” He noted that “Plaintiffs provide no authority or evidence to support their argument that the absence of Supplement 1 excuses any misstatement or omission in their response to Question 10.C.” He also noted that “Despite the absence of Supplement 1, plaintiffs answered both questions that referenced it. Had the absence of Supplement 1 truly affected plaintiffs understanding of the question, plaintiffs, a law firm with several experienced attorneys, would not have answered the questions.”

 

Second, the plaintiffs argued that Blum Collins LLP did not represent Beck and had not entered the September 2007 Agreement with her, and thus was not related to any potential claim for “the Assured” to disclose in the application. Judge Olquin rejected this argument as well, noting that Question 10.C. “clearly contemplates the possibility that claims might be brought against owners or partners of the applicant law firm arising from different associations or employment.”

 

Third, the plaintiffs argued that Question 10.C. only asked for the disclosure of incidents that “may result in a claim” and since no claim had materialized, they were not aware of any incident that may result in a claim. Judge Olguin said that this argument “ignores the plain language of the September 2007 Agreement,” which, he said, “unequivocally gave plaintiffs notice that there were contentions that ‘may result in a claim’ against one of the ‘Owners [or] Partners’ of Blum Collins LLP…” Judge Olguin added that “any expectation or understanding to the contrary stretches the bounds of credulity.”

 

Judge Olguin also concluded that not only was the answer to Question 10.C. a misrepresentation or omission, but it was material as well, citing affidavit evidence the insurer provided declaring that a truthful answer to the question would have altered whether the insurer would have issued the policy or the terms that would have been offered. The plaintiffs did not really dispute this, but instead they tried to argue that the insurer had waived the right to rescind the policy. In response to this contention, Judge Olguin cited with approval to case law holding that “established law clearly affords the insurer the right to avoid coverage by way of cross-claims and affirmative defenses when the insured files an action on the contract before the insurer can filed its action for rescission.”

 

Finally, Judge Olguin also found that coverage for the plaintiffs’ claim was precluded by several policy exclusions, including in particular the exclusion precluding coverage based on the insureds’ knowledge on the policy’s effective date of “acts, errors or omissions” that “might be expected to be the basis of a Claim.” In response to the plaintiffs’ efforts to resist this exclusion based on arguments about which of the plaintiffs’ did or didn’t know about Beck’s assertions and the September 2007 Agreement, Judge Olguin noted that the plaintiffs were taking “contradictory positions,” since on the one hand, they assert that there was not an application misrepresentation “because the September 2007 Agreement as not between Blum Collins LLP and Beck, but rather between the Collins Law Firm and Beck,” while on the other hand, “Blum Collins LP argues that [the insurer] had a duty to defend it in Beck’s lawsuit, because, at the time, Collins was a partner at Blum Collins.”

 

Discussion

It is pretty clear that Judge Olguin had very little patience for the plaintiffs’ arguments based on the law firms’ and Collins’s multiple shifting identities. It is also clear that the bottom line for Judge Olguin is that if Blum Collins LLP wanted to argue that it had a sufficient connection to this set of circumstances to expect the insurer to provide a defense to Beck’s claim, then Blum Collins had a sufficient connection to the representation of Beck and to the September 2007 Agreement that the Agreement should have been disclosed in response to the application question.

 

Readers can reach their own conclusions about the responses the law firm provided to the application questions. For me, this case does provide a reminder of the importance of making sure that all relevant information is provided in response to application inquiries. In most circumstances, that will entail a careful survey of all persons proposed to be insured under the insurance that is being sought. Of course, the failure to fully survey everyone was hardly the problem in this case, as the person completing the application was the very person who was in best position to know about the problems with Beck and about the September 2007 Agreement — which may have been the source of the many problems Judge Olguin obviously had with the plaintiffs’ arguments here.

 

galecOn July 30, 2014, when a plaintiff shareholder filed a securities class action lawsuit against the company and certain of its directors and officers, Galectin Therapeutics became the latest company to be hit with a securities suit following press reports that the company had used a stock promotion firm to try to boost its share price. There have already been several other companies against whom securities lawsuit have been filed this year that are similarly alleged to have used stock promotion firms.

 

According to their July 30, 2014 press release (here), the plaintiff’s lawyers filed the lawsuit against Galectin in the District of Nevada after press reports that the company was using stock promoters “in a misleading brand awareness campaign aimed at boosting its stock price.” The complaint, which can be here, specifically refers to a July 28, 2014 article by Adam Feuerstein on TheStreet.com (here) which said that Emerging Growth Corp., through its parent company TDM Financial, a penny-stock promotions firm, was the investor relations and marketing company Galectin was paying for misleading promotional campaigns to entice investors to buy its stock.

 

Among other things, the stock promotion firm is alleged to have distributed press  release saying that Galectin was “nipping at [the] heels” of its competitors and “actually may be closer than what first appears with a Phase 1 trial because of the potential to treat fatty liver disease even once it has progressed.”  According to the complaint, Galectin’s share price fell 81% of news of the company’s use of the stock promotion firm.

 

The lawsuit against Galectin is merely the latest in series of suits that have been filed so far this year against companies alleged to have used stock promotion firms to try to boost their share price. Several of the firms that have been sued are alleged to have used a stock promotion firm known as The DreamTeam Group. 

 

The first of these DreamTeam related lawsuits was filed on March 5, 2014 against Galena Biopharma, as discussed here. The complaint (here) alleges that on February 12, 2014, an article on TheStreet.com  (here) claimed Galena was engaging in a misleading brand awareness campaign aimed at boosting its stock price. Additionally, the article stated that Galena paid investor relations firm The DreamTeam Group to publish articles under aliases promoting the Company’s stock without disclosing who paid for them. On this news, Galena’s stock price dropped 16%. Then, on February 14, 2014, Galena issued a letter to its shareholders acknowledging that the Company had engaged DreamTeam. On this news, Galena’s stock price dropped another 14%.

 

The Galena lawsuit was followed on March 14, 2014 by a lawsuit filed against CytRx Corporation in the Central District of California, as discussed here. The complaint alleges that the company employed the services of stock promotion firms DTG and MissionIR to create and distribute articles about the company which were published without any disclosure that they had been created by a promotional firm employed by the company. (DTG is The DreamTeam Group). The company’s share price declined after online reports about the company’s use of the promotional firm.

 

On March 22, 2014, shareholders filed yet another lawsuit against a company that allegedly used The DreamTeam Group’s services. As discussed here, the shareholders filed their lawsuit against InterCloud Systems and certain of its directors and officers in the District of New Jersey alleging that the company misrepresented or failed to disclose that it had hired  The DreamTeam Group to tout InterCloud stock without disclosing that it was paid by the Company to promote the stock. The complaint alleges that the promoter had posted misleading articles on behalf of the Company without disclosing its paid marketing relationship

 

In addition, on May 22, 2014, plaintiffs filed a lawsuit against Provectus Biopharmaceuticals and certain of its directors and officers in the Middle District of Tennessee, as discussed here. The complaint alleges that the defendants had misled investors about the prospects for its developmental stage skin cancer treatment. The complaint also quotes an article from Seeking Alpha in which the author alleged that the company had used a stock promotion firm called Small-Cap Street LLC, noting that the SEC had recently halted trading in several of the stocks that the firm had promoted.

 

Altogether That makes at least five securities class action lawsuit that have been filed this year against companies that allegedly used the services of various stock promotion firms, including three lawsuits against companies that allegedly used the services of The DreamTeam Group. Whatever the thought process is for companies using these kinds of firms to promote their companies, it is clear that news about the companies’ use of the firms can have a negative impact on the company’s stock (which obviously is counter to the idea of using the promotional firms in the first place). As the lawsuits above underscore, the alleged use of these firms can also result in securities class action litigation.

 

It is interesting that four of the five companies involved in these lawsuits are developmental stage biotech firms. The shares of these types of companies often languish as the companies work their way through the stages of the clinical trial process. On the other hand, the share prices can be very sensitive to key developments, either positive or negative. These conditions create a set of circumstances where it is may seem important to the companies to get their stories out, so that investors are aware of their companies’ bright prospects. There is of course nothing wrong with getting the story out, as long as the story is accurate. And as these cases show, as long as the story gets out in a forthright way, rather than allegedly through sponsored articles with undisclosed connections to paid stock promoters.

 

Back in the day when I was on the underwriting side, I would have duly noted the problems associated with companies’ use of these kinds of stock promotion firms, and I would have made it my business to find out if an applicant was using one of these firms and if so for what kinds of services. Just a thought.

 

Dark Pool Clients File Lawsuit Against Barclays: Last week when I wrote about the securities class action lawsuit that Barclays ADS holders had filed against the company based on the company’s alleged misrepresentations about its dark pool trading venue, I noted that I hadn’t seen any lawsuits filed by clients that had traded shares in the dark pool venue. However, it now looks as if some clients have now filed a lawsuit against Barclays.

 

As discussed in an August 1, 2014 Bloomberg article (here), late last week a client of Barclays sued the company alleging that the bank gave high-frequency traders unfair advantages in its operation of the dark pool. The identity of predatory traders and the volume of their trading in the dark pool allegedly was hidden from clients. The plaintiff filed the lawsuit on behalf of Barclays dark pool clients who used the pool starting in 2011. The complaint alleges concealment, unfair competition, and false advertising claims against Barclays for making false statements to and concealing material information from clients about its dark pool. A copy of the complaint can be found here.

 

The Latest Scandal-Driven Litigation Against Financial Services Companies: Let’s see … after the financial crisis, we had the Libor scandal, the foreign exchange trading scandal, the high frequency trading scandal and the dark pool trading scandal. Each one of these has led to its own set of follow-on civil lawsuits. As of all of there were not enough, we now have the silver futures manipulation scandal. And of course a follow-on lawsuit.

 

Earlier this year, there were several articles in the press raising questions about the way that gold and silver futures trading are set (refer for example here). The London Silver fix, which has been in place for 95 years and was participated in by a small number of banks, is now due for an overhaul as a result of the questions. In addition, on July 31, 2014, a plaintiff filed a class action lawsuit against the banks in the Eastern District of New York. The complaint, which can be found here, is filed against Deutsche Bank, HSBC, and the Bank of Nova Scotia, the members of the London Silver Market Fixing Limited. The complaint, which purports to be filed on behalf of everyone that transacted in silver futures since January 1, 2007, seeks damages for alleged violations of the Sherman Antitrust Act and the Commodity Exchange Act.

 

Another day, another scandal, another scandal=driven follow-on lawsuit against a group of financial institutions.

 

 

seclogoOne of the noteworthy features of the Sarbanes-Oxley Act was the legislation’s creation of the requirement for reporting companies to provide a certification from management regarding the company’s internal controls. This requirement has not been the focus of a great deal of attention since the legislation was enacted in 2002. However if the administrative actions filed against two corporate officials last week are any indication, these requirements could be the source of a significant attention in the months ahead.

 

By way of background, Section 404 of Sarbanes-Oxley Act requires company management to file n internal control report with the company’s annual report. The report must describe management’s responsibilities to establish and maintain a system of internal controls over the company’s financial reporting and management’s conclusion regarding the effectiveness of the internal controls at year-end. The report must also confirm that the company’s has attested to and reported on the company’s internal controls. The company’s CEO and CFO must sign certifications confirming they have disclosed all significant deficiencies to the outside auditors, reviewed the annual report, and attest to its accuracy.

 

The internal control reporting requirement was one of the more controversial parts of the legislation and it has proven difficult for the management of many companies to implement. But by and large it has not been the focus of regulatory enforcement action. That may be about to change.

 

As reflected in its press release about the action (here), on July 30, 2014 the SEC instituted administrative proceedings against the CEO and former CFO of QSGI for misrepresenting to external auditors and the investing public the state of its internal controls over financial reporting. The administrative cease desist orders against the two individuals can be found here and here.

 

The SEC alleges that in the company’s 2008 annual report, the CEO attested that they had assessed the company’s internal controls. However, the SEC alleges that Sherman did not actually participate in assessing the controls. The SEC also alleges that the CEO and CFO certified that they had disclosed all significant deficiencies to outside auditors, but that they failed to tell the auditors about inadequate controls over inventory in the company’s Minnesota operations.

 

The SEC alleges that the CEO and CFO also withheld from auditors and investors that the CEO was directing and the CFO was participating in a series of maneuvers to accelerate the recognition of inventory and accounts receivables in QSGI’s books and records by up to a week at a time.  The allegedly improper accounting maneuvers, which rendered QSGI’s books and records inaccurate, allegedly were performed in order to maximize the amount of money that QSGI could borrow from its chief creditor. The company ultimately filed for bankruptcy in 2009. It later reorganized and emerged from bankruptcy in 2011.

 

The CFO has agreed to settle the case without admitting or denying the charges. (In an administrative proceeding, no court approval is required, so the recent judicial aversion to SEC settlements in which the defendant neither admits nor denies the charges is not a factor here.) The CFO agreed to pay a $23,000 penalty and also agreed to a five year ban from practicing as an accountant before the SEC or serving as the officer or director of a public company.  The CEO reportedly intends to fight the charges.

 

In a July 30, 2014 article about the administrative cases (here), Reuters reports that earlier this year the SEC’s enforcement director had said that the agency’s investigators “were planning to pursue some internal control-related cases,” noting that it is an area that “has been less scrutinized in the past.” The SEC’s enforcement action on this issue is also consistent with SEC Chair Mary Jo White’s vow to focus more effort and attention on bringing accounting-related enforcement actions, an area that has seen less activity in recent years.

 

The SEC’s press release quotes the deputy head of the enforcement division as saying that ““Corporate executives have an obligation to take the Sarbanes-Oxley disclosure and certification requirements very seriously.” The CEO and CFO, the individual said, “flouted these regulatory requirements and misled investors and external auditors in the process.

 

At a minimum, this enforcement actions raise the possibility that the Sarbanes=Oxley internal control reporting and certification requirements may be the source of increased scrutiny in the months ahead. If this case is just the first of many enforcement actions focusing on these requirements, senior company officials could be facing increased regulatory scrutiny and possible enforcement liability.

 

An increased regulatory focus on these issues could prove helpful for the plaintiffs bar as well. The SEC allegations not just that the reporting requirements were violated but that the shortcomings led to or facilitated financial reporting violations could help plaintiffs to craft allegations to serve as the basis of damages claims. The kinds of allegation raised here suggest the possibility that these kinds of enforcement actions could lead to follow-on civil litigation.

 

These kind of internal control reporting deficiencies have not been a major focus of attention for the plaintiffs’ bar, but to the extent the SEC does become more active on this issue, the follow-on civil lawsuits could trail along behind  as well

boeWhen Congress passed the Dodd-Frank Act four years ago, one of the legislation’s signature features was the creation of potentially massive bounties for whistleblowers that reported financial fraud to the SEC. The possibility of recovering a bounty, which could range from ten to thirty percent of recoveries over $1 million, seems to have encouraged whistleblowers to come forward.  The SEC reported at the end of its last fiscal year that since the program’s inception in 2011, the agency had received over 6,500 whistleblower reports. Mary Jo White, the S.E.C. chairwoman, said last year that the program “has rapidly become a tremendously effective force-multiplier, generating high quality tips and, in some cases, virtual blueprints laying out an entire enterprise, directing us to the heart of an alleged fraud.”

 

So the Dodd-Frank whistleblower program is the kind of initiative that securities regulators in other countries would want to copy, right? Apparently not, at least if the recent analysis of UK regulators is any indication.

 

A July 2014 joint report of the UK Financial Conduct Authority (FCA) and the Bank of England Prudential Regulation Authority entitled “Financial Incentives for Whistleblowers” reports the agencies’ conclusion that “providing financial incentives to whistleblowers will not encourage whistleblowing or significantly increase integrity and transparency in financial markets.”

 

The UK regulatory agencies had undertaken a review of the possibility of providing financial incentives for whistleblowers at the request of the Parliamentary Committee on Banking Standards. Among other things, the agencies undertook a joint visit with several different U.S. regulatory agencies including the SEC and the Commodities Futures Trading Commission (CFTC), as well as the U.S. Department of Justice. The agencies also seconded staff to the U.S. regulators to observe the U.S. program in action.

 

Based on this review of the U.S. program, the UK regulators reached a number of interesting conclusions about providing financial incentives for whistleblowers. Among other things, the UK regulators concluded that because of the Dodd-Frank whistleblower bounty’s requirement that the whistleblower report must result in a successful enforcement action in order for the whistleblower to be eligible of the bounty, only a very small number of whistleblowers actually receive payments. The report notes in that regard that only 1% of whistleblower cases lead to financial penalties, suggesting that even the possibility of a bounty payment will arise only for a very small number of whistleblowers. The report concludes that the bounty schemes “reward a few individuals very significantly, but provide little or no protection to whistleblowers whose information does not lead to an enforcement outcome.”

 

Perhaps even more concerning, the UK agencies also reported their conclusion that none of the U.S. agencies “has seen a significant increase in either the number or the quality of reports from whistleblowers.”

 

The report also notes the UK agencies concern that the introduction of financial incentives in the U.S. has resulted in the creation of a “complex, and therefore costly, governance structure,” as well as the “imposition of significant legal fees for both whistleblowers and firms” (although the report does also note that many whistleblowers are represented by counsel on a contingent fee). Finally, the report also noted its concern that the introduction of financial incentives could “undermine the introduction and maintenance by firms of effective internal whistleblowing mechanisms,” which both the UK agencies and the Parliamentary committee want to foster.

 

The report also sets out what it describes as the “moral and other hazards” they perceive to be associated with providing financial incentives for whistleblowers: first,  financial incentives could result in “malicious reporting” from “opportunistic and uninformed parties passing on speculative rumors” which could result in “innocent parties” being “unfairly damaged as a result”; second, some market participants might seek to ‘entrap’ others in order to be able to blow the whistle and benefit financially; third, if the whistleblower’s report resulted in a criminal prosecution, the reliability of the whistleblower’s testimony could be challenged because the witness stands to benefit financially.

 

Finally, the report noted the agencies’ concerns about the public perception of large whistleblower payments. “Handing over large sums,” the report said, “would be a substantial shift in UK policy norms, which are very different from those of the US.” The report added that “paying significant sums to high-income individuals for fulfilling a public duty could reinforce perceptions that the financial sector is at odds with the rest of society.”

 

The report does acknowledge the important role whistleblowers can play in helping to bring financial fraud to light and recognizes the need for the agencies to do more to facilitate whistleblowers’ reports. The report lays out a number of mechanisms the agencies propose to institute to facilitate whistleblower reporting and also states that the agencies plan “to press ahead with the regulatory changes necessary to require firms to have effective whistleblowing procedures.”

 

Discussion 

I think the agencies’ report is correct to note the cultural differences between the UK and the U.S. when it comes to providing large financial incentives. Even before the Dodd-Frank Act created the whistleblower bounty program, there were several longstanding U.S. programs that provided for payment to those who reported fraud: for example, the False Claims Act has for many years provided for the possibility of those reporting the existence of fraud against the government to participate financially in the government’s recovery, and the IRS has for many years maintained a program providing for payment to those reporting tax fraud. These programs’ histories make the Dodd-Frank program seem much more acceptable in the U.S. than a similar program might be perceived to be in the UK.

 

What is more concerning is the report’s conclusion that among other reasons to reject the adoption of financial incentives for whistleblowers is that the incentives don’t work – that is, the existence of the bounty program has not resulted in “a significant increase in either the number or the quality of reports from whistleblowers.” This conclusion seems at odds with the many statements of representatives from the SEC about its whistleblower program. It is a serious enough assertion that it seems to me that the SEC really ought to respond.

 

It is even more concerning that the UK agencies concluded that the financial incentives for whistleblowers do not “significantly increase integrity and transparency in financial markets.” If existence of the financial incentives doesn’t materially improve market integrity and transparency, you really do have to question the point of having the whistleblower bounty program.

 

That said, I do think it is important to note that the UK agencies started their review of the question of providing whistleblowers with financial incentives with a bias against making such payments. If you read the report as a whole, it is pretty clear that from the very beginning the authors thought the idea of providing bounty payments is a bad idea. A cynical interpretation of this report is that it is the result of a process that was designed to confirm the authors’ starting assumptions and preexisting bias against providing financial payments.

 

On the other hand, it is a fair question to ask whether or not the provision of jackpot level bounty payments for a very small number of whistleblowers really is a good idea. Many other observers have asked before whether the existence of the whistleblower program (with the potential rewards going to those who report first) undermines the existence of companies’ internal reporting mechanisms and frustrates companies’ ability to address problems internally.

 

All in all, I think the UK report raises some serious questions about the whistleblower bounty program that the SEC and other agencies should not disregard. The US agencies have no choice about implementing and enforcing the Dodd Frank Act’s requirements but just the same it is fair to ask those agencies to respond to the concerns that the UK agencies have raised.

 

Time for Nominations to the ABA Journal’s Annual Blawg 100: It is once again time for nominations to the ABA Journal’s annual list of the top 100 law blogs. Everyone should take a moment to nominate their favorite law blogs for inclusion in the list. I would be humbled and grateful if any reader would be willing to nominate my blog. Nominations can be made here. Don’t delay, nominations are due by 5:00 pm EDT on Friday August 8, 2014.

jinkoIn an interesting July 31, 2014 opinion (here), the Second Circuit vacated the dismissal of the securities class action lawsuit that had been filed against JinkoSolar Holdings Co. Ltd, and certain of its directors and officers, as well as against its offering underwriters. This ruling will be of interest to many readers because it involves a U.S.-listed Chinese company, but it is also of interest because the allegations involve alleged misrepresentations regarding the company’s environmental compliance.

 

Background

JinkoSolar is a manufacturer of solar technology products with operations based in China. In May 2010, the company conducted an Initial Public Offering of American Depositary Shares on the New York Stock Exchange. In November 2010, the company completed a secondary offering. The company raised a total of $84.19 million in the two offerings.

 

In April and May 2011, the company had a series of communications with the Chinese environmental authorities regarding hazardous waste disposal issues at its Zhenjian plant. The company did not disclose these communications to its shareholders. In August and September 2011, residents living near the plant became concerned about a large scale fish-kill near the plant. In mid-September, the media began reporting on locals’ demonstrations outside the company’s plants. In two press releases in late September, the company announced that it had suspended operations at the plant and also revealed the earlier communications with the environmental authorities. As the news came out, the price of the company’s ADSs declined 41%

 

In October 2011, holders of the company’s ADSs filed a securities class action lawsuit in the Southern District of New York against the company, eight directors and officers of the company; and the company’s offering underwriters. The plaintiffs’ complaint asserted claims under both the ’33 Act and the ’34 Act. In support of their allegations, the plaintiffs relied on statements in the company’s offering prospectuses in which the company explained its environmental compliance efforts and the consequences to the company if it were found to be in violation of the applicable environmental requirements. The defendants moved to dismiss.

 

As discussed here, in a January 22, 2013 ruling, Southern District of New York Judge J. Paul Oetken granted the defendants’ motion to dismiss. Judge Oetken held that the defendants’ statements regarding the company’s storage of hazardous chemicals, about the Chinese and local environmental regulation and about the costs of environmental compliance were not misleading. However, Judge Oetken found the paragraph in the company’s prospectuses about its pollution abatement equipment and its 24-hour environmental monitoring team “a more complicated matter” and a “close call.” Because he concluded that the investors would not read these statements as guaranteeing compliance, Judge Oetken concluded that the statements were not materially misleading. The plaintiffs appealed.

 

The July 31, 2014 Opinion

In a July 31, 2014 opinion written by Judge Ralph K. Winter, Jr. for a unanimous three-judge panel, the Second Circuit vacated the dismissal based on its finding that JinkoSolar’s “failure to disclose ongoing serious pollution problems rendered misleading statements describing measures taken to comply with Chinese environmental regulations.”

 

The appellate court said that though the statements in JinkoSolar’s prospectuses that the company is subject to a wide variety of environmental compliance and about the high cost of compliance are not misstatements, “they are relevant to materiality of the prospectuses’ description of JinkoSolar’s potential to cause serious pollution problems and the steps it was taking to avoid these problems.” 

 

Regarding the description in the prospectuses of the steps the company said it was taking, the appellate court said, “we believe the complaint sufficiently alleges that the failure to disclose that the prophylactic steps were then failing to prevent serious ongoing pollution problems rendered that description misleading.”

 

Specifically, the court said that the prospectuses’ description of pollution-preventing equipment and 24-hour monitoring teams “gave comfort to investors that reasonably effective steps were being taken to comply with the applicable environmental regulations.” However, the court said, “investors would be misled” by these statements “if in fact the equipment and 24-hour team were then failing to prevent substantial violations of the Chinese regulations.”

 

In that regard, the appellate court noted that in June 2010, JinkoSolar had submitted a report to Chinese environmental authorities about “existing problems.” The report describes problems of a nature that is “sufficient, if proven, to allow a trier of fact, absent contrary evidence, to draw the inference that the problems ‘existing’ as of June 8, 2010, were both present and substantial at the time of the May13, 2010 offering.”

 

The Court said that “at the time the statements regarding pollution presentation and compliance measures were made, a reasonable investor could conclude that a substantial non-compliance would constitute a substantial threat to earnings, if not to the entire venture. Indeed, the prospectus said as much.”  The court concluded by saying that “a trier of fact could find that the existence of ongoing and substantial pollution problems – here the omitted facts – was of substantial importance to investors.”

 

Discussion

This case is one of the many securities class action lawsuits that were filed against U.S.-listed Chinese companies in 2011. However, unlike many of the other Chinese companies that were hit with securities suits then, which had obtained their U.S. listings through reverse merger transactions, this company obtained its U.S. listing through a full-blown IPO, meaning that it had been required to file a detailed prospectus as part of its offering process.

 

The company’s prospectus contained detailed disclosures regarding the company’s environmental compliance challenges. Indeed, in his opinion, Judge Oetkin had referred to what he called the “disquieting frankness of the company’s disclosures regarding its environmental compliance risks.” He also noted “how cautious” the company was in its environmental compliance risk factors in its prospectuses.

 

Notwithstanding this acknowledged caution and frankness, the appellate court still concluded that the company’s statements about its environmental compliance efforts were materially misleading. It is interesting to me that in reaching this conclusion, the court was willing to make the logical jump that statements about “existing problems” made in a June 8, 2010 report to Chinese regulators could be read by a finder of fact to infer that the problems existed at the time of May 13, 2010 offering.

 

I can easily imagine a different court concluding that the in order to support a jump like this, the plaintiffs are required to plead facts to show that the problems in the June report were in fact existing at the time of the May offering. Instead, the Second Circuit found the allegations sufficient for a trier of fact to conclude that the problems existed at the time of the offering based only on an “inference.”  

 

For many readers, the most interesting thing about this case will be that it involves a U.S.-listed Chinese company defendant.  However, for me, the most interesting thing about this case is that it involves alleged misrepresentations with respect to environmental compliance. As I have previously noted on this blog (refer, for example, here), these kinds of cases, involving alleged misrepresentation of environmental issues, do arise periodically.

 

The possibility of this kind of claim is often a key concern at the time of D&O insurance policy placement, as the question often arises whether the standard policy’s pollution exclusion will preclude coverage for a securities claim based on environmentally-related disclosures. The typical D&O liability insurance policy will contain an exclusion for loss arising from claims for pollution and environmental liabilities. However, many of these exclusions also contain a provision carving back coverage for shareholder claims. This case shows the importance of this kind of coverage carve back. The carve back ensures that directors and officers hit with this kind of shareholder suit filed in wake of an environmental incident are able to rely on their  D&O insurance to defend themselves against the shareholder suit.

 

In recent years, a number of D&O insurance carriers have introduced policy forms that eliminate the pollution exclusion altogether but that also incorporate into the policy’s definition of “Loss” a provision stating that Loss will not include environmental remediation or cleanup costs. Unless the insured company’s primary D&O insurance policy omits the environmental exclusion in this way, it will be indispensable for the standard environmental liability exclusion be revised in order to preserve coverage for securities claims and derivative claims based on alleged misrepresentations or misconduct relating to environmental issues. These considerations are likely to become increasingly important as environmental disclosure issues become of greater regulatory concern (about which refer here).

 

With all of that said about the environmental disclosure issues, there is a sense in which it is particularly noteworthy that this case involves a Chinese company, in that this is the relatively unusual securities suit involving a U.S.-listed Chinese company where the plaintiffs have managed to make much headway. Although some of the U.S. securities suits have managed to survive motions to dismiss, many others have not. Even the cases that have survived motions to dismiss have proved challenging for plaintiffs as they have faced numerous procedural hurdles (refer for example here). In addition, in other cases involving U.S.-listed Chinese companies that have reached the settlement stage, the settlement amounts have proved to be modest.

 

(On the other hand, as noted here, E&Y did recently agree to settle a Canadian securities case relating to Sino-Forest, and a Hong Kong arbitration panel did just make a more than $70 million award based on its determination that China MediaExpress Holdings is a “fraudulent enterprise.” Notably, and arguably ironically, neither of these big recoveries involved one the many U.S.-based securities suits filed against Chinese companies.)

 

One final note. This case is yet another example of a phenomenon I have frequently noted on this blog, which is how often securities class action litigation follows in the wake of regulatory or investigative activity. Indeed, this lawsuit reflects a particular aspect of this phenomenon, which is the increasing incidence of U.S.-based securities litigation arising in the wake of regulatory action outside the U.S. As I noted in a prior post, and as both U.S. and non-U.S. regulators focus increased regulatory scrutiny on operations outside the U.S., the likelihood is that regulatory investigative and enforcement actions will continue to increase. As these regulatory and investigative actions increase, the likelihood is that the follow-on civil litigation will continue to increase as well.

 

Very special thanks to Stanley Bernstein of the Bernstein Liebhard law firm for sending me a copy of the Second Circuit’s opinion. The Bernstein LIebhard firm represents the plaintiffs in the JinkoSolar securities class action lawsuit. 

 

 

declineThe purchase of reps and warranties insurance is an increasingly common part of mergers and acquisitions transactions. However, a frequently recurring question with respect to this type of insurance is how it will respond if a claim arises based on an allegation that a seller has breached a financial statement warranty and the buyer is claiming damages because the deal price was based on a multiple of the allegedly misrepresented financial item.

 

By way of background, in an M&A transaction, either the buyer or seller can purchase reps and warranties insurance, although typically it is the buyer that purchases the policy. If the buyer purchases the policy, the insurance company agrees to insure the buyer against loss arising from breaches of the representations that the sellers have made in the transaction documents.

 

As discussed in a prior post (here), the acquisition price in many M&A transactions are based on multiples of items in the target company’s financial statement. A misrepresentation regarding the financial statement items could result in a faulty transaction valuation – and for the buyer, the misrepresentation could mean overpayment for the acquisition.

 

According to a July 25, 2014 memo from the Kirkland & Ellis law firm (here) , a “long-standing concern” of dealmakers considering buying reps and warranties insurance is “whether these policies will in fact pay out in the event of claims, and more specifically, whether in appropriate circumstances the policies will pay out on a ‘multiple,’ ‘diminution in value,’ or similar basis.” (In my prior post to which I linked above, I described a settlement last year in which the reps and warranties insurer agreed to a payout based on a calculation that largely reflected a multiple-based calculation of damages for a breach of a financial statement representation that had affected the deal valuation.)

 

The law firm memo discusses a recent decision in the High Court, Queen’s Bench Division, in England, which the memo describes as the “first publicly available evidence that a properly drafted M&A insurance policy can protect a buyer from diminution in value of the target where inaccurate facts, that the seller had warranted, were used in the buyer’s financial model to determine price.” The July 4, 2014 decision in the Ageas v. Kwik-Fix case to which the law firm memo refers is summarized here. A copy of the court’s opinion can be found here.

 

The case arose out of Ageas’s acquisition of Kwik-Fix, in connection with which Ageas purchased a buyer’s side warranty and indemnity insurance policy. The parties agreed that subsequent to the merger transaction the seller had breached the financial statement representations and warranties with respect to bad debt reserves on its balance sheet. The insurer conceded that its policy covered the difference between the actual purchase price and the price the buyer would have paid had the correct bad debt reserve information been reported on the target’s balance sheet and used in the discounted cash flow analysis on which the deal price had been based. Ageas and the insurer agreed that the attachment point of the policy – the seller’s £5 million indemnification cap – had been exceeded. However, Aeges and the insurer disagreed with assumptions to be used in the cash flow analysis to determine the corrected valuation and sale price.

 

According to the case summary, the buyer contended that proper value of the warranty claim was £17.635 million, supporting a claim under the policy of £12.635. The insurer contended that the proper value of the warranty claim was £8.792 million, supporting a warranty claim under the policy of £3.792. The insurer argued that the methodology the buyer urged the court to adopt would have resulted in a “windfall” to the buyer. However, the court stated that the insurer has “simply not shown that the conventional prospective approach of assessment at the breach date offends the compensatory principle or results in a windfall to Ageas,” The Court held that the buyer’s claim against the insurer was “entitled to succeed in the principal sum of £12.63 million.”

 

The law firm memo says about this ruling that it is “further evidence that damages based on an EBITDA-multiple or other diminution in value – under a carefully crafted and marginally more expensive insurance policy and the appropriate circumstances – are available to compensate a buyer for a loss caused by the seller’s breach of representations and warranties.” 

 

With respect to its reference to the marginal additional expense, the law firm memo notes that “some underwriters — for a higher premium than charged for off-the-rack  policies – will not exclude certain types of damages such as consequential, special or multiple damages, which are regularly excluded a seller-friendly purchase agreement with traditional indemnity provisions. “

 

One other interesting comment in the law firm memo is its statement, with respect to dealmakers’ increasing acceptance of reps and warranties insurance, that there are “some auction processes where the failure to largely replace the traditional survival/indemnity/escrow package with a policy …can place a bidder at a significant disadvantage.”

 

In a prior post (here), I reviewed additional reasons that the participants in an M&A transaction may want to consider reps and warranties insurance.

 

Thinking About K&R: While I am on the topic of insurance coverage ancillary to D&O insurance, I thought it might be worth calling readers’ attention to the front page article that appeared in today’s New York Times entitled “Paying Ransoms, Europe Bankrolls Qaeda Terror” (here). The article describes an all-too-well established pattern that has emerged in which terrorists affiliated with the Al Qaeda network are now routinely taking Europeans hostage for ransom – as a means of fundraising for the group’s terrorist activities.

 

According to the article, “Al Qaeda and its direct affiliates have taken in at least $125 million in revenue from kidnappings since 2008, of which $66 million was paid just last year.” The United States Treasury Department has cited ransom amounts that, taken together, put the total at around $165 million over the same period. The article states further that “counterterrorism officials now believe the group finances the bulk of its recruitment, training and arms purchases from ransoms paid to free Europeans.”

 

The article reports that these ransom payments largely were made by European governments. The story is a harsh reminder that it is a dangerous world out there. And a reminder that kidnap and ransom (K&R) insurance potentially could be an extremely important part of the insurance program for companies whose operatives travel in and near the danger zones.

barclays1On July 28, 2014, in the latest securities suit to be filed in the wake of high-profile concerns about ‘high frequency trading,” a plaintiff shareholder filed a securities class action lawsuit in the Southern District of New York against Barclays and certain of its officers relating to the company’s operation of and alleged statements about its “dark pool” private securities trading venue.

 

The new securities suit follows in the wake of a lawsuit filed last month by the New York Attorney General alleging that Barclays had marketed its dark pool trading venue “through a series of misleading false statements to clients and the investing public about how, and for whose benefit, Barclays operates its dark pool.” The Barclays securities class action lawsuit also follows after an earlier securities lawsuit that was filed regarding high frequency trading more generally.

 

Background

A “dark pool” is a privately owned and operated securities trading venue. By contrast to public stock exchanges, where securities trading orders are generally visible to the marketplace participants and executions are posted immediately, when buy and sell orders are matched in a dark pool, the trading orders are not displayed publicly. This approach allow large blocks of shares to be traded anonymously without informing the market until the completion of the trade, in order to minimize the risk of price movement to the disadvantage of the trader. Although there is some disagreement about the magnitude, it is generally agreed that dark pool trading now accounts for a significant percentage of U.S. stock trading volume.  

 

On June 25, 2014, New York Attorney General Eric T. Schneiderman announced (here) that his office had initiated a lawsuit in the New York (New York County) Supreme Court against Barclays and a related Barclays entity, in which the Attorney General alleged that Barclays had “dramatically increased the market share  of its dark pool through a series of false statements to its clients and investors about how, and for whose benefit, Barclays operated the dark pool.” In his complaint, a copy of which can be found here, the Attorney General alleges that contrary to reassurances the bank provided its clients that it had created special safeguards to protect them from “predatory” high-frequency traders, the bank instead operated its dark pool “to favor high-frequency traders.” The complaint, which alleges violation of New York’s Martin Act, accuses Barclays of engaging in a pattern of “fraud and deceit.”

 

Among other things, the Attorney General’s complaint alleges that Barclays favored the high-frequency traders over others trading in the Barclays dark pool trading venue. The complaint also alleges that the bank falsified marketing materials by inaccurately portraying the concentration of high-frequency trading in the dark pool. The complaint alleges that internally the bank recognized a higher concentration of aggressive trading than it advertised. The complaint cites alleged internal Barclays communications in which Barclays employees allegedly acknowledge the “liberties” taken in marketing the dark pools.

 

According to a July 24, 2014 New York Times article (here), Barclays has moved to dismiss the Attorney General’s lawsuit, arguing, among other things, that the Attorney General had overstepped his authority in bringing the action against Barclays under the Martin Act. According to the article, Barclays apparently also argued that its customers “were sophisticated enough to understand that ‘glossy’ marketing brochures about the private market, known as a dark pool, did not reflect its actual composition.” Barclays asserted that its customers were “highly sophisticated traders and asset managers” who used “extensive data” and not just marketing materials to make decisions.

 

The Securities Class Action Complaint

According to their July 28, 2014 press release (here), plaintiff’s lawyers filed a securities class action lawsuit in the Southern District of New York against Barclays and three of its officers seeking damages under the federal securities laws based on Barclays alleged misrepresentations regarding its dark pool trading venue. The plaintiff’s complaint, a copy of which can be found here, alleges that Barclays engaged in a “scheme and wrongful course of business whereby Barclays provided sophisticated high-frequency trading (or ‘HFT’) firms with material, non-public information so that market participants could use the informational advantage obtained in a manner that was designed to and did manipulate trading” within the dark pool (which is known as Barclays LX), “to the detriment of Barclays’ own institutional clients.”

 

The complaint purports to be filed on behalf of a class of investors who purchase Barclays American Depositary Shares between August 2, 2011 and June 25, 2014. It alleges that during the class period the defendants misled these investors by making false or misleading statement or failing to disclose that

 

(i) Barclays engaged in a “systematic pattern of fraud and deceit” by using its dark pool to favor high-frequency traders over its other clients; (ii) the pools were promoted as offering investors protection from predatory traders, while Barclays instead courted HFT firms by charging them lower rates; (iii) Barclays falsely understated the percentage of aggressive HFT activity in its dark pool; (iv) Barclays failed to provide monitoring services it promised to investors which would protect the dark pool from aggressive, predatory HFTs; (v) Barclays routed a disproportionately high percentage of client orders to its own dark pool while falsely representing that it routed client orders in a manner that did not favor Barclays LX; (vi) Barclays secretly gave HFT firms informational and other advantages over other clients trading in the dark pool; (vii) Barclays’ practices subjected it to regulatory scrutiny and significant reputational harm; (viii) and as a result of the above, the Company’s financial statements were materially false and misleading at all relevant times.

 

The class action complaint relies heavily on the New York Attorney General’s complaint and the complaint also quotes the Attorney General’s press release almost in its entirety. The class action complaint alleges violations of Sections 10(b) and 20(a) of the ’34 Act and seeks to recover alleged damages on behalf of the investor class.

 

Discussion

This new securities class action complaint against Barclays follows after the massive, sprawling high frequency trading securities class action lawsuit filed against basically the entire global financial system in April of this year, following the publication of Michael Lewis’s book Flash Boys, as I discussed in a detailed blog post at the time (here). Barclays was in fact one of the many financial institutions named as a defendant in that earlier suit. However, the allegations in the earlier lawsuit did not specifically refer (at least not in detail) to the dark pool allegations raised in the Attorney General’s lawsuit and in the subsequent securities class action complaint.

 

Based on the latest news coverage, the New York Attorney General’s investigation of trading in dark pool trading venues has moved on to other banks. According to a July 29, 2014 New York Times article (here), the New York Attorney General’s office “appears to be stretching further into Europe.” The article reports that UBS disclosed that they are facing inquires about their own dark pool practices from the New York Attorney General, as well as from the SEC and “other regulators as part of an industry wide inquiry.”  Deutsche Bank also reported that it has received inquiries but did not identify the regulators making the inquiries. Both UBS and Deutsche Bank were named as defendants in the earlier Flash Boys securities class action lawsuit.

 

Obviously, it is too early to predict whether these latest two banks to announce that they are facing investigative scrutiny will also face civil enforcement actions from the New York Attorney General (or other regulators). However, it does seem likely that if the New York Attorney General were to pursue an action against these or any other banks of the kind his office filed against Barclays that there would soon be follow-on securities litigation filed on behalf of U.S. investors in the target institutions.

 

It is interesting to me that at least so far (so far as I know) no litigation has been filed against Barclays or any of the other banks by clients of the banks that participated in the trading in a dark pool venue (although, to be sure, it might be argued that the earlier Flash Boys litigation was broad enough to encompass these dark pool clients within the putative class on whose behalf the gargantuan lawsuit was filed). On the one hand, I suppose the absence of this type of litigation on behalf of the dark pool traders who were supposedly misled or abused might suggest that the traders do not feel aggrieved or at least not aggrieved enough to file a lawsuit. On the other hand, it is possible that the harmed traders have many reasons for not stepping forward – the whole reason they were trading in the dark pool was to be able to trade anonymously and out of the glare of the public marketplace.

 

Barclays’ response to the New York Attorney General’s complaint certainly seems to suggest Barclays’ belief that the dark pool traders were sophisticated enough to fend for themselves (and by inference can have no gripes). Wayne State Law School Professor Peter Henning had a good column on this topic in a July 28, 2014 post on the New York Times Dealbook blog (here). In his column, which is entitled “Whether ‘Sophisticated’ Clients of Wall Street Can Also Get Duped,” he examines the argument, raised frequently by Wall Street, in effect that sophisticated investors know what is going on so can’t be misled because the investors don’t really believe what firms say.

 

Among other things, Henning quotes District of Connecticut Judge Janet Hall, who at the recent fraud conviction sentencing of Jeffries & Company managing director Jeffrey Litvak (who had also tried to raise the sophisticated client defense) told Litvak “You lied. Maybe that’s what people do every day on Wall Street. That doesn’t make it legal.”

 

Whether or not we will ever see any action taken directly by the dark pool traders themselves, I suspect we are going to see a lot more from regulators on this topic. At least in recent times, there is a history of the occupant of the New York Attorney General’s office sinking his teeth into a topic and then shaking it down for all it is worth, to significant political effect. To the extent the NYAG — or others—press ahead on these issues, we likely will see the securities class action bar following closely in their wake (at least to the extent that the target companies have securities trading on U.S. securities exchanges).

 

Barclays has of course had its share of scandal-driven securities litigation. Barclays was targeted by a securities class action lawsuit after it had reached a settlement with regulators regarding alleged manipulation of the Libor benchmark interest rate. Although that lawsuit was initially dismissed, in April 2014, the Second Circuit reversed the dismissal in part and the case was remanded to the district court for further proceedings, as discussed at length here.

 

weipwcAs I have noted frequently on this blog (most recently here), it is becoming increasingly clear that cybersecurity is viewed as a board level issue. At the same time that many boards have taken up the concerns surrounding cybersecurity issues, their companies increasingly are becoming dependent on cloud computing – which potentially could make their companies even more vulnerable to data breaches.

 

In the following guest post, Paul Ferrillo  of the Weil Gotshal law firm and Dave Burg and Aaron Phillip of PricewaterhouseCoopers take a look at these seemingly conflicting issues and review the steps that companies can take to try to avoid the problems associated with these conflicts.

 

I would like to thank Paul, Dave and Aaron for the willingness to publish their article on my site. I welcome guest post contributions from responsible authors on topics of interest to readers of this blog. Please contact me directly if you are interested in submitting a guest post. Here is Paul, Dave and Aaron’s guest post.  

 

*******************************

 

There are four competing business propositions affecting most American businesses today.  Think of them as four freight trains on different tracks headed for a four-way stop signal at fiber optic speed.

 

First, with a significant potential for cost savings, American business has adopted cloud computing as an efficient and effective way to manage countless bytes of data from remote locations at costs that would be unheard of if they were forced to store their data on hard servers. According to one report, “In September 2013, International Data Corporation predicted that, between 2013 and 2017, spending on public IT cloud computing will experience a compound annual growth of 23.5%.”[i]  Another report noted, “By 2014, cloud computing is expected to become a $150 billion industry. And for good reason – whether users are on a desktop computer or mobile device, the cloud provides instant access to data anytime, anywhere there is an Internet connection.”[ii] 

 

The second freight train is data security.  Making your enterprise’s information easier for you to access and analyze also potentially makes it easier for others to do, too.  2013 and 2014 have been the years of “the big data breach,” with millions of personal data and information records stolen by hackers. Respondents to the 2014 Global State of Information Security® Survey reported a 25% increase in detected security incidents over 2012 and a 45% increase compared to 2011.[iii]  Though larger breaches at global retailers are extremely well known, what is less known is that cloud providers are not immune from attack.  Witness the cyber breach against a file sharing cloud provider that was perpetrated by lax password security and which caused a spam attack on its customers. “The message is that cyber criminals, just like legitimate companies, are seeing the “business benefits” of cloud services.  Thus, they’re signing up for accounts and reaching sensitive files through these accounts. For the cyber criminals this only takes a run-of-the-mill knowledge level … This is the next step in a new trend … and it will only continue.”[iv]

 

The third freight train is the plaintiff’s litigation bar.  Following cyber breach after cyber breach, they are viewing the corporate horizon as rich with opportunities to sue previously unsuspecting companies caught in the middle of a cyber disaster, with no clear way out.  They see companies scrambling to contend with major breaches, investor relation delays, and loss of brand and reputation. 

 

The last freight train running towards the intersection of cloud computing and data security is the topic of cyber governance – i.e., what directors should be doing or thinking about to protect their firm’s most critical and valuable IP assets.  In our previous article,[v] we noted that though directors are not supposed to be able to predict all potential issues when it comes to cyber security issues, they do have a basic fiduciary duty to oversee the risk management of the enterprise, which includes securing its intellectual property and trade secrets.  The purpose of this article is to help directors and officers potentially avoid a freight train collision by helping the “cyber governance train” control the path and destiny of the company.  We will discuss basic cloud security principles, and basic questions directors should ask when considering whether or not the data their management desires to run on a cloud-based architecture will be as safe from attack as possible.  As usual when dealing with cyber security issues, there are no 100% foolproof answers.  Even cloud experts disagree on cloud-based data security practices and their effectiveness.[vi]  There are only good questions a board can ask to make sure it is fulfilling its duties to shareholders to protect the company’s valuable IP assets.

 

What is Cloud Computing/What Are Its Basic Platforms

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services).  Cloud computing is a disruptive technology that has the potential to enhance collaboration, agility, scaling, and availability, and provides the opportunities for cost reduction through optimized and efficient computing.  The cloud model envisages a world where components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down to provide an on-demand utility-like model of allocation and consumption.”[vii]

 

Cloud computing is generally based upon three separate and distinct architectures that matter when considering the security of the data sitting in the particular cloud environment:

 

  •         Infrastructure as a Service (IaaS) – think of this as a basic foundation of all cloud-based services.  It includes everything from the hardware facilities to the and software that reside in them.  All computer services under IaaS are fully outsourced.  An IaaS user will need to manage several components.  In addition to applications and data, this includes middleware, application run time and operating systems.  The ability to manipulate data within the cloud comes with the downside that such data can be compromised.
  •         Platform as a Service (PaaS) – is the delivery of a computing platform and a solution stack as a service.  It allows a buyer to deploy applications without the cost and complexity of buying and managing the underlying hardware and software.
  •         Software as a Service (SaaS) – is a self-contained, software delivery platform that sits above IasS and PaaS, and delivers the entire user experience, including content and presentation.  The SaaS vendor manages all aspects of service delivery, and client downloads and installations are kept to a minimum. The consumer doesn’t generally manage any aspect of the infrastructure.  In most cases, the SaaS vendor is also generally responsible for security.[viii]

 

Now, if the above discussion of the types of cloud platforms isn’t confusing enough, data security issues on the cloud are equally complicated.  But they can be boiled down into several concepts that can be easily understood:

 

  •         Data Migration to and from the Cloud – Managing data is always a challenge in a highly developed organization.  It gets even more interesting with the cloud and even further interesting with the advent of mobile devices.  Cloud-based systems should be able to alert the consumer to situations where there is unapproved data moving to the cloud, and data moving within the cloud or to other cloud-based providers.
  •         Geographic and Regulatory Considerations – The type of information that is considered third party or personally identifiable information varies greatly from world region to world region.  Making sure that the data stays in the proper region and under the right regulatory regime and doesn’t cross geographic boundaries in violation of the applicable laws is a primary concern in cloud.
  •         Data Encryption – Data is first encrypted (e.g., encoded) from the endpoint to the cloud so that it is not intercepted and stolen in transit.  There are many types of encryption techniques available depending upon the type and volume of data stored.
  •         Continuous Monitoring – Probably one of the most important aspects of cloud security is the ability of the cloud-based provider to monitor in real time all database activity, across multiple database platforms.
  •         Incident Response and Data Recovery – A last key element of any cloud-based provider is its ability to quickly respond to an incident and provide instant notification to the consumer that an attack has been attempted.  Additionally, any cloud-based provider should have a ready-to-go, battled tested, disaster data recovery plan.

 

We note that there are highly secure cloud providers that employ cutting edge security architecture as well as cybersecurity analytic capability that may make future risk decisions related to migrating the cloud not only more efficient, but more cost effective with reduced (not increased) risk.

 

Cloud Cyber Governance

As shown above, what is commonly referred to as the cloud actually can mean many different things depending on the context and use.  Using SaaS to manage a customer base has a vastly different set of governance criteria to using IaaS as a development environment.  As such, there are very few accepted standards for properly monitoring/administering a cloud-based environment.  There are many IT consultants in the cloud-based computing environment that can be consulted in that regard.  Our view, however, is that directors are ultimately responsible for enterprise risk management, and that includes cyber security, a subset of which is cloud-based cyber-security.  Thus it is important for directors to have a basic understanding of the risks involved in cloud-based data storage systems, and with cloud-based storage providers.  Below are a few basic questions that come to mind that a director could pose to management, and the company’s CISO and CIO:

 

  1.       Where will your data be stored geographically (which may determine which laws apply to the protection of the company’s data), and in what data centers?
  2.       Is there any type of customer data co-mingling that could potentially expose the company data to competitors or other parties?
  3.       What sort of encryption does the cloud-based provider use?
  4.       What is the vendor’s backup and disaster recovery plan?
  5.       What is the vendor’s incident response and notification plan?[ix]
  6.       What kind of access will you have to security information on your data stored in the cloud in the event the company needs to respond to a regulatory request or internal investigation?
  7.       How transparent is the cloud provider’s own security posture?  What sort of access can your company get to the cloud provider’s data center and personnel to make sure it is receiving what it is paying for?
  8.       What is the cloud servicer’s responsibility to update its security systems as technology and sophistication evolves?
  9.       What is the cloud provider’s ability to timely detect (i.e. continuously monitor) and respond to a security incident, and what sort of logging information is kept in order to potentially detect anomalous activity?[x]
  10.    Are there any third party requirements (such as HITECH/HIPAA) that the provider needs to conform to for your industry?
  11.    Is the cloud service provider that is being considered already approved under the government’s FedRamp authorization process, which pre-approves cloud service providers and their security controls?[xi]
  12.    Finally, does the company’s cyber insurance liability policy cover cloud-based Losses assuming there is a breach and customer records are stolen or otherwise compromised?[xii]  This is a very important question to ask, especially if the company involved is going to use a cyber-insurance policy as a risk transfer mechanism.  When in doubt, a knowledgeable cyber-insurance broker should be consulted to make sure cloud-based Losses are covered.

 

High-profile breaches have proven conclusively that cybersecurity is a board issue first and foremost.  Being a board member is tough work.  Board members have a lot on their plate, including, first and foremost, financial reporting issues.  But as high-profile breaches have shown, major cyber breaches have almost the same effect as a high profile accounting problem or restatement.  They cause havoc with investors, stock prices, vendors, branding, corporate reputation and consumers.  Directors should be ready to ask tough questions regarding cyber security and cloud-based security issues so they do not find themselves on the wrong end of a major data breach, either on the ground or in the cloud.

 

[i] See “Cloud Security Report – Spring 2014,” AlertLogic, 2014.

[ii] See “8 Reasons to Fear Cloud Computing,” BusinessNewsDaily, October 2013.

[iii] PwC, CSO magazine, CIO magazine, The Global State of Information Security® Survey 2014, September 2013.

[vi] See “Data Breach: the Cloud Multiplier Effect,” Ponemon Institute, June 2014.

[viii] Note that regardless of the architecture framework, service level, security, governance and liability issues are normally address in a service level agreement (SLA) which is offered to the customer.  Those should be thoroughly reviewed by legal counsel in additional to the CIO/CISO review of the particular cloud environment.

[ix] Proper Security Incident Management is built upon knowledge of the tactics, technologies, principles, and processes to protect, analyze, prioritize, and handle incidents. See http://cloud.cio.gov/topics/security-incident-management.

[xi] See here. The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

[xii] See “In Cloud We Trust Our Data: Can you Trust Your Cyber Insurance Policy?,” Data Breach Insurance, May 30, 2014.

 

texasIn a July 24, 2014 opinion (here), an intermediate Texas appellate court, applying Texas law, affirmed the trial court’s dismissal on forum non conveniens grounds of the Deepwater Horizon disaster-related shareholder derivative suit filed against Switzerland-domiciled Transocean Limited. The court’s ruling is interesting in and of itself, but it may be even more interesting in light of the recent efforts of a number of U.S. companies to relocate their headquarters and tax domicile overseas through the increasingly controversial transaction known as a corporate inversion (for more background about which refer here).

 

Transocean had been founded as a U.S. company but it had after many decades of doing business in the U.S. moved its domicile overseas. It is now headquartered in Switzerland. In the shareholder derivative suit, the trial court dismissed the case, concluding that Switzerland was the more convenient forum for the plaintiff’s derivative claims. The appellate court concluded that the trial court had not abused its discretion in dismissing the case on forum non conveniens grounds.

 

If the Texas courts’ rulings in the Transocean Deepwater Horizon derivative suit are any indication, the many U.S. companies now moving their headquarters overseas through inversion transactions may not only realize significant taxation benefits but they may also succeed in reducing their susceptibility to shareholder derivative litigation in U.S. courts.

 

Background

Transocean owned and operated the Deepwater Horizon drilling rig, located in the Gulf of Mexico. In April 2010, the rig exploded and ultimately sunk, resulting in the deaths of eleven workers as well as in a massive oil spill.

 

Transocean was founded in 1953 as a Delaware corporation headquartered in Houston. In 1999, the company became a Cayman Islands corporation, and in 2008 it reincorporated in Switzerland. Its stock continues to trade on American exchanges as well as on Swiss exchanges. The company’s U.S. subsidiary, which is headquartered in Houston, has thousands of U.S. employees. Of the parent company’s twelve directors, five live in Texas, three live in other U.S. states, one lives in Canada, and three in Europe. Only one of the European directors resides in Switzerland.

 

Margaret Richardson, a California resident, filed a derivative lawsuit against the Transocean board in Harris County (Texas) District Court. She alleged that the directors’ actions had harmed the company by causing it to incur substantial costs, liability and reputational harm. She alleged that the directors had been aware or should have been aware of the history of safety, maintenance and regulatory compliance issues – both for the company as a whole and with respect to the Deepwater Horizon rig – yet failed to take corrective actions, while making false statements to shareholders about the company’s safety and compliance record. The plaintiff asserted causes of action for breach of fiduciary duty, unjust enrichment and waste of corporate assets. The parties agree that because Transocean is a Swiss company, Swiss law applies to Richardson’s claims.

 

The defendants moved to dismiss the plaintiff’s action on forum non conveniens grounds. They stressed the difficulties the trial court would face in applying Swiss corporate law. The trial court granted the motion to dismiss and the plaintiff appealed.

 

The July 24 Opinion 

On July 24, 2014, in an opinion by Justice Michael Massengale, a three-judge panel of the Court of Appeals of the First District of Texas affirmed the trial court’s ruling, concluding that the trial court judge had not abused her discretion in granting the defendants’ motion to dismiss on forum non conveniens grounds.

 

In contending that the trial court judge had abused her discretion in dismissing the suit, Richardson had emphasized Transocean’s American origins; the substantial presence of its American subsidiary; the American residence of several of the company’s directors; and the significant human, economic and environmental costs to Texas from the Deepwater Horizon disaster. She argued that Transocean’s connections to Switzerland are “primarily tenuous corporate fictions,” while the activities of the company’s U.S. subsidiary affected the lives of thousands of Texans.

 

In assessing whether or not the trial court judge had abused her discretion, the appellate court assessed whether the trial court had considered all of the relevant private and public interest factors and whether the trial court’s balance of the factors was reasonable.

 

Among the private interest factors, the appellate court considered the accessibility of the evidence and witnesses. Although the Deepwater Horizon disaster took place in the Gulf of Mexico, the actions of the directors at issue in the plaintiffs’ derivative lawsuit “predominately took place in Switzerland.” Accordingly, the appellate court said, while there may be circumstances that favor a Texas forum, “the trial court reasonably could have concluded based on other facts presented – most notably that this case concerns acts of corporate governance by the board of directors of a Swiss corporation that holds it meetings in Switzerland – that the balance of private-interest factors favored litigation in Switzerland.”

 

The appellate court also concluded that the appellate record did not show that the trial court judge abused her discretion in weighing the public interest factors. The appellate court seemed to be particularly concerned with the problems associated with applying the law of Switzerland, a trilingual country and a civil-law jurisdiction with a code-based jurisprudence. The trial court said that given that Richardson’s suit “concerns the internal affairs of a Swiss corporation” and that the plaintiff had failed to show that the stockholders had a particular connection with Texas, and given  “the challenges of applying Swiss law in a complex, unsettled area,” the trial court “could reasonably have concluded that the public interest factors favored litigation in Switzerland.”

 

Discussion

The Texas courts’ consideration of these forum non conveniens issues very much reflected the specific circumstance presented, particularly the perceived difficulties for Texas courts in applying Swiss law. A different set of circumstances might well have produced a different outcome, notwithstanding the fact that the defendant company in a shareholder derivative suit is domiciled outside the U.S. Indeed, as discussed here, in at least one of the many other lawsuits that the Deepwater Horizon disaster produced, the Southern District of Texas refused to dismiss at least some of the common law damages claims of BP shareholders on forum non conveniens ground, even though English law governed the shareholders’ claims. Clearly, the mere fact of a defendant company’s non-U.S. domicile is not a universal safeguard against all U.S.-based shareholder litigation.

 

Just the same, the most salient factor in the Texas courts’ consideration of these issues was the fact that Transocean was headquartered outside the U.S and that as a result the law of company’s domicile governed the shareholder claimant’s derivative lawsuit. These same considerations resulted in the dismissal on forum non conveniens grounds of the Deepwater Horizon disaster-related shareholders’ derivative lawsuit that had been filed against the board of BP; in January 2013, the Fifth Circuit affirmed the district court’s dismissal of the BP derivative lawsuit, as discussed here.

 

These dismissals of purported shareholders’ derivative lawsuits on forum non conveniens grounds are of course interesting in and of themselves, for what they say about the relative insusceptibility of non-U.S. domiciled companies to U.S.-based derivative litigation.

 

But I find these dismissals, particularly the dismissal of the Transcocean lawsuit, even more interesting in light of the recent wave of corporate inversion transactions, in which U.S.-based companies merge with non-U.S. companies and then move their corporate headquarters to the target company’s location. The primary motivation for these transactions is tax-related, as the lower corporate tax rates applicable in many non-U.S. jurisdictions can result in a substantial tax savings for the acquiring company.

 

The Transocean case shows that in addition to the intended tax benefits, a company’s move to a foreign domicile through a corporate inversion transaction may also reduce the susceptibility of the company’s board to certain types of shareholder litigation.

 

Transocean itself had started as a U.S. company and had maintained a U.S. headquarters for over four decades. Even though the company’s U.S. subsidiary maintained substantial operations and employed thousands of workers in the U.S., because the company was based outside the U.S. and because its significant board activities took place outside the U.S., the courts of its home jurisdiction were held to be a more convenient forum than a U.S. court for a shareholder derivative lawsuit. Because shareholder litigation is far less well-established outside the U.S., the company’s board, as a result of the company’s non-U.S. domicile, arguably faces a much reduced exposure to these kinds of shareholder suits than as a U.S.-based company.

 

There may be many substantial tax-related reasons for companies to engage in the type of corporate inversion transaction that is all the rage these days. (I suspect that tax considerations were behind Transocean’s overseas move as well, but the appellate court’s opinion is silent about the reasons for the company’s move.) But along with the tax considerations there may be additional benefits as well – that is, that the potential liability exposures of the acquiring company may be reduced by taken on the non-U.S. domicile of the target company.

 

As noted above in connection with the BP shareholder common law damages claims, the fact that a company is based outside the U.S. is not an all-purpose defense against all U.S.-based shareholder suits. Nevertheless, the Transocean example shows that a company’s move to a non-U.S. headquarters can reduce the potential liability exposures of the company’s board, at least with respect to shareholder derivative litigation.