supct2014Since their 2002 enactment, the whistleblower protections in Section 806 of the Sarbanes-Oxley Act have been presumed to apply only to employees of publicly traded companies. After all, the provisions are entitled “Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud.” However, in its March 4, 2014 holding in Lawson v. FMR, LLC (here), the U.S. Supreme Court held that Section 806 protects whistleblowing activity by employees of a private contractor of a public company.

 

The decision has rightfully raised concern, if for no other reason than that the reach of the decision remains unclear. At the same time, the decision does not reach as far as some commentators have suggested. In this post, I take a look at what the court held, what is unclear, and some important distinctions that should be kept in mind when thinking or talking about this case and its implications.

 

Background 

This lawsuit involves the Fidelity family of mutual funds. The Fidelity funds themselves have no employees. Instead they contract with investment advisors that handle their day to day operations. The plaintiffs in these cases were employees of Fidelity Brokerage Services LLC, a subsidiary of FMR Corp. and a private company. The plaintiffs allege that they had been retaliated against by their employer in violation of Section 806 for reporting alleged improprieties involving certain of the Fidelity mutual funds. Their employer moved to dismiss their complaint arguing among other things that Section 806 applied only to publicly traded companies. Following proceedings in the courts below, the case made its way to the U.S. Supreme Court.

 

Section 806 provides in pertinent part that “No [public] company …or any officer, employee, contractor, subcontractor, or agent of such company, may discharge, demote, suspend, threaten, harass, or in any manner discriminate against an employee in the terms and conditions of employment because of [whistleblowing or other protected activities].”

 

In a 6-3 majority opinion written by Justice Ruth Bader Ginsberg, the Court held that based on the statutory text – and in particular Section 806’s reference to “contractor” and “subcontractor” – as well the “mischief” to which Congress was responding in the wake of the Enron and WorldCom scandals, Section 806’s whistleblower protections extend to employees of contractors and subcontractors.

 

In a dissenting opinion, Justice Sotomayor criticized the “stunning reach” of the majority’s opinion, noting that “by interpreting a statute that already protects an expansive class of conduct also to cover a large class of employees, today’s opinion threatens to subject private companies to a costly new form of employment litigation.”  The dissent charged that the court’s holding could authorize a “babysitter to bring a federal case against his employer – a parent who happens to work at the local Walmart (a public company) – if the parent stops employing the babysitter after he expresses concern that the parent’s teenage son may have participated in an Internet purchase fraud.”

 

Discussion 

There is good reason that this decision has raised the alarm in certain quarters. Justice Sotomayor’s comment in her dissent that “today’s opinion threatens to subject private companies to a costly new form of employment litigation” provides ample justification for concern. Private company employers rightfully are concerned to learn that the SOX whistleblower provisions can apply to public companies’ private contractors.

 

As justified as these concerns are, I fear that the concern may be overstated in certain quarters—or rather, that concerns are being raised that even the most alarming parts of the Court’s decision do not justify. For starters, I have heard otherwise responsible commentators summarize the decision as saying that it holds that the SOX whistleblower provisions apply to private companies. This is a correct but incomplete statement. I think the implications of this decision are better understood if we clarify what actually happened here.

 

First of all, though the employees who claimed retaliation were indeed employees of a private company, the company on which they blew the whistle was a publicly traded company. This is not a situation in which private company employees blew the whistle on their own private company employer. The Supreme Court did not say that the Sarbanes Oxley whistleblower provisions apply when a private company employee blows the whistle on a private company. The involvement of the public company, and the fact that the whistle was blown on a public company, are critical considerations here. The majority’s reasoning placed heavy emphasis on the purposes of Sarbanes-Oxley in preventing fraud at public companies. In other words, without this public company involvement, there would appear to be no basis for the SOX whistleblower provisions to apply to a private company.

 

Another critical aspect of this situation is that, while the whistleblowers were employees of a private company, the public company involved had no employees of its own. All of the operations were conducted for the public company by the employees of a private company affiliate. The majority opinion was very concerned that these kinds of arrangements are common in the mutual fund industry and that if the Sarbanes Oxley whistleblower protections were not extended to these employees that mutual fund industry employees would be left without protection from retaliation.  While the lower courts are going to have to interpret the Lawson decision, and while the plaintiffs obviously will want to try to push the limits of the Lawson court’s holding, the circumstances involved in this case were very specific kinds of circumstances. The dissent’s babysitter example rightfully raises concerns, but the context of this decision matters.

 

Unfortunately for all concerned, many questions will now have to be tested in the lower courts. The extent to which private company employers can be dragged into these kinds of cases will have to be developed. Of particular concern is the Court’s holding that private company employers can be subject to the whistleblowing provisions if the private company is a “contractor” or “subcontractor,” which certainly raises questions about what type of a relationship with a public company is sufficient to bring a private employer within the anti-retaliation provision of the Sarbanes-Oxley Act. This may be of particular concern where the private company employer enters long-term arrangements to provide legal, accounting, or financial services to a public company.

 

As the Covington & Burling law firm put it in its June 6, 2014 Law 360 article entitled “Private Employers and Whistleblowing Post-Lawson” (here, subscription required), ”every private company should ask whether it has a business relationship that could qualify it as a contractor or subcontractor of a public company.” This determination “will be straightforward in some cases but murky in others, given the lack of any defining criteria.” Until the courts provide clearer guidance, “prudent companies should act on the assumption that they will be subject to Section 806.”

 

I concur in the view that private companies should proceed on the assumption that they could be subject to Section 806. However, I want to reiterate that even under Lawson, the SOX whistleblowing provisions are not going to apply unless the whistle is blown on a public company. There is nothing about Lawson that says that Section 806 applies if the whistle is blown on a private company.

 

I think the most accurate way to say it is that Lawson extended SOX whistleblower protection to employees of contractors of public companies, whether the contractors are public or private – rather than just saying that the decision extended Sox whistleblower protection to private companies.

 

While I think this distinction is important, I don’t want to suggest that I think Lawson does not represent a significant expansion of the reach of Sarbanes-Oxley whistleblower protections. It does represent a significant expansion. My point is just that it as significant as the extension is, it is not as significant as some commentators have been describing it.

 

The Covington law firm memo has some helpful suggestions about steps employers can take to try to protect themselves in light of these developments.  

 

senegal1A May 31, 2014 article in the Economist magazine entitled “Migration from Africa: No Wonder They Still Try” (here) describes how migrants from further south in Africa are desperately trying to make their way through Libya and across the Mediterranean to Europe. Some migrants pay close to $2,000 for passage on rickety boats to European landing points. As the Economist reports,  “Many do not survive.”  Armed conflict, swelling populations and other factors have driven many to make the attempt to flee, despite the dangers involved. 

 

Many of these migrants come from countries such as Central African Republic, Mali,  northern Nigeria, Somalia and Southern Sudan, which are troubled by civil unrest. Not all of the African countries are as disrupted as these, but even in the more stable countries conditions are difficult for many. As result of an unexpected relationship, I have developed a perspective on the conditions in one of Africa’s more stable countries.

 

Senegal is a francophone country on Africa’s west coast, about the geographic size of South Dakota and with a population about the size of Pennsylvania. The country’s capital, Dakar, is located on the Atlantic Coast, at the country’s westernmost point. Dakar has a population of about 1 million people. In the capital city’s outskirts, there is a high school with a 50 year-old English teacher: an educated, articulate man with a sharp eye and a hard-earned sense of cynicism. Through his words I have been given a glimpse of the very different world in which he lives.

 

I was first introduced to Mamoun Bey (not his real name) four years ago through my eldest daughter, who works for a nonprofit healthcare book publisher. Mr. Bey is effectively his school’s health care officer, and for years he has relied on a medical handbook the nonprofit publishes to provide medical care to the school’s students and their families. He wrote to the nonprofit to ask for a new copy of the book because the one he had was falling apart. Upon request from my daughter, I provided the funding for the organization to supply Mr. Bey several new books. Somehow, Mr. Bey found out about my involvement and he wrote me a long, interesting letter. We have been regular correspondents ever since. Each one of Mr. Bey’s letters provides a window into a world that is even further from my own than geographic distance alone would suggest.

 

In his first letter, written after receiving the new medical guides, Mr. Bey explained to me the health care issues facing his school community.  He began with an explanation of “the African way of life.” In the densely populated cities “we share so many things together.” In Senegal in particular there is “an exaggerated tradition of shaking hands with everyone, even with unknown persons (strangers)” which “unfortunately accounts for the high rate of transmission of diseases.” In Africa, the population is threatened with many infectious diseases and with “endemic fatal diseases, like malaria, typhoid and cholera.” The transmission of rabies from dog bites is also a problem as “hordes of dogs roam about with no owner to claim them.”

 

Poor environmental conditions “explain the endemic character of many infectious diseases.” During the rainy season, “pools of water and mud stagnate in most African cities.” In the absence of access to clean drinking water, people drink contaminated well water. A better storm water runoff and sewage system would alleviate many of these conditions, but those improvements would be possible only “if we had responsible and honest statesmen across the continent.”

 

The curse of corrupt politicians is something of a running theme for Mr. Bey. The poor storm water drainage and poor transport systems are “due to the unscrupulous politicians who choose to enrich themselves to the detriment of their respective countries.” The “paradox” is that so many African counties are “rich in natural resources.” However, it is “mostly foreign companies, hitherto mostly Europeans, today Chinese, that exploit them with the complicity of the politicians in power.”  As a result, “little goes to the development of our countries.”

 

The storm water runoff problems present a particularly harsh example of the corrosive effects of corruption.  During the rainy season, many of Dakar’s residential areas flood. Those with money “hire trucks full of sand or soil that they dump in front of their houses thus deflecting the flood water to their neighbors opposite!” The prior national government had started a program to try to relocate people who had built houses in swampy areas during drought years but “much of the funds were embezzled” and less than a thousand of the planned twenty thousand residential units were actually built.

 

While there are many difficulties in living in Dakar, Mr. Bey does have a surprising level of access to the outside world and to technology. He has Internet access at his school and he has an email account, but we both prefer to communicate by regular mail rather than over the Internet. He also has a television and a cell phone.  He follows U.S. and European politics by listening to the BBC. During the 2012 U.S. Presidential elections, he commented to me that he had heard that Ohio was a critical swing state. When he was describing a particular feature of his country to me, he suggested I could learn more about it by looking it up on Google.

 

Mr. Bey, who is University educated, strongly believes in the value of education. His older children are enrolled at the University but he is disappointed that his youngest son “couldn’t cope with studies.” His son now spends his time tending animals and more recently “he has been spending a lot of time in his friend’s home operating computer games.” Mr. Bey says, “I am not happy about this.”

 

Mr. Bey’s letters have told me a great deal about day to day life and important events in Dakar. His second letter to me included a detailed account of the political crisis the country faced when the then-President tried to run for a third term in office, in defiance of a constitutional provision limiting the President to two terms. The crisis led to street protest and ultimately to an internationally monitored election in which the former President was voted out of office. Senegal, for all of its struggles, has functioning democratic institutions, in contrast to so many other African counties.

 

Mr. Bey also told me about a religious festival of the local Mourid community. The festival, held each December and called the Magal de Touba, is a “big gathering of disciples, sympathizers and curious visitors” to commemorate the return of their leader, Cheikh Amadou Bamba, from exile in Gabon where he had fled from the French colonial administration. Many “exploits” are attributed to this leader and he has attracted a following of “fanatics.” The disciples “travel from all parts of the country in huge convoys,” while others come from abroad. For Mr. Bey, who is always concerned about health and safety issues, the burdens this human influx puts on the local transportation create very dangerous conditions. He notes that “there are often severe accidents with heavy casualties,” and this year more than 30 people died during the festival. Many of the accidents are the result of simple mechanical failure, but “most cases are due to human recklessness and greediness.” In order to complete as many trips as possible, the drivers don’t rest sufficiently and their fatigue causes them to lose control of their vehicles, as happened in connection with one particularly horrible head on collision that resulted in 18 deaths.

 

Through our correspondence we are both learning about each other’s cultures; I think I have been able to show Mr. Bey a little bit about our culture in the U.S. For instance, I told him about the annual gathering in my neighborhood to watch the Super Bowl, which he found interesting. He said, “Here, people believe that you there live highly individualized lives like in Europe with little or no contacts with neighbors. At least your Super Bowl account gives a different image. Here, people are very gregarious to the point that they almost step on your feet. There is too much wagging and less productivity, save for craftsmen and farmers.”  Mr. Bey was also surprised to learn that my mother-in-law lives in our home. He said that he had heard that in Europe and America, older folks are “put in institutions” where they live alone.

 

Health-related topics are a recurring theme in Mr. Bey’s letters and often a jumping off point for comparisons between African and American cultures. In discussing the rising incidence of cancer in Africa, Mr. Bey first noted that until recently “cancer was little known in Africa.” Things have changed. He lost the mother of his oldest son to breast cancer. He also described in moving detail the recent death of a neighbor and close friend from cancer. Mr. Bey said “when I went to see my friend in his last days, I could only lay my right hand on his forearm and recite some prayer verses that I know.” As for why there has been a change, “some say it’s due to our countries’ copying the American and European way of life: eating less and less natural food, living in a more and more polluted environment, inhaling cigarette and engine smoke, paint and chemicals.”

 

Not all of Mr. Bey’s observations relate to health and safety concerns.  For example, Mr. Bey provided an interesting description of the Barack Obama’s June 2013 visit to Senegal, as well as an interesting perspective on U.S. relations with Africa:

 

Your President, Barack Obama, spent three days here with his wife, two daughters, mother-in-law, and a very huge delegation made up mainly of businessmen officials and security personnel. Some main roads of Dakar were closed to the public and taken over by the U.S. security forces to avert any attempt by violent gangs in Libya and Mali to infiltrate the joyful welcoming. The most moving moment of his visit was to Gorée Island, a small island close to Dakar from where thousands of slaves were said to have been exported in inhuman conditions to America during the slave trade. Visitors are shown the famous door of no return. … People are very happy and proud to welcome such guests. They do help financially the country. George Bush junior is the most outstanding in giving aid to African countries: He created the Millennium Challenge account award which undertook a lot of road and bridge construction and financed agriculture in a selected number of African countries to encourage them to more democracy. …The enlightened citizens will forever remember his legacy in Africa as John F. Kennedy’s Peace Corps initiative is still remembered today.  

 

Mr. Bey’s life is difficult and full of challenges, many of which are so different than the kinds of things that I have to deal with on a day to day basis. But we also share many concerns. He worries about his children and their futures. He wants to see his country run well and he aspires to a time when the government can properly address the challenges his country faces.

 

I feel very grateful to have gotten to know Mr. Bey through his letters. It is not just that the many challenges that Mr. Bey faces helps me to appreciate the many benefits that I enjoy, often without sufficient awareness. It is that through the words of this articulate, observant man I have come to appreciate the common humanity we all share with people living in a very different culture and under very different conditions.  His comments about and gratitude for the efforts of several American presidents to help his country made me feel proud, and helped me to appreciate that our prosperous country can help others to try to prosper and succeed.

 

I feel very fortunate to be able to call Mr. Bey my friend.

 

 

secondsealOn June 4, 2014, in a long-awaited but not unexpected opinion (here), the Second Circuit ruled that Southern District of New York Judge Jed Rakoff had improperly rejected the $285 million settlement of the SEC’s enforcement action against Citigroup. Because the case involved the question of whether or not parties may enter into “neither admit nor deny” settlements with the SEC, the Second Circuit’s consideration of the case had been very closely watched. The Second Circuit’s decision appears to preserve the ability of litigants in most cases to enter settlements with the SEC without having to admit to liability. The opinion also represents a strong reaffirmation of judicial deference to the SEC’s discretionary authority to settle its cases.

 

Background

In its enforcement action, the SEC alleged that Citigroup had made misrepresentations in its marketing of collateralized debt obligations. At the same time the SEC filed its complaint, the parties filed a consent judgment for court approval. Among other things, Citigroup agreed to pay $285 million into a fund to be distributed to CDO investors.

 

In a November 28, 2011 order (about which, refer here), Judge Rakoff rejected the proposed settlement, holding that it was not fair, adequate, reasonable, or in the public interest because Citigroup had not admitted or denied the SEC’s allegations. Among other things, Judge Rakoff contended that without the admission of liability he was not in a position to assess the settlement. He also characterized the $285 million settlement as “pocket change” for Citigroup. Judge Rakoff put the action on track for trial on the merits. The parties jointly filed motions with the Second Circuit seeking to stay the District Court proceedings and for an interlocutory appeal of Judge Rakoff’s rejection of the settlement.

 

As discussed at length here, on March 15, 2012, in a sharply worded per curiam opinion, a three judge panel granted the motions to stay and for interlocutory appeal, finding that the parties had carried their burden of showing a substantial likelihood of success on the merits on appeal because the district court did not accord the SEC’s judgment adequate deference. This initial three judge panel did not rule on the merits of the appeal, but set the case on the court’s schedule. Because of the unusual circumstance in which both parties to the case joined together on the appeals issues, the Second Circuit appointed pro bono counsel to advocate for the district court’s order in the appeal.

 

The Second Circuit’s Opinion 

In a June 4, 2014 opinion by Judge Rosemary S. Pooler for a three judge panel, with a concurring opinion by Judge Raymond Lohier, the Second Circuit held that the district court had “abused its discretion by applying an incorrect legal standard in its review.” The appellate court vacated Judge Rakoff’s ruling and remanded the case for further proceedings. (In his concurring opinion, Judge Lohier agreed with the reasoning of the Court but indicated that he thought that the record was sufficient for the appellate court to reverse and to direct the district court to enter the consent decree.)

 

At the outset, the Second Circuit concluded first that Rakoff had not conditioned his approval of the settlement on a requirement for an admission of liability and that he did not do so “with good reason—there is no basis in the law for the district court to require an admission of liability as a condition for approving a settlement between the parties.”

 

The court then addressed what it called the “far thornier question – that is, what deference the district court owes an agency seeking a consent decree.” After reviewing its own case law on the issue, the Second Circuit said that

 

Today we clarify that the proper standard for reviewing a proposed consent judgment involving an enforcement agency requires that the district court determine whether the consent decree is fair and reasonable, with the additional requirement that the ‘public interest would not be disserved’ in the event the consent decree includes injunctive relief. Absent a substantial basis in the record for concluding that the proposed consent decree does not meet those requirements, the district court is required to enter the order. (Citations omitted)

 

The primary focus of the inquiry should be “on ensuring that the consent decree is procedurally proper … taking care not to infringe on the SEC’s discretionary authority to settle on a particular set of terms.”

 

Having articulated the standard for district court review of a proposed consent order, the Court then specified the three ways in which it believed that Judge Rakoff went wrong.

 

First, the Court said that:

 

It is an abuse of discretion to require, as the district court did here, that the SEC establish the ‘truth’ of the allegations against a settling party as a condition for approving the consent decree. Trials are primarily about the truth. Consent decrees are primarily about pragmatism…. It is not within the district court’s purview to demand ‘cold, hard, solid facts established either by admissions or by trials’ as to the truth of the allegation in the complaint as a condition for approving a consent decree.

 

With respect to the absence of admissions or denials, the Second Circuit specifically said that “in many cases, setting out the colorable claims, supported by factual averments by the SEC, neither admitted nor denied by the wrongdoer, will suffice to allow the district court to conduct its review.” Other cases may require an additional showing, as, for example where the district court is concerned that the settlement was the result of improper collusion.

 

Second, the Second Circuit said that Judge Rakoff had also erred in the way in which he considered the “public interest” in his review of the injunctive relief sought in the consent decree. The Court said that “the district court made no findings that the injunctive relief proposed in the consent decree would disserve the public interest, in part because it defined the public interest as ‘an overriding interest in knowing the truth.’ The district court’s failure to make the proper inquiry constitutes legal error.” (Citations omitted) In making its public interest determination, the district court may not “find the public interest is disserved based on its disagreement with the SEC’s decisions on discretionary matters of policy, such as deciding to settle without an admission of liability.”

 

Third, the appellate court said that “to the extent the district court withheld approval of the consent decree on the ground that it believed the SEC failed to bring the proper charges against Citigroup, that constituted an abuse of discretion.” The “exclusive right” to decide which charges to bring rests with the SEC.

 

The appellate court closed its opinion with a reminder that if the SEC chooses to file a civil action and then seeks court approval of a settlement of the action, the agency “must be willing to assure the court that the settlement proposal is fair and reasonable.” Because the district court’s power is required to enforce the settlement, “for the court to simply accept a proposed SEC consent decree without any review would be a dereliction of the court’s duty to ensure the orders it enters are proper.”

 

Discussion 

Notwithstanding the appellate court’s closing words about the importance of judicial review of the SEC’s consent decrees, the opinion overall is a pronounced endorsement of the need for judicial deference to the SEC’s authority and discretion in deciding whether or not and how to settle an enforcement action. At a minimum, the opinion reaffirms the SEC’s discretionary authority to enter, if it so chooses, into settlements in which the target of the enforcement action neither admits nor demies liability. The court not only said at the outset that “there is no basis in the law for the district court to require an admission of liability as a condition for approving a settlement between the parties,” but throughout the opinion signaled that the agency may appropriately use its discretion to enter into a settlement in which the other party neither admits nor denies liability.

 

Of course, on its own, the agency, under its new Chairman, Mary Jo White, has adopted a new policy in which it has declared that at least in certain cases it will require parties to provide admissions of liability as a condition of settlement, as discussed here. But while the agency may now in certain cases and on its own require the settling party to provide admissions, the Second Circuit’s opinion reaffirms the agency’s authority to enter if it so chooses into a settlement in which the settling party neither admits nor denies the allegations.

 

Even though the Second Circuit rejected Judge Rakoff’s refusal to accept the Citigroup settlement, his unwillingness to accept the settlement has had a significant impact. It is arguable that the SEC might not have adopted its new policy requiring admissions of liability if Judge Rakoff had not forced the issue onto the enforcement agenda. Judge Rakoff’s concerns have also encouraged other judges to scrutinize SEC settlements and to ask hard questions about the terms on which the SEC has settled.

 

But while Judge Rakoff’s rejection of the Citigroup settlement may have elevated the debate on these issues, in the end the appellate court flatly rejected Rakoff’s perspective on court’s role in reviewing SEC settlements. Rakoff’s opinion rejecting the settlement was emotional, projected a high moral tone, and reflected a theoretical consideration of the issues. The appellate court’s perspective, by contrast, was (it said itself of agency settlements) “pragmatic.” The appellate court’s opinion also reflected a more restrained and deferential conception of the role of the district court.

 

While compromises of disputed claims are less satisfying than a determination of issues of fault and liability, the system might grind to a halt if parties cannot compromise, The practical reality is that if the SEC is not free to compromise disputed claims without an admission of liability, then the parties are going to be far less likely to compromise, an outcome that would impose enormous costs on the litigants and burdens on the courts.  

 

 

 

weiAs I have frequently noted on this site (refer, for example, here), cyber security issues increasingly are a board level concern, and indeed, recent shareholder litigation has shown that investors intend to hold board members accountable when data breaches cause problems for their companies.  In the following guest article, which was previously published as a Weil alert, Paul A. Ferrillo of the Weil Gotshal law firm take a look at the issues surrounding cyber security and corporate governance from a board level perspective. Paul first examines the board duties in connection with cyber security issues; he then reviews the basic questions for board members to consider; and then examines the availability of insurance to address cyber security related issues.  

I would like to thank Paul for his willingness to publish his article as a guest post on my site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. If you are interested in publishing a guest post, please contact me directly. Here is Paul’s guest post.  

****************** 

                The number, severity, and sophistication of cyber attacks – whether on our retail economy, our healthcare sector, our educational sector or, in fact, our government and defense systems – grows worse by the day.[1]   

              Among the most notable cyber breaches in the public company sphere was that hitting Target Corporation (40 million estimated credit and debit cards allegedly stolen, 70 million or more pieces of personal data also stolen, and a total estimated cost of the attack to date of approximately $300 million).[2] Justified or not, ISS has just issued a voting recommendation against the election of all members of Target’s audit and corporate responsibility committees – seven of its ten directors – at the upcoming annual meeting. ISS’s reasoning is that, in light of the importance to Target of customer credit cards and online retailing, “these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information.”[3]  

                Unlike many other aspects of directing the affairs of a public company (e.g., like overseeing its financial reporting function and obligations), “cyber” is new for many directors, and is certainly far from intuitive. For this reason, this article will focus specifically on the responsibilities of public company directors to oversee their company’s cyber security program (within the framework of the company’s enterprise risk management structure); the basic questions directors should be asking about a company’s cyber security, incident response, and crisis management program; and lastly, the potential value of a stand-alone cyber insurance policy to transfer some of the risk of a cyber attack to a reputable insurance carrier. 

Directors’ Duty of Oversight with Respect to Cyber Security/Other Duties and Regulations Lurking About for Directors 

                A public company director’s “duty of oversight” generally stems from the concept of good faith. As noted in the seminal case, In re Caremark Int’l, Inc. Derivative Litigation, 698 A.2d 959 (Del.Ch. 1996), as a general matter “a director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that the failure to do so in some circumstances, may, in theory, at least render a director liable for losses caused by non-compliance with applicable legal standards.” 

                However, the business judgment rule protects a director’s “informed” and “good faith” decisions unless the decision cannot be attributed to any rational business purpose. 

                In today’s world it would be hard to question that cyber security should not be part of any organization’s enterprise risk management function, and thus, by inference, part of any director’s duty of oversight. Indeed, the plaintiffs’ securities class action bar has recently filed two shareholder derivative actions against the boards of directors of both Target and Wyndham Worldwide Hotels as a result of their publicly reported cyber breaches. In these complaints, the plaintiffs alleged, among other things, that the directors “failed to take reasonable steps to maintain their customers’ personal and financial information in a secure manner.”[4] 

                As was made clear by the questioning of the panelists in the recent SEC Cyber Roundtable, on March 26, 2014,[5] there are other reasons for directors to be intimately involved with decisions concerning a company’s cyber security, i.e. “the regulators.” Over the last several months, not only has the SEC been more involved generally with cyber “thinking” and security issues, but also the Office of Compliance, Inspections and Examinations of the SEC (governing investment advisors and asset managers), and the Financial Industry Regulatory Authority (FINRA) are all in the game.[6] So is the Federal Trade Commission, as well as state regulators, such as, the New York State Department of Financial Services. Each of these organizations has their own exhaustive list of factors or areas of examination/consideration. They are long and extensive. And we have yet to see whether the SEC will issue additional guidance to public companies concerning what information is required to be disclosed to investors concerning cyber security incidents.[7] 

Cyber Governance Questions for Directors to Consider 

                Here are some basic questions public company directors should be asking about when reviewing their company’s cyber security framework:  

                1. What part of the Board should handle examination of cyber security risks? Should it be the whole Board? Should this responsibility be assigned to the Audit Committee? The Risk Committee (if there is one)? Should the Board create a “Cyber Committee” to exclusively deal with these issues? Should additional Board members be recruited who have specific cyber security experience? 

                2. How often should the Board (or Committee) be receiving cyber security briefings? In this world, which moves at light-speed and in which cyber breaches are reported daily, are quarterly briefings enough? Should the Board be receiving monthly briefings? Or more (given the industry type of the Company on whose board they sit, e.g. tech/IP company)? 

                3. Given the sheer complexity and magnitude of many cyber security issues, should the Board hire its own “cyber advisers” to consult on cyber security issues, and to be available to ask questions of the Company’s senior management, CTOs, and CIOs? 

                4. What are the greatest threats and risks to the Company’s highest-value cyber assets? Does the Company’s human and financial capital line up with protecting those high-value assets? 

                5. What is the Company’s volume of cyber incidents on a weekly or monthly basis? What is the magnitude/severity of those incidents? What is the time taken and cost to respond to those incidents? 

                6. What would the worst-case cyber incident cost the company in terms of lost business (because of downtime of systems that were attacked and need to be brought back and because of the harm to the Company’s reputation as a result of the attack)? 

                7. What is the Company’s specific cyber incident plan, and how will it respond to customers, clients, vendors, the media, regulators, law enforcement, and shareholders? Does the Company have a crisis management plan to respond to all these various constituencies, as well as the media (both print and electronic/high activity bloggers)? Finally, has the cyber incident plan been tested (or “war-gamed”) so that it is ready to be put into place on a moment’s notice? 

                8. What cyber security training does the Company give its employees? 

                9. What sort of “cyber due diligence” does the Company perform with respect to its third-party service providers and vendors?[8] 

                10. In a mergers and acquisitions context, what is the level of cyber due diligence that is done as part of the consideration of any acquisition? 

                11. Has the Company performed an analysis of the “cyber-robustness” of the company’s products and services to analyze potential vulnerabilities that could be exploited by hackers? 

                12. Finally, should the Company consider adopting, in whole or in part, the NIST cyber security framework as a way or method of showing affirmative action to protect the company’s IP assets? 

                This list could go on for pages. But it won’t, since we believe it serves its purpose, i.e. there are plenty of tough questions that directors need to ask of its senior management and senior IT staff. And directors may need their own advisors and professionals to help them fulfill their oversight duties in helping to assess and ask the tough questions. 

Availability of Cyber Insurance to Mitigate Cyber-related Risks and Costs 

                Given the past two years of major cyber breaches, one additional question directors should consider is whether or not the Company should be purchasing cyber insurance to mitigate its cyber risk, including its forensic costs, incident and crisis management response costs, and the litigation costs, expenses, and settlements that could be incurred as a result of a major cyber breach. 

                Though in the past many companies tried to insure cyber breaches through their comprehensive general liability policies, today’s “gold” standard is to purchase stand-alone cyber insurance coverage. Though some in the industry have called the area of cyber insurance the “Wild West,” rules of thumb have started to emerge regarding coverages frequently found in standalone cyber insurance policies. For example, such policy may cover: 

                1.            Loss arising from third party claims resulting from a security or data breach (i.e., a lawsuit by a financial institution against a retailer following a breach for damages, or regulatory actions in connection with a cyber breach); 

                2.            The direct first party costs of responding to a breach, like the forensic costs of determining what caused the cyber breach; 

                3.            Loss income and operating expenses (“business interruption insurance”) resulting from a cyber breach; 

                4.            Cyber extortion threats against a Company. 

                The better stand-alone cyber insurance policies go even further. Some will provide a rapid response team staffed by IT experts to consult with a company and help manage their response to the cyber incident. Some have a 24/7 hotline that is available to help guide companies through a cyber breach.  Additionally some policies will help reimburse the costs attendant to the incident itself, including paying the costs of required customer notification, as well as the cost of a crisis management team to help the Company communicate with its key customers and vendors after a breach to help minimize reputational harm. 

                Because stand-alone cyber insurance policies are relatively new phenomena, it would be important to check if your cyber carrier has a good claims-handling and claims-paying reputation, or a reputation as a “strict constructionist” of exclusions. No two policies are alike, so offered terms, exclusions, and endorsements should also be compared. Experts like sophisticated insurance brokers or insurance coverage lawyers can be consulted here to make sure the Company gets the best policy that it can. Further, as certain very large scale cyber security breaches have also resulted in shareholder derivative actions alleging breach of fiduciary claims against directors, it would be wise for directors to consider the sufficiency of the Company’s directors and officers liability insurance program. 

                Finally, given the reported costs of certain companies that have had to respond to cyber breaches, directors should question how much cyber insurance is available in the marketplace for a company to purchase. The Company’s insurance broker should be consulted, and bench-marking information may be available on a company or industry specific basis to advise how much insurance other similarly situated companies are purchasing. We are told by the brokerage community that up to $300 million in cyber insurance may be available for a Company to purchase if it truly wants to transfer some of its cyber-related risk to a good insurance carrier. Risk transfer mechanisms like cyber insurance are certainly no substitute for a robust cyber security and battle-tested incident response plan, along with rigorous training of all employees, but it can be an important component of a company’s overall cyber risk mitigation plan.

 NOTES:

1. Report: Growing Risk of Cyber Attacks on Banks (noting that “A yearlong survey of New York bank security has found that cyber thieves are using increasingly sophisticated methods to breach bank accounts”), The Wall Street Journal, May 6, 2014, available here.

2.   See “The Target Breach: By the Numbers,” available here.

3. Paul Ziobro and Joann S. Lublin, ISS’s View on Target Directors Is a Signal on Cybersecurity, The Wall Street Journal, May 28, 2014, available here.

4. Kevin LaCroix, Wyndham Worldwide Board Hit with Cyber Breach-Related Derivative Lawsuit, The D&O Diary, May 7, 2014, available here.

5. See Webcast of SEC Cybersecurity Roundtable, March 26, 2014, available here.

6. John Reed Stark, Cybersecurity and Financial Firms: Bracing for the Regulatory Onslaught, April 21, 2014, available here.

7. CF Disclosure Guidance: Topic No. 2, October 13, 2011, available here.

8. Trustwave 2013 Global Security Report (noting that 63% of all investigations showed that a cyber breach emanated from a third-party vendor or IT administrator), available here.

 

 

 

delIn light of the recent legislative initiative to restrict Delaware stock corporations’ use of fee-shifting bylaws, companies incorporated in Delaware have, as described in a recent Law 360 article (here, subscription required) a “smaller more defined toolbox” to reduce the burdens involved with shareholder suits.  As it stands, the article notes, the “sharpest tool in the arsenal is boards’ ability to define where cases will be heard.” As the Jones Day law firm noted in a May 2014 memo (here), the use of exclusive forum provisions has become “mainstream.”  An increasingly large number of companies are adopting forum selection by laws and courts outside of the selected forum are showing a consistent willingness to enforce the provisions.

 

As discussed here, in June 2013, the Delaware Chancery Court upheld the validity of a bylaw adopted by Chevron’s board that designated Delaware as the exclusive forum for adjudication of various shareholder disputes. Although the plaintiffs in that case withdrew their appeal, so that there was no Supreme Court review of the Chancery Court ruling, the “overwhelming view of corporate law experts,” according to the Jones Day memo, is that “exclusive forum provisions are valid and enforceable under Delaware law.”

 

A May 28, 2014 memo from the Sullivan & Cromwell law firm entitled “Exclusive Forum Bylaws Gain Momentum” (here) takes a detailed and comprehensive look at the ways that companies and courts have become increasingly comfortable with these exclusive forum provisions.

 

First, the Sullivan & Cromwell memorandum details the benefits that these kinds of provisions afford.  An exclusive forum bylaw can “discourage forum shopping by plaintiffs and the practice of litigating similar or identical claims in multiple jurisdictions.” The bylaws “remove the need to hire multiple counsel and make filings in different jurisdictions.”  These kinds of provisions “reduce the risk of inconsistent outcomes.” And they allow companies to designate a court with “particular expertise in corporate matters” – for example, the Delaware Court of Chancery.

 

Second, the memo details the extent to which an increasing number of companies are adopting these kinds of provisions. Just in the first six months after the Chancery Court ruling in the Chevron case, as many as 112 Delaware corporations adopted or announced plans to adopt exclusive forum bylaws. A detailed appendix to the memo examines the 32 S&P 500 corporations that have adopted exclusive forum bylaws.  These kinds of provisions increasingly are included in the charters or bylaws of companies conducting initial public offerings. As the memo notes, while the various shareholder proxy advisory services have recommended against bylaw proposals, shareholders themselves “do not appear to have resisted their adoption or punished directors or companies that have adopted them”

 

Third, and perhaps most significantly for these bylaws to be useful, “all state courts that have considered the enforceability of exclusive forum provisions have upheld them, including courts in California, New York, Illinois and Louisiana.”  These decisions, the memo notes, “demonstrate a judicial willingness to honor exclusive forum bylaws.” If the trend of enforcement of forum provisions by non-Delaware courts continues, the need to litigate the question outside of Delaware “may become less of a burden.”

 

In light of these developments and the benefits the bylaws can afford by reducing the costs of multi-jurisdictional litigation, “companies should give serious consideration to adopting such a bylaw.” Companies considering whether or not to adopt a forum selection bylaw may want to consider whether or not to adopt the provision in the bylaws or to take the further step of amending the corporate charter and whether to include express carve-out provisions when the chosen forum does not have personal-  or subject-matter jurisdiction.

 

The memo also suggests that in order to avoid undermining the potential effectiveness of the provision, it would be “prudent” for companies to “adopt an exclusive forum provision well before any corporate event that could reasonably be anticipated to give rise to litigation.” A company adopting a forum selection bylaw “should ensure that the company’s public disclosure approximately explains the rationale for the adoption, including any excessive costs that the company has incurred from multi-jurisdictional litigation.”

 

The memo helpfully includes some sample language for companies to review in connection with their adoption of a forum selection bylaw. The table appended to the memo includes a detailed review of the provision that various S&P 500 companies have adopted, and with respect to each example, the table notes the company involved; the forum selected; whether or not the bylaw allows for an alternative forum; the kinds of claims to which the bylaw applies; and whether or not the bylaw includes a jurisdictional consent provision.

 

As various academic and research studies have well documented, virtually every M&A transaction these days attracts litigation. All too often, this litigation entails a multi-jurisdictional battle. Indeed, as Cornerstone Research  detailed in its 2013 study of M&A-related litigation, 62% of mergers and acquisitions in 2013 were litigated in more than one court. The adoption of a forum selection provision provides companies a way to fight back against the curse of multi-jurisdiction litigation. As the Jones Day memo to which I linked above puts it, “an exclusive forum bylaw is not intended to prevent plaintiffs from bringing deal-related litigation, but instead to prevent forum-shopping, to avoid the costs and expenses of multi-forum litigation, and to ensure that the litigation is heard in Delaware by Delaware judges.”

 

While, as I noted at the outset, a forum selection bylaw may be the “sharpest tool in the arsenal” for corporate boards trying to reduce the burdens and expense of shareholder litigation, there is yet another bylaw innovation that is in play. As discussed at length here, several court rulings have now upheld the enforceability of a bylaw provision requiring the arbitration of shareholder disputes.  While the developments in this area are at most nascent, the possibility of a bylaw provision containing a class action litigation waiver potentially could significantly alter the shareholder litigation environment. In other words, there could be at least one or two other tools in the arsenal for companies to use to try to avoid the burdens and expense of shareholder litigation.

 

Readers intereseted in the topic of forum selection bylaws will want to review the January 15, 2014 article entitled “Trends if Exclusive Forum Bylaws” (here) by Claudia H. Allen of the Katten Muchin Rosenman law firm.

ScotussealThe U.S Supreme Court did not issue its long-awaited decision in the Halliburton case yesterday and so it looks as if we will have to wait a little while longer to find out whether or not the Court will throw out the fraud on the market theory. The Court will for sure release its opinion some time during June, before the end of its current term at the end of the month. But we don’t have to just sit around drumming our fingers impatiently in the meantime. There are some interesting related issues we can contemplate while we wait.

 

1. What will happen if instead of either tossing the fraud on the market theory or keeping it unchanged, the U.S. Supreme Court takes a middle course and requires securities plaintiffs seeking to take advantage of a presumption of reliance in class actions to establish that the alleged misrepresentation had a price impact? As discussed here, in the March 5, 2014 oral argument in the case, Justice Kennedy, seeking to find “midpoint” between the two extreme outcomes, invoked a proposal from the amicus brief of two law professors (Adam Pritchard of Michigan Law School and Todd Henderson of U. Chicago) that in order for there to be a presumption of reliance at the class certification stage there should be an event study to establish that the allegedly misleading statement distorted the company’s share price,.

 

Obviously, there is no way to know for sure how this case will turn out or whether the Court’s decision will incorporate some form of the price impact proposal. But as discussed in a May 30, 2014 Law 360 article entitled “Halliburton’s Middle Ground Still Promises Sweeping Change” (here, subscription required), even the “middle course” that the two law professors’ suggested “presents unknowns that could tie up the court with knotty new questions or expose new classes of defendants to litigation.” As one commentator asked in considering what a price impact requirement might mean. “Do you have to disaggregate the amount of information that came out at one time? Do you need expert testimony saying this failure to take an impairment caused this price to move?” It will, as another commentator noted, “be important to see what preconditions [the Court] sets on when to use an event study and what other tools could be used to determine price impact.”

 

The net result, the article note, could be “longer, more expensive processes.” And the cases that survive the gauntlet “probably will demand a much higher price to settle than they would have before,” according to another attorney quoted in the article.

 

In addition, allowing price impact evidence in order to be able to evoke the presumption of reliance could allow plaintiffs to go after other kinds of defendants. The article quotes Professor Pritchard as saying that the price impact approach could “help plaintiffs go after issuers of less-liquid securities, such as over-the-counter securities or municipal bonds, where it cannot be presumed an efficient market exists.”

 

2. If the U.S. Supreme Court goes ahead and tosses the fraud on the market theory altogether, could it mean an influx of securities litigation in Canada? A May 28, 2014 Financial Post article entitled “If U.S. Retreats on Securities Class Actions, Canada Stands Ready to Fill the Gaps” (here) raises the question whetehr an adverse ruling for plaintiffs in Halliburton could divert prospective securities claimants to Canada. As one commentator quoted in the article notes, “it does make you wonder whether that will have an impact on the number of securities class actions in Canada at large and in Ontario specifically.”

 

Another commentator quoted in the article notes that in recent years as the U.S. Supreme Court has made it more difficult for U.S. plaintiffs counsel to mount U.S. securities class actions, “Canadian courts have been welcoming,” adding that “Canada may become the overflow jurisdiction for some of these cases that aren’t finding a home in the U.S. as a result of some of these changes.” Among other things, Canadian courts have certified global classes in securities suits under Canadian law, and Canadian courts have declined to follow the U.S. Supreme Court ‘s Morrison holding, and have certified shareholder classes that include investors who purchased their shares outside of Canada.

 

There are of course a number of hurdles that would complicate things for prospective litigants considering the possibility of filing claims in, say, Ontario. Plaintiffs must first seek and obtain the court’s permission before pleading the statutory action under Ontario law, and the Ontario law places a cap on damages. In addition, the jurisdictional test requires a “real and substantial “connection to Canada in order for the Canadian court to have jurisdiction, which could restrict the occasions on which foreign claimants might be able to proceed in a Canadian court.

 

3. There are yet other Supreme Court cases to think about while we are awaiting the U.S. Supreme Court’s decision in Halliburton. As Alison Frankel noted in a May 28, 2014 post on her On the Case blog entitled “After Halliburton, SCOTUS has Another Securities Litigation Puzzler” (here), “Halliburton has cast such an enormous shadow that the court’s next big securities case hasn’t gotten much attention.”

 

As I discussed in an earlier post (here), in March 2014, the U.S. Supreme Court granted cert in the IndyMac MBS case to determine whether or not the filing of a class action lawsuit tolls the running of the three-year statute of repose under the Securities Act of 1933. The Second Circuit ruled in the case that the three-year statute of repose provide defendants with a “substantive right’ to be free of exposure to Securities Act litigation, and therefore that the filings of a securities class action lawsuit does not toll the statute of repose.

 

As Frankel discusses in her article, the claimants in the IndyMac case have now filed their merits briefs, in which they argue that the Second Circuit’s ruling in the case unsettled long-standing practices with regard to the principles of tolling and that the appellate court’s ruling that the filing of a class action suit is inconsistent with the idea of class action litigation in which the class representative acts on behalf of class of absent class members. A separate amicus brief filed on behalf of over 40 pension funds raised the practical argument that if the statute of repose cannot be tolled the funds will have to monitor and analyze a large number of pre-certification securities suits to ensure that the limitations period does not run. Federal dockets could be swamped with individual investors worried about protecting potential Securities Act claims even if they are already members of the class asserting the same causes of action.

 

And as if that were not enough, there will be yet another securities case before the Supreme Court during its next term. As discussed here, in March 2014, the U.S. Supreme Court agreed to take up the Omnicare case, to determine whether or not to survive a dismissal motion it is sufficient for a plaintiff in a Section 11 case to allege that a statement of opinion was objectively false, or whether the plaintiff must also allege that the statement was subjectively false – that is, that the defendant did not believe the opinion at the time the statement was made. As noted here, the Court extended the time within which the petitioners must file their merits brief, but they will be filing their briefs later this week. In other words, as hard as it is to look beyond Halliburton, even after the Court has finally ruled on that case, there will be lots of action yet to come in securities case at the Supreme Court.

 

So there is much to think about while we await the outcome of the Halliburton case and much to look forward to in the months that will follow the Court’s decision. That should help fill the time in the interim.  

 

earthIn a series of letters sent to individual board members of various major energy companies and to a number of participants in the directors and officers liability insurance industry, three environmental groups contend that climate change denial by energy industry representatives presents a risk of personal liability to the individual energy company board members. The letters also contend that “the threat of future civil or criminal litigation could have major implications for D&O liability insurance coverage.” The letters, which demand that the recipients respond to a list of specified question, clearly seek to make the global climate change debate personal and to take the fight to the D&O insurance industry.

 

The letters were sent in late May by three environmental organizations – Greenpeace International, the World Wildlife Fund International and the Center for International Environmental Law – to board members at 32 energy companies and to 44 participants in the D&O insurance industry. The list of energy companies whose board members received the letters include petroleum giants such as ExxonMobil, Chevron, and ConocoPhillips, as well as many of the world’s largest coal companies, including Peabody Energy, Murray Energy and Arch Coal. Insurers receiving the letter included American International Group, Berkshire Hathaway, and Zurich Insurance Group.

 

A complete list of the companies and insurers that were sent the letters can be found here. An example of the letter sent to the board members of the companies can be found here. An example of the letter sent to the D&O insurance industry participants can be found here.

 

Each of the letters asserts that the environmental groups sent the letters to companies that “rank among the largest historic contributors to industrial greenhouse gas emissions.” The letters also assert that the companies “share the majority of the responsibility for the estimated global industrial emissions of CO2.” The letters further assert that these companies “may have been or may be working to defeat action on climate change and clean energy by funding climate denial and disseminating false or misleading information on climate risks” despite “increased awareness of the threats associated with climate change” among shareholders and insurers and despite “the overwhelming body of climate science on impacts, adaptation and vulnerability.”

 

The letters go on to assert that these actions “aiming to obstruct action on climate change, coupled with the development, sponsorship or dissemination of false, misleading or intentionally incomplete information” about climate change risks “could pose a risk to directors and officers personally.” The threat of future civil or criminal litigation “could have major implications for D&O liability insurance coverage.”

 

Each letter requests that the individual board member respond within four weeks to a list of questions presented in an annex to the letter. Similarly, the letters to the D&O insurance industry participants requests that the insurers respond to questions. The letters state that responses will be posted on the website for Greenpeace.

 

An Annex to the letters (refer here) details what the environmental groups characterize as the “potential implications of climate-related litigation on D&O liability policies.” Among other things, the Annex asserts that “fossil fuel companies and utilities have been and will continue to be the target of climate-related lawsuits.”  The Annex goes on to assert that “some insurance industry experts believe that the fiduciary duties of directors and officers are evolving in the context of climate change and that this will have a major effect on D&O coverage.”

 

The Annex asserts that claims against directors and officers for “concealment, misrepresentation and mismanagement of climate change-related risk may look for reimbursement of defense costs and indemnification” from their D&O insurers; however, there is a risk that the policies might not provide coverage “creating a personal risk for directors and officers.”

 

In a May 28, 2014 press release (here), a representative for the Center for International Environmental Law is quoted as saying that the letter campaign is intended to elicit information and to “start a conversation about climate inside the companies, and with the public and investors.” A representative for Greenpeace is quoted as saying that because the cost of climate change is personal “the responsibility – not just the devastating effects – should be personal.” A representative of the World Wildlife Fund is quoted as saying that “Sooner or later those who hide the facts and oppose policies to fight climate change will be held to account by the courts.”

 

Discussion 

I mean no disrespect to the three environmental groups and I do not mean to seem as if I am belittling the seriousness of their message.  But just the same, whatever the environmental groups’ motivations were in sending these letters, when you look at what they actually did, their efforts can only be described as scattershot. The list of “insurers” to whom the letters were sent is, well, just plain odd.

 

Though the list includes some of the major global D&O insurers, other important insurers are simply missing. Other companies on the list are not insurers at all, but are insurance  brokers – and not even the largest brokers, but a seemingly random selection of smaller brokers. The list also includes reinsurers. In some cases the letter apparently was sent to the reinsurance division of a major insurance holding company but not to the direct insurance division that actually provides D&O insurance. The list also includes reinsurance intermediaries – why? And finally the list includes several companies that I literally have never even heard of. So, for starters, I think the environmental group can fairly be faulted for failing to do their homework.

 

The energy companies to whose board members the environmental groups contacted all seem to be significant petroleum or coal companies, so the energy company list in that respect makes more sense than the insurance company list. But the environmental groups really don’t explain why those particular companies are receiving letters. Though the letters assert generally that the companies involved “may have been or may be working to defeat action on climate change and clean energy by funding climate denial and disseminating false or misleading information,” none of the letters identify any specific ways any particular company engaged in these alleged activities.

 

The Annex to the letter that purportedly identifies the false and misleading information the energy industry has been putting out is full of bizarre typographical errors. (I suspect the version that is posted on the Internet has some weird technological bug.)  But with respect to the list of publications and resources to which the Annex intended to refer, the Annex itself says, “We are not providing evidence of specific company involvement in these activities, or suggesting that specific companies were or are currently involved.” Instead, what the Annex refers to are climate change denial statements by “trade associations, public relations firms or other third party intermediaries.”

 

 

In other words, the environmental groups apparently are not alleging that the specific companies to whom the letters were sent are involved in efforts to undermine action on climate change. Rather, the groups seem to be suggesting that energy companies generally are guilty by way of their very industry involvement in efforts by third-party groups to try to counter the environmental groups’ advocacy on climate change.

 

I will leave it to others to comment on the environmental groups’ premise that the board members of various individual energy companies should be held personally liable for statements by unidentified third party groups that have had the temerity to express views different than those of the environmental groups on issues of public importance. I will say that other than rhetorical flourish, the environmental groups provide little support for their contention that the statements by those thrid-party groups translates to personal liability for the individual board members.

 

I also think the letters reflect a peculiar idea of how liability insurance works or might work if the kinds of claims the environmental groups describe were actually filed. The letters’ references to D&O insurance and their questions about the availability of coverage suggest that the environmental groups regard the insurance coverage as “always on,” like a TV remote control, and all somebody needs to do is push a button and the coverage, which always running in the background, is triggered. However, insurance doesn’t work like that. Insurance is a matter of contract. The insurance policy runs for specified time periods, insures certain parties, and includes certain terms and conditions.

 

Availability of coverage for any particular claim depends on when the lawsuit is filed, who is named as a defendant and what specific theories are alleged. The coverage also depends on the specific wordings of each separate policy as the D&O insurance policies are each separately negotiated and each involves its own particular wording. In addition, whether coverage is available in any particular situation may depend on post-claim events, such as the provision of notice and cooperation with the insurer.

 

Some of the carriers on the list of letter recipients only participate in the D&O insurance marketplace as D&O insurers in an excess capacity. Their coverage will not be triggered unless the underlying insurance is exhausted. Other carriers on the list only participate in the D&O insurance marketplace as Excess Side A insurers. Coverage under their policies would only be triggered if the claim filed is nonindemnifiable, whether due to insolvency or legal prohibition. Some of the carriers on the list are not active players in the energy industry, and they likely do not insure any of the energy companies on the list.

 

I suspect that the environmental groups that sent these letters would be very impatient with my objections. Throughout the letters, the groups’ real message seems to be that climate change is a catastrophically serious threat and something needs to be done right away. In their view, the critical importance of the message far outweighs any trivial flaws that might be involved in the communication of the message. The groups seem to think that invoking the threat of personal liability will motivate corporate board members to look into whether their company is supporting the climate change deniers. The groups also seem to think that they can goad the D&O insurance industry to put pressure on companies to avoid actions that could create liability for the insured directors and officers. These are not meant to be subtle messages and so from their perspective a blunderbuss approach works just fine.

 

In certain respects at least, I have to say the environmental groups’ efforts were successful. The letter-writing campaign obviously was a publicity stunt. The stunt did succeed in garnering publicity. Stories about the groups’ letters appeared in such diverse publications as Bloomberg (here), Insurance News (here), and The Nation (here). The environmental groups want to try to undercut support for the climate change deniers, and so the publicity is important to their efforts to try to put pressure on the individual board members and the D&O insurers to question the energy companies about their support for these groups.

 

There is another respect in which the environmental groups’ efforts may have had an impact. That is, even though the groups’ efforts to communicate with the D&O insurance industry were clumsy, the groups’ letters and publicity campaign do raise questions about the costs associated with climate change and about who is going to pay those costs. The question of who bears the costs of climate change is going to become increasingly important. (I will stipulate that there are those who believe that climate change is a hoax or a political issue; I am not taking sides on this debate, I am merely saying these questions are going to be asked).

 

Just last week, according to an article on Law 360 (here, subscription required), Illinois Farmers Insurance Co. launched nine proposed class actions arguing that hundreds of Illinois municipalities were to blame for storm losses because they were ill-prepared for climate change.

 

Because the costs claimed to be associated with climate change could be enormous, there are going to be more lawsuits like that of Illinois Farmers as those affected try to sort out who should bear those costs. And just as there have long been efforts to try to impose the costs of more traditional environmental incidents to the boards of the companies that allegedly caused the incident (refer for example here), we can all be sure that there will be efforts to try to impose the costs of climate change on the boards of the companies that supposedly caused the climate change-related loss.

 

So even though I find fault with the way the environmental groups delivered the message, I think there could well be some truth to the idea that there will be efforts to hold corporate board members personally liable for the costs associated with climate change. For that matter, it may even be these same environmental groups that bring these claims. Other claims could come from shareholders, regulators, property owners, municipalities and, yes, even insurers. I am not saying that I think these claims would be meritorious. And of course any claim of this type would face significant causation issues among many other hurdles. I am just saying that there may be some truth to the environmental groups’ suggestion that climate change-related claims against corporate boards could be coming.

 

While one might question the environmental groups’ tactics and methods, it probably is in fact a worthwhile exercise for the D&O industry to think about whether or not climate change related claims might be coming and to think about how the industry should be preparing to respond. The list of items to be considered includes questions about how these possibilities should affect pricing, underwriting and risk selection. The issues also should include terms and conditions – such as, for example, whether the provisions of the typical pollution and environmental liability exclusion found in many policies needs to be revised.

 

In the interests of full disclosure, I should acknowledge that I first made a prediction about the possibility of these kinds of D&O claims quite a while ago (refer here). These claims have not yet materialized. I think that in part that might be because the global financial crisis intervened and these issues were put on the back burner. These issues could well stay on a low boil for some time to come. However, there are groups like those involved here that want to make these issues a higher priority. And if there are more events like Superstorm Sandy, these issues could quickly move up the agenda. That is all the more reason for the D&O insurance industry to consider these issues now, rather than at a time when developments could overwhelm the dialogue.

nystate3A New York appellate court, applying New York law, has rejected a D&O insurer’s argument based on alleged late notice of claim that it had no coverage obligations for amounts Sirius XM Radio  had incurred in underlying litigation, holding that the insurer’s policy was ambiguous on the timeliness requirements for notice of interrelated claims. A copy of the New York Supreme Court, Appellate Division’s May 29, 2014 opinion can be found here.

 

According to a summary of the insurance dispute on Law 360 (here, subscription required), the underlying lawsuits related to the merger of Sirius Satellite Radio and XM Satellite radio. A total of five lawsuits ultimately were filed, alleging, among other things, that the two companies had conspired to create a monopoly by combining in order to increase prices, in violation of the state consumer protection laws and federal antitrust statues.

 

The five cases ultimately were resolved. Sirius XM sought to be reimbursed for amounts incurred in the litigation from the D&O carrier whose policy was in force from August 2008 through August 2008 through August 2009, the period during which the first of the lawsuits was filed. XM also sought reimbursement for these amounts from the D&O insurer whose policy was in force at the time of the subsequent lawsuits were filed. The D&O insurer whose policy was in force in 2008-09 denied coverage for these amounts, as did the subsequent D&O insurer.

 

XM initiated a coverage lawsuit in New York Count (New York) Supreme Court against both of the D&O insurers. The D&O insurer whose policy was in force during 2008-09 moved to dismiss, arguing among other things that XM had not provided timely notice of claim with regard to three of the lawsuits. The D&O insurer contended that XM knew about the three actions in March, April and May of 2011, but did not provide notice to the D&O insurer until sending a January 2012 email.

 

In a November 8, 2013 ruling, Supreme Court Judge Peter Sherwood denied the D&O insurer’s motion to dismiss, and the D&O insurer appealed.

 

In a unanimous May 29, 2014 opinion, a panel of the New York Supreme Court, Appellate Division, First Department affirmed the trial court’s ruling, holding that the D&O insurer’s policy’s notice requirements are “ambiguous” on the question “whether its requirement of notice with respect to ‘any’ claim pertains to claims that are related under the provisions for ‘interrelated wrongful acts.’”

 

The appellate court said that “even assuming that plaintiff did have to notify [the D&O insurer] of every interrelated claim as soon as practicable, the documentary evidence fails to resolve all factual issues as a matter of law.” The appellate court said that, among other things, triable issues exist “as to the relatedness of the timely claim and three disputed claims.”

 

Discussion         

It is hard to discern everything that is going on here from the appellate court’s terse opinion, particularly given the opinion’s use of run-on sentences that telescope seemingly unrelated topics. The one thing is clear is that the D&O insurer was not able to get out of the case based on a late notice defense.

 

It was my observation back when I made my living as an attorney representing D&O carriers in coverage litigation that courts generally do not like notice defenses. I think many judges have an unconscious bias against allowing insurers out of coverage based on merely procedural grounds, particularly where the insurer can demonstrate no prejudice. In this case, the carrier was not only trying to raise one of those disfavored notice defenses, but it was trying to raise the argument in the context of an interrelated claim issue. As I have noted at length elsewhere, courts find interrelatedness issues vexing and court decisions on interrelatedness issues are all over the map.

 

My point here is that even if I can’t discern from the appellate court’s brief three-page opinion everything that was going on in this case, the one thing I do know is it was always going to be tough for a carrier to prevail on a disfavored notice defense particularly given the interrelated claim context.

 

I will say that the case does raise an interesting issue. If there are multiple interrelated claims and if notice for the first of the claims was timely, must notice of all subsequent interrelated claims also be timely? On the one hand, I can see the policyholder’s argument against imposing a continuing notice requirement as it could operate as a trapdoor to snatch coverage away. On the other hand, I can see the carrier’s argument that it must be provided with timely information about subsequent claims so that the insurer can take appropriate steps to protect the policyholder’s and the carrier’s mutual interests.

 

In the end the court decided that the clause was ambiguous and that questions of fact remained, so its opinion does not substantially answer the question of whether or not the notice of all subsequent interrelated claims must comply with the policy timeliness of notice requirements if the provision of notice of the initial claim complied with the notice timeliness requirements. It is interesting question that undoubtedly will come up again in the future.

dukeenergyDuke Energy, the largest provider of electricity in the United States, faces a number of challenges as it struggles to deal with the consequences of the February 2, 2014 coal ash spill at its Dan River Steam Station in Eden, North Carolina. In addition to the environmental remediation issues facing the company, two of its shareholders have now filed a derivative lawsuit against the company, as nominal defendant, as well as against 14 of its officers and directors, seeking damages, corporate governance changes, and injunctive relief. The shareholder lawsuit highlights how environmental issues can lead to potential D&O liability exposures and D&O insurance coverage concerns as well.

 

The shareholder lawsuit follows in the wake of a February 2, 2014 incident in which a broken storm water pipe beneath a coal ash pond at the company’s Dan River Steam Station allowed 39,000 tons of coal ash and twenty-seven million gallons of contaminated water to spill into the Dan River. The incident triggered a series of governmental investigations. According to news reports, the federal authorities have launched a criminal probe of the circumstances surrounding the spill. On May 22, 2014, the company announced that it had reached an agreement with the EPA regarding cleanup of the coal ash spill.

 

On May 21, 2014, two shareholders filed a derivative lawsuit against in Delaware Chancery Court against Lynn Good, the company’s CEO, B. Keith Trent, the company’s COO, and fourteen of the company’s current directors. The complaint (which can be found here) asserts claims against the individual defendants for breach of fiduciary duty, waste of corporate assets and unjust enrichment.  The complaint alleges that the defendants’ alleged misconduct has “exposed the company to billions of dollars of potential liability.”

 

The complaint alleges that the defendants “have known for years that the Duke Energy’s coal ash ponds were seeping toxic chemicals into the soil and rivers, yet took no action to remedy the problems.” The complaint also alleges that the individual defendants “also knew since at least 2010 that the Company was illegally operating without proper permits in several Duke Energy facilities.” The complaint alleges that “the board was well aware of the company’s longstanding violations, yet failed to take ay meaningful action to prevent further harm.” Instead, the complaint alleges, “the board caused or allowed Duke Energy to operate without proper permits, continuously pollute the environment, and fai to properly inspect the company’s coal ash ponds.”

 

The lawsuit seeks to recover the amount of damages that the individuals’ allegedly caused the company; to compel the company to comply with a March 6, 2014 state court order directing the company to eliminate contamination sources at its North Carolina coal plants; to abate existing and refrain from future environmental violations; to require the company to strengthen internal controls and adopt corporate governance reforms; and to compel the defendants to restore to the company compensation and other benefits they received.

 

It remains to be seen whether or not the plaintiffs will achieve their objectives with this lawsuit. But the because of the seriousness of the underlying incident, the company and the individual defendants will take this lawsuit very seriously as well.

 

As I have noted in prior posts (refer for example here), and as this lawsuit illustrates, corporate environmental liabilities can lead to director and officer liability exposures. The typical D&O liability insurance policy will contain an exclusion for loss arising from claims for pollution and environmental liabilities. However, many of these exclusions also contain a provision carving back coverage for shareholder claims. This case shows the importance of this kind of coverage carve back. The carve back ensures that directors and officers hit with this kind of shareholder suit filed in wake of an environmental incident are able to rely on their  D&O insurance to defend themselves against the shareholder suit.

 

In recent years, a number of D&O insurance carriers have introduced policy forms that eliminate the pollution exclusion altogether but that also incorporate into the policy’s definition of “Loss” a provision stating that Loss will not included environmental remediation or cleanup costs.

 

One area where questions can arise is when (as for example is the case here) a claimant seeks to recover as damages in a shareholder lawsuit the environmental remediation costs the company incurred. The insurer may take the position that the policy was not intended to provide insurance for environmental clean up costs, whether imposed directly in an environmental liability action or indirectly in a shareholder suit. Because these kinds of shareholder lawsuits typically settle, these insurance coverage issues have to be sorted out in the course of settlement negotiations. Because the shareholder claimants are seeking to recover a variety of alleged damages beyond just the cleanup costs, the individual defendants will contend that the insurance should be available to settle these claims.

 

In any event, this shareholder suit is yet another example of a recent phenomenon I have noted frequently on this blog (refer for example here), which is the incidence of shareholder litigation following in the wake of a regulatory or enforcement action. Regulatory and enforcement actions continue are an increasingly significant source of these kinds of follow-on claims. As this case demonstrates, among the enforcement arenas where these kinds of claims can arise is environmental regulation.

 

 

delaware2In a May 28, 2014 opinion (here), the Delaware Supreme Court held that an action by the bankrupt Washington Mutual bank holding company’s liquidating trust seeking a judicial declaration of coverage under the bank’s D&O insurance program for claims asserted by the trust against the failed bank’s directors and officers must be dismissed on ripeness grounds. The Court determined that the parties’ dispute “has not yet assumed a concrete or final form” and therefore that “any judicial determination at this stage would necessarily amount to an impermissible advisory opinion.”

 

Background 

In the days just before WaMu’s collapse in September 2008, the bank holding company made a $500 million “downstream” capital contribution in what proved to be a futile attempt to alleviate the bank’s liquidity crisis. The FDIC took control of the bank on September 28, 2008 and the bank holding company filed for bankruptcy. Following the bankruptcy filing, the committee of unsecured creditors sent the holding company’s former directors and officers a demand letter, asserting that the downstream capital contribution was wrongful and had been made in breach of their fiduciary duties and seeking damages.

 

For the policy period May 1, 2007 to May 1, 2008, WaMu’s bank holding company (hereafter, WaMu) had a $250 million D&O insurance program arranged in twelve layers. For the following period, May 1, 2008 to May 1, 2009, WaMu had a separate $250 million D&O insurance tower also consisting of twelve layers.

 

The former directors and officers to whom the creditors committee had sent the demand letter submitted it to the D&O insurers. The primary insurer denied coverage for the creditors’ committees claims under its 2008-09 policy; however, the insurer indicated that the claims would be covered under the 2007-08 program. The directors and officers have incurred defense fees in connection with the creditors committees’ claims which have been paid under the 2007-08 program. However, due to the numerous claims arising out of WaMu’s collapse, the 2007-08 program has been significantly depleted.

 

To date, the trust has not initiated any formal legal action against the former directors and officers to enforce the claims arising from the downstream capital contribution.

 

In October 2012, the liquidating trust, as successor to the creditors’ committee’s claims, filed an action in Delaware Superior Court disputing the insurers’ denial of coverage under the 2008-09 policies. The trust asserted three claims: one alleging breach of contract and another alleging breach of the implied duties of good faith and fair dealing for the denial of coverage under the 2008-09 policies, and a third claim seeking a judicial declaration that coverage under the 2008-09 policies is available for the claims concerning the downstream capital contribution and that the $50 million retention on the primary policy does not apply.

 

The insurers moved to dismiss the trust’s lawsuit arguing that the trust lacks standing to assert the first two claims and that the trust’s declaratory judgment claim does not allege an “actual controversy” that is ripe for adjudication. The trial court denied the insurers’ motion to dismiss, based on its determination that the trust has standing and that the declaratory judgment action presents a claim that is ripe for adjudication. The insurers sought leave to pursue an interlocutory appeal, which the trial court granted. The Delaware Supreme Court accepted the interlocutory appeal.

 

The May 28 Opinion 

In a May 28, 2014 opinion by Justice Jack B. Jacobs, the Delaware Supreme Court reversed the ruling of the court below and remanded the case to the trial court to be dismissed without prejudice. The Supreme Court found that the dispute was not yet ripe for resolution because it has “not yet reached a concrete or final form” and therefore “any judicial resolution at this stage would necessarily be based on speculation and hypothetical facts, and ultimately could prove unnecessary.” Because the Court resolved the appeal on the basis of the ripeness issue, the Court did not address the question of whether or not the trust had standing to assert the claims.

 

The ripeness doctrine under which the Supreme Court dismissed the case is sometimes expressed in the adage that the courts “do not render advisory or hypothetical opinions.” The purpose of the principle is to “conserve limited judicial resources” and to “avoid rendering a legally binding decision that could result in premature and possibly unsound lawmaking.”

 

To illustrate the point that “any judicial determination at this stage would necessarily amount to an impermissible advisory opinion,” the Court reviewed a series of hypotheticals. It could turn out, for example, that the trust might decide not to initiate a legal action against the directors and officers. Or, if the trust files a lawsuit, the directors and officers might prevail. Even if the trust were to file a lawsuit and ultimately obtain a settlement or judgment, determination in the case could affect the availability of coverage and could even affect the applicability of the retention.

 

Because the court determined that the parties’ dispute is not yet ripe for resolution, the court determined that the trust’s claims for breach of contract and breach of the implied duties of good faith and fair dealing are also not yet ripe. As the court noted, it would be “logically inconsistent for this Court to rule that a dispute is not sufficiently ripe to warrant entertaining a declaratory judgment claim, yet is sufficiently ripe to warrant entertaining and deciding claims for contractual breach.”

 

Discussion

WaMu’s collapse was the largest bank failure in U.S. history and its demise led to a flood of litigation. (To see my views about the bank failure at the time it occurred, refer here.) Among other things, the collapse has led to extensive coverage litigation. As discussed here, one of the recurring insurance coverage disputes is whether or not the various lawsuit are all interrelated and therefore trigger only the single tower of D&O insurance that was in force at the time the first claim was made or whether the second tower of insurance was also triggered. The question of whether or not the second tower has been triggered is significant because defense costs and settlement amounts have largely exhausted the first tower.

 

The coverage lawsuit the liquidating trust filed is another effort to try to get at the second tower of insurance. The creditors’ committee’s and the liquidation trust’s claims against the former WaMu directors and officers over the downstream capital contribution come down to a bid to try to nab some of the insurance money in the second insurance tower. Since the 2007-08 tower of insurance is substantially depleted, the liquidating trust’s claims against the former directors and officers only have value if the liquidating trust can hope to recover against the 2008-09 insurance program. The liquidating trust filed this coverage  lawsuit because if it can’t get at the second tower of insurance, its claims aren’t worth bringing.

 

The Supreme Court recognized that what the trust was really trying to do with its coverage action was to try to find out if it would be worth filing a lawsuit against the individual directors and officers. The Supreme Court observed that “the Trust’s only interest in having its dispute litigated now is apparently to receive judicial guidance about how much coverage would be available to the Ds&Os if the Trust were to initiate litigation against them.”

 

However, the Court said, while the trust was seeking guidance, it was doing so “not as a contractual counterparty seeking to vindicate the D&Os’ contractual rights, but rather as a potential claimant against the Ds&Os.” The trust’s desire to “receive advice” is “not a cognizable interest that will justify a Delaware court exercising its jurisdiction to decide this dispute.”

 

The Supreme Court remanded the case to the lower court to have it dismissed — but dismissed without prejudice. In other words, if the liquidating trust manages to get a settlement from or judgment against the former WaMu directors and officers on its claims, the trust would then be free to reinstitute its coverage action. It will only be at that point that the trust will find out whether or not it can get at the second tower. The trust will have to figure out if the costs and effort required to get to that point are worth the effort, especially allowing for the possibility that the trust could go through all of the intervening steps and then find out in the end that there wasn’t any coverage under the second tower any way.

 

Special thanks to a loyal reader for providing me with a copy of the Delaware Supreme Court’s opinion.