The first wave of “say on pay” litigation involved lawsuits brought by shareholders following a negative advisory say on pay vote under the Dodd-Frank Act. The second wave of say on pay litigation, which picked up in 2012, involved plaintiffs’ efforts to enjoin upcoming shareholder votes on compensation or employee share plans on the grounds of inadequate or insufficient proxy disclosure.

 

Now there is a “third wave” of executive compensation litigation, according to a February 21, 2013 memo from the Pillsbury Winthrop Shaw Pittman law firm entitled “Proxy Season Brings a Third Wave of ‘Gotcha’ Shareholder Litigation” (here). In these third wave lawsuits, the plaintiffs allege that companies issued stock options or restricted stock units to executives in amounts that exceed the limits of the companies’ stock plans. According to the law firm memo, this latest litigation wave “has not crested yet.”

 

As the memo details, the first two waves of say on pay litigation has not been particularly successful for the plaintiffs. Indeed, the memo includes detailed appendices laying out how the cases have fared in the courts. Among other things, the statistics in the memo show that in most cases the companies targeted in the second wave cases successfully fought the plaintiffs’ efforts to obtain preliminary injunctions; according to the memo, “the plaintiffs’ bar was beaten in 80% of the motions for preliminary injunction.”

 

Faced with these setbacks, the plaintiffs bar “has turned to a new area of focus” and “is demonstrating its resourcefulness by brining a third wave of shareholder litigation.” The third wave, like the first two waves, concerns executive compensation.  However, the third wave lawsuits do not relate to the say on pay votes.

 

According to the memo, in the past two quarters, ten companies have been targeted by derivative shareholder litigation “alleging that those companies awarded executive compensation in violation of stock plans and thus filed purportedly false and misleading proxy statements.” While noting that it is far too early to tell how these cases ultimately will fare, or whether these derivative suits  will even survive motions to dismiss base on the insufficiency of the demand futility allegations,  the memo does note that “if the allegations are true, these suits stand a higher probability of success than the two prior litigation waves.” However, it is “too soon to tell if plaintiffs’ allegations based on reading the relevant plans and examining the awarded executive compensations are correct or based on erroneous analysis.”

 

The memo further notes that these third wave cases are “entirely preventable.” If the allegations are true that companies issued stock options to executives in excess of limits authorized by the relevant plans, then “those actions could have been prevented by complying with all limits established by the plans.” The memo suggests that “careful review of executive compensation plans by in-house and outside counsel and compensation consultants should ensure compliance with all governing plans.”

 

While I am sure readers of this blog will find the law firm memo interesting, I suspect readers will find the memo’s detailed appendices, laying out the filings tallies and disposition patterns of the three litigation wave, to be particularly helpful and interesting.

 

Special thanks to Sarah Good of the Pillsbury law firm for sending me a copy of the memo.

 

Worth Reading: One of the blogs that we follow is The D&O Discourse written by Douglas Greene of the Lane Powell law firm. Yesterday, Doug had a post that I thought would be of interest to readers of this blog, so I am linking to it here. In the post, Doug describes important securities and corporate governance cases that he will be watching in 2013, particularly the Allergan derivative case pending in the Delaware Supreme Court and the Amgen case pending in the U.S. Supreme Court. The post does a nice job laying out why he is watching these cases and why they may be important. He also has an interesting analysis of some unanticipated and arguably unintended consequences from the Supreme Court’s 2011 decision in the Matrixx Initiatives case.

 

And Finally: How did a Roman era brick with a cat’s paw print wind up at the Fort Vancouver historical site in Washington State? Good question, answered in a February 21, 2013 article in The Atlantic Monthly entitled "1 Kitty, 2 Empires: 2,000 Years in World History Told Through a Brick" (here).

 

I recently had a meeting with the board of a publicly traded company. Among the topics I knew that I would be asked to address at the board  meeting is the growing risk of cyber liability. In my preparation for the board meeting, I came across a recent article by D&O maven Dan Bailey, a partner in the Bailey Cavalieri law firm, entitled "Cyber Risks: New Focus for Directors" which talks about companies’ growing cyber liability exposures and directors’ roles as companies try to address these exposures. I found Dan’s article so helpful that I contacted him to see if he would be willing to publish the article on this site. I am pleased to report that Dan agreed to allow me to publish the article, which is reproduced below. 

 

I would like to thank Dan for his willingness to publish his article on this site. I welcome guest posts from responsible commentators on topic of relevance to this blog. Readers interested in publishing a guest post are encourage to contact me directly. Here is Dan’s article: 

 

Cyber risks have become a major potential loss exposure for most corporations. Although nonexistent just a few years ago, most companies today are vulnerable to a growing list of threats relating to technology misuse. Not surprisingly, as businesses have become more reliant on technology, the resulting risks have become far more complex and potentially harmful.

 

Threats from hackers, thieves, third-party contractors, competitors and employees, as well as inadvertent misuse or loss of data, present potentially catastrophic financial and reputational risks to companies today. Even the most vigilant company can be a victim of a data breach or other cyber loss. Class action lawsuits, huge forensic and mitigation costs, notification and credit monitoring services and data restoration efforts can result in tens or even hundreds of millions of dollars of loss to a company. State attorneys general, federal and state regulators and plaintiff lawyers are all likely and formidable adversaries to the company if something goes wrong. In addition, the company’s computer systems may need to be shut down and business operations may be interrupted.

 

Like any other major risk exposure, directors should monitor the company’s cyber risks and confirm that reasonable steps are being taken to identify, prevent, mitigate and respond to cyber-related problems when they arise. Because these risks can damage not only the company but its customers, suppliers, other constituents and even the public, extra caution is necessary. Plus, new federal and state statutes and regulations are being adopted with increasing frequency which mandate appropriate company risk management practices in this area.

 

Directors are not expected to fully understand all of the risks, and all of the company’s risk management responses, in this highly technical area. However, directors should at a minimum comply with laws expressly applicable to them, should ask informed questions to gauge the company’s focus and preparedness in this area, and should generally understand the extent to which the company is insured—or not insured—for these exposures. The following discussion summarizes (i) new guidance from the SEC relating to cybersecurity risk disclosures, (ii) a sweeping new FTC rule relating to identity theft protection programs which requires board of director action, (iii) various questions a reasonably diligent director could ask to assure the company’s cyber risks are being properly addressed, and (iv) the types of insurance policies now available which cover—and do not cover—cyber risks.

 

A.      SEC Disclosure Guidance

On October 13, 2011, the SEC’s Division of Corporation Finance released “CF Disclosure Guidance: Topic No. 2 – Cybersecurity.” That “Guidance” summarizes the SEC’s views regarding a company’s disclosure obligations relating to cybersecurity risks and incidents. It does not change existing disclosure law, but merely explains the SEC’s interpretation of that existing law to the evolving topic of cybersecurity.

 

The Guidance defines “cybersecurity” as “the body of technologies, processes and practices designed to protect networks, systems, computers, programs and data from attack, damage or unauthorized access.” The Guidance recognizes that no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents, but that “a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents.” The Guidance also notes that material information regarding cybersecurity risks and cyber incidents “is required to be disclosed when necessary in order to make other required disclosures, in light of the circumstances under which they are made, not misleading.” The Guidance then highlights the following specific disclosure obligations that may require a discussion of cybersecurity risks and cyber incidents:

 

  • Risk Factors.Consistent with the Regulation S-K Item 503(c), cybersecurity risk disclosures must adequately describe the nature of the material risks and specify how each risk affects the registrant. The Guidance specifically mentions that to the extent material, appropriate disclosures may include a description of relevant insurance coverage.
  • MD&A. Registrants should address cybersecurity risks and cyber incidents in their MD&A if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect. 
  • Description of Business. If one or more cyber incidents materially affect a registrant’s products, services, relationships with customers or suppliers, or competitive conditions, the registrant should provide disclosure in this section.
  • Legal Proceedings. If a material pending legal proceeding involves a cyber incident, the registrant may need to disclose information regarding such litigation in this section.
  • Financial Statements. The Guidance reviews a number of situations in which cybersecurity risks and cyber incidents could impact a company’s financial statement disclosures, including disclosures regarding accounting treatment, depending on the nature and severity of the actual or potential incident.
  • Disclosure Controls and Procedures. Registrants are required to disclose conclusions on the effectiveness of disclosure controls and procedures.

 

The Guidance is not a new disclosure rule and should not be viewed as creating additional disclosure obligations, or expanding a public company’s existing disclosure obligations, regarding cybersecurity. However, in any shareholder litigation arising from a cyber incident, plaintiffs will undoubtedly challenge the disclosures based on this new Guidance.

 

The intent and focus of these new Guidelines is to provide better clarity to public companies with respect to what disclosures are required by existing laws and regulations with respect to cyber risks and incidents. Obviously, the SEC wants shareholders to be informed about what harm has or could occur to the company with respect to cyber matters. In making those disclosures, the SEC recognizes that a company may need to disclosure what relevant insurance coverage the company maintains in order to put the risk disclosures into proper context (i.e. the existence and disclosure of insurance will tend to offset some of the potential harm to the company arising from the cyber risks being disclosed).

 

This new SEC Guidance, by itself, should not materially impact a company’s insurance purchasing decision.  Like other areas of risk management, the ultimate question is whether a company believes it is prudent to transfer some of its cyber risk via an insurance product.  That is a classic business decision that typically is protected from judicial second-guessing via the business judgment rule.  The SEC is not now suggesting that companies should or should not purchase cyber insurance, but is merely stating that in order to present a full picture of a company’s “net” cyber exposure, a description of any relevant insurance coverage may need to be included in the company’s cyber disclosures.

 

Companies are struggling with how to respond to this new SEC guidance since cyber risks and cyber incidents are so difficult to predict, evaluate, quantify and describe.  However, it is clear that there will be more cyber-related disclosures in the future than has occurred in the past.  Because of that, companies may want to mitigate shareholder concerns arising from those additional cyber disclosures by purchasing and disclosing the existence of cyber insurance.  Although disclosing insurance information in some contexts is not desirable because it may serve as a lightning rod for claims against the Insureds, that risk here should be minimal since most of the loss covered by a cyber policy would very likely be incurred with or without the policy existing and being known by third parties (i.e., the disclosure of a company’s cyber insurance should not attract claims that would not otherwise be filed as a result of a covered cyber incident).

 

B.                 FTC “Red Flags Rule”

Effective December 31, 2010, the so-called FTC “Red Flags Rule” (16 CFR 681) requires a wide variety of companies to adopt Identity Theft Protection Programs that identify warning signals which should alert a company to the risk of identity theft, and that detect, mitigate and deal with identity thefts when they occur. Importantly, the new Rule states that the Identity Theft Protection Program must be approved by the company’s board of directors or an appropriate committee designated by the board.

 

This new Rule applies to financial institutions and “creditors” with “covered accounts.” A “creditor” is broadly defined to mean “any person who regularly extends, renews or continues credit.” This definition appears to cover a wide variety of entities (including public utilities) that extend credit or give credit terms, such as permitting payment at the end of the month for goods or services rendered throughout the month. As a result, any company that permits deferred payments appears to be a “creditor” under this new FTC Rule. For example, if the company issues a bill and receives payment subsequent to the provision of the goods or services, that company probably is a “creditor” under this Rule. A “covered account” is likewise defined very broadly in the Rule to include an account offered primarily for personal, family or household purposes that involves or is designed to permit multiple payments or transactions. A “covered account” also includes any business account if identity theft with respect to that account presents a reasonably foreseeable risk to consumers or to the safety and soundness of the company.

 

Under the Rule, larger and higher-risk entities must have a more comprehensive Identity Theft Protection Program than smaller or lower-risk entities. These Programs must include the establishment, testing and deployment of an effective program to identify and act upon “red flags” which alert the company to identity theft or the potential for identity theft. Merely adopting a program without proactive enforcement and oversight does not satisfy the Rule. Directors should carefully review the Identity Theft Protection Program recommended by management and should, before approving that Program, assure themselves that the Program is reasonably robust, sufficiently tailored to the unique circumstances of the company, is properly funded and staffed, and will be periodically reviewed by senior management and the board for effectiveness.

 

C.                 Cyber Risk Questions for Directors

For many companies, cyber risks represent one of the most volatile and potentially damaging exposures to the company. However, because these risks are so new, evolving and complex, many boards have given little if any attention to these risks. Although each company faces unique cyber risks and therefore each company’s response to these risks should be unique, the following summarizes 10 important questions which directors could ask in order to better understand these risks and whether the company is adequately responding to these risks.

 

  1. Is the responsibility and accountability for the creation, implementation, enforcement and updating of an integrated and company-wide cyber risk management program clearly defined at the executive level?
  2. Does the management team which addresses cyber risks include senior representatives from executive management, IT, legal, risk management, public relations and compliance/audit?
  3. Is the overall cyber risk management program periodically reviewed by the board?
  4. Does a board committee have designated oversight responsibility for the cyber risk management program?
  5. What are the company’s greatest cyber risks and how are those risks being anticipated, managed and mitigated?
  6. Is each component of the cyber risk management program documented, frequently tested and periodically audited by independent experts, and what are the results of that testing and audit?
  7. Are protocols for reacting to a cyber risk crisis when it occurs well defined and broadly understood?
  8. Are all employees required to participate in regular education and training programs relating to cyber risks?
  9. What is the company’s budget and staffing for cyber risk management and how does that compare with peer companies?
  10. What, if any, insurance coverage does the company maintain for cyber risks and is that coverage adequate in scope and amount?

 

D.                 Insurance Coverage

Directors should understand the extent to which the company is insured or uninsured for potentially severe cyber-related losses. Like other large risk exposures, quality insurance coverage with adequate limits of liability can greatly mitigate the ultimate impact of a cyber loss to the company’s financial health. In addition, many companies contractually require their vendors to maintain network security insurance which covers the vendor’s liability to the contracting company for accidental or criminal losses caused by the vendor. As a result, a company’s cyber insurance coverage should reflect both the company’s risk management philosophies and contractual obligations.

 

Traditional insurance policies maintained by a company typically provide very little, if any, coverage for many types of cyber risk. Standard commercial general liability (“CGL”) policies usually only cover damage to “tangible property” and therefore would not respond to loss or injury to intangible property. Although some limited coverage may exist under these policies for “personal injury” or “advertising injury,” many recent CGL policies (including the newest standard ISO general liability policy form) specifically exclude various types of cyber risk.

 

Likewise, a company’s crime or fidelity policy may have limited applicability depending upon the nature of the cyber-related loss. But, if the cyber risk results in a claim against directors and officers, the company’s D&O insurance policy likely will respond because those policies generally afford “all risk” coverage, subject to several exclusions. The most likely exclusion in a standard D&O policy which potentially could apply to a cyber claim is the property damage exclusion. However, like the scope of coverage under the CGL policy, the scope of this exclusion in the D&O policy is usually limited to damage to “tangible” property, so the exclusion should be inapplicable to most cyber claims.

 

To address these likely gaps in insurance coverage for the company, many insurance companies now offer various types of insurance policies specifically designed to cover cyber risks. These policies frequently cover both third party claims against the insureds, and first party losses incurred by the insureds, relating to a wide variety of cyber risks. These policies vary greatly among insurers and are still evolving. Because the types of cyber risks are constantly changing and because the policy language in these new types of policies is still largely untested, the exact contours of these newer policies are still being refined.

 

The third party coverage contained within these cyber policies usually applies to defense costs, settlements, judgments and other loss incurred in claims against the insureds by customers or other third parties if the alleged loss results from a broad range of wrongdoing by the company in connection with computer system, internet or other information-related matters, including breach of privacy due to theft, loss or misuse of data (including credit card, financial or health-related data); conduct which causes network systems to be unavailable to third parties or susceptible to computer virus or other third party attacks; or libel, slander, defamation, plagiarism, copyright or trademark infringement or other injuries resulting from “media” activities.

 

Examples of first party coverages in cyber policies include business interruption coverage for loss of business income as a result of an attack on the company’s network; cyber extortion coverage; public relations coverage associated with restoring public confidence following a cyber incident; cyber terrorism coverage; identity theft coverage for misuse or loss of confidential or private information; data restoration coverage; and coverage for notifying affected parties, providing credit monitoring services, incurring forensic costs to determine how the breach occurred, and restoring damaged hardware or software.

 

Cyber risk policies can be tailored to fit the unique exposures and needs of a particular company. Once a company identifies its most troubling cyber risk exposures, the company should work with an experienced cyber insurance broker to define and negotiate the desired coverage features and the appropriate insurance markets for that coverage. Like other types of negotiable insurance products, knowing what to ask for is extremely important to getting what you need.

 

The pace of bank closures has slowed to a trickle. There have only been three bank failures so far in 2013 (including one this past Friday evening, involving the Covenant Bank of Chicago, Illinois). But while bank failures have dwindled, the number of failed bank lawsuit filings has surged. On February 15, 2013, the FDIC updated its website to reflect a cluster of new failed bank lawsuit filings as well as an increased number of lawsuit authorizations. With the latest lawsuit authorizations, the FDIC is now approaching an authorized level of lawsuit filings comparable to the lawsuit filing level during the S&L Crisis.

 

With the three bank closures this year, there have now been a total of 471 bank failures since January 1, 2007. The FDIC’s latest litigation update shows that  during the current wave of bank failures the agency has now filed 51 lawsuits against the former directors and officers of 50 failed banks, meaning that the FDIC has already filed lawsuits in connection with just under 11% of all bank failures. But, as reflected in the updated information on the FDIC’s website, the agency has also authorized more lawsuits. The number of authorized lawsuits has continued to increase each month, as well.

 

As of February 15, 2013, the FDIC has authorized suits in connection with 102 failed institutions against 836 individuals for D&O liability. This includes the 51 filed lawsuits naming 396 former directors and officers at 50 institutions. In other words, there could be as many as 52 as-yet-to-be-filed lawsuits based just on the authorizations to date. Some of these authorized lawsuits may not ultimately be filed, as pre-litigation negotiations sometimes results in settlements that avert the need for a lawsuit to be filed. But were the FDIC to file lawsuit in connection with as many as 102 failed institutions, that would mean that the FDIC would have initiated lawsuits in connection with nearly 22% of all bank failures, a percentage that would approach the 24% rate during the S&L crisis. To the extent the agency authorizes even more lawsuits in coming months, the litigation rate could meet or even exceed the S&L crisis litigation rate.

 

The updated information on the FDIC’s website includes information relating to four additional filed bank lawsuits that I had not previously tracked. With the addition of these four latest suits, the FDIC has now filed a total of seven failed bank lawsuits so far in 2013, after having filed 26 during 2012. I briefly discuss each of the four latest lawsuits below. One interesting note about these four new suits is that none of them involve failed Georgia banks. As I have previously noted on this blog (most recently here, see second item), the failed bank lawsuits had been disproportionately concentrated in Georgia. These latest filings, none of which involve Georgia banks, might suggest that this imbalance may start to level out.

 

Here is brief description of the four latest failed bank lawsuit filings.

 

First, on January 18, 2013, the FDIC in its capacity as receiver for the failed Columbia River Bank of The Dalles, Oregon filed an action in the District of Oregon against seven former officer and three former directors of the bank. The bank failed on January 22, 2010, so the FDIC filed the suit just ahead of the third year anniversary of the bank’s closure. The FDIC’s complaint (a copy of which can be found here) asserts claims against the former directors and officers for gross negligence, negligence and breach of fiduciary duties. The complaint alleges that the defendants “took unreasonable risks with the Bank’s loan portfolio, allowed irresponsible and unsustainable rapid asset growth concentrated in high-risk and speculative” loans, “disregarded regulator warnings,” and violated the Bank’s loan policies and procedures. The defendants allegedly caused damages to the bank of no less than $39 million.

 

Interestingly, though the Columbia River Bank was not closed until January 2010, all but one of the specific loans cited in the complaint were originated in 2006 and 2007 (the one exception was originated in early 2008). As time goes by, the loan originations cited in the FDIC’s complaint start to seem more and more like ancient history.

 

Second, on January 29, 2013, the FDIC filed an action in the Middle District of Florida in its capacity as receiver for the failed Orion Bank of Naples, Florida. The FDIC’s complaint can be found here. The FDIC’s complaint seeks to recover damages of in excess of $58 million. The lineup of defendants is interesting, as the four individuals named as defendants are all former directors; none of the bank’s former officers are named as defendants.

 

The complaint, which asserts claims for gross negligence and breach of fiduciary duties, alleges that the bank “collapsed under the weight of the unsustainable growth strategy that the Defendants permitted Chief Executive Officer Jerry Williams to pursue.” Williams, the former CEO, is not named as a defendant in the case. The complaint alleges that as Williams pursued his “reckless growth strategy” he was “unrestrained” by the defendants who engaged in a “pattern of unconsidered acquiescence.” The Defendants are alleged to have approved loans “without meaningful deliberation or discussion.” The complaint alleges that the director defendants even continued to “ignore” their duties even after the bank had entered an August 25, 2008 written agreement with the federal banking authorities that was specifically concerned with the directors’ oversight responsibilities. 

 

The Orion Bank failed on November 13, 2009, which suggests that the parties may have entered some sort of a tolling agreement. The naming of only four former directors as defendants, and the absence of any officer defendants, is not explained in the complaint. One possibility is that as a result of negotiations while the tolling agreement was in place resulted in settlements on behalf of the former officers (this, I should add is sheer speculation on my part).

 

Third, on January 31, 2013, the FDIC in its capacity as receiver of the failed Security Savings Bank of Henderson, Nevada, filed an action in the District of Nevada against three former director and officers of the bank. The FDIC’s complaint (a copy of which can be found here) seeks to recover damages in excess of $13.1 million from the three defendants who allegedly “underwrote, recommended and/or voted to approve at least seven high-risk commercial real estate and acquisition and development and construction loans in violation of the Bank’s lending policies and clear principles of safety and soundness.”

 

The bank was closed and the FDIC appointed as receiver on February 27, 2009, which suggests that the parties had entered some sort of tolling agreement. The three defendants had resigned before the bank failed; two of them, the former CEO and the former Chief Credit Officer, had resigned in September 2008, and the third had resigned all the way back in December 2006. The three individual defendants have long since scattered, with two now living in Texas and a third living in Virginia. All of the specific loans mentioned in the FDIC’s complaint were originated in 2005 and 2006, which really does seem like ancient history.

 

Fourth, on February 13, 2013, the FDIC, in its capacity as receiver of the failed LaJolla Bank of LaJolla, California filed an action in the Southern District of California against two former officers of the bank and against the bank’s former board Chairman. The complaint (here) asserts claims for negligence, gross negligence and breach of fiduciary duty and seeks to recover damages in excess of $57 million. The complaint alleges that the defendants violated the bank’s loan policy and “safe and sound lending practices” by “recommending or approving speculative commercial real estate loans despite known adverse economic conditions,” as well as recommending or approving loans to borrowers who were not creditworthy, or without requiring sufficient underwriting and without sufficient information.

 

Regulators closed the LaJolla Bank on February 19, 2010, so the FDIC filed its complaint just prior to the third anniversary of the bank’s closure. The specific loans referenced in the complaint were originated between March 2007 and March 2009.

 

Reading these four complaints in quick succession was an interesting experience. Though there are noteworthy variations between the complaints (for example, with the Orion Bank complaint, which names only director defendants), there is also a certain sameness to the complaints, as well – so much so that some of the allegations and even phraseology seem to be lifted verbatim from other complaints. It is, after all, a familiar story. The banks grew quickly during a period of rapid economic expansion and then were slow to recognize the seriousness of the downturn. In the aftermath, it appears that many of the loans extended during the go-go days had not always been made with full procedural compliance. It does beg the question whether the losses were the result of the failure to follow procedures or of the suddenness and severity of the downturn.

 

Another unmistakable impression from reading these complaints in quick succession is that as time goes by, the events on which the FDIC is going to be trying to base its current and any future lawsuits are receding further and further into the past. As noted above with respect to the Security Saving Bank complaint, the defendants are scattering. As time goes by, the FDIC’s burden is going to become increasingly archeological.

 

This Just In From Our Istanbul Bureau — D&O Liability and Insurance in Turkey: As is the case in many countries, the use of D&O insurance is still relatively new in Turkey. However, as discussed in an interesting January 29, 2013 article by Naşe Taşdemir Önder and Pelin Baysal of the Mehmet Gün & Partners law firm entitled “Turkey: Directors’ and Officers’ Liability Insurance in View of the New Turkey Commercial Code” (here), new standards on corporate governance incorporated into the new Turkish Commercial Code are “expected” to “lead to increase in demand for D&O policies.”

 

According to the authors, the new Code introduces new requirements for “universal accounting and auditing standards and rules for increased transparency” which the authors expect will support the “operability” of “liability provisions.” According to the authors, the Code introduces a “heavier level of duty of care” for directors and officers. Among other things, the new Code provisions introduce certain specific types of liability provisions, including in particular liability for misrepresentations in documents and declaration and misrepresentations on capital subscription. The Code introduces many other new provisions, including new provisions allowing for claims by shareholders for losses incurred by the company.

 

With respect to insurance, the new Code specifies that third party liability insurance will be consider “occurrence based” unless otherwise indicated in the policy. The new Code also prohibits coverage for losses arising as a result of willful acts. The author’s very thorough examination of the new Code’s insurance-related provisions detail the many other specific insurance issues that the new Code addresses.

 

For anyone interested in the D&O liability and D&O insurance issues in Turkey, the authors’ memo is a valuable resource.

 

And Now, From Our Singapore Bureau: Regular readers of this blog may recall my post about my April 2012 visit to Singapore, which I found to be an interesting and impressive place. But Singapore’s transformation into a gleaming metropolis is relatively recent. As shown in this photo montage from Business Insider, Singapore had to become what it is today and relatively recently it was a very different place. I found these photographs, and the history they embody, to be fascinating.

 

And Finally: Kalefa Sanneh’s excellent and interesting article in the February 11 & 18 issue of The New Yorker entitled “Sprit Guide” (here), about whisky distiller Bruichladdich, contains the following sentence, written with reference to the whisky sampling  techniques of the whisky maker’s master distiller, Jim McEwan: “It’s a simple process, but consumers hoping to reproduce McEwan’s results at home will find, no doubt, that some variant of the uncertainty principle applies: the more research you conduct, the less reliable your data become.” I tip my hat to the article’s author; the sentence has its own humor, in that conducting whisky research undoubtedly involves certain limits owing to the properties of the subject matter.  But it is the sly side reference to Heisenberg’s uncertainty principle that I admire.

 

Though I could never hope to write with such sophisticated humor, I can certainly admire the writing, including also the following sentence from the same article:  “The first part of the distillate, known as the foreshot, contains methanol, which can be toxic in large quantities – although the same could be said of whisky.” (Side note: In Scotland, there’s no “e” in whisky.)

 

In what may be the largest settlement ever in securities class action litigation involving a pharmaceutical company, Merck has agreed to a combined settlement of $688 million to settle two related securities class action cases. The company’s February 14, 2013 press release announcing the settlements can be found here.

 

The lawsuits relate to alleged representations concerning the anti-cholesterol drug Vytorin. The drug was marketed through a joint venture between Merck and Schering-Plough. The shareholder claimants allege that the companies and certain of their directors and officers withheld information relating to poor clinical trial results while continuing to promote the drug’s benefits.

 

 

According to the company’s press release, the company will pay $215 million to resolve the claims against the Merck defendants and $473 million to resolve the claims against the Schering-Plough defendants. The company also announced that it would take a pre-tax and after-tax charge of $493 million, which the company indicated "reflects anticipated insurance recoveries." (Although it is not entirely clear, the company statement about the charge suggests that the company "anticipate" insurance recoveries of $195 million, possibly under the insurance programs of the two companies).The settlements are subject to court approval.

 

 

According to Victor Li’s February 14, 2013 Am Law Litigation Daily article (here), the cases settled three weeks before they were set to go to trial. The article also quotes the lead plaintiffs’ lawyers as saying that the settlement is the largest ever involving a securities class action lawsuit against a pharmaceutical company; is among the top ten settlements in a securities class action that didn’t involve a restatement; and is among the 25 largest securities settlements of any kind.

 

 

Facebook IPO Derivative Suits Dismissed: In a February 13, 2013 opinion (here), Southern District of New York Robert Sweet granted without prejudice the defendants’ motion to dismiss the Facebook IPO shareholders’ derivative suits that had been multidistricted before him. The ruling not only represents a win for the defendants in the derivative suits, but it could also prove helpful in the parallel securities class action litigation. In addition, parts of the opinion may also be helpful in other state court IPO cases and may even prove helpful for defendants attempting to address the multi-jurisdiction litigation problem in the M&A litigation context.

 

As Alison Frankel discusses in a February 14, 2012 post on her On the Case blog (here), Judge Sweet’s ruling contains strong language dismissing plaintiffs’ claims based on Facebook’s alleged failure to disclose internal projections, noting that "courts throughout the country" have "uniformly agreed" that the internal calculations are not material. He added that "an opposite ruling would have changed at least two decades of IPO practice."

 

Judge Sweet also (as Frankel puts it) "implicitly endorsed" the use of forum selection clauses in certificates of incorporation, though he denied Facebook’s motion to dismiss on forum selection grounds. According to the defense lawyers Frankel quotes in her post, the judge’s analysis of the issue, though clearly dicta, represents a "significant" development in a relatively undeveloped area of the law.

 

Judge Sweet also held that shareholders who purchased their shares in the IPO do not have standing to complain about pre-IPO conduct. Derivative plaintiffs must be able to show that they owned their shares at the time of the conduct they are complaining about. Because they did not own their shares at the time of the pre-IPO conduct that is the basis of their claims, they lack standing to assert claims based on that conduct.

 

Finally, Judge Sweet held that federal judges have discretion to consider threshold issues such as standing and forum selection clauses even before they determine whether they have jurisdiction over the derivative suits. It is this latter holding that Frankel suggests may be most helpful to defendants litigating multi-jurisdiction M&A litigation, because the defendants could remove the state court cases to federal court and before the case can be remanded the federal court might be able to rule on the threshold issues.
 

Securities class action filings in Canada were down in 2012 compared to 2011’s record number of filings and compared to recent annual averages, according to a February 13, 2013 report from NERA Economic Consulting. The report, which is entitled “Trends in Canadian Securities Class Actions: 2012 Update,” can be found here. NERA’s press release summarizing the report’s findings can be found here.

 

According to the report, there were nine securities class actions filed in Canada in 2012, down from the “all time high” of 15 new cases filed in 2011, and below the annual average of 12 new cases filed per year since 2008. Eight of the nine 2012 cases were filed under the secondary market civil liability provisions of the provincial securities actions (so-called “Bill 198” cases).

 

The downturn in the number of new securities class action lawsuit filings in Canadian securities class action may be due in part to the abatement of a couple of filing trends that drove filings prior to 2012. In recent years, filing levels had been increased due to credit crisis related filings and due to the surge in cases against Chinese domiciled companies. There were no new case filings in Canada in 2012 related to either of these trends.

 

Eight of the nine cases involved companies with shares traded on the Toronto stock exchange. The ninth case involves Facebook, which does not have shares listed on a Canadian exchange. (As discussed here, there is recent Canadian authority allowing cases against companies whose shares traded exclusively on foreign exchanges to go forward in Canadian courts.)  Six of the nine new Canadian securities class action cases had parallel U.S. filings

 

In addition to these new filings in Canadian courts, there were six U.S. class action filings in 2012 involving Canadian-domiciled companies. Two of these six also involved parallel Canadian securities class actions, but four of the six involved companies for which there is no parallel Canadian class action.

 

Two-thirds of the 2012 securities class action filings in Canada were brought against companies in the mining or oil and gas sectors.

 

The most significant securities class action settlement in Canada is E&Y’s $117 million settlement in the Sino-Forest case, which, the report notes, if approved would represent “the largest settlement of a Bill 198 case to date.” There have only been two prior audit firm defendant settlements of Bill 198 cases, both of which involved the auditors’ agreement to pay $500,000 to settle the claims.

 

The report notes with respect to the twelve Bill 198 cases that have settled to date (excluding partial settlements, which would remove the E&Y/Sino Forest settlement from the calculation) that the average settlement amount is $10.5 million and the median settlement is $9.3 million. The average settlement as a percentage of compensatory damages claimed is 12.6% and the median is 8.9%. The average settlement of the four Bill 198 cases that had parallel U.S. claims is $16.9 million and the median is $17.2 million. The average of the settlements in the eight domestic-only cases is $7.4 million and the median is $5.4 million.

 

With new filings, settlements and dismissals during 2012, there are now a total of 51 active Canadian securities class actions, four more than at the end of 2011 and nearly double the number of active cases four years ago. All but nine of the cases still active as of the end of 2012 were filed after 2007. The combined impact of the growing number of open claims and case law developments suggest that “we may see more settlements during 2013 than we saw in 2012.”

 

For discussion of a recent law firm memo asking whether class action lawsuits in Canada had “reached maturity,” refer here.

 

Litigation related to M&A activity continued at an “extremely high rate” in 2012, according to the latest research update from Ohio State law professor Steven Davidoff and Notre Dame business professor Matthew Cain. According to the professors’ analysis, presented in their February 1, 2013 paper entitled “Takeover Litigation in 2012” (here), 91.7% of all merger transactions that met the professors’ criteria attracted at least one lawsuit, compared to 91.4% in 2011.

 

The professors’ paper is the latest update on their research originally presented in their January 2012 article entitled “A Great Game: The Dynamics of State Competition and Litigation” (here), which I reviewed here. Following the original article’s publication, the professors updated their research with additional litigation data regarding M&A transactions that took place in 2011. Their latest paper updates their research with regard to 2012 transactions.

 

The professors have limited their analysis to merger transactions over $100 million involving publicly traded target companies with an offering price of at least $5 per share. The 2012 update includes only transactions there were completed as of January 2013. The professors intend to update their 2012 data in six months to incorporate information relating to the in process transactions.

 

It is probably worth noting that there were fewer deals that met the professors’ sorting criteria in 2012. There were only 84 deals with the defined characteristics in 2012, compared to 128 in 2011 (representing a year over year drop of 34%). But the percentage of deals attracting at least one lawsuit remained virtually unchanged, with 91.7% of deals attracting at least one suit, compared to 91.4%. The professors believe based on anecdotal evidence, that when they update their 2012 “the ultimate litigation rate will match or exceed the 91.7% figure.” Though the litigation rate is virtually unchanged from 2011, the 2012 rate is “almost 2.5% that of 2005,” when the litigation rate was only 39.3%.

 

The number of complaints brought per transaction remained at about 5.0 lawsuits per transaction, the same rate as in 2011 but more than double the mean number of lawsuits in 2005, when the figure was 2.2/ Multi-jurisdiction litigation “remained similar in 2012 with 50.6% of transactions with litigation experiencing litigation in multiple states,” compared to 53% in 2011.

 

87.5% of all 2012 cases that had settled involved “disclosure only” settlements, compared to 79.5% in 2011. The average attorneys’ fees were down substantially in 2012, but that may be driven by a few larger settlements in 2011. The median attorneys’ fee award was about the same both years — $580,000 in 2011, $595,000 in 2012.

 

Delaware attracted a slightly reduced share of M&A litigation in 2012. The state attracted 46.7% of all litigation that could have been filed in there in 2012, compared with 52.8% in 2011. Delaware “also appears to be dismissing fewer cases, thus allowing more cases to be settled” – 76.9% of Delaware cases settled in 2012, compared with 61.5% in 2008. The authors note, referencing their original paper, that “when Delaware loses cases to other jurisdictions it historically has dismissed fewer cases and allowed more to settle, consistent with conduct designed to reattract litigation.”

 

Discussion

Because of the authors’ sorting criteria, their analysis and conclusion are most relevant to the larger transactions. However, based on my own observations, the authors’ conclusions are consistent even with respect to the smaller deals that do not meet their sorting criteria. The explosion of M&A-related litigation in recent years has not been limited just to the larger companies and transactions.

 

The surge in M&A related litigation in recent years has been one of the principal justifications the D&O insurance carriers have given as an explanation for their efforts to try to increase the insurance rates, particularly with respect to the rates for primary D&O insurance. In addition, the upsurge in M&A-related litigation has also affected the terms and conditions that the carriers are willing to offer. In particular, some carriers have been insisting on adding a separate, larger retention for M&A-related claims. The professors’ updated M&A-related litigation date seems to suggest that the carriers will try to continue to push rate and to try to include separate M&A-related claim retentions.

 

As I detailed in a prior post (here), the defense expenses and settlement amounts associated with M&A-related litigation represent a serious problem, for the companies involved and for their insurers. The prevalence of the multi-jurisdiction litigation is a particularly vexing problem, as the proliferating lawsuits are expensive to defend and difficult to resolve.  Unfortunately, based on the professor’s updated research, all signs are that these phenomena will remain a significant part of the corporate and securities litigation landscape for the foreseeable future.

 

Special thanks to Professor Davidoff for providing me with a copy of his latest paper.

 

Chinese Reverse Merger Cases: Is There a “China Discount”?: During 2010 and 2011, and to a lesser extent during 2012, the plaintiffs’ securities lawyers rushed to file securities class action lawsuits against Chinese companies that had obtained a U.S. listing through a reverse merger. But while these cases flooded the courts, they have not proven to be a huge bonanza for the plaintiffs’ lawyers or their clients. As I noted in a prior post, the settlement so far have been rather modest.

 

Michael Goldhaber’s February 12, 2012 Am Law Litigation Daily article entitle “Whither Chinese Reverse Merger Litigation?” (here) suggests that there may be a “China discount” in the Chinese reverse merger cases. The article quotes a defense attorney with the Sherman & Sterling law firm as saying that there is now a “critical mass of settlements between $2 million and $3 million” and that these lower settlements “may exert a gravitational pull on other settlements down the road.” The article notes that “the remarkable uniformity of the settlements suggests that $5 million D&O insurance policies are standard for this niche,” adding that a policy of that amount allows enough for defense fees and a settlement compromise with in the policy limit.

 

The two arguable exceptions to these generalizations both involve proceedings outside the U.S. The first is the $77.5 million Hong Kong arbitration award that C.V. Starr obtained against the founding shareholders of China MediaExpress Holdings (about which refer here) and E&Y’s $118 million December 2012 settlement of a Canadian class action arising out of its audit of Sino-Forest Corporation (refer here). Though these two exceptions each have their own distinct characteristics, these developments may hearten the claimants in the other cases and give them the incentive to continue to try to press on. The evidence so far, however, suggests the greater likelihood of the more modest settlements that have tended to become the norm.

 

A particularly interesting feature of the Am Law Litigation Daily article is a link to Sherman & Sterling document provided a comprehensive status summary of more than 75 disputes in U.S. forums relating to allegations of securities violations by Chinese parties, including more than 50 reverse merger companies. The summary document can be found here.

 

In order to try to defend themselves from claims asserted against them by the FDIC as receiver for a failed bank, the failed bank’s directors and officers often raise affirmative defenses, either based on pre-receivership conduct (as for example, in connection with pre-failure examinations) or post-receivership conduct (as for example in connection with the agency’s management of the liquidation process). Whether or not these defenses can be asserted against the FDIC was litigated extensively in the failed bank litigation arising in the S&L crisis era. These questions were raised again in one of the FDIC’s current bank cases. In a February 12, 2013 order (here), Northern District of Illinois Judge Virginia Kendall granted the FDIC’s motion to strike the directors and officers affirmative defenses.

 

On July 31, 2009, regulators closed the Mutual Bank of Harvey, Illinois and the FDIC was appointed as receiver.  As discussed here, on October 25, 2011, the FDIC initiated a lawsuit in the Northern District of Illinois. The complaint was noteworthy at the time because the bank not only named as defendants eight former directors and two former officers of the bank but also included the complaint also names as defendants the bank’s outside General Counsel, who was also a director of the bank, and well as the General Counsel’s law firm.

The defendants asserted a number of affirmative defenses, including the defenses of failure to mitigate, comparative fault, superseding/intervening cause, lack of proximate cause and waiver and estoppel. The FDIC moved to strike the affirmative defenses.

In her February 12 order, Judge Kendall first addressed the defendants’ defenses that were based on the FDIC’s alleged conduct during the regulatory and investigatory of the FDIC’s examination of the bank (that is, its pre-receivership conduct).  Judge Kendall granted the FDIC’s motion to strike these defenses because the conduct of the FDIC during the pre-receivership regulation of the bank falls into the “discretionary conduct” exception to the Federal Tort Claims Act. Discretionary agency conduct cannot be the basis of a claim against the U.S. or one of its agencies. Judge Kendall said the same reasoning “applies with equal force to affirmative defenses pleaded against a government agency because of that agency’s discretionary acts.”

The defendants also asserted affirmative defenses of failure to mitigate, superseding/intervening cause, comparative fault, which related to the agency’s post-receivership conduct. These defenses relied primarily upon the agency’s alleged post-receivership failure to collect on the bank’s accounts and improperly disposed of the bank’s assets, among other things. After an extensive review of the case law developed during the S&L crisis, Judge Kendall concluded that all of the conduct on which the defendants sought to rely was within the agency’s discretionary functions. Judge Kendall granted the FDIC’s motion to strike these defenses “because they improperly challenge the discretionary power of the FDIC to maintain and dispose of the Bank’s assets post-receivership.”

The defendants also raise affirmative defenses related to causation, such as lack of proximate cause and intervening/superseding causes, based on the general market conditions during the financial downturn. Judge Kendall noted that proximate cause is an element of the FDIC’s case in chief and is not properly pleaded as an affirmative defense. However, she noted, “striking the affirmative defenses related to lack of proximate cause and/or presence of intervening cause by no means bars the defense from asserting that the FDIC has not carried its burden with respect to the element of causation.”

Finally, Judge Kendall also struck the defendants attempt to reserve the right to assert affirmative defenses at a later date. Judge Kendall found that this attempted reservation is an “improper reservation under the Federal Rules.”

Discussion

The FDIC generally argues that when it takes over as receiver, it “stands in the shoes” of the failed bank. That does not seem entirely to be the case, however, at least with respect to some of the affirmative defenses these defendants sought to assert here. Certainly, if the bank were still viable and asserted the claims against the directors and officers of the kind that the FDIC is asserting, the individual defendants would have the right to assert affirmative defenses (or at least to argue that they had that right under applicable state law). However, the agency argued that it is not susceptible to these defenses because of its discretionary agency functions. Clearly, if the agency has the right to make that argument, its receivership status involves something other than just standing in the shoes of the failed bank.

During the current bank failure wave, other failed banks’ directors and officers  have also sought to assert affirmative defenses against the FDIC, and in at least some instances, they have done so with somewhat greater success that the defendants here. For example, as discussed here, in a February 2012 ruling, Northern District of Georgia Judge Steve C. Jones granted in part and denied in part the FDIC’s motion to strike the affirmative defenses of the former directors and officers of the failed Integrity Bank.

Judge Jones granted the FDIC’s motion to strike the directors and officers affirmative defenses based on the agency’s pre-receivership conduct. However, Judge Jones denied the FDIC’s motion to strike the affirmative defenses based on a failure to mitigate, estoppel and reliance “to the extent those defenses are based upon post-receivership conduct by Plaintiff in its capacity as receiver.” 

Judge Jones’s rulings in the Integrity Bank case are now before the Eleventh Circuit on interlocutory appeal, although the principal issue before the appellate court is whether r not under Georgia law the FDIC can assert claims of ordinary negligence against the failed bank’s directors and officers. Interestingly, Judge Kendall’s opinion does not refer to Judge Jones’ s rulings in the Integrity Bank case (perhaps because Judge Jones’s rulings relied to a certain extent on Georgia law).

Whether or not the former directors and officers of a failed bank can assert affirmative defenses against the FDIC represents a significant issue, and one on which the courts appear to be differing conclusions. It remains to be seen whether one or the other line of analysis will control these issues. It should be noted that in both of the two district court opinions, the district court judges did agree that even if the defendants could not argue causation issues as an affirmative defense that the defendants could argue that the FDIC had not carried its burden to establish causation in its case in chief.

Many thanks to a loyal reader for sending me a copy of Judge Kendall’s opinion.

After entity coverage began to be added to the D&O insurance policy a couple of decades ago, a recurring problem in the bankruptcy context was whether or not the D&O policy proceeds were property of the estate under Bankruptcy Code Section 541(a) and subject to the automatic stay under Bankruptcy Code Section 362. The question arose because the directors and officers of the bankrupt company wanted access to the insurance proceeds to fund defense expense or settlements, but the bankruptcy trustee wanted the proceeds preserved so they are available to satisfy the trustee’s own claims, and so the trustee sought to subject payment of the proceeds to the bankruptcy stay.

 

As most practitioners who regularly deal with these issues know, the practical solution to these issues that seems to have been worked out is for the insured directors and officers to approach the bankruptcy court in order to try to obtain an order lifting the stay to allow the carrier to advance their costs of defense, usually subject to certain terms and conditions. These orders are often referred to as “comfort orders,” since they allow the carrier to advance the defense costs without running afoul of the bankruptcy court.

 

Though these procedures may be well known to those who have to deal with them frequently, they may be less familiar to others in the industry who are not as frequently involved in claims presenting these issues. Recent developments in a high-profile case provide a window into these procedures. Although these case developments are not unprecedented, they still provide a useful and perhaps even interesting insight into the way these processes work, particularly for those who may be less familiar with the processes.

 

As was well-publicized at the time, in November 2012, the Rhode Island economic development agency sued former major league baseball star Curt Schilling and several executives at Schilling’s defunct video gaming company, 38 Studios, in a civil action in Rhode Island Superior Court, alleging that Schilling and the other executives, as well as certain officials from the economic development agency, committed fraud in connection with the state’s approval of a $75 million loan guarantee supposedly provided to induce the company to relocate to Rhode Island from Massachusetts.

 

At the time the lawsuit was filed, Schilling’s company and certain related entities were in Chapter 7 bankruptcy proceedings in the District of Delaware bankruptcy court. The trustee in the bankruptcy proceeding contended that the proceeds of the company’s D&O policy were subject to the automatic stay in bankruptcy. Schilling and three other executives from his company filed a motion in the bankruptcy court seeking to have the automatic stay lifted in order to permit the advancement under the D&O policy of their costs incurred in connection with the defense of the Rhode Island lawsuit. The bankruptcy trustee filed limited objections.

 

On February 7, 2013, Bankruptcy Court Judge Mary Walruth granted the executives’ motion and entered an order (a copy of which can be found here) authorizing the D&O insurer to advance the executives defense costs, subject to certain conditions. First, the carrier was directed to provide the trustee and the trustee’s counsel no more than 45 days after the close of each calendar quarter a report stating the total amount disbursed under the policy; the amount disbursed during the quarter; the amount of fee and costs requests pending for which the carrier had not yet made disbursement; and the total amount of coverage remaining under the policy. The order specified that the trustee retained the right to try to seek to have the stay reinstated. The order also specifically stated that the order did not modify the parties’ various rights and obligations under the policy.

 

With the benefit of the order, Schilling and the other officials will now be able to rely on the D&O policy proceeds to fund their defense against the claims in the Rhode Island lawsuit. While there may be nothing remarkable about this now, for many years this relatively straightforward process was highly controversial and extensively litigated, as a result of disputes over the extent to which the policy and the policy proceeds were assets of the estate of the bankrupt company. Fortunately, the processes followed here are now better established. This case provides a good illustration of the way these things now work for those that may not be entirely familiar with these practices.

 

It is nothing new for seemingly outrageous emails to trigger attention-grabbing claims of wrongdoing. But revelations this past week arguably represent some type of high-water mark, as a cluster of serious allegations were accompanied by a trove of embarrassing excerpts from emails and instant messages. While the latest disclosures provide yet another reminder of the dangers associated with ill-considered use of modern electronic communications technology, they also raise questions about the use that regulators and claimants are attempting to make of the communications.

 

The regulators’ press releases announcing RBS’s settlement this past week of charges of alleged Libor manipulation drew heavily on excerpts from the bank’s internal electronic communications. The CFTC considered the communications so damning that it included several pages of excerpts in its February 6, 2013 press release announcing RBS’s agreement to the agency $325 million penalty. Among other things, the press release quotes RBS yen traders, aware of other rate-setting banks’ manipulative conduct, as saying that “the jpy libor is a cartel now,” to which another trader commented that “its just amazing how libor fixing can make you that much money.” A later communication quotes a yen trader as saying that there is “pure manipulation going on.” 

 

The CFTC’s press release quotes other internal communications that appear to show RBS Libor rate submitters and derivatives traders agreeing on where to set that days rate submissions, with the traders offering (seemingly modest) inducements such as “sushi rolls from yesterday” and “there might be a steak in it for ya” and “we’ll send lunch around for the whole desk.” The messages also seem to show the traders interacting with interbroker dealers, asking them to “speak to” the rate submitters at other banks, so that “as a team” the rates come in at the desired level.

 

A February 6, 2013 Financial Times article detailing many of the RBS emails and entitled “Record of Trader Talk to Haunt RBS,” can be found here.

 

Similarly, and as I noted in my prior post about the DoJ’s recent civil complaint against S&P, the government’s allegations against the rating agency depend heavily on excerpts drawn from internal emails and other electronic communications. The embarrassingly colorful emails seem to suggest that the rating agency consciously issued unjustifiably high ratings for CDOs to please its customers and to avoid losing market share to rival rating agencies. The email excerpts include the now infamous line on one April 5, 2007 instant message from a securities analyst that “we rate every deal … it could be structured by cows and we would rate it.” The complaint also quotes — at length and in full — one S&P analyst’s 2007 March parody of the Talking Head’s song “Burning Down the House,” entitled “Bringing down the House” and suggesting that subprime mortgage delinquencies were threatening to wreak havoc.

 

The complaint quotes more serious (and seemingly more damning) messages, including the July 5, 2007 message from a recently hired S&P analyst to an outside investment-banker:

 

The fact is, there was a lot of internal pressure in S&P to downgrade lost of deals earlier on before this thing started blowing up. But the leadership was concerned about p*ssing off too many clients and jumping the gun ahead of Fitch and Moody’s.

 

The emails quoted in the complaint also reflect an apparent internal debate about S&P’s rating methodology and whether proposed tightening could prove competitively disadvantageous. The DoJ complaint quotes one internal May 2004 e-mail as saying:

 

We just lost a huge Mizhuo RMBS deal to Moody’s due to a huge difference in the required credit support level. What we found from the arranger was that our support level was at least 10% higher than Moody’s … this is so significant it could have an impact on future deals. There’s no way we can get back on this one but we need to address this now in preparation for future deals

.

There were also revelations this past week in the civil litigation that Belgian bank Dexia filed in 2012 against JP Morgan and its affiliates. As detailed in a February 6, 2013 New York Times article entitled “E-Mails Imply JP Morgan Knew Some Mortgage Deals Were Bad” (here), Dexia is relying on a “trove of internal emails and employee interviews” to allege that when JP Morgan uncovered flaws in thousands of home loans, rather than disclosing the problems, the bank simply adjusted the critical reviews,  perpetuating the appearance that the securities into which the mortgages had been bundled were more secure than they might otherwise appear.

 

Among other things, the Times article quotes a September 2006 internal JP Morgan mortgage loan analysis that determined that “nearly half of the sample pool” was “defective,” meaning that the loans did not meet underwriting standards. The article says that JP Morgan dismissed or altered these and other critical assessments, for example, to show that a smaller number of loans were “defective.” The article cites one specific example in which a 2006 review of mortgages found that over 1,100 mortgages were more than 30 days delinquent, but that the offering document sent to investors showed only 25 loans as delinquent.

 

In its February 8, 2013 front-page article about Tom Hayes, a derivatives trader known as ‘Rain Man” and who worked, serially, for RBS, UBS and Citigroup, and who is one of the few individuals to be individually prosecuted in connection with the Libor scandal, the Wall Street Journal not only quoted Hayes’s email communications but also reported that Hayes would “change his status on his Facebook page to reflect his daily desires for Libor to move up or down.”

 

One interesting feature of a number of these communications is that in many instances the individuals involved evinced awareness that they needed to be careful with what they said. For example, the author of the “Burning Down the House” parody, in an email that followed quickly after the first note in which he sent the parody lyrics, told the parody recipient “For obvious professional reasons, please do not forward this song. If you are interested, I can sing it in your cube.” The CFTC’s press release quotes a transcript from a telephone conversation (recorded because it took place on a trading desk), in which a trader and a rate submitter agreed on a rate level to be submitted to the British Banker’s Association (BBA); in the transcript that submitter advises the trader (after refusing to agree to the rate on Bloomberg Chat), that “We’re just not, we’re not allowed those conversations on [instant messages]” because, the rate submitter tells the trader “of the BBA thing” (that is, reports of investigation involving Libor rate setting at the BBA).

 

There is no doubt that these excerpts from the emails and other electronic communications make a horrible impression and could even cause the various companies involved serious problems. But as damning as some of these emails seem to be, there is also a danger that the impression these messages create is a false one. In an interesting February 7, 2013 essay on Yahoo Finance (here), Henry Blodget (who certainly knows a thing or two about embarrassing emails):

 

the trouble with email is that sometimes people who aren’t, in fact, breaking rules often vent or joke or react to information in emails–and, in so doing, create a "paper" trail that, later, out of context, makes it look like they have broken rules (or at least done something sleazy). And when these emails come out, they are often seized upon as proof of wrongdoing, before they have actually been evaluated in context. And that gets a lot of companies and employees in hot water, even when the employees didn’t, in fact, break any rules.

 

Of course, as Blodget notes, the emails do sometimes in fact evidence wrongdoing. The problem is that when seemingly damning email excerpts are blasted into the media, it is very difficult to appreciate the larger context within which the excerpts fit.

 

By way of illustration, the handful of emails that the DoJ quotes in its S&P complaint was taken from over twenty million pages of e-mails the rating agency produced to the government. As John Cassidy notes in his interesting and balanced analysis of the DoJ’s complaint in a February 5, 2013 New Yorker article, should the S&P case go to trial, the rating agency will have the opportunity to “place the offending communications in context, and to counterbalance them with more exculpatory materials.” Though the emails unquestionably do not read well, “bad publicity doesn’t necessarily equate to a defeat in court.”

 

I have personal experience with the way that emails can be pulled at random from a mountain of paper and made to look as if they are much more serious and meaningful than they ever were intended to be. For many years, I was the head of a D&O underwriting facility. From time to time, we were involved in coverage litigation, and invariably the claimants’ lawyers seemed to think it was really clever to depose the head of the operation. So being deposed became a regular feature of my job. In many of these depositions, the claimants’ attorneys would pull out emails written in jest or written in haste, and question me about them under oath. There is nothing like having the lens of video camera pointed at your face to take all of the humor out of a gag email.

 

By now, I think we are all aware of the dangers that email and other forms of electronic communications represent. The messages are written in haste and seem ephemeral. Yet because of the permanence of the electronic storage, they stand as an archival record of thoughts and messages that live on long after the moment has passed.

 

As I said at the outset of this blog post, it is nothing new for regulators and claimants to have a field day with ill-considered electronic communications, and I think all of us have heard many times about the need for caution when using email and other forms of electronic communication. However, human nature being what it is, and given the nature of electronic communications (which encourages haste as well as imprecise and sometimes even ill-considered expression), it is perhaps inevitable that in a vast archive of electronic messages there will be a handful of unfortunate items.

 

But though these kinds of unintended blunders can seem inevitable, it is still worth trying to learn from what the regulators and claimants have done with the electronic communications in these cases. These cases underscore the fact that for all of their convenience and ease of use, electronic communications can be very dangerous. In the press of day-to-day business, this danger can be hard to remember. But a useful exercise to try to adopt is to pause and ask yourself, before hitting “send,” how the message would look if it were to fall into the hands of a hostile and aggressive adversary who was looking for ways to try to make you or your company look bad. Were this simple test to be more widely implemented, we would certainly see a marked reduction in, for example, running email jokes about the French maid’s outfit.  

 

My final thought is this – we all know that many electronic messages are written in haste and sometimes with insufficient care. With full awareness of this attribute of electronic communications, we should hesitate to jump to too many conclusions about the seemingly damaging inferences that could be drawn from email or instant message excerpts. But we should also learn from the inferences that regulators and claimants are trying to draw and try to take that into account in our own communications.

 

UPDATE: As if to reinforce my point in this post, today’s WSJ has an article entitled "Two Firms, One Trail in Probes on Ratings" (here), that explains why the government is pursuing claims against S&P but not rival rating agency firm Moody’s — it is because Moody’s "took careful steps to avoid creating a trove of potentially embarrasing employee messages like those that came back to haunt S&P."  The article explains that Moody’s analyts "in recent years had limited access to instant-message programs and were directed by executives to discuss sensitive matters face to face." These strictures apparently were put in place following the investigations and scandals initated by then-NY AG Eliot Spitzer.

 

More About Rule 10b5-1 Plans: As I noted in a recent post, several articles in the Wall Street Journal have raised concerns about the way that some corporate officials are using their Rule 10b5-1 trading plans. The Journal article implied that some officials were using their plans improperly, to try to shield their trades in shares of the company from scrutiny.

 

In a February 6, 2013 post on the Harvard Law School Forum on Corporate Governance and Financial Regulation entitled “The Best Laid Plans of 10b5-1” (here), Boris Feldman, a partner at the Wilson Sonsini law firm, takes a look at the current controversy surrounding the use of Rule 10b5-1 plans. Among other things, Feldman notes that “Rule 10b5-1 plans are a blessing and a curse: a blessing, because they enable executives to diversify their company holdings in a stable, law-abiding manner; a curse, because they tempt cheaters into hiding their malfeasance in a cloak of invisibility.”

 

After considering the questions now being raised about the plans, Feldman suggests “some ‘good housekeeping’ features of plan design and implementation that enhance the odds of surviving such scrutiny.” Feldman’s article provides a number of practical suggestions to try to ensure that trading plans are used for the purposes for which they were intended and provide the protection for which the Rule was designed.

 

More SEC Enforcement Activity Against Private Equity Firms?: According to recent statements from the head of the SEC Asset Management Unit, the agency may be preparing to bring increased numbers of enforcement actions against private equity firms. According to a February 7, 2013 memo from the Weil Gotshal law firm (here), the SEC official, speaking at a recent conference, described the problems in the private equity industry as due to “too many managers chasing too little capital.” The factors the official identified as contributing to a risk of fraud in the industry include “difficulties in valuing illiquid assets and certain incentive structures that are prevalent in the private equity sector.” While noting the more active enforcement role that the agency intends to take, the official also identified the critical steps that management at private equity firms can take to make sure that the firms interests are and remain aligned with those of investors.

 

Upcoming ABA Seminar on Failed Bank Litigation: On February 21, 2013, the American Bar Association Tort Trial & Insurance Practice Section’s Professionals’ Offices and Directors’ Liability Committee will be sponsoring a teleconference on the topic of “Failed Bank Litigation.” The teleconference, which is scheduled to run from 1:00 pm to 2:30 pm, will be moderated by my good friend Joe Monteleone of the Tressler law firm, and will include a panel of distinguished experts.

 

The panel will discuss the investigations and litigation that may ensue against failed banks and their directors and officers, and will also address “various types of liability insurance policies and bonds that could be implicated, and how competing claimants and insureds must deal with finite insurance limits.” Further information about the teleconference can be found here.

 

Today’s Music Video Interlude: Turn the sound down and sit back and enjoy this amazing video of a young boy laying down some astonishing blues vocals. As the guitar shop owner says, “That is smokin’ good.”

 

On February 5, 2013, in a detailed opinion exploring the nuances of a D&O policy’s extended reporting period provisions, Western District of North Carolina Judge Henry Herlong Jr.  determined that the directors of the failed Bank of Ashville of Asheville, North Carolina timely provided their D&O insurer notice of the FDIC’s lawsuit against them as the failed bank’s receiver. Practitioners in the D&O arena will want to read this opinion, a copy of which can be found here, for its examination of the interactions between the policy’s “basic” 60-day extended reporting period and its 12-month “supplemental” extended reporting period.

 

Background

The Bank of Asheville failed on January 21, 2011. As discussed here, on December 29, 2011, the FDIC as the failed bank’s receiver filed a lawsuit in the Western District of North Carolina against seven former directors of the bank. On December 29, 2011, the directors provided the bank’s holding company’s D&O insurer with notice of the FDIC’s lawsuit.

 

The D&O policy provided coverage for the period November 3, 2007 through November 3, 2010. However, the policy contains a 60-day “basic” extended reporting period, allowing for the notice of claims 60 days beyond the policy’s expiration. The policy also provided for a 12-month “supplemental” extended reporting period that, by endorsement and upon payment of an extra premium charge, allows an additional 12 month reporting period. The “supplemental” extended reporting provision in the policy provided that “the supplemental Period starts when the Basic Extended Reporting Period …ends.” 

 

Through a process that the court’s opinion reviewed in detail, the bank purchased the 12-month supplemental extended reporting period prior to the expiration of the policy period. The endorsement the D&O insurer issued specified that the supplemental extended reporting period is “11-01-2010 – 11-01-2011.”

 

After the directors submitted notice of the FDIC lawsuit to the insurer, the insurer took the position that the notice was untimely. The directors filed an action seeking a declaratory judgment that the insurer is required to pay defense costs and any settlements or judgments in the FDIC’s lawsuit. The directors also alleged a claim for reformation of the policy. The parties filed cross-motions for summary judgment.

 

The February 5 Opinion

In his February 5 opinion, Judge Herlong granted the directors’ motion for summary judgment, holding that the directors had timely provided notice of the FDIC lawsuit to the insurer prior to the expiration of the extended reporting period.

 

The dispute that the court considered came down to the question whether the 12-month supplemental extended reporting period ran from the end of the policy period of the policy or from the end of the policy’s 60-day basic extended reporting period.

 

After a detailed review of the communications between the various parties involved in the acquisition of the supplemental extended reporting period, the court concluded that

 

Although the Policy provided a 60-day basic Extended Reporting Period automatically, [the D&O insurer] charged the Bank the maximum permitted under the Policy, a 200 percent premium, for the 12-months of Supplemental Extended Reporting Period coverage. However [the D&O insurer] erroneously used the dates November 3, 2010 to November 3, 2011. Thus under [the D&O insurer’s] argument, the Bank paid for 12 months and received only 10 months of additional extended reporting coverage. Based on the foregoing, the court finds that the starting and ending dates of the Endorsement conflict with the terms of the Policy and is ambiguous because it is subject to different interpretations regarding the 60-day Basic Extended Reporting Period and the 12-month Supplemental Extended Reporting Period.

 

The D&O insurer argued that all of the documents and communications, including in particular the endorsement showing a supplemental extended reporting period from November 3, 2010 to November 3, 2011, “support a finding that the intent of the parties was to eliminate the 60-day Basic Extended Reporting Period.”

 

Judge Herlong said that this “is an amazing argument, “ asking the question “Why would the Bank forfeit the 60-day Basic Extended Reporting Period when the Policy specifically provides that if the Bank purchases an extended reporting period of 12 months, the 12-month period begins when the 60-day Basic Extended Reporting Period ‘ends’?”

 

Judge Herlong concluded that “the evidence is clear that the Plaintiffs did not know or intend to forfeit the 60-day Basic Extended Reporting Period. To the contrary, the only inference that can be drawn from the evidence is that the Plaintiffs paid for 14-months of extended reporting coverage, which includes the 60-day Basic Extended Reporting Period and the 12-month Supplemental Extended Reporting Period.” Judge Herlong granted the directors request to reform the schedule of the endorsement to allow for notice during the period January 3, 2011 to January 3, 2012, as a result of which the directors’ notice to the insurer of the FDIC’s lawsuit was timely.

 

Discussion

Although this decision is fact intensive and is a reflection of the specific policy language involved, it nevertheless represents a cautionary tale that is worth heeding. D&O policies are complex contracts with a variety of parts that interact in myriad subtle ways. My review of the sequence of events here as well as a familiarity with the way that the transaction of the kind involved here are processed suggests to me that the parties really were not fully conscious of the possible complications arising from the interaction between the basic extended reporting period and the supplemental extended reporting period.

 

Once the dispute arose, the parties tried to argue over what had been intended, when in reality there had really been no intent, as the persons involved in the transaction may not have been conscious of the potential issue in the first place; the carrier provided a quote with and issued the supplemental extended reporting period endorsement with dates that did not take the 60-day basic extended reporting period into account. The bank and its representatives accepted the quote and placed the order for the supplemental extended reporting period without objecting that the specific period that the carrier proposed to provide did not take the 60-day basic extended reporting period into account. Accordingly, faced with a fundamentally ambiguous situation (but taking into account the policy’s provision that the supplemental extended reporting period starts when the basic extended reporting period ends), the court construed the situation in the directors’ favor.

 

I think anyone who has been involved in these kinds of situations can see how this happened. The policy allowed for a 12 month reporting period extension, the bank said it wanted a 12 month extension, and the carrier issued an endorsement that extended the reporting period 12 months. Because I can see how what happened here could happen, I am reluctant to try to draw conclusions too broadly, other than to say that this case does provide a lesson for us all on the need when modifying a policy to consider all of the ways that the proposed modification will affect the policy.  On a much simpler level, the case does provide an important illustration of the ways that the policy’s various extended reporting provisions interact. I want to make clear that in stating these conclusions here, I do not mean to suggest that I am finding fault with anyone’s actions. As I said, I can see how this situation came about.