On March 9, 2022, the SEC finally released its long-anticipated updated cybersecurity disclosure requirements. The proposed rules, inclusive of specifications both for incident reporting and for risk management and governance disclosure, were adopted by a 3-1 vote and are now subject to a public reporting period. The new rules, which the Commission’s press release says are “designed to better inform investors about a registrant’s risk management, strategy, and governance and to provide timely notification of material cybersecurity incidents,” underscore the Commission’s emphasis on cybersecurity reporting and disclosure issues.

The SEC’s March 9, 2022 press release about the proposed new rules can be found here. The Commission’s two-page “fact sheet” about the new rules can be found here. The Commission’s 129-page proposing release can be found here. Cydney Posner’s March 9, 2022 post on the Cooley law firm’s PubCo blog about the proposed rules can be found here.
Continue Reading SEC Proposes New Rules for Cybersecurity Disclosure and Incident Reporting Rules

Michael W. Peregrine

In an October 28, 2021 speech, Deputy Attorney General Lisa O. Monaco announced important changes to the U.S. Department of Justice’s corporate criminal enforcement policies. Among other things, Monaco laid out changes to the agencies’ corporate cooperation expectations and an increased emphasis on individual accountability. In the following guest post, Michael W. Peregrine, a partner at McDermott Will & Emery LLP, takes a look the corporate governance implications of the new policies announced in Monaco’s speech. I would like to thank Michael for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Michael’s article.
Continue Reading Guest Post: Governance Implications of New DOJ Focus on Corporate Crime and Individual Accountability

Among the companies with D&O litigation in recent years arising from sexual misconduct allegations was the clothing and consumer products company L Brands. The parties to the various legal proceedings arising out of the allegations have reached a settlement in which L Brands has agreed to adopt a number of management and governance measures; in order to fund these initiatives, the company has committed to funding of $90 million over the course of five years. As discussed below, the settlement has several interesting features. The parties’ July 30, 2021 stipulation of settlement can be found here.
Continue Reading L Brands Establishes $90 Million Fund in Sexual Misconduct Derivative Suit Settlement

Having observed and commented on the D&O insurance industry for many years, I am accustomed to periodic proclamations from non-industry-based observers about how the D&O insurance industry ought to work, based on various social, behavioral, or economic notions. These periodic declarations usually start with a series of vexed observations that the D&O industry does or does not do things that economic or behavioral models suggest the industry should or should not do, and then the declarations move on to a series of proposed prescriptions that would mandate how the D&O insurance business ought to work, for the supposed greater good of all.

The latest example of this literary genre is the academic paper “Changing the Guard: Improving Corporate Governance with D&O Insurer Rotations” written by UCLA Law Professor Andrew Verstein. Based on his construct of the way D&O insurance business works and his belief that D&O insurance business ought to work differently, Professor Verstein proposes that corporations ought to be forced to rotate D&O insurers every five years. I discuss my concerns with Professor Verstein’s proposal below. Professor Verstein’s paper can be found here. His August 19, 2020 summary of the paper on the CLS Blue Sky Blog can be found here.
Continue Reading Mandating D&O Insurer Rotation? A Critique

In the following guest post, Ulrike Binder, a corporate partner in Mayer Brown’s Frankfurt office, Jan Kraayvanger, a partner in Frankfurt office of Mayer Brown’s Litigation & Dispute Resolution practice, Burkhard Fassbach, Legal Counsel to Howden Germany, take a look at recent corporate governance and executive liability developments in Germany. A version of this article previously was published as a White Paper by Mayer Brown written in cooperation with Howden Germany. The original version also contains a chapter about D&O-Insurance in Germany authored by Marcel Armon, CEO Howden Germany, which can be found here. I would like to thank Ulrike, Jan, and Burkhard for allowing me to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article.
Continue Reading Guest Post: Compliance-Hype in Germany

us capitolIn a post last week, I wrote about the proposed revised Financial Choice Act (H.R. 10) now pending before Congress and the potential impact that the bill could have on the SEC’s enforcement program. In this post, I address the potential impact that the bill’s provisions could have on public company disclosure requirements and corporate governance. If the bill’s provisions are enacted into law, the measures could significantly alter or eliminate many of the Dodd-Frank Act’s disclosure and corporate governance requirements.
Continue Reading Proposed Disclosure and Corporate Governance Reforms in the Financial Choice Act 2.0

David Fontaine
David Fontaine
John Reed Stark 1
John Reed Stark

The recent news that Yahoo’s general counsel had resigned following a probe of high-profile data breaches at the company has generated a great deal of discussion and concern. In the following guest post, David Fontaine and John Reed Stark take a look at the circumstances surrounding the resignation and consider the implications of and lessons from this development. David is the CEO of Kroll and its parent company, Corporate Risk Holdings, and John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. A version of this article originally appeared on CybersecurityDocket. I would like to thank Dave and John for their willingness to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Dave and John’s guest post.
Continue Reading Guest Post: Three Cybersecurity Lessons From Yahoo’s Legal Department Woes

cybersecurity nowThere is little doubt that cybersecurity is one of the most pressing issues in the contemporary corporate, political and economic arena. When, as have seen, cybersecurity has become a critical issue in the U.S. political and electoral processes, it is clear that the consequence and complications associated with cybersecurity have become both acute. Cybersecurity has become a pervasive issue that with political, military, and economic implications. It is also one of the foremost issues – if not the foremost issue – in the corporate risk management environment. In a complex and rapidly changing world, many companies and their senior officials are struggling to deal with cybersecurity issues and their implications.
Continue Reading Book Review: “Take Back Control of Your Cybersecurity Now”

Richa Shukla
Nilam Sharma
Joel Pridmore
Joel Pridmore

As readers of this blog know well, liability claims against corporate directors and officers is an increasingly global phenomenon. A number of different factors are contributing to the globalization of D&O liability, including legislative changes, changes in regulatory enforcement activity, and the rise of litigation financing. In the following guest post, Richa Shukla of Khaitan Legal Associates, Nilam Sharma of Nilam Sharma Ltd., and Joel Pridmore from Munich Re, Australia, examine the changing environment for D&O liability in India. I would like to thank Richa, Nilam, and Joel for allowing me to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Richa, Nilam, and Joel’s guest post.
Continue Reading Guest Post: A Focus on Directors’ and Officers’ Risks in India

enronFifteen years ago this month, the once high-flying energy company Enron completed its massive collapse when it filed a petition for bankruptcy protection. In his interesting December 2, 2016 post on the Harvard Law School Forum on Corporate Governance and Financial Regulation (here), Michael Peregrine of the McDermott, Will & Emery law firm takes a retrospective look at Enron’s downfall and suggests a number of different ways that those events have continuing relevance. As I discuss further below, there are, in addition to the considerations Peregrine notes, a number of other continuing legacies of Enron.
Continue Reading Enron’s Legacies, a Decade and a Half Later