In my recent wrap-up of the top D&O stories of 2023, I noted that one of the key developments during the past year was California’s adoption of new climate change disclosure requirements, which were enacted at a time when there was the added prospect that the SEC would finally release its own climate change disclosure guidelines by April 2024. While the California requirements have not yet been implemented and the final SEC disclosure guidelines have not yet even been released, there are growing signs that these climate change-related disclosure requirements may face significant hurdles and challenges.

It is not news that the SEC disclosure guidelines, whenever they are finally released, likely will face significant legal challenges, as I have previously noted on this site (here). However, this past week, in a Congressional hearing before a House Financial Services subcommittee, as reported in a January 18, 2024, Law360 article (here), spokespersons for conservative and business interests reiterated their belief that the SEC’s climate change disclosure guidelines, as proposed, reflect “several deficiencies,” and likely will face significant legal challenges.Continue Reading Climate Change Disclosure Requirements Face Hurdles and Challenges

One phenomenon I have been tracking over the years is the rise in jurisdictions outside of the U.S. of procedural mechanisms for collective redress, particularly in the U.K (as noted, for example, here) and the E.U. (as noted here). While I have always been careful to note the important differences between these collective action mechanisms and the U.S.-style class action approach, it may be the case that as time has passed and as procedures have developed and evolved, the mechanisms many jurisdictions are adopting increasingly are coming to resemble the U.S.-style class actions model.

As an October memo from the Jones Day law firm puts it, class action litigation “is no longer a US-specific phenomenon.” The law firm memo, which is entitled “The Rise of US-Style Class Actions in the UK and Europe,” states that the growth in the UK and EU of group litigation has been “exponential” and the rise of these actions is a “key corporate risk that will only continue to increase.” The law firm’s memo can be found here.Continue Reading The Rise of Group Actions in the U.K and the E.U.

The SEC has not yet adopted the long-anticipated final version of its proposed climate change disclosure guidelines, although there is some speculation that the final guidelines will be adopted in the Fall. In the meantime, however, sustainability reporting standards are going into effect elsewhere, with important ramifications for all companies.

On July 31, 2023, the European Commission adopted the first set of European Sustainability Reporting Standards (ESRS), which require EU and non-EU companies with specified levels of EU activity to file annual sustainability reports with their financial statements. The standards will soon become law and apply in all 27 EU Member states, with compliance requirements effective as early as 2025 for the 2024 reporting period. The ESRS as adopted on July 31, 2023, by the European Commission can be found here. The European Commission’s adoption of the first set of ESRS and the reporting standard’s requirements are described in detail in an August 11, 2023, memo from the Cooley law firm, here.Continue Reading EU Adopts Mandatory ESG Reporting Requirements

Frank Hülsberg

Burkhard Fassbach

Regular readers know that I post frequently on this site on whistleblower-related topics. However, my discussion of whistleblower-related topics is generally focused on whistleblowing in the U.S. There have been significant recent whistleblower-related developments outside the U.S. For example, and as discussed in detail in the following guest post, a draft whistleblower protection act is now circulating in Germany. If adopted the new act could have significant implications, as discussed below. This guest post was written by Frank Hülsberg, who is a Chartered Accountant and Tax Advisor in Düsseldorf, Partner Advisory and Member of the Executive Board at Grant Thornton AG Wirtschaftsprüfungsgesellschaft in Germany, and Burkhard Fassbach, a D&O-lawyer in private practice in Germany.  I would like to thank Frank and Burkhard for allowing me to publish their article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Frank and Burkhard’s article.
Continue Reading Guest Post: What Board Members Need to Know About the New German Whistleblower Protection Act

The EU’s General Data Protection Regulation went into effect with great fanfare in May 2018, along with great trepidation about the potential fines regulators might impose for violation of the regulation’s requirements. In the following months, regulators imposed relatively few fines, for relatively modest amounts. However, just in the last several days, the U.K. privacy regulator has announced the potential imposition of two massive GDPR fines, underscoring the regulation’s potential huge impact. The newly announced fines, involving British Airways and Marriott International, have a number of serious implications for other companies, for the future of GDPR enforcement, and for the significance of privacy issues generally as an area of corporate risk.
Continue Reading Massive GDPR Fines Have Serious Implications for Corporate Risk

As I have noted in prior posts, there has been in recent years a slowly developing E.U. initiative for the introduction of a rights of collective redress on a Union-wide basis. As discussed here, in April 2018, the European Commission introduced a proposal – as part of what it called a “New Deal for Consumers” – that would introduce a European collective redress right for consumers. More recently, on March 26, 2019, the EU Parliament, in plenary session, adopted the Commission’s proposal. The next step is that the Council of Europe will now take up the proposal, moving the E.U. one step closer toward the adoption of a pan-European collective redress mechanism for consumers that would be available in all of the member states.  The March 26, 2019 application on which the EU Parliament acted can be found here.
Continue Reading Proposal for E.U. Collective Redress Mechanism Advances

Frank Hülsberg

Burkhard Fassbach

In the following guest post, Frank Hülsberg, a Partner for Governance, Risk, Compliance & Technology at Warth & Klein Grant Thornton AG in Düsseldorf, and Burkhard Fassbach, a D&O-lawyer in private practice in Germany, take a look at the EU’s new Whistleblower Directive. I would like to thank Frank and Burkhard for allowing me to publish their article. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Frank and Burkhard’s article.
Continue Reading Guest Post: The European Union Whistleblower Directive: Overdue Protective Shield

Bill Boeck

As most readers undoubtedly are aware, the EU’s General Data Protection Regulation went into effect on May 25, 2018. Even though the regulation has only been in effect for a few months, regulators across Europe have already starting levying fines under the regulation’s provisions. In the following guest post, Bill Boeck takes a look at the fines that have been imposed so far and considers their implications. Bill is currently Senior Vice President and Insurance and Claims Counsel with the Lockton Companies.  He is Lockton’s global leader for cyber claims and for the development of proprietary cyber wordings and endorsements.  Bill also leads Lockton’s US financial lines claims practice. A version of this article previously was published on the Lockton Cyber Risk Update Blog. I would like to thank Bill for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Bill’s article.
Continue Reading Guest Post: What Can the First GDPR Fines Tell Us?

If the uncertainty creates risk, then the current state of play on the United Kingdom’s efforts to withdraw from the European Union represents risk in a highly concentrated form. On November 25, 2018, the 27 EU members approved the divorce pact that the U.K. negotiated with its EU counterparts, but the pact must now face a Parliamentary vote, on December 11, 2018. In the meantime, the March 29, 2019 withdrawal date looms. These upcoming events present uncertainties at both the economic and enterprise levels. The uncertainties in turn create challenges for potentially affected companies, including among other things the challenge of communicating about these issues to investors. As discussed below, SEC Chair Jay Clayton recently emphasized that the agency is “sharpening its focus” on Brexit-related disclosures, highlighting the significance of the disclosure-related concerns.
Continue Reading Brexit Uncertainty, Disclosure Concerns, and Potential Liability

When the European Union’s updated General Data Protection Regulation (GDPR) went into effect on May 25, 2018, media reports focused on the potentially massive fines that the regulation authorizes – the regulation authorizes fines of up to €20 million or 4 percent of a company’s annual worldwide revenue, whichever is higher, for noncompliance with the regulation’s strict data collection and use requirements. The possibility of regulatory fines of this magnitude immediately raised the question of whether or not insurance is available to protect companies against the huge financial exposure. The answer to this question, it turns out, is complicated.
Continue Reading Are GDPR Fines and Penalties Insurable?