directors and officers liability: responding to...
TRANSCRIPT
Directors and Officers Liability: Responding
to Recent Surge in Claims and Lawsuits Investor Activism, Board Composition, Sexual Harassment, Executive Governance and
Compliance Failings
Today’s faculty features:
1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific
The audio portion of the conference may be accessed via the telephone or by using your computer's
speakers. Please refer to the instructions emailed to registrants for additional information. If you
have any questions, please contact Customer Service at 1-800-926-7926 ext. 1.
WEDNESDAY, MARCH 14, 2018
Presenting a live 90-minute webinar with interactive Q&A
Daniel J. Healy, Partner, Anderson Kill, Washington, D.C.
John L. Corbett, Of Counsel, Barnes & Thornburg, Dallas
Tips for Optimal Quality
Sound Quality
If you are listening via your computer speakers, please note that the quality
of your sound will vary depending on the speed and quality of your internet
connection.
If the sound quality is not satisfactory, you may listen via the phone: dial
1-866-961-8499 and enter your PIN when prompted. Otherwise, please
send us a chat or e-mail [email protected] immediately so we can address
the problem.
If you dialed in and have any difficulties during the call, press *0 for assistance.
Viewing Quality
To maximize your screen, press the F11 key on your keyboard. To exit full screen,
press the F11 key again.
FOR LIVE EVENT ONLY
Continuing Education Credits
In order for us to process your continuing education credit, you must confirm your
participation in this webinar by completing and submitting the Attendance
Affirmation/Evaluation after the webinar.
A link to the Attendance Affirmation/Evaluation will be in the thank you email
that you will receive immediately following the program.
For additional information about continuing education, call us at 1-800-926-7926
ext. 2.
FOR LIVE EVENT ONLY
Program Materials
If you have not printed the conference materials for this program, please
complete the following steps:
• Click on the ^ symbol next to “Conference Materials” in the middle of the left-
hand column on your screen.
• Click on the tab labeled “Handouts” that appears, and there you will see a
PDF of the slides for today's program.
• Double click on the PDF and a separate page will open.
• Print the slides by clicking on the printer icon.
FOR LIVE EVENT ONLY
Daniel J. Healy, Esq. Anderson Kill
Partner, Washington, DC 202-416-6547
John L. Corbert, Esq. Barnes & Thornburg Of Counsel, Dallas
214-258-4112 [email protected]
Speakers
6
Outline of Presentation
1. The current landscape of claims against directors and officers
2. Board composition and curtailing investor activism
3. Handling third-party claims and regulatory compliance failings
4. Cyber risk management and increased liability on directors and officers
5. Methods for executive governance to avoid sexual harassment claims and other misconduct
7
Topic 1
The current landscape of claims against directors and officers
8
Landscape of claims
• Securities claims were at an all-time high in 2017.
• Key categories:
• Merger objections
• Event-driven
• Data breach
• Cryptocurrency
• Sexual Harassment
9
Merger objections
• Trend away from Delaware courts toward federal courts, particularly in suits resulting in disclosure-only settlements
• Increased merger objection activity may result in D&O insurers requiring separate retention for M&A-related suits
10
Event-driven
• Anadarko Petroleum • Explosion of vertical oil well
• Arconic
• Produced cladding for Grenfell Tower cladding
• USANA Health Sciences
11
Data breach
• PayPal
• Breach at bill-pay management subsidiary involving more than 1.6 million customers
• Large retailers like Target
• We will come back to these …
12
Cryptocurrency
• Initial coin offerings (“ICOs”)
• Alternative means of raising capital for startups
• Although lightly-regulated, that may change – is the coin or token a security?
• Tezos ICO
13
Sexual harassment
• 21st Century Fox
• $90 million settlement
• Signet Jewelers
14
Topic 2
Board composition and curtailing investor activism
15
Investor activism
• Frequent targets for activists:
• Directors with long tenures or who lack deep industry knowledge
• Governance weaknesses
• Lack of sufficient female or minority representation on corporate boards
• 41% of all 413 activist campaigns against U.S. public companies were board related – PwC study, 2016
16
Corporate response
• 20% of directors say their board composition has changed in response to actual or potential shareholder activism
– PwC Annual Directors Survey, 2015
17
Corporate response
• Percentage of S&P 500 boards with at least one female director has risen from 88% in 2005 to 97% in 2015
– Spencer Stuart U.S. Board Index
• Women still make up only 20% of S&P 500 board members
18
• Percentage of S&P 200 boards with at least one minority director has actually declined from 90% to 86% between 2005 and 2015
– Spencer Stuart U.S. Board Index
• Minorities make up only 20% of S&P 200 board members
Corporate response
19
• It could take up to four decades for representation on boards to be relatively evenly-divided between women and men
- U.S. Government Accountability Office, 2015
Corporate response
20
Topic 3
Handling third-party claims and regulatory compliance failings
21
Internal responses
• Can claims be addressed through corporate therapeutics (changes in board composition, governance procedures, etc.)?
• If shareholder derivative demand, conduct investigation and prepare response
• Different guidance is available for different kinds of risks
• Following the guidance and implementing governance also can be different from risk to risk
22
Defense and insurance
• Many claims involve a significant monetary component that cannot be resolved through therapeutics
• Corporate indemnification of directors and officers
• Mandatory/permissive indemnification
• Indemnification prohibited – settling and paying judgments in derivative suits
• Insured v. Insured exclusions
23
Defense and insurance
• Overview of D&O and Side A coverage
• Important source of defense and settlement funds
• Often the only source of funds where corporation is insolvent or prohibited from indemnifying directors or officers
24
Defense and insurance
• Overview of D&O and Side A coverage
• Insurers are paying larger settlements
• Claim at renewal to have difficulty in underwriting against full scope of risks faced by corporation
• Insurers have responded by asserting more aggressive coverage defenses
25
Defense and insurance
• Reporting claims and notice of circumstances – avoid common notice issues
• A “small” claim against the company, if not timely reported to the carrier, may result in the denial of a much bigger related claim in the future
• Carriers may use omissions on policy applications to deny coverage of claims related to those omissions – even if they don’t rescind the policy
26
Defense and insurance
• Coverage issues
• Costs of informal and formal governmental investigations
• Allegedly dishonest conduct
• Final adjudication condition
• Intersection between D&O and EPL coverage in sexual harassment-related suits
27
Defense and insurance
• Coverage issues
• Exclusions for certain forms of relief
• Punitive and multiplied damages, statutory fines or penalties, restitution
• Insured v. Insured
• Key definitions
• Exhaustion requirements
28
Topic 4
Cyber risk management and increased liability on directors and officers
29
Cyber risk management
• Risks include direct losses and liability to others, shareholders and regulators
• Target
30
Data Breach — Target, by the numbers
• 40 million credit cards + 70 million customer records compromised
• $54 million: income to cyber criminals
• $400 million: cost of replacing credit cards
• $150 million: Target initial response cost
• $1 billion: estimated ultimate cost to Target
• 2: Number of C-suite executives at Target who were fired
• 7: Number of Directors targeted by Institutional Shareholder Services for ouster, claiming failed duties to shareholders
• Important to watch because of unprecedented impact of Board and C-Suite and record-breaking damages.
31
Cyber risk management
• Outside vendors may be necessary and may not be ultimately responsible.
• Cloud
• Data storage
• Customer relationships
• Representations and warranties
32
Cyber risk management
• Regulatory issues
• SEC
• FTC
• Blockchain and cryptocurrency issues – CFTC and IRS
33
Securities & Exchange Commission
September 2015 - First cybersecurity enforcement action - Matter of R.T. Jones Capital Equities Management, Inc., Admin. Proc. File No. 3-16827
Factors SEC states it will investigate:
Governance and risk assessment
Access rights and controls
Data loss prevention
Vendor management
Training
Incident response National Exam Program Risk Alert, Volume IV, Issue 8; Rule 30(a) of SEC Regulation S-P, 17 C.F.R. § 248.30
34
Federal Trade Commission
• Compliance issues:
• Financial information
• Children’s privacy
• Health breaches and notification
• Copier data
• Guidance for:
• Protecting personal information – P2P vulnerability
• Protecting servers and computer systems – open proxies
• Sample notification letters
• Best practices
35
Federal Trade Commission
“Today’s … decision reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data. It is not only appropriate, but critical, that the FTC has the ability to take action … when companies fail to take reasonable steps ….”
-FTC Chairwoman Edith Ramirez,
2015
36
NAIC, NACD & others
• Top down governance issues
• Industry standards and norms for evaluating reasonableness
• Handbooks, guidance and other literature
• “D&O-related exposures from cyber events arise through allegations that ineffective or negligent corporate governance and oversight were contributing factors behind inadequate systems defenses and a breach that led to losses and/or a sharp decline in share value . . .”
See Hoffman, Mark A., “Cyber risks, consolidation pose challenges for directors and officers insurers,” Business Insurance (Apr. 13, 2016).
37
NAIC – 12 principles
• Principle 1: … regulators have a responsibility …
• Principle 2: … should be appropriately safeguarded.
• Principle 3: … guidance … must be flexible, scalable, practical and consistent with nationally recognized efforts … NIST
• Principle 7: Planning for incident response … is an essential component…
• Principle 9: Cybersecurity risks should be … part of an … enterprise risk management (ERM) process.
38
NACD
“…87 percent of respondents reported that their board’s understanding of IT risk needed improvement.” Larry Clinton, President and CEO, Internet Security Alliance, Assessing the Board's Cybersecurity Culture (National Association of Corporate Directors 2014).
“Only 19 percent of respondents to our recent survey believe their boards possess a high level of knowledge about cybersecurity,” said Peter Gleason, NACD president and CEO.
Five principles -Understanding and knowledge are required to create a reasonable framework Larry Clinton, President and CEO, Internet Security Alliance, Cyber-Risk Oversight, Directors Handbook Series (National Association of Corporate Directors 2014).
39
NIST
• Technical specifications
• National standards
• Guidance and information sharing
• Tool for preparation and potential pitfall post-breach
40
One Example
41
Cyber risk management
• Top-down governance
• Enterprise-wide; team approach
• Technical difficulties
• Communication and awareness
• Response team
42
Cyber risk management
• Coverage issues
• Cyber policies
• First-party and Third-party
• Untested, but have specific coverages
• Ransom; response team; notice requirements; data recovery/rebuilding; privacy liability
• Exclusions
43
Typical forms of cyber coverage
44
NMA 2914
This Policy does not insure loss, damage, destruction, distortion, erasure, corruption or alteration of ELECTRONIC DATA from any cause whatsoever (including but not limited to COMPUTER VIRUS) or loss of use, reduction in functionality, cost, expense of whatsoever nature resulting therefrom, regardless of any other cause or event.
45
CL 380
1.1 Subject only to Clause 1.2 below, in no case shall this insurance cover loss damage liability or expense directly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software programme, malicious code, computer virus or process or any electronic system.
1.2 Where this Clause is endorsed on policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a political motive, Clause 1.1. Shall not operate to exclude losses (which would otherwise be covered) arising from the use of any computer, computer system computer software programme, or any electronic system in the launch and/o guidance system and/or firing mechanism of any weapon or missile.
46
Cyber risk management
• Coverage issues
• D&O policies
• Wrongful Act
• Exclusions and endorsements
• Regulatory investigations
• “Claim”
47
Other policies
• Why relevant to directors and officers?
• Crime
• E&O
• All-risk property
48
Topic 5
Methods for executive governance to avoid sexual harassment claims and other misconduct
49
Avoiding sexual harassment and other misconduct claims
• Ensure that board is sufficiently diverse to avoid vulnerability to “old boys’ club” allegations
• Issue clear mandates for creating workplace environment conductive to women and minorities, particularly in hiring, management promotions, and responses to harassment or hostile workplace allegations
50
Avoiding sexual harassment and other misconduct claims
• Develop clear chains of accountability for implementing workplace policies
• Board review of successes and areas of needed improvement on a regular basis
51
Conclusion
52
Daniel J. Healy, Esq. Anderson Kill
Partner, Washington, DC 202-416-6547
John L. Corbert, Esq. Barnes & Thornburg Of Counsel, Dallas
214-258-4112 [email protected]
Thank you!