The directors’ and officers’ liability environment is always changing, but 2022 was a particularly eventful year, with important consequences for the D&O insurance marketplace. The past year’s many developments also have significant implications for what may lie ahead in 2023 – and possibly for years to come. I have set out below the Top Ten D&O Stories of 2022, with a focus on future implications. Please note that on Thursday, January 12, 2023 at 11:00 AM EST, my colleagues Marissa Streckfus, Chris Bertola, and I will be conducting a free, hour-long webinar in which we will discuss The Top Ten D&O Stories of 2022. Registration for the webinar can be found here. I hope you will please join us for the webinar.
1. Securities Filings Declined in 2021 Relative to Recent Elevated Years
D&O insurers closely follow securities class action lawsuit filing statistics. The number of annual filings can provide some indication of the insurers’ calendar year and underwriting year loss costs. The current filing patterns can also inform the insurers’ efforts to try to determine the profit-making price for their insurance products.
The fact is that the number of securities suit filings fluctuates. During the period 2017-2019, the annual number of securities suit filings spiked, with over 400 filings each year, largely due to an increase in the number of federal court class action merger objection lawsuit filings during that period. Beginning in 2020, the overall number of suit filings began to decline, and the decline accelerated in 2021, largely because many of the merger objection suits were increasingly being filed as individual actions rather than as class actions. The decline in recent years continued in 2022.
There were 196 federal court securities class action lawsuits filed in 2022, representing about a 10% decline in the number federal court securities suits compared to 2021 (when there were 218 securities class action lawsuits filed). The 196 federal court securities suit filings in 2022 were also about 14% below the 1996-2020 average annual number of such filings of 228. (Please note that these figures reflect only federal court securities suit filings; state court securities suit filings are not included in the numbers and comparisons.)
The decline in federal court securities suit filings in 2022 represents the third straight year of a decline in the number of filings, as well as a general overall five-year decline from the recent peak in 2017, when there were 411 filings. The number of federal court securities suit filings in 2022 was about 53% below the 2017 figure.
Both the overall figures and the cross-year comparisons are distorted by the number of federal court class action merger objection lawsuit filings, particularly with respect to the years 2017 to 2020. Thus, for example, in 2017 there were 198 federal court class action merger objection lawsuits (more than the total number of federal court securities lawsuit filings in 2022), whereas in 2022, there were only seven federal court merger objection lawsuits that were filed as class action lawsuits.
The plaintiffs’ lawyers are still filing merger objection lawsuits — they are just filing the lawsuits as individual actions rather than as class actions. The threat of merger-related litigation has not gone away, but the current form of the threat just is not reflected in class action litigation statistics.
If the merger objection lawsuit filings are disregarded, the apparent decline in the number of federal court securities suit filings in 2022 looks less steep. Thus, there were an annual average of 192 core (or traditional) federal court securities class action lawsuit filings during the period 1996-2020, which is only slightly higher than the 189 core federal court securities suits filed in 2022. Similarly, the 189 core federal court securities class action lawsuit filings in 2022 were only slightly below the 200 core filings in 2021.
Several different types of lawsuits contributed to the overall number of securities suit filings in 2022, particularly the numbers of securities lawsuit filings relating to SPACs, relating to COVID-19, and relating to cryptocurrency and other digital assets. The SPAC, COVID, and crypto filings together totaled 51 suits during the year, representing more than a quarter (26%) of all 2022 federal court securities class action lawsuit filings. The SPAC and COVID-related securities suit filings are discussed in greater detail in the following sections of this post.
I suspect that many commentators and observers discussing the level of 2022 securities lawsuit filing activity are going to focus on the headline that securities suits filings are down significantly compared to recent prior years. The fact is that much of the movement in the filing levels over the last few years has largely been due to increases and decreases in the number of federal court merger objection securities class action lawsuit filings. As the number of these filings ramped up in the 2017-2019 period, the total number of securities suit filings skyrocketed; as the numbers of these filings fell in the 2020-2022 period, the overall filing numbers declined.
When the effects of the merger activity class action filing activity are stripped out, the relative declines in the number of filings are much more modest. During the period 2020-2022, the number of filings has simply returned to long-term historical levels, compared to the artificially elevated levels that prevailed during the 2017-2019 period.
2. SPACS-Related Litigation Was One of the Year’s Top Stories – But the Story Changed as the Year Progressed
One of the most striking developments in the financial markets during 2020 and 2021 was the huge number of SPAC IPOs completed during that period. The SPAC IPO boom has since died down, but there are several important vestiges left in its wake, including a wave of securities class action lawsuits.
By my count, since January 1, 2021, a total of 54 SPAC-related securities class action lawsuits have been filed, with 23 of them filed in 2022 alone. The 23 SPAC-related suits represent 11.7% of the total number of securities class action lawsuits filed in 2022. But though there were a significant number of SPAC-related securities suits filed in 2022, the filing pattern during the year was unusual. Of the 23 SPAC-related securities suits filed in 2022, 17 were filed prior to May 31, 2022 – only six SPAC-related securities suits were filed after May 31.
There are several possible reasons for the drop off in the number of SPAC-related securities suit filings. The likeliest is the overall drop in the share prices of publicly traded SPACs. In addition, SPAC mergers are no longer attracting the sky-high valuations that sometimes prevailed in 2020 and 2021 and that in at least some instances set some companies up for later sharp declines. Another possible factor, also related to the drop in valuations, is the absence of short seller attacks. By my count, 21 of the 54 SPAC-related lawsuits filed since January 1, 2021 were filed following the publication of a short-seller report critical of the SPAC merger or the target company. With the drop in valuations, there have been fewer high-fliers to attract the attention of the short sellers.
Many of the SPAC-related securities suits have only just been filed and it remains to be seen how they will fare. The relatively few motion to dismiss results in these cases so far are mixed, though a number of the cases have survived dismissal motions. Thus, as I noted here, in July 2022, the court granted the motion to dismiss in the SPAC-related securities suits against Skillz. On the other hand, as discussed here, in June 2022 the court in the SPAC-related securities suit pending against Romeo Power denied the motion to dismiss, and, similarly, in July 2022, the SPAC-related securities suit pending against Velodyne Lidar survived the dismissal motion, albeit with large parts of the complaint dismissed (as discussed here). The motion to dismiss in the SPAC-related securities suit pending against Faraday Future Intelligent Electric was also denied in significant part.
There was one significant SPAC-related lawsuit settlement during 2022, although the settlement was not in one of the SPAC-related securities class action lawsuits of the kind discussed above. Rather, the settlement was in the Delaware Chancery Court breach of fiduciary duty lawsuit filed against the directors and officers of a SPAC, as well as the SPAC’s sponsors, related to MultiPlan. As discussed here (second item), in November 2022, the parties to the Delaware lawsuit announced that the case had settled for $33.75 million.
One other significant continuing legacies of the SPAC boom during 2020 and 2021 is that there are still a very large number of SPACs seeking merger partners. According to SPACInsider, as of January 2, 2023, there were 386 SPACs still seeking merger partners. Because so many of these searching SPACs completed their IPOs in late 2020 or early 2021, the 24-month search period for many of these SPACS has either come to an end or is about to come to an end.
In light of the changed business and economic conditions, it seems likely that many of these searching SPACs will not find a merger partner; indeed, as the Wall Street Journal put it in a December 27, 2022, article, the SPAC boom era has given way to a SPAC “bust” and to what the Journal described as a “frenzy” of liquidation. More than 70 SPACs liquidated in December alone, which, according to the Journal is more than the total number of SPAC liquidations in the history of the financial markets prior to 2022.
The number of liquidations so far and the possibility that there could be further liquidations ahead raises the question whether the SPAC liquidations could lead to litigation. On the one hand, the investors will get their money back, plus nominal interest, so where’s the harm? On the other hand, in our litigious society, anytime expectations are disappointed, litigation can arise. Indeed, in August, investors sued a SPAC that announced its intent to liquidate, disputing the way that the SPAC’s directors and officers intended to deal with a financial asset of the SPAC in connection with the liquidation. Although this situation arguably was unusual in that the SPAC held a valuable financial asset beyond the trust funds, it could well be that there are other circumstances involved with SPAC liquidations that could give rise to litigation as well.
Another possibility that could arise as so many SPACs are struggling to complete merger transactions is that some SPACs, finding themselves coming up against the end of the search period, may push to complete any deal, even if it is disadvantageous or the target is far outside the SPAC’s intended sector. There has in fact already been at least one lawsuit of this type, in which the plaintiff shareholder alleged that the SPAC’s executives, motivated by the personal financial interest in completing a deal, chose to merge with a company far outside the stated target sector. There could be more of this type of litigation as the SPACs push to complete deals as the end of their search period approaches.
At the outset of 2022, I reckoned that SPAC-related litigation claims would represent one of the top D&O liability stories of 2022, and that has proven to be the case. However, in my early 2022 reckoning, I also assumed that SPAC-related litigation would continue to be a top D&O story for years to come. Now, with the significant drop off in SPAC-related securities suit filings in the latter half of 2022, and with the significant number of SPAC liquidations, it is unclear what might happen in terms of SPAC-related litigation in 2023. Time will tell, of course, but it could prove to be the case that SPAC-related litigation turns out to be less of an ongoing issue that it previously had appeared would be the case.
3. Despite Generally Poor Results So Far, Plaintiffs’ Lawyers Continue – Three Years Into the Pandemic — to File COVID-19-Related Securities Suits
From the very outset of the coronavirus outbreak in the U.S. in March 2020, the plaintiffs’ lawyers have been filing what has turned out to be a wave of COVID-19-related securities class action lawsuits. Even with the pandemic now well into its third year, the COVID-19-related suits have continued to be filed. Indeed, the pace of filing during the pandemic has been relatively steady; thus, while there have been 61 total COVID-19-related securities suits filed overall, and while there were 24 filed in 2020, 19 were filed in 2021, and 18 in 2022.
The cases that have been filed have generally fallen into one of three categories. First, there are the cases that have been filed against companies that experienced COVID outbreaks in their facilities (cruise ship lines, private prison systems). Second, there are the cases involving companies that tried to position themselves as able to profit from the pandemic (vaccine development companies, diagnostic testing companies). Third, there are the cases against companies whose operations or financial results were disrupted by the pandemic (real estate development companies, hospital systems). As time has gone by, a fourth category of cases developed involving companies that initially prospered at the outset of the pandemic but whose fortunes declined as the initial government shutdown orders lapsed (for example, Peloton).
While the plaintiffs’ lawyers have demonstrated a sustained interest in pursuing these COVID-19-related cases, the fact is that – with some notable exceptions – these cases have not fared particularly well. Dismissal motions have been granted in a number of COVID-19 related cases, including, for example, the cases pending against the cruise ship lines (as discussed, for example, here); as well as in cases filed against, among others, Sorrento Therapeutics (here); The Geo Group (here); and Velocity Financial (here). Indeed, the dismissal of the COVID-19-related lawsuit against online education firm K-12, Inc. was recently affirmed by the Fourth Circuit.
There have been some notable cases where the motions to dismiss have been denied, including, for example, in the recent ruling in the securities lawsuit pending against the vaccine development company Novavax (as discussed here). Indeed, two of the cases involving vaccine development companies where the dismissal motions were denied have now been settled. In August 2022, Inovio Pharmaceuticals announced that it had reached an agreement to settle the COVID-19-related securities suit that had been filed against the company for cash and stock totaling $44 million. Also in August, Vaxart announced that it had agreed to settle the COVID-19 related securities suit pending against the company for $12 million.
One thing that the two settled cases have in common with the Novavax case, beyond the fact that the dismissal motion was denied, is that all three of the companies involved are vaccine development companies. (To be sure, not all of the cases against vaccine development companies have survived dismissal motions; the case against AstraZeneca, which, as noted above, was dismissed, related to the company’s efforts to develop a COVID-19 vaccine.) Cases against vaccine development companies arguably represent the one category of cases outside of the generalization that overall the plaintiffs in the COVID-19-related securities suits have fared poorly.
In any event, and even though the results so far are mixed as best, the plaintiffs’ lawyers have continued to file these kinds of cases. Just as the coronavirus itself has proven to be surprisingly persistent, the related litigation phenomenon has proven to be unexpectedly resistant as well. Not only have plaintiffs continued to file COVID-19 related securities class action lawsuits this year, but there were four of these cases filed in November 2022 alone. All signs are that these kinds of lawsuits will continue to be filed as we head into 2023.
4. Macroeconomic Factors Draw D&O Claims
During 2022, companies across the economy faced a daunting array of business challenges: rising interest rates, economic inflation, supply chain disruption, labor supply constraints, and the War in Ukraine. Not only have these various macroeconomic issues disrupted business operations and financial results, they have also resulted in securities class action litigation, affecting a variety of different kinds of companies.
A lawsuit filed in June 2022 against the consumer products company Tupperware illustrates the way these macro factors can translate into securities litigation. During the company’s execution of a multi-year turnaround plan, the company had touted its successful plan execution and projected expansion. However, in a May 2022 earnings release, the company reported results that were “below expectations” and that the company was withdrawing its year-end earning guidance. The company cited several factors in connection with the disappointing results, including the war in Ukraine and COVID-related lockdowns in China. The company also said that its profitability was “significantly impacted by persistent inflationary pressures and the latency between rising input costs and our decision to increase prices.”
Similarly, as discussed here, in a November 2022 lawsuit filed against the women’s apparel company Torrid Holdings, Inc., the complaint alleged that in connection with the company’s July 2021 IPO, the company soft-pedaled the impact on the company from COVID-19 and from supply chain disruptions. Specifically, the complaint alleged that due to supply chain disruptions, inventory levels were running below historical levels and that late inventory arrival prevented the company from effectively matching consumer buying trends, creating an undisclosed risk of increased markdowns and increased promotional activities necessary to move unsold inventory.
In another securities suit filed in November 2022, a plaintiff shareholder sued the healthcare apparel company FIGS, Inc. (discussed here), alleging that in the company’s offering documents in connection with its June 2021 IPO, as well as in post-IPO statements, the company had misrepresented the extent to which its operations were dependent on more expensive air freight deliveries from its suppliers, and instead sought to reassure investors that its air freight dependency had been transitory and had peaked in prior periods. The company subsequently disclosed that constraints in its supply chain had caused the company to continue to be dependent on the more-expensive air freight option, undercutting the company’s financial performance.
Another securities lawsuit filed in March 2022 illustrates how the impact of economic inflation can translate into securities litigation. Vertiv, a company that makes data storage and transmission products, reported disappointing results in its year-end 2021 earnings release. In explaining the results, the company’s CEO attributed the disappointing results to management “consistently underestimating inflation and supply chain constraints for both time and degree, which dictated a tepid 2021 pricing response.” The company’s CFO said that “We significantly underestimated the magnitude of material and freight inflation in the fourth quarter forecast, mostly in America, by approximately $36 million.”
Other recent securities suit filings illustrate how supply chain disruption can lead to securities litigation. For example, as discussed here, the software company Cerence was hit with a securities suit when it announced disappointing results after the company experienced a reduction in automobile industry demand for its products and services due to the global semiconductor shortage.
As these examples show, a variety of macroeconomic factors have disrupted many companies’ business operations and financial results, which in turn has affected the companies’ share prices. Whether or not these kinds of circumstances lead to securities litigation or other D&O claims arguably depends not only on how the company deals with the adverse business conditions but what the company says about how the adverse conditions are affecting the company and its business. Another factor that could contribute to the litigation risk is the extent of a company’s willingness to soft-pedal or downplay the magnitude of the impact on the company from these macro factors.
The macroeconomic circumstances facing companies in the year ahead could be even more daunting. According to a January 2, 2023 Wall Street Journal article, in a recent survey of 23 economists for large banks that do business directly with the Fed, more than two-thirds predicted that in 2023, the U.S. economy could move into a recession. Were that to happen, businesses could face an economic contraction, with a downturn in revenues, a pull-back in investments and capital expenditures, and a drop in employment and consumer spending. At a minimum, rising interest rates will plague many businesses, quite a number of whom have enjoyed the benefits of cheap credit for a number of years. How all of this will play out of course remains to be seen, but the likelihood is that macroeconomic factors will weigh on businesses in the months ahead – and companies experiencing the resulting setbacks could continue to face the risk of litigation as well.
5. ESG Emerges as a Significant Source of D&O Risk – But Not Necessarily in the Way Everyone Assumed
The hot button topic in both the investing world and the D&O insurance world these days is “ESG.” Setting aside the fundamental problem that nobody actually knows what ESG is, there is the inextricably related problem that the D&O claims risk concerning ESG is fundamentally misunderstood. The current basic premise in the D&O insurance world is that companies that are “good” on ESG (whatever that means) represent better D&O insurance risks. Yet, as I have documented in numerous posts on this site (most recently here), it is not necessarily the ESG laggards that are getting hit with D&O claims; in many instances, the claims are in fact being filed against companies that are proactive on ESG issues.
To be sure, climate change activists and other have tried to use litigation to advance their agendas, particularly in Europe. The activists’ litigation targets are not just the companies named as defendants in the lawsuits but also decision-makers in government and in business, as the activists seek to influence behavior and outcomes. European activists have notched some notable successes, for example in the Netherlands, where in May 2021 the activists scored a high-profile ruling in Friends of the Earth Netherlands (Milieudefensie) v. Royal Dutch Shell plc, in which Shell was ordered to reduce its global annual volume of CO2 emissions by 45% by the end of 2030. (Shell is appealing this ruling.)
The activists’ successes, largely built on arguments under their home jurisdiction’s laws that protection from climate change is a fundamental right, have emboldened the activists to focus their attention on the businesses they consider to be the biggest contributors to climate change – starting first with energy companies, and then moving on the financial services companies.
But while there have indeed been targeted claims seeking to compel companies to take more robust actions on climate change and other ESG-related issues, the bulk of the recent litigation, particularly in the U.S., has involved companies that actually took the ESG initiative but who allegedly fell short of targets or failed to match aspirations with actions.
A recent example of this phenomenon is the November 2022 securities class action lawsuit filed against wood products company Enviva, which promotes itself as growth-oriented environmental, social, and governance (ESG) company. The lawsuit follows publication of a short seller report that, among other things, characterized the company as “the latest ESG farce” engaged in “textbook greenwashing.”
This complaint is not the first to raise securities fraud allegations based on supposed greenwashing. There have been prior securities complaints based on similar allegations, even if not expressly referred to as greenwashing. For example, as discussed here, in May 21, 2021, a plaintiff shareholder filed a securities class action lawsuit against biodegradable products company Danimer Scientific alleging, among other things, that the company’s claims about its product’s biodegradability were “exaggerated and misleading.”
By the same token, in recent months shareholder claimants have initiated securities class action lawsuits against, for example, Unilever (discussed here) and Wells Fargo (discussed here) based on the companies’ ESG activities. The lawsuit against Unilever relates to the social activism of its ice cream subsidiary, Ben and Jerry’s, on issues pertaining to what the subsidiary characterizes as Israeli occupied territories. The lawsuit against Wells Fargo relates to adverse publicity that followed revelations about the company’s poor execution of its diversity, equity, and inclusion initiative.
Similarly, the SEC’s ESG Task Force recently has filed enforcement actions relating to, for example, a company’s assertions in its Sustainability statement about its mining dam safety (discussed here) and an investment fund’s claims about its “green” investing options (discussed here).
As the foregoing examples show, it may be that companies taking the ESG initiative are not necessarily better D&O risks. As if that possibility were not enough to confuse things concerning ESG, an anti-ESG backlash has now developed.
As I noted in a recent post (here), as many as 17 states have adopted or proposed anti-ESG legislation. This legislation limits the ability of state governments, including public retirement plans, to do business with entities “boycotting” industries based on ESG criteria or considering ESG factors in their investment processes. In addition, politicians in, for example, Florida, are actively seeking to get political mileage out of criticizing ESG activists and by divesting state investments from funds taking an activist ESG approach.
The anti-ESG movement is not limited just to legislation. There has now also been litigation. A conservative think tank (and shareholder of Starbucks) recently filed a breach of fiduciary duty lawsuit against directors and officers of Starbucks alleging that the company’s diversity, equity and inclusion program violates state and federal civil rights laws. The complaint alleges that the defendants’ action in adopting and implementing the program create corporate liability and violate the individuals’ fiduciary duties.
In yet another manifestation of this anti-ESG backlash litigation, a nonprofit group has filed an action against the pharmaceutical giant Pfizer based on the company’s sponsorship of a foundation offering fellowships aimed at Black, Latino, Native American and other minority candidates, as discussed here. Specifically, the complaint alleges that the company is “blatantly discriminating against white and Asian-American applicants” in violation of the provisions of the Civil Rights Act.
The emergence of the anti-ESG backlash further complicates the circumstances for companies as they grapple with the need to address ESG-related issues. Companies that have been pushing to burnish their ESG credentials could now find themselves caught in the middle of a politically charged firestorm. As one law firm put it in a memo about these developments, companies may be “damned if you do and damned if you don’t.”
The working assumption in the D&O insurance industry is that underwriters should be trying to figure out if companies are “good” at ESG based on a generalized theory that a company’s ability to demonstrate ESG virtue means that the company is a better D&O risk. This theory may be valid, but at the same time some other considerations also need to be considered.
First, as suggested above, it may be a company’s very ESG initiatives that attract litigation. And second, a company making high-profile claims about its ESG credentials could get caught in politically complicated circumstances that could mean adverse or at least complicated publicity, disruption of company operations, and even D&O claims. Finally, if companies’ ESG-related efforts fall short of aspirations, the companies could well face scrutiny and even litigation.
ESG issues could come into sharper focus in 2023 when the SEC releases the final version of its much-anticipated climate change disclosure guidelines. The guidelines, which the agency first proposed in March 2022, would require all registered companies, including foreign issuers, to make specified disclosures related to climate change and greenhouse gas emissions in their registration statements and in annual SEC filings (such as reports on Form 10-K). The agency’s consideration of the proposed rules was delayed in Fall 2022 due to technological issues and the sheer volume of comments. The rules, if adopted, undoubtedly will face significant political and legal challenge. However, to the extent the rules are in fact adopted and survive challenge, they could subject reporting companies to climate change disclosure scrutiny and potentially even legal claims. In short, it seems likely that the storm surrounding ESG issues will continue in 2023.
6. Cybersecurity-Related Claims Remain a Significant D&O Liability Exposure
Over the past several years, cybersecurity has been a consistent D&O claims concern. However, the fact is that the plaintiffs in cybersecurity-related D&O claims have not fared particularly well.
The latest high-profile example of a cybersecurity-related D&O claim that failed to make it past the initial pleading hurdles is the Capital One data breach-related securities class action lawsuit. A plaintiff shareholder had sued the company and certain of its directors and officers in October 2019, after the company disclosed that a hacker had accessed one of the company’s servers, implicating over 100 million customers’ data. The plaintiff alleged that prior to the data breach the company had made numerous false and misleading statements about the company’s cybersecurity that induced investors to buy Capital One’s stock. As discussed here, in a September 2022 order, the district court granted the defendants’ motion to dismiss, holding that the company’s statements that cybersecurity was a top priority represented non-actionable puffery.
Another high-profile example of a cybersecurity-related claim that failed to survive the initial motion to dismiss is the shareholder derivative lawsuit filed against the board of SolarWinds. In December 2020, the information technology infrastructure management company was hit with what appears to have been a state-sponsored cyberattack. The attack affected as many as 18,000 of the company’s clients. After the news of the attack was made public, the company was hit with several related lawsuits and investigations, including a Delaware Chancery Court shareholder derivative lawsuit alleging that the company’s board failed to adequately oversee the risk to cybersecurity of criminal attack. As discussed here, in a detailed September 6, 2022, Opinion, Vice Chancellor Glasscock granted the defendants’ motion to dismiss. Specifically, he held that the plaintiff had failed to make a sufficient showing that a pre-suit demand on the company’s board would have been futile. (The SolarWinds cybersecurity-related shareholder derivative suit is discussed further below.)
These latest rulings follow in the wake of a long history of dismissal motion grants in cybersecurity-related D&O claims. Thus, for example, in March 2022, the Ninth Circuit affirmed the dismissal of the cybersecurity related securities suit that had been filed against Zendesk, and in April 2022, the Fourth Circuit affirmed the dismissal of the high-profile data breach-related securities suit that had been filed against Marriott (as discussed here).
However, and notwithstanding this history, plaintiffs’ lawyers continue to file cybersecurity related claims. Thus, for example, and as discussed here, in October 2020, the payment technology firm, Block, Inc., was hit with a securities class action lawsuit after it announced that that a former employee had improperly accessed and downloaded company customer data.
Similarly, in September 2022, and as discussed here, the social media company Twitter was hit with a securities class action lawsuit following news that a whistleblower had sent Congress and federal agencies explosive reports of “major security problems” at the company. According to the news reports, the whistleblower’s disclosure not only detailed privacy and cybersecurity vulnerabilities at Twitter, but also included allegations that company management had misled its own corporate board and government regulators about the vulnerabilities.
There were other examples of cybersecurity related D&O lawsuit filings during 2022. For example, in February 2022, secure technology company Telos Corporation was hit with a securities suit following a decline in the price of its shares after the company experienced revenue delays owing to cybersecurity and coronavirus-related “headwinds” that postponed the company’s performance of two key contracts. Similarly, on May 20, 2022, a plaintiff shareholder filed a securities suit against the cybersecurity firm Octa, Inc., relating to the decline in the company’s share price following revelations of a data breach at the firm.
At least part of the reason that plaintiffs’ lawyers persist in filing these cybersecurity-related suits may be discerned from the circumstances involving SolarWinds. As noted above, following the company’s disclosure of a cyberattack, the company was hit with several lawsuits; in addition to the shareholder derivative suit, which, as discussed above, was dismissed, the company was also hit with a related securities class action lawsuit. The securities suit, by contrast to the derivative suit, survived the dismissal motion, as discussed here. Following the dismissal motion denial, SolarWinds settled the securities suit for $26 million, as discussed here.
It may be that the plaintiffs’ lawyers are not as focused on the mixed record on motions to dismiss as they are in the possibility of making a big score in one of these cases. The $149 million settlement in the Equifax cybersecurity-related securities lawsuit certainly provides incentive enough for plaintiffs to pursue these kinds of claims. The likelihood is that notwithstanding the plaintiffs’ relatively poor record overall in these kinds of cases, cybersecurity-related securities suits and other D&O claims are likely to continue to be filed.
One important development worth watching in connection with this issue is the SEC’s pending action on the agency’s proposed cybersecurity disclosure guidelines. The guidelines, which the agency proposed in March 2022, include both incident reporting guidelines and risk management and governance disclosure guidelines. The agency’s guidelines will impose significant new reporting and disclosure requirements. The guidelines’ requirements could create significant new litigation risk for companies whose disclosures fall short of the requirements or whose actual cybersecurity experience differs from circumstances described in the company’s cybersecurity disclosures.
7. Under the Current Administration, the SEC Has Been Active
If you have the sense that under the current administration the SEC is more active and more aggressive, two November 2022 reports will confirm that your sense is correct.
First, on November 15, 2022, the SEC’s Enforcement Division issued its Enforcement Results Report for FY 2022 (ended September 30, 2022), showing that during the fiscal year money ordered in SEC enforcement actions totaled $6.439 billion, the most on record in SEC history.
Second, on November 16, 2022, Cornerstone Research, in conjunction with the NYU Pollack Center for Law & Business, issued its report on SEC Public Company-related enforcement activity during FY 2022, which shows that the agency’s actions against public companies increased relative to prior fiscal years and that the agency’s $2.8 billion in aggregate total monetary settlements with public companies during FY 2022 was the highest in any fiscal year.
The SEC’s report contains several portentous messages, as well. For example, the report emphasized that “individual accountability is a pillar of the SEC’s enforcement program,” and highlights several specific cases in which individual defendants were charged with securities law violations. In a detail that should heighten concerns about the SEC’s recently enacted Compensation Clawback Guidelines, the report specifically notes several cases where corporate executives were ordered to return bonuses and compensation following misconduct at their firms, pursuant to previously existing requirements under the Sarbanes-Oxley Act. The report cites a statement from the SEC Enforcement Division’s Director, Gurbir Grewal, as saying that the Enforcement Division is “working with a sense of urgency to protect investors, hold wrongdoers accountable, and deter future misconduct in our financial markets.”
According to the Cornerstone Research Report, the SEC filed 68 actions against public companies and their subsidiaries during fiscal year 2022, representing a 28% increase from the 53 actions in FY 2021, and the highest number of annual actions since the total of 95 actions in FY 2019. Interestingly, the agency filed more than three-quarters of the 68 actions in the second half of FY 2022, including 27 actions in September, the last month of the fiscal year, the highest total in any FY final month in the report’s data set.
While the 68 actions in FY 2022 represents an increase in the number of actions compared to the two preceding fiscal years, the FY 2022 total is consistent with the FY 2013-FY 2021 annual average number of actions of 68.
The average public company settlement during FY 2022 of $42 million far exceeded the average public company settlement during the period FY 2013-FY 2021 of $29 million, and the median public company settlement during FY 2022 of $9 million was three times the $3 million annual median settlement during the period FY 2013-FY 2021.
The two reports substantiate that the SEC was active and aggressive during FY 2022, the first full fiscal year of Gary Gensler’s tenure as Chair of the SEC. The SEC clearly wants to communicate that there is an alert and active cop on the beat. The agency is also clearly trying to communicate several other messages, including the fact that individuals will be held accountable for wrongdoing and that gatekeepers are answerable as well.
The heightened levels of activity under the current administration is not limited just to enforcement activity. The current administration has also been active in terms of proposed rulemaking as well. As the SEC’s Office of the Inspector General noted in an October 13, 2022 report (here), in just the first eight months of FY 2022, the SEC introduced a total of 26 proposed new rulemaking initiatives, higher than the number of rulemakings the agency proposed in any of the preceding five full fiscal years.
The possibility of an SEC enforcement action is something that companies need to consider in connection with their D&O insurance placements. While the penalties, fines, and disgorgement associated with most SEC enforcement actions likely would not be covered under the typical D&O insurance policy, the defense costs the company and its executives incur in many instances potentially could be covered, in whole or in part.
The possibility that companies might need its insurance to pay these costs needs to be taken into account in connection with the company’s D&O insurance limits selection, as these costs often are incurred at the same time as the company is also incurring fees and facing the possibility of separate settlements in connection with related civil actions. In a world where the SEC is as active as the agency is under the current administration, the calculus of limits sufficiency may be a very different matter altogether.
8. U.S. Supreme Court Agrees to Take Up ’33 Act Standing in Slack Direct Listing Case
The Supreme Court does not frequently agree to take up securities class action lawsuits for consideration, so when the Court does take up a case, it captures the attention of the everyone in the corporate and securities litigation world. Even if the case involved presents only a narrow set of issues, the case nonetheless presents the opportunity for the Court to deliver clarifying pronouncements about securities litigation generally. And so, for these reasons, the U.S. Supreme Court’s December 13, 2022, announcement that it had agreed to take up the question of ’33 Act liability action standing in connection with the securities suit arising out of information technology company Slack Technologies June 2019 direct listing represents a significant development in the D&O claims arena.
By way of background, Slack went public in June 2019 through a direct listing of its shares rather than through a traditional IPO. In connection with the listing, the company filed a registration statement registering 118 million shares that were offered simultaneously with 165 million unregistered shares.
In September 2019, a plaintiff shareholder filed a securities class action lawsuit against the company and certain of its directors and officers alleging misrepresentations in connection with the company’s June 2019 share listing. The defendants moved to dismiss the plaintiff’s complaint, alleging that the plaintiff could not establish standing to bring his claims under the ’33 Act because he could not show that he purchased shares pursuant to the company’s registration statement.
In an April 21, 2020 order, Northern District of California Judge Susan Illston denied the defendants’ motion to dismiss (here), despite Slack’s argument that the plaintiff could not trace the purchase of his shares to the registration statement. The Ninth Circuit granted Slack’s request for an interlocutory appeal.
On September 21, 2021, the Ninth Circuit, in a 2-1 opinion written by Judge Jane A. Rastani, affirmed the district court, holding that in connection with Slack’s direct listing both the registered and unregistered shares were sufficiently traceable to the registration statement and therefore that the plaintiff had standing to bring the ’33 Act claims. The appellate court said that the statute should be construed broadly in order to effectuate its purposes; a narrower reading, the appellate court said, would undermine the availability of the remedy in the event of a direct listing.
Judge Eric Miller dissented from the majority opinion based on his view that the majority opinion conflicted with the reading adopted by every other court to take up the standing question. He said further that the statutory language at issue did not support standing to bring ’33 liability claims based on the purchases of shares that cannot be traced to the registration statement, and that if this results in a policy problem, it was up to Congress to address the issue.
The defendants filed a petition to the U.S. Supreme Court for a writ of certiorari. The defendants’ petition seeks to have the court address the question: “Whether Sections 11 and 12(a)(2) of the Securities Act of 1933 require plaintiffs to plead and prove that they bought shares registered under the registration statement they claim is misleading.”
In seeking to have the Court take up the case, the defendants argued that the circuit courts had consistently held that only persons who could trace their shares to the registration statement had standing to assert ’33 Act liability claims. The defendants also argued that the Ninth Circuit’s policy rationale (that is, to ensure that investors who bought their shares in a direct listing had a remedy) should not undercut courts’ long-standing adherence to the statutory text that Congress wrote and has elected not to amend.
On December 13, 2022, the U.S. Supreme Court granted the defendants’ petition. The Court will hear argument in the case in 2023 and likely will decide the case by the end of June 2023.
At one level, it could be argued that this is a narrow case involving issues of limited potential applicability. According to an October 2022 PwC compilation (here), only 14 companies have gone public via a direct listing since Spotify, as the first company to do so, completed a direct listing in 2018. Some of the other companies that have gone public through a direct listing since then, in addition to Slack, are Palantir, Asana, Roblox, and Ziprecruiter. The question of whether an investor who purchases shares in direct listing has standing to bring a ’33 Act liability action arguably affects only a very small group of investors.
Despite the case’s seemingly narrow aspect, it is nonetheless a significant development that the Court has agreed to take up the case. The fact is that the Supreme Court does not take up that many securities cases, and any time it does, it opens the possibility for the court to say something illuminating or even transformational about liability actions under the securities laws.
Beyond these more general considerations, there are some more specific reasons why this case could turn out to be more significant than it might appear from its seemingly narrow aspect. For starters, there is nothing that says that the Court’s consideration of ’33 Act standing issues will be confined to the context of direct listings. The Court could have something to say about ’33 Act standing generally, that could affect cases in contexts other than just direct listings. Although I do not consider it likely, if the Supreme Court were to take up and endorse the policy reasoning of the Ninth Circuit– and in particular, the Ninth Circuit’s disposition to give consequential weight to the remedial purposes of the ’33 Act’s liability provisions — it could have a broader impact and affect ’33 Act liability actions more broadly, relating to IPOs, SPACs, and secondary offerings. In short, the Slack case before the U.S. Supreme Court is one to watch.
9. Duty of Oversight Claims May be Prove Difficult to Sustain, After All
A claim alleging a board’s breach of the duty of oversight has long been regarded as one of the most difficult for a plaintiff to sustain. But after the Delaware Supreme Court’s 2019 opinion in Marchand v. Barnhill, breach of the duty of oversight claims (or Caremark claims, as they are sometimes called) have in recent years, as Vice Chancellor Sam Glasscock put in in his recent opinion in the SolarWinds case, “bloomed like dandelions after a warm spring rain.” Some commentators questioned whether oversight breach claims were in fact as difficult to sustain as is so often said.
Many of these questions about the difficulty of oversight breach claims followed in the wake of the September 2021 dismissal motion denial in the Boeing 737 Max air crashes breach of the duty of oversight lawsuit (discussed at length here). The liability possibilities for breach of the duty of oversight claims was underscored when the Boeing 737 Max oversight breach case later settled for $237.5 million, in one of the largest shareholder derivative lawsuit settlements ever.
There is no doubt that exposure to breach of the duty of oversight claims represent a significant and important liability risk for corporate boards, one that boards must take seriously and consider in structuring their processes and functions. But while there have been several significant recent cases in which breach of the duty of oversight claims have been sustained, even the rulings allowing these kinds of claims to go forward have emphasized pleading requirements that likely will not be satisfied in most circumstances.
The constraints applicable in breach of the duty of oversight claims was underscored in the recent decision on the defendants’ motions to dismiss in the SolarWinds Cyberattack-related shareholder derivative lawsuit. As noted above, in a detailed September 6, 2022 Opinion, Vice Chancellor Glasscock granted the defendants’ motion to dismiss.
In assessing the plaintiff’s breach of the duty of oversight claims, Glasscock emphasized that in order to sustain a claim for breach of the duty of oversight, “the lack of oversight pled must be so extreme that it represents a breach of the duty of loyalty,” which in turn “requires an action (or omission) that a director knows is contrary to the corporate weal.” A viable claim for breach of the duty of oversight may be established only for either “utter failures by directors to impose a system for reporting risk” or for “failure to act in the face of ‘red flags’ disclosed to them so vibrant that lack of action implicates bad faith, in connection with the corporation’s violation of positive law [emphasis in original], have led to viable claims under Caremark.”
Having reviewed the applicable standards, Vice Chancellor Glasscock found that the director defendants “(1) are not credibly alleged to have allowed the company itself to violate law, (2) did ensure that the company had at least a minimal reporting system about corporate risk, including cybersecurity, and (3) are not alleged to have ignored sufficient ‘red flags’ of cyber threats to imply a conscious disregard of a known duty, indicative of scienter.” In other words, the Vice Chancellor said, “the directors failed to prevent a large corporate trauma, but the Plaintiffs have failed to plead sufficient facts from which I may infer bad faith liability on the part of a majority of directors regarding that trauma.”
One particular significance to Vice Chancellor Glasscock’s ruling has to do with the context of a breach of the duty of oversight claim involving a cybersecurity incident. In the immediate aftermath of the Delaware Supreme Court’s 2019 decision in Marchand v. Barnhill, one question that was asked was whether claimants might seek to assert breach of the duty of oversight claims in the context of cybersecurity and privacy issues. After all, for many companies these days, cybersecurity is mission critical.
However, there are now two Delaware court decisions in which attempts to assert an oversight duty claim in the context of a cybersecurity incident have been unsuccessful. As I noted at the time, in October 2021, Delaware Vice Chancellor Lori Will dismissed the shareholder claims asserted against the Marriott Board in connection with the massive and high profile cybersecurity incident the company had sustained. Vice Chancellor Glasscock subsequently rejected the cybersecurity related oversight breach claims asserted against the SolarWinds board.
To be sure, Vice Chancellor Glasscock did not hold that a claimant could never sustain a cybersecurity related oversight duty breach claim. But his opinion does contain a number of points that underscore how difficult it would be for a claimant to succeed on this theory.
First, as he emphasized throughout his opinion, the plaintiff here had not (and apparently could not) allege that the SolarWinds board had violated positive law. The criminal acts of third parties means only that the company was the victim of legal violations not the perpetrator. The absence of legal duties means that cybersecurity is a business risk, one of many the company faces. In order for the cybersecurity-related business risk to give rise to potential board liability, the claimant must establish a “nexus” between the risk and the board, which this plaintiff was found to have failed to do.
In addition to emphasizing the difficulty of establishing an oversight duty breach in the cybersecurity context, Vice Chancellor Glasscock’s opinion underscores the difficulty of establishing an oversight duty breach in any context. After reading Judge Glasscock’s opinion, one is left with the impression that an oversight duty breach claim may indeed be one of the most difficult claims for a plaintiff to sustain.
For boards themselves the lessons are clear. As the Skadden law firm put it in a December 2022 memo, the recent case law in breach of the duty to monitor case shows that “a board’s decision to implement a reporting system for a ‘mission critical’ risk, and the board’s good faith efforts to monitor that risk, may mitigate the threat that a board could face fiduciary duty liability, even if a court, in hindsight, could critique the board’s performance in monitoring the risk.”
10. The Cycle Has Turned in the D&O Insurance Market
Insurance is a cyclical business, and during calendar year 2022 the cycle for D&O insurance decidedly turned in a direction more favorable to buyers. In order to understand where we are now and how we got here, it is necessary to review the developments in the D&O insurance market over the last several years.
In late 2018 and early 2019, after years of underwriting losses driven by chronic underpricing and following a spike in the number and severity of claims, D&O insurers began pushing for rate increases. The push found support in the market, and during the period 2019 through 2021, the D&O insurance industry moved into a true hard market. During the hard market, D&O insurance buyers not only faced steeply rising premiums, but also saw significantly increased self-insured retentions and reduced capacity available as carriers reduced the limits they were willing to offer for individual risks.
As is characteristic of hard insurance markets generally, the higher premiums and tightened market conditions attracted fresh capital and new players, many of which were able to get up and running during 2020 and 2021. In the short term, the new participants were able to take part in the relatively favorable conditions, particularly during 2021 as the financial markets were buoyed by a wave of SPAC IPOs and traditional IPOs. The D&O insurers, both legacy players and new entrants, set their budgets for 2022 based on assumptions about the continued availability of new business opportunities in the form of continued IPO and SPAC activity.
However, as we headed into 2022, traditional IPO and SPAC IPO activity fell off of a cliff. With new business opportunities gone, the insurers’ only chance to meet their aggressive budgets was to compete for existing business. As a result, during 2022, for the first time in several years, competition returned to the D&O marketplace, particularly with respect to higher attachment excess limits, as the new players sought to extract enough revenue to cover their operating costs.
The upshot of the renewed competition is that many D&O insurance buyers saw their D&O insurance costs decline in 2022 relative to the immediately preceding hard market years. Many buyers enjoyed double-digit price decreases, particularly with respect to the excess insurance costs. Not only did premiums improve for buyers during 2022, but self-insured retentions, which had reached lofty levels during the hard market, came down, in some cases by millions of dollars. In many instances, the insurers also increased the capacity they were willing to make available for individual accounts as well.
To be sure, some companies – such as crypto and other digital asset firms, financially troubled companies, and companies with checkered claims histories – continued to face a constrained market, but for most other buyers the D&O insurance market was more favorable in 2022 for the first time in years.
Which of course brings us to the question of what D&O insurance buyers can expect in 2023.
There are respectable and intelligent insurance industry observers – focused on the huge backlog of pending securities class action claims and concerned about the adverse macroeconomic conditions – who conjecture that D&O prices will level off at some point early in 2023. Were that to happen, it would certainly be beneficial for the overall health of the D&O insurance market.
However, it is also possible that the triggers of competition that came into play during 2022 will continue to operate, and that the new players, unburdened by an overhang of older claims, will continue to try to pick up business in order to ensure their own continued survival. While the actual conditions that will prevail in 2023 remain to be seen, it is possible that the forces that stimulated the turn in the insurance cycle in 2022 will continue to drive the market in 2023 – in which case, most buyers will continue to enjoy a relatively favorable market during the year.
The one thing that is sure is that in a transitional market it will be more important than ever for insurance buyers to associate a knowledgeable and experienced advisor in their D&O insurance placement.