Recent D&O Claims Developments

The D&O claims environment is now in an unusually uncertain state. An unpredictable U.S. economy, a struggling global economy, high inflation and interest rates, a tight labor market, the growth of artificial intelligence, and fluctuating fuel costs will likely create difficult challenges for many companies and a material increase in D&O claims activity in a wide variety of industries. As an example of the financial challenges now faced by a growing number of companies, corporate bankruptcies increased by 73% in 2023 to the highest level since 2010, according to S&P.

Added to this uncertainty is the Biden administration, which is proposing and implementing an increasing number of important regulations, is more aggressively pursuing regulatory enforcement proceedings, and is supporting wide-ranging social reforms. Those initiatives seem likely to directly or indirectly impact, at least to some extent, the nature, frequency and severity of D&O claims in various contexts.

The following summarizes many of the more important recent legal developments involving D&O claims. During these uncertain times, it is especially important for those who advise or insure directors and officers to carefully monitor and react to these and other developments.

  1. Securities Class Action Litigation. In 2023, the frequency of new federal securities class action litigation filings increased by 11%, ending a four-year decline in filings from 2019 to 2022. The technology and finance sectors accounted for a combined 40% of those filings. Merger objection suits remain very low, continuing a trend that began in 2021 when plaintiff lawyers began filing such suits as single-plaintiff cases rather than as class actions, thereby allowing the plaintiff lawyer to settle the case for a so-called mootness fee (without the need for court approval) following modest additional disclosures by the company.

The 2023 median settlement value in securities class actions was about the same as 2022, although the average settlement value increased by 17% due to several very large settlements.

The following summarizes some of the recent more important developments in securities class action litigation:

  1. Since 2019, four separate securities class actions involving D&Os have settled for more than $1 billion each. See VEREIT, Bausch Health (fka Valeant), Dell Technologies and Wells Fargo settlements. These 10-figure settlements can no longer be considered isolated but suggest a trend toward dramatically increased settlement amounts in at least the most severe cases. An increase in settlement amounts in more modest cases has also occurred to some extent, probably reflecting in part a trickledown from these huge settlements.
  2. The traditional belief that securities class actions which survive a motion to dismiss are largely indefensible as a practical matter is being challenged by some recent developments. For example, in February 2023, Elon Musk and other Tesla executives successfully defended at trial a securities class action lawsuit involving Musk’s 2018 tweet that he had “funding secured” to take Tesla private. An actual trial in a securities class action is quite rare, so some commentators have predicted an increase in these trials following Musk’s victory. That is very unlikely, though, because very few directors and officers have sufficient personal resources to bear the risk of a catastrophic judgment, which likely would not be insured (due to the conduct exclusion in D&O policies) or indemnified by the company (due to the failure to satisfy the standard of conduct in most indemnification statutes).

In August 2023, the Second Circuit decertified a class of investors who sued Goldman Sachs, thereby effectively ending a more than 10-year-old securities lawsuit. The ruling was based on a 2021 U.S. Supreme Court ruling in the same lawsuit which instructed lower courts when deciding whether to certify a class in securities litigation to examine actual facts (not just allegations, which is the standard for motions to dismiss) to determine if the alleged misstatements had a material impact on the company’s share price. The ruling creates new hope that at least some securities class actions can be defeated at the class certification stage even if the defendants’ motion to dismiss is denied. For example, in February 2024, the Federal District Court of Delaware refused to certify a class in a securities class action against M&T Bank Corp., concluding the plaintiffs failed to present evidence establishing loss causation and transaction causation during the class period. However, some courts continue to certify securities class actions despite the Goldman Sachs precedent. For example, (i) in January 2024, a New Jersey Federal District Court certified a class in a securities class action lawsuit against Johnson & Johnson, ruling that the defendants failed to completely rebut the presumption of price impact by a preponderance of the evidence, (ii) in February 2024, a California Federal District Court certified a class in securities litigation against Talis Biomedical, and (iii) in 2023, an Ohio Federal District Court certified a class in securities litigation against First Energy. Several of these recent decisions are now on appeal.

  1. SEC Enforcement. In addition to private securities litigation, D&Os need to also be concerned about SEC enforcement activity. The SEC is increasing its focus on holding directors and officers accountable in a variety of contexts. The three main factors which create concern for D&Os in this context are summarized below.

First, the revolving leaders at the SEC’s Division of Enforcement have repeatedly stated that “individual accountability” is one of the Division’s “core principles,” and that “pursuing individuals has continued to be the rule not the exception.” This includes being more aggressive with “gatekeepers” (including directors and officers), such as requiring defendants in certain enforcement action settlements to admit wrongdoing rather than merely “neither admit nor deny” wrongdoing which has been the norm for decades. Approximately two-thirds of the SEC’s cases in FY23 involved charges against individuals, and the SEC obtained 133 orders barring individuals from serving as officers and directors of public companies (which was the highest number in a decade).

Second, during its 2023 fiscal year, the SEC received over 18,000 whistleblower reports, which was a record. This increased frequency of whistleblower reports to the SEC appears to be attributable in large part to the significantly larger bounty awards now paid by the SEC to persons who provide information that materially assists the SEC in identifying and prosecuting securities law violations. In its 2023 fiscal year, the SEC paid a record $600 million to whistleblowers, including a record $279 million to one whistleblower (which was more than double the previous record and which was in addition to other large awards of $28 million, $18 million and $12 million in 2023).

Third, SEC enforcement actions can be particularly problematic for D&Os because they frequently last a long time and usually cannot be resolved at the same time as parallel securities class action and shareholder derivative litigation. As a result, a sufficient amount of the company’s D&O insurance limits should be preserved following a settlement of the private litigation to fund the ongoing and potentially very large costs in the SEC action.

However, in June 2024, the U.S. Supreme Court granted some relief for companies and their directors and officers in SEC enforcement proceedings by ruling the SEC cannot use in-house administrative proceedings to impose civil fines for securities fraud. Instead, the SEC must use courts for assessing those monetary sanctions, which is viewed as a more even-handed forum for the defendants.

The SEC’s impact on D&O exposures is not limited to enforcement actions. An increasing number of proposed SEC rules relating to a wide variety of topics will likely increase both SEC and private actions against D&Os. Three recently adopted SEC rules are particularly important for directors and officers.

First, in October 2022, the SEC adopted final rules to implement the compensation clawback provisions in §954 of Dodd-Frank. Pursuant to the new rules, any executive officer of a publicly-traded company that restates its financial statements must repay to the company any incentive-based compensation received by the officer during the three years prior to the restatement, regardless of whether the executive committed any wrongdoing or knew of the facts underlying the restatement. Importantly, the new rules prohibit the company from indemnifying the executive or purchasing insurance for the amount of the clawed back compensation, although executives who did not cause the restatement may personally purchase insurance for his or her clawback liability.

Second, in July 2023 the SEC adopted final rules requiring enhanced disclosures of cybersecurity incidents and risk management, which are briefly discussed on page 10 below.

Third, massive new rules regarding climate change disclosures were adopted in March 2024. See page 12 below.

These attempts to use disclosure rules to address social issues are controversial and are being attacked in the courts (with some initial success) based on arguments that the rules are outside the SEC’s legal authority and are arbitrary and capricious. Those arguments gained support in June 2024 when the U.S. Supreme Court overturned a 40-year old precedent which required courts to defer to the reasonable interpretation of a regulatory agency of ambiguous federal statutes. The Court criticized the prior precedent as impeding the constitutional separation of powers which limit the executive branch (i.e., administrative agencies) to enforcing the laws, not interpreting or creating laws. The SEC’s comprehensive new cyber and climate change rules arguably also impeded the constitutional separation of powers by creating new law rather than merely enforcing existing law.

  1. Derivative Suits. Historically, shareholder derivative lawsuits (which are cases brought by shareholders on behalf of a company against D&Os seeking damages incurred by the company as a result of alleged wrongdoing by the D&Os) have presented relatively benign exposures. Although frequently filed in tandem with a more severe securities class action, derivative suits usually have been dismissed by the court or settled for relatively nominal amounts for several reasons. For example, a committee of independent directors who were not involved in the alleged wrongdoing may determine that prosecution of the derivative suit on behalf of the company is not in the company’s best interest, in which case the court may dismiss the case. Likewise, the defendant D&Os usually have several strong defenses in the derivative suit, including pre-suit demand requirements, the business judgment rule, state exculpation statutes, and reliance on expert advisors.

Despite these procedural and substantive defenses, an increasing number of derivative suits are now settling for large amounts. The following summarizes many of the more recent “mega” derivative settlements.

 

Company Type of Incident Derivative Settlement
Tesla Excessive executive compensation $735 million of returned cash and equity compensation
Wells Fargo Widespread improper consumer banking practices $320 million
Alphabet Alleged culture of sexual discrimination/harassment and mishandling of complaints against senior executives $310 million diversity and equity fund for governance reforms
Renren Transfer of company assets to privately owned company at undervalued price $300 million
VEREIT Financial statement errors $286 million
Activision Blizzard Executive officers unfairly acquired a controlling interest in the company $275 million
Boeing Alleged breach of the Board’s safety oversight duties resulting in crash of two Max 737 aircraft $237.5 million
FirstEnergy Executives bribed state officials $180 million
McKesson Opioid-related wrongdoing $175 million
CBS/Paramount Allegedly unfair merger terms $167.5 million
News Corp. Relative of majority owner personally benefitted from acquisition of company; company’s employee journalists used illegal reporting tactics $139 million
AIG Allegedly fraudulent $500 million reinsurance transaction to mask company losses $150 million
Freeport-McMoRan Merger fraught with allegations of sweetheart deals and self-dealing $137.5 million
Cardinal Health Opioid-related wrongdoing $124 million
Oracle $900 million in insider trading in advance of disappointing earnings announcement $122 million
Broadcom Corp. Options backdating scandal that resulted in $2.2 billion write-down $118 million
Altria Group Inc. $12.8 billion investment in vape manufacturer Juul $117 million (including $100 million for programs to combat underage nicotine use)
AIG Allegation that company paid sham commissions to a closely-held insurance agency $115 million
L Brands Alleged sexual harassment and toxic workplace $90 million governance reform fund plus $21 million attorney fee award
21st Century Fox Allegedly rampant sexual harassment by former Fox executives $90 million
PG&E Corp. Gas Line Explosion $90 million
Del Monte Foods Leverage buyout of company by private equity firms $89.4 million
Pfizer Off-label marketing of drugs resulting in federal investigations and claims under the False Claims Act $75 million
Bank of America

 

Acquisition of Merrill Lynch based on allegedly false statements about Merrill’s losses $62.5 million

 

A number of factors appear to be contributing to this troubling trend of large derivative suit settlements, including:

  • Caremark Erosion. One of the primary substantive defenses for D&Os in many derivative lawsuits is the so-called Caremark defense, which in essence says D&Os are not liable for lack of oversight of company operations absent the director or officer engaging in self-dealing, having a conflict of interest or committing gross dereliction of his or her duty (i.e., acting in bad faith). A series of decisions issued over the last few years from Delaware courts have created uncertainty regarding this important defense. Some recent cases, particularly those involving public health and safety issues or egregious workplace behavior, have not applied the Caremark defense, including derivative lawsuits involving listeria-tainted ice cream (2019 Marchard case), 737 Max airplane crashes (2021 Boeing case) and opioid anti-diversion obligations (2024 Amerisource Bergen case and 2023 Walmart case).

But, in other less alarming derivative oversight lawsuits, Delaware courts have applied the defense, including the 2021 Marriott and the 2022 Solar Winds cases involving a cyber breach, the 2023 Segway case involving financial reporting issues, the 2024 Walgreen’s case involving the company’s prescription management system, and the 2024 Centene case involving inaccurate cost reports to Medicaid. In the Solar Winds case, the Delaware Chancery Court recognized Caremark oversight claims have recently “bloomed like dandelions after a warm spring rain,” but those claims “remain, however, one of the most difficult claims to clear a motion to dismiss.” In the Segway case, the Delaware Chancery Court similarly confirmed a valid oversight claim exists only in “the extraordinary case where fiduciaries’ ‘utter failure’ to implement an effective compliance system or ‘conscious disregard’ of the law gives rise to corporate trauma.” Likewise, in the Walgreen’s case, the Delaware Chancery Court expressed concern about oversight claims being “reflexively filed” whenever a company “encounters an adverse circumstance,” thereby weakening the core protections of the business judgment rule and draining resources from the company the derivative plaintiffs purport to represent. Instead, a valid oversight claim should be a “rare event” according to the court. In the Centene case, the Delaware Chancery Court recognized “a bad outcome, without more, does not equate to bad faith” by the directors, which is required for an oversight claim against the directors.

The derivative litigation against McDonald’s directors, CEO and Chief People Officer involving company-wide sexual harassment allegations demonstrates the changing and confusing legal landscape today regarding Caremark claims. In January 2023, the Delaware Chancery Court refused to dismiss the claims against the executive officers, finding for the first time that officers have the same oversight duty as directors and the officers’ alleged wrongdoing in this case was sufficiently egregious to survive the Caremark defense because the officers directly participated in the company’s sexualized culture. But, two months later, the Court dismissed the oversight claims against the directors even though the directors knew about the sexual harassment allegations. Because the directors responded to the problem (albeit insufficiently), the Court determined the directors’ conduct did not constitute bad faith and thus dismissed the claims.

  • Duplicate Lawsuits. Unlike most securities class actions which must be litigated in federal court, derivative litigation is usually filed in state court. Also, unlike securities class action litigation, there is no mechanism to consolidate multiple derivative lawsuits into one state court proceeding. As a result, multiple derivative cases, each prosecuted by a different plaintiffs’ firm, will often proceed in different courts, even though all of the lawsuits assert essentially the same claims on behalf of the company. This results in higher defense costs, inconsistent court rulings in the parallel cases, and the potential for higher settlement amounts to resolve all of the lawsuits.

A forum selection clause in a company’s bylaws is an increasingly important tool to avoid such duplicate derivative lawsuits. Under relatively new statutes in Delaware (Section 115, Delaware General Corporation Law) and a few other states, public companies chartered in those states may adopt a forum selection bylaws provision which requires all proceedings relating to internal affairs of the company (such as derivative suits) to be filed and adjudicated only in the state designated in the bylaws. Such forum selection bylaw provisions can prevent multiple derivative lawsuits being prosecuted in multiple and hostile forums. The Seventh and Ninth Circuits recently issued conflicting opinions regarding the enforceability of such a state forum selection bylaws provision if the derivative suit includes claims for false proxy statements in violation of Section 14(a) of the Securities Exchange Act. The Seventh Circuit held the provision is invalid as to Section 14(a) claims because such claims must be brought in federal court (i.e., plaintiffs would be precluded from asserting Section 14(a) claims in a derivative suit if the state forum selection provision is enforced). But the Ninth Circuit upheld the enforceability of the provision even with respect to Section 14(a) claims.

  1. Criminal Proceedings. In recent years, regulators, prosecutors and commentators have repeatedly discussed the importance and purported commitment by the government to hold executives criminally accountable for wrongdoing. In the aftermath of the financial crisis in the late 2000s, there was a large public outcry for the prosecution of responsible individuals, although those prosecutions were essentially non-existent. Regulators and prosecutors both then and now repeatedly express the importance of criminal prosecution of executives.

But, despite this rhetoric, the prosecution of white-collar crime remains surprisingly infrequent, particularly with respect to directors and senior executives of large public companies where decisions are often made “by committee” without clear attribution to one or a few individuals who possess the necessary intent to violate the law. In addition, prosecutors often have limited resources and usually only bring cases they believe they can win. As an example of these challenges, in January 2021, a federal appeals court overturned the convictions of four former executives of Wilmington Trust, which was the only financial institution criminally charged in connection with the federal bank bailout program following the 2008 financial crisis. More recently, in June 2024, a California federal jury acquitted the former CEO and the former finance Vice President of Autonomy of criminal charges that they deceived HP about the software company’s business and financial health prior to HP’s purchase of the company for $11.7 billion.

Despite these challenges for prosecutors, numerous recent examples demonstrate that criminal exposure for executives is very real in several circumstances.

First, even in a large public company, senior executives who have direct responsibility for matters which create spectacular losses can be incarcerated. For example, in the last few years the former CEO and COO of SCANA pled guilty to defrauding customers and others with respect to a failed $9 billion nuclear construction project; the former CEO of SAExploration and the former CFO of Roadrunner Transportation Systems were sentenced to three years and two years in prison, respectively, for their roles in fraudulent accounting schemes at their companies; the former CEO (Elizabeth Holmes) and former COO of Theranos were convicted of securities fraud and sentenced to 11 years and 13 years in prison, respectively; the former CEO of cryptocurrency company FTX (Sam Bankman-Fried) was convicted in 2023 of multiple counts of fraud and sentenced to 25 years in prison; and the former CEO of cryptocurrency company Biance Holdings pled guilty to violation of the Bank Secrecy Act by failing to adopt anti-money laundering policies and was sentenced to four months in prison.

Second, lower-level executives who more easily can be shown to have knowingly participated in criminal wrongdoing are more frequently prosecuted than senior executives. Recent examples of charges against mid-level executives include: (i) six mid-level executives of Citigo were convicted in Venezuela of corruption charges, (ii) the Senior Vice President of Governmental Affairs of Com Ed pled guilty to charges involving the bribery of governmental officials, (iii) an executive of Sandoz, Inc. pled guilty to price-fixing charges involving generic drugs, and (iv) a former executive of Netflix was convicted of money laundering and bribery for accepting stock options, cash and gifts from third-party vendors in exchange for lucrative contracts with the company.

Third, individuals who are senior executives (and also large owners) of smaller companies are easier targets of criminal charges because of their more intimate knowledge of company operations. For example, in 2024, (i) the CEO and founder of a software company was sentenced to 18 months in prison and assessed a $1 million fine for inflating the company’s financial statements in connection with a securities offering that raised $60 million, (ii) the CEO of a clean energy company was sentenced to six years in prison following his conviction for defrauding investors out of $1.1 million, (iii) the former CEO of a dental device company pled guilty to defrauding investors out of $10.7 million, (iv) the CEO of a cryptocurrency company plead guilty to violating the Bank Secrecy Act by not adopting policies to prevent money laundering, (v) the former CEO of a medical device company was sentenced to six years in prison for healthcare fraud in connection with the company selling non-functional pain management device components, (vi) the former CEO of a management software company was sentenced to 20 years in prison for using company assets for personal benefits; (vii) the former CEO of a health advertising company was sentenced to seven and one-half years in prison for misrepresenting to investors, lenders and customers the company’s value and capabilities; and (viii) the former CEO of a healthcare software company was convicted of securities fraud for falsely declaring the company had a multimillion dollar deal to buy and resell COVID test kits.

These criminal prosecutions are based on an increasing number of legal theories. For example, in 2023 a jury convicted two executives of an appliance sales and distribution company for failing to report to the federal Consumer Product Safety Commission defects in dehumidifiers sold by their company. The case reportedly was the first time executives were prosecuted under the Consumer Product Safety Act.

  1. Cyber Claims. Unquestionably, cyber-related losses and claims are one of the most troubling future exposures for companies. It is virtually impossible for companies to prevent cyber attacks. Loss mitigation, rather than loss prevention, seems to be the only strategy available for most companies.

Surprisingly to some, the liability exposure of directors and officers for cyber-related claims is less predictable. Prior to 2017, no cyber-related securities class action lawsuits were filed even with respect to very large and highly-publicized cyber intrusions at large companies. More recently, plaintiff lawyers have filed a growing number of such securities class actions, including cases against Marriott, Chegg, Google/Alphabet, FedEx, Capital One, First American Financial Corp., Solar Wind, Yahoo!, Equifax, Telos, Octa and their D&Os. These cases are still somewhat uncommon despite the large number of companies which experience data breaches because in most cyber attack situations, the company’s stock price does not materially drop following disclosure of the attack. But, if there is a material stock drop following disclosure of the cyber breach, a securities class action is likely, and those securities class actions can be expensive, particularly if the company failed to promptly disclose the breach. For example, the Alphabet (Google) securities class action litigation which was related to a software flaw that allowed outside developers to access personal data of 500,000 users of the Google Plus social media site was settled in February 2024 for $350 million, the Yahoo! cyber-related securities class action litigation was settled in March 2018 for $80 million while a motion to dismiss was pending, the Equifax data breach securities class action litigation was settled in 2020 for $149 million, and the Solar Winds data breach securities class action was settled in 2022 for $26 million.

It is far from clear whether these cases will ultimately be successful on a widespread basis. Most of these securities class action lawsuits have been dismissed, primarily because the plaintiffs failed to sufficiently allege (i) the defendants acted with the requisite scienter (i.e., plaintiffs did not allege facts showing the defendants knew the size or impact of the breach at the time of the allegedly incorrect disclosures) , (ii) either a misstatement or omission of material facts, or (iii) loss causation (i.e., the misstatement or omission caused the company’s stock to be artificially inflated). The likelihood of these cases being dismissed increases if the company’s disclosures include detailed and specific cautionary statements about cyber risks and do not characterize the quality of the company’s cybersecurity. Despite plaintiffs’ limited successes in cyber-related securities claims, the general trend of courts dismissing these cases continues to exist as evidenced by (i) the Ninth Circuit affirming on March 2, 2022 a District Court dismissal of a data breach-related securities class action against Zendesk, (ii) the Fourth Circuit affirming in April 2022 a District Court dismissal of a data breach-related securities class action against Marriott and its D&Os, (iii) a District Court in Virginia dismissing a cyber-related securities class action against Capital One in September 2022, (iv) District Courts in California dismissing cyber-related securities class actions against First American and Okta in September 2021 and March 2023, and (v) a New York District Court dismissing most of the SEC’s cyber-related claims against SolarWinds Corp. in July 2024.

On July 26, 2023, the SEC adopted final rules requiring enhanced disclosures by public companies regarding material cybersecurity incidents and the company’s risk management and board oversight of cybersecurity matters. The rules significantly increase a company’s disclosure requirements in this area. For example, material cybersecurity incidents need to be disclosed within four business days after the company determines the incident was material (that determination must be made without unreasonable delay following discovery of the incident). The disclosure must describe the material aspects of the nature and scope of the incident as well as the likely material impact of the incident on the company’s operations and financial condition. Those disclosures need to be updated periodically. Also, the board’s oversight of cybersecurity risks, the company’s policies and procedures for identifying, assessing and managing those risks, and the cybersecurity expertise of management need to be disclosed in the company’s annual report. These disclosure requirements will likely result in not only increased cyber-related scrutiny by the SEC, but also increased securities claims against companies and their directors and officers, not to mention very difficult compliance challenges.

In a bizarre development which may signal heightened exposure for cyber-related claims by the SEC against D&Os, a cyber ransom gang filed in 2023 a whistleblower complaint with the SEC alleging a company that was hacked by the gang failed to disclose to the SEC, consistent with the new SEC cyber disclosure rules, the security breach and its impact on the company. The gang apparently intended to enhance its future negotiation leverage over other companies hacked by the gang.

Shareholder derivative lawsuits against directors and officers are another litigation response when a company suffers large cyber-related losses. However, this type of derivative litigation is also challenging for plaintiffs in light of the business judgment rule, the applicable state exculpatory statute for directors, and other state law defenses for the defendant directors and officers. But, a few cyber-related derivative lawsuits have recently settled or survived a motion to dismiss. Most notably, the Yahoo! derivative suit settled for $29 million, due in large part to the extraordinary number of people impacted by the breach (i.e., as many as 1.5 billion users) and the two-year delay in disclosing the breach. Other cyber derivative settlements are far smaller, often including a modest plaintiff fee award and the company agreeing to certain governance reforms. In October 2021, the Delaware Chancery Court dismissed a cyber-related derivative lawsuit involving the Marriott data breach.

The area of greatest potential exposure for directors and officers regarding cyber matters does not arise from acts or omissions by directors and officers prior to the attack, but rather from conduct of directors and officers once the attack is identified. Disclosures regarding the scope, effect and cause of the attack, and the response by management immediately following the attack, can potentially create either securities class action or shareholder derivative litigation. Therefore, companies should develop and implement long before a cyber attack actually occurs effective protocols and action plans which describe what should and should not be done if a cyber attack against the company occurs. Careful advanced planning in this area can provide a unique opportunity to minimize the potential personal liability of directors and officers for post-attack conduct.

Another related D&O exposure in this context is the potential for criminal charges. For example, in October 2022, the former chief security officer of Uber was convicted of obstructing the FTC’s investigation of a cyber breach involving private personal information about the company’s customers. The company initially disclosed to the FTC the breach involved 50,000 customers. The defendant officer subsequently learned from the hackers in the context of a ransomware demand that the breach involved 57 million customers, but the officer failed to report that updated information to the FTC. In another case, the former chief information officer of Equifax was convicted of insider trading and sentenced to four months in prison based on his sale of $950,000 of company stock before the company’s massive data breach was publicly disclosed.

  1. ESG Claims. In the last several years, an unprecedented number of so-called ESG claims were filed against companies and their directors and officers. The legal theories asserted in these claims are not new or unusual, but the factors which are causing the claims to be prosecuted are recent. Ironically, most ESG-related claims are asserted against companies who are proactive in addressing ESG concerns as opposed to companies who seemingly ignore the issues (often called “greenhushing”). Those proactive companies are often in a no-win situation because they are criticized for not doing enough (or misrepresenting the impact of what they are doing) or for doing too much. For example, American Airlines and certain of its fiduciaries were sued in June 2023 for pursuing “leftist political agendas” through ESG strategies which fail to maximize profits. Deutsche Bank paid a $19 million penalty to the SEC for making allegedly misleading statements about its use of ESG factors in connection with its research and investment recommendations. Other similar claims have been brought against directors of Disney, Starbucks, Target, Blackrock and the parent of Ben & Jerry’s (Unilever).

There are growing indications that the focus on ESG issues is waning. Most notably, the SEC stated in its annual report on 2023 examination priorities that ESG issues and concerns about greenwashing would be a significant focus, but the SEC’s annual report on 2024 examination priorities does not reference ESG matters, instead focusing on cybersecurity and crypto-related risks.

a.              Climate Change Claims. Although climate change issues permeate many industries and generate a variety of legal concerns, D&O litigation has been largely immune to those issues.

On March 6, 2024, the SEC adopted highly controversial new rules requiring larger registered public companies to disclose a wide range of information related to climate change and greenhouse gas emissions information and risks. For example, the new rules require companies to disclose in their SEC annual reports (i) the amount of their direct greenhouse gas emissions from their own operations and their indirect emissions associated with the generation of energy consumed by the company; (ii) their climate-related risk, such as the risk of financial harm caused by severe weather events like flooding and wildfires, (iii) their processes for identifying, assessing and managing these risks, (iv) a quantitative and qualitative description of their material expenditures to mitigate or adapt to those risks, and (v) any Board oversight of climate-related risks and any role by management in assessing and managing those risks.

The adopted rules are being legally challenged in numerous lawsuits both by plaintiffs who contend the rules exceed the SEC’s authority and by plaintiffs who contend the SEC should not have diluted the far more demanding proposed rules. Opponents of the new rules largely based their challenge on a June 2022 ruling by the U.S. Supreme Court which held that EPA rules limiting coal power plant emissions exceeded the EPA’s legal authority and are therefore unlawful. As a result of these legal challenges, the implementation of the new rules has been stayed.

By addressing climate change issues through disclosures to shareholders, the SEC is creating personal accountability for directors and officers who fail to comply with the new requirements. Not only will the SEC be a direct enforcer of the new disclosure requirements through proceedings against both the company and its directors and officers, but shareholders (and plaintiff lawyers) will undoubtedly use the new rules as a basis for securities class action lawsuits against directors and officers and their companies.

In October 2023, California enacted two far-reaching statutes requiring climate-related disclosures. The Climate Corporate Data Accountability Act requires greenhouse gas emissions data disclosure by all public or private entities doing business in California with gross annual revenues in excess of $1 billion. A second related statute requires companies with more than $500 million of gross annual revenues to develop a biennial report on its climate-related financial risks. The concerns described above under the newly adopted SEC climate change rules equally apply to these new California statutes. As similar additional new laws and regulations are enacted by the federal government and other states, companies and the D&Os may soon be faced with nearly impossible and conflicting climate-related legal requirements which dramatically increase their liability exposures.

The lack of current D&O litigation relating to climate change issues does not mean climate change litigation does not exist. An estimated 1,000 climate change lawsuits have been filed globally in recent years against companies and governmental authorities, with the large majority of those cases being filed outside the U.S. against non-U.S. entities. One well-publicized example is litigation involving Shell plc, a U.K. company. In May 2021, a Dutch court ordered Shell to reduce its emissions by 45% by 2030. On February 9, 2023, an environmental advocacy group filed a shareholder derivative lawsuit in the High Court of England and Wales against Shell’s directors alleging the board is not taking sufficient steps to address the future impacts of climate change and to comply with the court-ordered reduction in emissions.

It seems likely this highly litigious environment for climate change issues, when combined with increasing U.S. regulations in this area, will eventually result in meaningful D&O litigation in the U.S. and perhaps other countries.

  1. Executive Compensation. Although a board’s executive compensation decisions have typically not been overturned by courts consistent with the business judgment rule, the increasingly enormous size of some executive compensation arrangements have been reviewed by courts, with mixed results. On January 30, 2024, the Delaware Chancery Court rescinded Elon Musk’s $55.8 billion compensation package following a 2022 trial in a derivative lawsuit on behalf of Tesla against Musk and the Tesla board. The Court concluded Musk’s personal relationships with the directors removed the board’s compensation decision from the business judgment rule. As a result, the defendant directors were required, but failed, to prove the “entire fairness” of the compensation package, even though 74% of the Tesla shares not held by Musk or his brother approved the compensation package. Following Tesla’s subsequent reincorporation in Texas (see discussion below), Tesla shareholders again approved the compensation package under Texas law.

In contrast, a Federal District Court in New York in February 2024 dismissed a securities class action lawsuit against Apple and its directors and officers alleging the defendants misrepresented information about very large performance-based stock compensation awards to Tim Cook (Apple’s CEO) and other senior executives. The Court concluded the plaintiffs did not plausibly allege any actionable misrepresentations regarding the value of the awards.

  1. Reincorporation Outside of Delaware. In response to the Delaware Chancery Court rescinding Elon Musk’s $55.8 billion compensation package with Tesla (see summary above), Musk sought and obtained approval from both Tesla and Space X shareholders to reincorporate those companies from Delaware to Texas. Musk also reincorporated his brain implant company Neuralink from Delaware to Nevada. That strategy to leave Delaware as the state of incorporation has been highly publicized, and at least several other companies are considering or proposing similar moves out of Delaware to either Texas or Nevada.

There are numerous legal and financial implications to such a reincorporation. But Texas and Nevada statutory laws are clearly more protective of directors and officers than Delaware. For example, the Nevada liability exculpation statute applies to breach of any fiduciary duty, including the duty of loyalty (unlike Delaware law). Under Texas law, shareholder derivative suits are prohibited if independent directors decide prosecuting the lawsuit is not in the company’s best interest, unlike Delaware law which allows shareholders to avoid or circumvent the directors’ decision under certain circumstances. In addition, both Texas and Nevada permit a company to indemnify settlements in derivative lawsuits against directors and officers, unlike Delaware. These differences in state laws may result in D&O insurers treating companies who reincorporate out of Delaware to these or other comparable states more favorably when underwriting their D&O insurance.

Efforts to reincorporate outside Delaware may be criticized by shareholders who contend the reincorporation is motivated by the company’s directors’ attempt to insulate themselves from litigation. For example, in February 2024, the Delaware Chancery Court denied a motion to dismiss such a lawsuit against directors of Trip Advisor who approved the company’s reincorporation from Delaware to Nevada.

  1. Board Diversity Claims. The Black Lives Matter movement beginning in 2020 and the related sensitivity to racial equality and diversity has impacted virtually all aspects of society, including the business community. Corporations have quickly realized that real and immediate reform in this area is both socially and economically in their best interests. To further emphasize that point, California enacted a statute in September 2020 which requires public companies headquartered in California to include on their board of directors at least one representative of “underrepresented communities,” such as persons who are Black, African-American, Hispanic, Latino, Asian, Native American, gay, bisexual or transgender, although the statute was ruled unconstitutional by a California Superior Court on April 1, 2022 and by a California federal court on May 15, 2023. Washington has a similar statute requiring board of directors diversity. These statutes are similar to an earlier California statute enacted in 2018 which requires corporations headquartered in California to have a minimum number of females on their boards of directors.

In contrast, some other states, including Illinois, Maryland and New York, do not mandate such diversity but instead require companies to disclose the minority composition of their Boards in either publicly-available government filings or annual reports to shareholders. Yet another statutory approach, adopted by Colorado and Pennsylvania, urges but does not require board diversity by establishing non-binding diversity requirements.

Perhaps more impactful, in August 2021, the SEC approved new “comply or explain” guidelines issued by Nasdaq, which require most Nasdaq-listed companies to have—or explain why they do not have—at least two members of its board of directors who are “Diverse,” including at least one Diverse director who self-identifies as female and at least one Diverse director who self-identifies as an Underrepresented Minority or LGBTQ+. In October 2023, the Fifth Circuit ruled the new guidelines are not subject to constitutional challenge because Nasdaq is a private entity.

Since July 2020, shareholder derivative suits on behalf of numerous publicly traded companies have been filed related to board and employee diversity, seeking a wide range of relief such as replacing current non-diverse directors, disgorgement of directors’ fees and creating huge funds to hire minority employees. To date, none of these cases have survived a motion to dismiss.

  1. Artificial Intelligence. Artificial intelligence (AI) will likely have a profound impact on the liability exposure of directors and officers in future years, not unlike AI’s impact on businesses and society in general. In the D&O context, AI-related exposures will likely arise most frequently in securities class actions which focus on a company’s AI-related disclosures. Investors appear to have “irrational exuberance” for AI-related companies, much like the .com bubble in the late 1990s for internet-related companies. History has repeatedly shown that environment produces not only some wildly successful companies, but also many disappointing or failed companies which become targets of expensive D&O claims.

Examples of AI-related misrepresentation that may result in an artificial inflation of a company’s stock price and an eventual securities class action include:

  • A company may falsely promote itself as an AI company or having unique AI capabilities when in fact the company simply processes data.
  • A company may overstate or exaggerate its AI capabilities or is ability to successfully commercialize those capabilities (i.e., “AI-washing”).
  • A company may fail to fully disclose the material risks associated with its AI strategies and business, including risks from competitors, changing technology, rapid industry evolution, and claims by customers.

These types of lawsuits against companies and their directors and officers are already being filed, albeit in limited numbers so far. For example, AI-related securities class actions have been filed recently against D&Os of Upstart (an AI lending platform), Zillow (developer of the Zillow Offers AI tool which provides predictive pricing information for buyers and sellers of houses), Innodata (an AI-enabled software platform company), Evolv Technologies Holdings (developer of AI-based weapons detection products for security screenings), UiPath (robotic process automation tool manufacturer with supplemental AI-powered products), and Oddity Tech Ltd. (cosmetics internet platform which purportedly uses AI-based technologies to target consumer needs).

Potential AI-related shareholder derivative lawsuits may also be filed against directors and officers alleging breach of the defendants’ fiduciary duties in connection with AI matters. Examples of this type of claim may include:

  • Directors or officers may rely on AI in making a business decision that is harmful to the company, prompting shareholder allegations that such reliance was unreasonable without further investigation into the reliability, capability and accuracy of the AI systems used.
  • Directors or officers may fail to use commonly accepted and uniquely applicable AI systems to assist in their decision process, resulting in less informed decisions when compared with other companies under similar circumstances.
  • Directors and officers may authorize an expensive, resource-intensive but ineffective strategy to implement, use or market AI, resulting in significant losses and jeopardizing the company’s financial health and reputation.
  • Directors and officers may implement inadequate internal controls regarding AI issues resulting in significant claims against the company, including intellectual property infringement, invasion of privacy, defamation and similar tort claims.
  • Directors and officers may fail to identify or respond to company risks created by advisors, vendors, suppliers or competitors using (or misusing) AI technology.

In addition, the SEC has been clear that it intends to carefully monitor AI-related disclosures by companies. This oversight appears likely to result in enforcement actions against companies and their executives for misrepresenting AI-related matters.

The number of companies potentially impacted by AI risks is very large and growing. According to Bloomberg Law’s review of 2023 annual reports filed by S&P 500 companies with the SEC, over 40% of the reports mentioned AI. When that many companies promote their involvement in the new, rapidly developing and revolutionary world of AI, the likelihood of at least some of the D&Os liability risks summarized above occurring seems inevitable. Although the legal theories underlying those claims will probably not be new, the frequency and severity of those claims may be alarming for companies in virtually any industry.

August 2024

Authors
Dan Bailey
Member
Service Affiliation
Share
Scroll to Top