Risky Business: Protecting the Assets of Directors

by Pepper Hamilton LLP
Contact

Directors and officers are exposed to potential liability from suits by the company, shareholders, and debt holders, among others. There are, however, a number of protections available to protect the assets of directors and officers.

Published in the December 2017 issue of INSIGHTS (Volume 31, Number 12). INSIGHTS is published monthly by Wolters Kluwer, 76 Ninth Avenue, New York, NY 10011. For article reprints, contact Wrights Media at 1.877.652.5295. Reprinted here with permission.

Being a corporate director or officer can be risky business, especially for those involved with public companies. Directors and officers (Ds&Os) are exposed to lawsuits by the company, corporate successors, shareholders, debt holders, employees, bankruptcy trustees and governments. The building blocks of asset protection for Ds&Os are outlined in this article, as well as basic securities and fiduciary liability principles, updates on relevant government enforcement policies under the Trump Administration, and implications for D&O liability insurance coverage.

As discussed here, private securities claims and derivative suits against public company directors and officers are on a powerful upswing, with an unprecedented number of new lawsuits filed in 2017. Meanwhile, under the Trump administration, there are signs of a possible easing of government enforcement actions as the Department of Justice and SEC review prior policies governing corporate cooperation credit and the pursuit of individuals responsible for corporate wrongdoing. In these changing and challenging times, it is important for directors, officers and companies to review their corporate articles, bylaws, contracts and insurance to assure that corporate commitments and policies for protecting Ds&Os fit the needs of the company for balance sheet protection, flexibility and the exercise of discretion, and also satisfy the needs of Ds&Os for reliable and adequate sources of indemnity and advancement.

Asset Protection Overview

Lawsuits and demands against Ds&Os often materialize as claims for alleged violations of securities laws or breaches of fiduciary duties owed to the company or its stockholders. Directors and officers have several potential layers of protection for out-of-pocket expenses and losses, including legal costs, settlements and even judgments.

Statutory Corporate Indemnity and Advancement

State corporations laws permit or require companies to indemnify directors, officers, and employees who are forced to incur costs to defend or protect themselves in lawsuits or proceedings involving their work. Delaware and California law require indemnification of directors and officers who succeed in defending themselves—in Delaware “on the merits or otherwise” and in California “on the merits.”1

Delaware and California law also permit (but do not require) indemnification for defense costs, judgments, fines and settlements incurred by directors, officers and employees who acted “in good faith and in a manner reasonably believed to be in and or not opposed to the best interests of the corporation” or, in a criminal matter, “had no reasonable cause to believe the conduct was unlawful.”2

These are known as the “minimum standards of conduct” for permissive corporate indemnification. A corporation is not legally permitted to indemnify an individual for expenses resulting from conduct that fails to meet these standards. Nor may a corporation indemnify an individual for a judgment of monetary liability to the corporation itself.

Rather than face a potential non-indemnifiable liability, cases against Ds&Os generally settle, if they are not dismissed on pre-trial motions. Corporate laws permit a corporation to advance legal expenses prior to any final determination of whether an individual met the minimum standards of conduct for indemnification. In Delaware and California, corporations may advance defense costs if the individual promises to repay the money if he or she is later found not to have met the minimum standards of conduct for indemnification.3

In order to attract high quality Ds&Os to serve, many companies commit to indemnification and advancement of their Ds&Os in the articles of incorporation or bylaws “to the greatest extent permitted by law.” This language effectively makes permissive indemnification and advancement mandatory.

Contractual Indemnity and Advancement

Directors and officers can strengthen their rights to corporate indemnity and advancement by requiring, as a condition of employment, that the company enter into a private contract stating the terms of its obligation to indemnify and advance.4 Then, if later changes in the articles, bylaws, ownership, key decision-makers or policies are disadvantageous to a director or officer, the company is bound by its contractual agreements to them. These private agreements usually contain presumptions, burdens of proof, timetables and other terms that favor individuals and generally continue in force after the employment relationship or directorship ends.

Exculpation

Many states also permit companies to limit the personal liability of directors (but not of officers) to the corporation and its stockholders with an “exculpation” provision in the articles of incorporation. These provisions excuse directors from personal monetary liability to the company and its shareholders for breach of the fiduciary duty of care. Corporate laws do not permit exculpation, however, for breach of the fiduciary duty of loyalty, bad faith, intentional misconduct, knowing violations of law, transactions resulting in an improper personal benefit, or improper payment of corporate dividends.5

Third-Party Insurance

The final layer of asset protection is D&O liability insurance purchased by the company to protect corporate assets and provide coverage for Ds&Os when the company cannot or will not indemnify them. D&O liability insurance is designed to pay losses (including legal fees) for defending against allegations of “wrongful acts,” such as violations of securities laws or breaches of fiduciary duty, that result in damages to the company, its stockholders or investors.

Most D&O liability policies contain multiple products in a single policy. A traditional “ABC” policy covers personal asset protection and corporate balance sheet protection. Side A covers directors and officers when the corporation cannot or will not indemnify them—such as when it is insolvent, chooses to withhold indemnity, or concludes that an individual failed to meet the minimum standards of conduct. Side B reimburses the corporation for indemnification paid to directors and officers. Side C covers the corporation when it is named in a securities action. Finally, excess Side A DIC (difference in conditions) coverage is dedicated coverage for directors and officers that is not “shared” with the corporation. Side A DIC provides coverage in excess of a tower of primary and excess policies and, among other attributes, “drops down” to replace an underlying insurer if it becomes insolvent.

Although D&O policies provide coverage for claims alleging “wrongful acts,” they exclude coverage for willful or intentional misconduct, which is uninsurable as a matter of law and public policy. That said, insurance can provide coverage for conduct that would not be indemnifiable by the corporation, such as non-exculpable failure of oversight or forms of “bad faith” that do not rise to the level of intentional misconduct. Corporate laws generally allow companies to buy D&O insurance for nonindemnifiable claims.6

Liability Standards—Securities Laws

Corporate directors and officers have potential exposure under both state and federal laws for securities law violations, which commonly are based on allegedly misleading disclosures to investors or illegal sales of securities. Liability for securities violations ranges from mere negligence to intentional wrongdoing. Federal law preempts state law in securities fraud class actions.7

Section 10(b) of the Securities Exchange Act of 1934 (Exchange Act) is the work horse most often invoked against directors and officers in private securities litigation. Federal courts have exclusive jurisdiction over Section 10(b) cases, and most federal circuit courts have concluded that “recklessness” satisfies the mental state required to prove liability—although the U.S. Supreme Court has never determined whether “reckless” conduct is sufficient.8

Federal securities fraud class action filings hit a record pace in 2017, with the most new case filings since enactment of the Private Securities Litigation Reform Act of 1995 (PSLRA). The PSLRA set up legal hurdles and protections for companies, directors and officers, designed to weed out meritless claims at the pleading stage, often filed on little more than accusations of prior disclosure fraud when disappointing news results in a stock price decline.9

Sections 11 and 12 of the Securities Act of 1933 (Securities Act) are invoked against Ds&Os less frequently than Section 10(b) because they apply in narrower circumstances.10 Section 11 is designed to redress material misstatements in a registration statement, and most often invoked following a public offering, when stockholders can trace their purchases to a particular registration statement. Section 12 is designed to redress the illegal sale of unregistered securities and material misstatements in prospectuses and other offering materials. Ds&Os can defend themselves against misrepresentation claims under Sections 11 and 12 by demonstrating their due diligence and that they “had no reasonable ground to believe and did not believe” that the challenged statements were untrue when made.11

In 2017, the United States Supreme Court took up an important issue in Cyan Inc. v. Beaver County Employees Retirement Fund,12 about whether state courts have jurisdiction over claims filed under the Securities Act. From the mid-1990’s until recently, plaintiffs brought Section 11 and Section 12 claims in federal court, where many of the PSLRA’s protections operate through the federal rules of civil procedure.13 However, federal courts in California parted company with other jurisdictions by holding that state courts retain jurisdiction over 1933 Act claims. If the Supreme Court agrees, then public companies—especially new companies following an IPO—will face the prospect of securities class actions in state courts that lack familiarity with the federal securities laws and are not obliged to enforce some of the procedural protections contemplated by the PSLRA—thus, increasing D&O liability risk.

Liability Standards—State Fiduciary Duties

The liability of directors and officers for breach of fiduciary duties owed to the corporation or its stockholders is governed by state law—usually the state of incorporation.14 In Delaware, gross negligence violates the fiduciary duty of care.15 In California, directors and officers are held to a standard of ordinary negligence, except that directors, unlike officers, have no liability if they act in good faith and in reasonable reliance on others.16

Duty of Care: The Business Judgment Rule

The first line of defense in a breach of fiduciary duty case is the business judgment rule (BJR). By statute or common law, depending on the state, the BJR immunizes directors for decisions made in good faith and on an informed business basis, even if those decisions result in losses to the company or its stockholders. In Delaware, it is unsettled whether the BJR protects both directors and officers; in California, it protects only directors.17

Many states, including Delaware and California, recognize a presumption that disinterested directors acted in good faith and on an informed basis, and put the burden on plaintiffs to rebut the presumption that the BJR applies to a given board decision.

Where the BJR applies, courts are expected to defer to a board’s decision about managing corporate affairs.18 Even if a board’s business judgment is “substantively wrong, or degrees of wrong extending through ‘stupid’ to ‘egregious’ or ‘irrational,’ ” no court should second-guess it and no director should have liability for it as long as “the process employed was either rational or employed in a good faith effort to advance corporate interests.”19

Business judgments that result in waste of corporate assets, however, are not recognized as valid and could expose directors to personal liability. However, “waste” is a transaction “so one-sided that no business person of ordinary, sound judgment could conclude that the corporation has received adequate consideration.”20

Duty of Loyalty and Good Faith

Directors are not entitled to corporate indemnification—nor exculpated from personal liability—for breaches of the duty of loyalty or bad faith. “Bad faith” and the absence of good faith are “two sides of the same coin.”21 Bad faith in its “most extreme form” involves “the conscious doing of a wrong because of [a] dishonest purpose,” or “intentionally fail[ing] to act in the face of a known duty to act, demonstrating a conscious disregard for [his or her] duties.”22 In order to win a money judgment against directors, plaintiffs must allege and prove a non-exculpable breach of the duty of loyalty or bad faith. Accordingly, plaintiffs often allege that directors “consciously disregarded” a duty to intervene in events that are harmful to the company or its stockholders, or that they approved or engaged in transactions for self-interested reasons, knowing that their actions were not in the best interests of the company or its stockholders.

A transaction is self-interested when a director stands on both sides of it or is influenced by someone whose interests are across the table from the corporation’s interests. It is important to note that Ds&Os engage in business transactions with their companies not infrequently. These transactions are not inherently wrongful. Rather, the transaction will be subject to heightened judicial scrutiny, and the burden rests on the self-interested director to prove that the transaction was “entirely fair” to the corporation.23 This heightened scrutiny and burden expose the director to the risk of a finding that the director obtained a personal benefit that he or she knew was opposed to the best interests of the corporation or its shareholders—i.e., non-exculpable, non-indemnifiable conduct.

Liability for Failure of Oversight Under Caremark

Directors also face non-exculpable, non-indemnifiable liability exposure for a failure of corporate oversight that amounts to breach of loyalty. Under the Delaware Court of Chancery’s Caremark decision, directors face liability for breach of loyalty when “a loss eventuates not from a [business] decision but, from unconsidered inaction.”24 Directors may be liable if they knew or should have known that violations of law were occurring within the corporation and yet failed to take steps to prevent or remedy the situation. Directors must assure themselves that “information and reporting systems” exist that are reasonably designed to provide timely and accurate information sufficient to allow them to make informed judgments “concerning both the corporation’s compliance with law and its business performance.”25 “[A] sustained or systematic failure of the board to exercise oversight—such as an utter failure to attempt to assure a reasonable information and reporting system exists—will establish the lack of good faith that is a necessary condition to liability.”26

Because liability under Caremark is based on bad faith amounting to breach of the duty of loyalty, the company cannot indemnify a culpable director or officer. This narrows the potential source of indemnity to D&O insurance. A company may indemnify and advance legal fees and settlement costs, however, before a final determination of liability—which naturally tends to drive failure of oversight cases to settlement.

Government Investigations Focusing on Individual Wrongdoing

The federal titans of securities law enforcement—the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC)—have policies that encourage aggressive pursuit of individuals, both as sources of information and targets of enforcement action. These policies have negative implications for D&O defense.

The DOJ Policy

In a September 2015 memorandum by then-Deputy Attorney General Sally Yates, the DOJ announced a policy to more aggressively pursue individuals.27 This announcement followed an uptick in the number of individuals charged under the Foreign Corrupt Practices Act (FCPA) and the False Claims Act. Statements out of the DOJ under the new administration have raised some uncertainty about whether the policy will continue in full force.

The Yates Memo gave federal prosecutors and investigators guidance on “key steps” to strengthen pursuit of individuals for corporate misconduct. In order to gain “any” credit for cooperation, companies must turn over “all relevant facts” relating to conduct of individuals responsible for corporate misconduct. Both civil and criminal enforcement attorneys are to focus on individuals at the inception of an investigation and share information with each other. Enforcement attorneys may not agree to a settlement that protects individuals or resolves a corporate case without a clear plan to resolve individual cases. Finally, civil attorneys must consider actions for monetary recovery against culpable individuals regardless of ability to pay.

While the impact of the Yates Memo is still playing out, some commentators have noted a counterintuitive drop in FCPA enforcement actions against individuals.28 In a speech at New York University Law School in October 2017, Deputy Attorney General Rosenstein stated that while the Yates Memo is “under review” and subject to change, the policy of focusing on individual accountability for corporation wrongdoing will continue under the current administration.29 On the other hand, in a November 17, 2017 press release, Attorney General Sessions may have been alluding to the Yates Memo in declaring an end to the DOJ “practice” of blurring regulations and “guidance,” stating that the DOJ “will proactively work to rescind existing guidance documents that go too far.”30

The Yates Memo policies of targeting individuals responsible for corporate wrongdoing presents challenges to the protective use of corporate indemnity and third-party insurance. The criteria for obtaining cooperation credit pit companies against directors and officers in positions of oversight. Those potentially in harm’s way will want separate legal counsel early in any internal or government investigation, for which they will look to the company for immediate advancement. Third-party insurance may not be available to defray the cost because coverage generally is triggered by a claim for money and often provides only limited coverage, if any, to cover an investigation.

This dynamic increases the importance of careful consideration of potential conflicts that may require separate counsel for various corporate actors, which can spiral into a full-employment-act for lawyers unless carefully managed. At the same time, companies seeking to curry favor with the government may wish to maximize flexibility to refuse advancement to individuals perceived by the DOJ as potential wrongdoers. Of course, there may be legal limitations on a corporation’s ability to refuse advancement.

The impact of the DOJ’s cooperation program tends to make government investigations more complex, extend over a longer period of time, and foster more tension between and among Ds&Os who are under scrutiny and boards of directors or committees that are leading internal investigations. If an investigation leads to self-reporting of a violation of law, or an enforcement action based on, for example, information provided by a whistleblower, it may take longer for companies to settle while individual culpability remains under consideration. To assess the adequacy of D&O defense and protection, companies should reevaluate their indemnification and advancement bylaws, as well as insurance coverage, retention limits, excess coverage, policy language and exclusions, and Side A coverage for individuals.

SEC Policy

The SEC’s policies of pursuing individuals responsible for corporate securities violations have been endorsed under the Trump administration and raise many of the same challenges discussed above. A more recent SEC policy of requiring companies and individuals to admit wrongdoing in some cases as a condition of settlement further negatively impacts the D&O safety nets of indemnity and insurance.

Pursuit of individuals. SEC initiatives launched in 2010 and 2011 encourage individuals to cooperate and report corporate wrongdoing. The 2010 “Enforcement Cooperation Initiative” offers deferred prosecution agreements and non-prosecution agreements in exchange for cooperation,31 while the 2011 Whistleblower Program, implemented pursuant to the Dodd Frank Wall Street Reform and Consumer Protection Act, provides life-changing bounty awards for tips leading to successful enforcement actions, including against compliance officers and other gatekeepers.32

These programs operate in tandem with the SEC’s longstanding policy of encouraging corporate cooperation with SEC enforcement through self-reporting, self-remediation, and punishing and turning over individuals responsible for corporate wrongdoing. The 2001 Seaboard Guidelines, published in an SEC report of investigation, articulate the framework by which the SEC evaluates corporate cooperation, including factors considered in determining whether, and to what extent, the SEC will grant leniency for cooperating.33

These programs appear to be here to stay under the Trump administration, although details may be tweaked. The Whistleblower Program has continued to generate large rewards. An October 2017 SEC report announced that the total awards under the program have reached $162 million to 47 whistleblowers.34 A co-director of the SEC’s Division of Enforcement recently confirmed that the Seaboard Guidelines also will remain in effect, while acknowledging that the SEC should be more specific about the exact benefits of cooperation and provide greater transparency about why cooperation credit is granted or denied.35

Admissions of wrongdoing. In June 2013, then-SEC Chair Mary Jo White announced a shift in policy to seek more admissions of wrongdoing in settlements—a departure from the SEC’s longstanding practice of permitting settling parties to “neither admit nor deny” wrongdoing. According to a March 2015 article in The New York Times, the SEC had generated admissions of culpability in at least 18 different cases involving 19 companies and 10 individuals. In 2017, however, a co-director of the SEC Enforcement Division stated that, while the SEC supports having companies and individuals that admit wrongdoing to other agencies make similar admissions to the SEC, the “harder piece” is deciding whether to continue a policy of departing from the SEC’s “neither admit nor deny” practice.

The SEC’s policies of pursuing individual wrongdoers and seeking corporate cooperation raise the same issues discussed above regarding the DOJ policies of targeting individuals—i.e., more requests for separate counsel, advancement and indemnification, longer investigations, heightened tension between internal investigators and the subjects of investigation, and greater importance of Side A D&O insurance coverage.

Further, an admission of wrongdoing in an SEC settlement limits the ability of a settling director or officer to access corporate indemnity if the admission is deemed to establish non-indemnifiable conduct. Insurance may not be available to fill the gap because coverage for SEC investigations (as opposed to money damages claims) often is not covered or is limited, and there is no coverage for intentional wrongdoing. Ds&Os who admit liability also risk inability to access corporate or insurance funds for defense in parallel or follow on securities litigation, derivative suits and criminal proceedings.

Corporate D&O Litigation

M&A Lawsuits

Until 2016, whenever a public company was sold, the selling company’s board invariably found itself on the receiving end of a class action lawsuit for breach of fiduciary duty to the selling stockholders. So-called “merger objection” lawsuits typically were filed by stockholders of the selling company claiming that the directors and officers breached their fiduciary duties in negotiating the merger price and terms, agreeing to a price that was too low, and approving deficient proxy disclosures. As of the end of 2014, a leading research firm reported that more than 90 percent of merger and acquisition (M&A) transactions above $100 million had ended up in litigation since 2009.36

Historically, most M&A cases were resolved by settlement before the merger closed based on the defendants’ agreement to make additional disclosures or minor adjustments in the deal terms, along with a negotiated fee to the plaintiff ’s attorneys, in exchange for a broad release of D&O liability. Those settlements, until recently, were routinely approved.37 In these early settlements, directors never face a real prospect of out-of-pocket liability exposure.

Recently, however, more M&A cases are being litigated as traditional class actions for money damages after the merger closes.38 This trend has serious liability implications for directors. In order to obtain a judgment for money damages, plaintiffs must prove non-exculpable conduct. This requires proof of self-dealing, bad faith or breach of the duty of loyalty—all of which expose directors to out-of-pocket, non-indemnifiable loss, leaving directors to rely on Side A insurance to fill a potential corporate indemnity gap. It is often unclear exactly what degree of wrongful conduct, however, may be insured.

Two factors are driving the trend toward post-closing merger class actions. First, the Delaware Court of Chancery has taken a stand against broad releases in exchange for “a peppercorn and a fee,” refusing to approve pre-closing nonmonetary settlements. In January 2016, the Court of Chancery embraced the mounting criticism of these settlements and rejected a disclosure-only settlement in In re Trulia Inc. Securities Litigation.39Trulia echoed the analysis in Acevedo v. Aerofl ex Holding Corp., where the Court of Chancery harshly criticized “disclosure-only” settlements stating that they “do not provide any identifiable much less quantifiable benefit to stockholders” and that “ubiquitous merger litigation is simply a deadweight loss.”40 The Court in Aeroflex gave the plaintiffs three choices: (1) declare the claims moot based on the enhanced disclosures and seek attorneys’ fees; (2) propose a settlement limiting release of the directors to Delaware fiduciary duty claims; or (3) litigate the case.41 None of those choices would provide the defendants with broad releases from personal liability.

Second, the trend toward post-closing merger class action cases is fueled by the high potential dollar recovery. Plaintiffs now are filing many of these cases in federal court (to avoid Delaware).42 Although the cases are subject to a high dismissal rate, the rewards of surviving a motion to dismiss are potentially considerable. But again, in order to win a judgment against corporate directors, plaintiffs must establish non-exculpable liability—such as breach of loyalty—which is not indemnifiable by the company. Individual defendants, who usually have parted ways with the company under new ownership, are highly motivated to encourage a class-wide settlement with insurance dollars rather than face risk of personal liability at trial, even on weak or patently unmeritorious claims.

Derivative Suits

Derivative suits against corporate officers and directors historically have presented a low risk of liability for Ds&Os and low returns for plaintiff’s firms. Generally, cases are filed in the wake of securities class actions and settled for minor prophylactic measures, such as corporate governance improvements, and a relatively small fee award. Recently, however, derivative suits have gained traction after high-profile cases resulted in large settlements, including $275 million for Activision Blizzard (2014), $139 million for News Corp. (2013), $137.5 million for Freeport-McMoRan (2015), and $62.5 million for Bank of America Merrill Lynch (2012), among others.43

Stockholders seeking to sue on behalf of a company must establish their standing to assert the company’s claims, which normally are controlled by the board. Stockholders must first make a demand on the board to bring the desired action, or else establish that demand would be futile because a majority of the directors are too conflicted to exercise valid business judgment on a demand.44 In response to a demand, the board must investigate and make a business decision about whether it is in the best interest of the company to take the action demanded. If the demand is refused, courts should defer to the board’s business judgment and dismiss the case without considering the underlying merits of the claims.45

While the odds that plaintiffs will get past the pleading stage in a derivative suit are low, the potential payoff is high, as the settlements cited above suggest. As in the merger litigation context, plaintiffs must prove that defendant directors engaged in nonexculpable wrongdoing (bad faith, breach of loyalty), which generally cannot be indemnified by the company. Further, companies cannot indemnify directors and officers for a judgment of monetary liability in favor of the company, regardless of the theory. Thus, defendants face theoretical out-of-pocket liability in derivative suits. The primary defense strategy is to obtain dismissal based on plaintiffs’ lack of standing, regardless of the underlying merits of the claim. All equal, a settlement funded by D&O insurance is preferable to trial.

Plaintiffs have gained leverage in derivative suits based on recent Delaware decisions that allow more expansive pre-suit stockholder access to “books and records,” enabling plaintiffs to investigate D&O wrongdoing and file better complaints.46 Delaware courts have long encouraged stockholders to use Section 220 of the Delaware General Corporate Law to obtain nonpublic books and records before bringing derivative actions.47 To obtain corporate records, a would-be stockholder plaintiff need only show a “credible basis from which fiduciary misconduct could be inferred.”48

In 2014, the Delaware Supreme Court upheld a Court of Chancery decision enforcing a “books and records” demand by Wal-Mart stockholders to investigate an ongoing Wal-Mart internal investigation of alleged FCPA violations in Mexico. The court required Wal-Mart to comply with demands to search back-up tapes and to produce lower-level officer documents that were never seen by the board and certain privileged attorney-client communications.49 With such extensive information, plaintiffs in theory are better able to craft derivative complaints that stand a chance of survival at the pleading stage.

Coverage and Indemnity Implications

D&O coverage typically is triggered by a demand for money—not by a demand for corporate “books and records” or a demand that a board of directors investigate and bring suit on behalf of a company. Yet, these demands are serious precursors to derivative litigation against D&O defendants. Some D&O policies provide limited coverage to defray corporate costs of the board’s investigation in response to a demand. But this is only part of the cost. Individual Ds&Os who are questioned in the board investigation may seek separate counsel and request corporate advancement and indemnification. If the derivative suit were to result in a judgment in favor of the company, the culpable Ds&Os could not look to the company to defray the cost, and would need to call upon Side A insurance coverage.

Conclusion

If you are a director or officer of a public company, or considering a board position with a public company, it is a good idea to invest in a legal checkup on the company’s indemnification and advancement articles, bylaws, policies and agreements, and a review of its D&O liability coverage.

 

Endnotes

1 Del. Gen. Corp. Law § 145(c) (emphasis added); Cal. Corp. Code § 317(d) (emphasis added); Cal. Lab. Code § 2802 (mandating indemnification of employees for expenses incurred in the discharge of lawful duties).

2 Del. Gen. Corp. Law §§ 145(a) and (b); Cal. Corp. Code § 317(b).

3 Del. Gen. Corp. Law § 145(e); Cal. Corp. Code § 317(f).

4 Del. Gen. Corp. Law § 145(f); Cal. Corp. Code §§ 317(g) and (i).

5 Del. Gen. Corp. Law § 102(b)(7); Cal. Corp. Code § 204.

6 Del. Gen. Corp. Law § 145(g); Cal. Corp. Code 317(i).

7 The 1995 Private Securities Litigation Reform Act preempted state securities laws in class actions alleging securities fraud. 15 U.S.C. § 78u-4.

8 Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308 (2007).

9 Cornerstone Research, Securities Class Action Filings, 2017 Midyear Assessment, available at https://www.cornerstone.com.

10 Section 11, 15 U.S.C. § 77k; Section 12, 15 U.S.C. § 77l.

11 Section 11(b)(1); 15 U.S.C. § 77k(b)(1); Section 12(a)(2), 15 U.S.C. § 77l(a)(2).

12 Cyan, Inc. v. Beaver County Employees Retirement Fund, Case No. 15-1439.

13 The Securities Litigation Uniform Standards Act of 1998, Pub. L. No. 105-353, 112 Stat. 3227, was designed to preempt state jurisdiction over securities fraud class actions, and was widely understood to apply to claims under the Securities Act of 1933, superseding federal law conferring concurrent state and federal jurisdiction. Compare 15 U.S.C. § 77v with 15 U.S.C. §77(p) (SLUSA).

14 Under the “internal affairs doctrine,” the law of the state of incorporation governs the rights and duties among corporate constituencies. Edgar v. MITE Corp., 457 U.S. 624, 645 (1982). By statute, California law regulates director conduct and other internal affairs of companies that merely do business in the state. Cal. Corp. Code § 2115.

15 Gantler v. Stevens, 965 A.2d 695, 708-09 (Del. 2009).

16 Cal. Corp. Code § 309 (the standard of care is ordinary negligence – action “with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances.”). Directors, however, are immune from liability if they act in good faith and in reasonable reliance on others, which is tantamount to a gross negligence standard. Katz v. Chevron Corp., 22 Cal. App. 4th 1352, 1366 (1994).

17 FDIC v. Perry, No. CV 11-5561 ODW (MRWx) (C.D. Cal. Dec. 13, 2011); Gaillard v. Naomasa Co., 208 Cal. App.3d 1250, 1264 (1989).

18 Cal. Corp. Code § 309; Lee v. Insurance Exch., 50 Cal. App. 4th 694 (1996); Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984).

19 In re Caremark Int’l Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996) (emphasis in original).

20 In re Walt Disney Co. Deriv. Litig., 906 A.2d 27, 74 (Del. 2006); see also In re Walt Disney Co. Derivative Litigation, 907 A.2d 693, 749 (Del. Ch. 2005) (“waste is very rarely found in Delaware courts … . committing waste is an act of bad faith”).

21 In re Dole Food Co. Stockholder Litig., 2015 Del. Ch. LEXIS 223, at *129 (Aug. 27, 2015).

22 Id. at *129-30 (quoting McGowan v. Ferro, 859 A.2d 1012, 1036 (Del. Ch. 2004)).

23 See Guth v. Loft, 5 A.2d 503, 510 (Del. Ch. 1939).

24 In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967-968 (Del. Ch. 1996); see also Stone v. Ritter, 911 A.2d 362, 365 (Del. 2006) (confirming that “Caremark articulates the necessary conditions for assessing director oversight liability”).

25 Caremark, 698 A.2d at 970.

26 Id. at 971.

27 Sally Quillian Yates, Individual Accountability for Corporate Wrongdoing, Dep’t of Justice, available at http://www.justice.gov/dag/file/769036/download.

28 Sharon Oded, “Yates Memo – Time for Reassessment?,” Compliance and Enforcement, available at https://wp.nyu.edu/compliance_enforcement/2017/04/20/yates-memo-time-for-reassessment/#_edn4.

29 Kevin LaCroix, “Deputy AG Emphasizes Continued Individual Accountability for Corporate Misconduct,” D&O Diary blog, October 31, 2017 available at https://www.dandodiary.com/2017/10/articles/director-andofficer-liability/deputy-ag-emphasizes-continuedindividual-accountability-corporate-misconduct/.

30 Attorney General Jeff Sessions Ends the Department’s Practice of Regulation by Guidance, press release (Nov. 17, 2017), available at https://www.justice.gov.

31 SEC Spotlight, “Enforcement Cooperation Program,” available at https://www.sec.gov/spotlight/enforcementcooperation-initiative.shtml.

32 The SEC’s website announces huge awards. https://www.sec.gov/spotlight/whistleblower-awards. See https://www.sec.gov/spotlight/dodd-frank/whistleblower.shtml (background of the Whistleblower program).

33 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, https://www.sec.gov/litigation/investreport/34-4969.htm.

34 SEC Press Release, October 12, 2017, available at https://www.sec.gov/news/press-release/2017-195.

35 Andrew Ramonas, “SEC Should Clarify Path to Cooperation Perks in Cases: Official,” Bloomberg BNA, Oct. 26, 2017, available at https://www.bna.com/sec-clarify-path-n73014471401/.

36 Cornerstone Research, Shareholder Litigation Involving Acquisitions of Public Companies, Review of 2014 M&A Litigation, at 1, available at https://www.cornerstone.com [“2014 M&A Litigation”].

37 Acevedo v. Aeroflex Holding Corp., C.A. No. 7930-VCL, transcript of settlement hearing at 63-65, July 8, 2015 (Laster, V.C.) (quoting Solomon v. Pathé Communications Corp., 1995 Del. Ch. LEXIS 46, C.A. No. 12,563 (Del. Ch. Apr. 21, 1995) (Allen, C.)).

38 2014 M&A Litigation, supra note 37, at 1.

39 In re Truvia Inc. Sec. Lit., 129 A.3d 884 (2016).

40 Acevedo v. Aeroflex Holding Corp., No. 7930-CVL, at 63-65 (transcript of settlement hearing).

41 Id. at 74-76.

42 Cornerstone Research, Securities Class Action Filings, 2016 Year in Review, at 11-12, available at https://www.cornerstone.com.

43 See Kevin LaCroix, Largest Derivative Lawsuit Settlements, D&O Diary blog, Dec. 5, 2014, available at http://www.dandodiary.com/2014/12/articles/shareholdersderivative-litigation/largest-derivative-lawsuitsettlements.

44 See Aronson v. Lewis, 473 A.2d 805, 818 (Del. 1984) (holding that a stockholder may pursue a derivative suit in the absence of a pre-suit demand on the corporation’s board of directors only if the stockholder’s complaint contains allegations of fact sufficient to create a reasonable doubt (1) that the directors are disinterested and independent or (2) that the challenged transaction was otherwise the product of valid business judgment).

45 See, e.g., Cuker v. Mikalauskas, 692 A.2d 1042, 1045 (Pa. 1997) (the BJR permits the board of directors of a Pennsylvania corporation to reject a demand or terminate a derivative suit brought by the corporation’s stockholders); Zapata Corp. v. Maldonado, 430 A.2d 779, 788 (Del. 1981) (describing standard and proceedings in Delaware for dismissal of derivative claims based on the business judgment of an independent committee).

46 For example, the court in King v. VeriFone Holdings, Inc., 12 A.3d 1140 (Del. 2011), enforced an inspection demand under Delaware General Corporate Law section 220 in order to enable stockholders to take discovery and file a better derivative complaint after the first was dismissed for failure to plead that a pre-suit demand on the board would have been futile.

47 VeriFone Holdings, 12 A.3d at 1150 n.64 (citing cases).

48 Polygon Global Opportunities Master Fund v. W. Corp., 2006 Del. Ch. LEXIS 179 (Oct. 12, 2006).

49 Walmart v. IBEW, No. 13-614 (Del. July 23, 2014).

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pepper Hamilton LLP | Attorney Advertising

Written by:

Pepper Hamilton LLP
Contact
more
less

Pepper Hamilton LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.