When the United States entered World War I, the U.S. Army boosted recruitment with a poster. Uncle Sam, symbolizing the federal government, pointed to the viewer: “I want you.” So it is with the many federal agencies that today have oversight over major companies and their directors and officers (D&O). If you or your organization have run afoul of a federal regulation, intentionally or not, the “war” is on. These agencies want you—in court.
It Starts in the States
Washington’s D&O liability warpath is only one of many traced by regulators. In fact, lawsuits by federal regulators naming directors and officers—as opposed to naming companies or lower-level executives—are relatively rare. It’s a matter of simple arithmetic: # of federal laws x 50 +/- differences = # of state laws
Most D&O lawsuits are filed under state law rather than federal law. Each state has a multitude of laws that can trigger D&O litigation. For example, there are 38 labor laws in California alone, according to the Society for Human Resource Management (SHRM), which maintains lists for such labor laws by state. In addition, states have statutes covering business issues such as fair competition, contracts, the environment, pricing, and, of course, corporation law itself—the rules that states use to establish companies in the first place.
Indeed, the most common source of D&O litigation under state law is, in fact, state corporation law, and in particular the duties of care and loyalty based on an older common-law tradition. State law, as opposed to federal law, easily dominates D&O litigation because most corporate organizations of all types—for-profit and nonprofit—incorporate in states, not nationally. National banks, government-managed organizations, and federally chartered nonprofits are some rare exceptions. That is, virtually all of the nearly 6 million corporate entities small and large filing taxes in the United States today (the Internal Revenue Service maintains a count called “Statistics of Income: Corporate Income Tax Returns”) are state-incorporated. (Most federal laws only apply to the largest of these, including the some 15,000 companies that list their shares on national stock exchanges such as Nasdaq OMX and the New York Stock Exchange.) The Model Business Corporation Act of the American Bar Association presents a template for the state corporation laws governing these millions of incorporated entities, and Delaware is considered to be a model.
Typical D&O lawsuits under state corporation law, including Delaware’s, allege failures to fulfill fiduciary duties of loyalty and/or care. In this domain, directors who make decisions and document an adequate process and information are protected by a judicial concept called the business judgment rule. The meaning of these duties and protections vary over time and jurisdiction, with the Delaware court system as the bellwether. All in all, though, D&O liability based on fiduciary duties is an exposure directors can manage because it turns around something they can control: their own behavior.
The Federal Connection
For large or public companies, however, another kind of lawsuit against directors and officers is also possible: one alleging failure to comply with a federal law or rule—many of which can be used to hold directors and officers liable even if they had no direct involvement in the matter. Such lawsuits may come from a constituency protected by the federal regulation, such as a shareholder, employee, or customer, or it may come directly from a federal agency representing these groups or others, including the general public.
Directors are exposed to litigation under all of these federal statutes and the rules they have generated via a growing number of federal agencies—more than 100 of them, employing some 2.7 million people, according to the most recent data of the U.S. Census Bureau.
This trend of centralized federal (rather than state) laws for business, generally referred to as “federalization” (not to be confused with the pro-states, decentralized federalism advocated in The Federalist Papers by America’s founding fathers), is hardly new. In fact, the Securities Act of 1933 and Securities Exchange Act of 1934 are still the basis for securities law today and for most federally inspired D&O litigation. But the Securities and Exchange Commission (SEC) is not alone as a D&O litigator. There can be lawsuits premised on other sweeping federal laws, such as the Employee Retirement Income Security Act of 1974 (ERISA), the Foreign Corrupt Practices Act of 1977 (FCPA), the Sarbanes-Oxley Act of 2002, and the Dodd-Frank Act of 2010, to name some that have generated the most liability exposure for directors.
Not all federal laws are burdensome, however. The Jumpstart Our Business Startups (JOBS) Act of 2012, which lowered regulatory burdens to allow smaller companies to go public, and the Cybersecurity Enhancement Act of 2014, supporting voluntary information sharing among companies, were intended to lighten the regulatory load and D&O liability exposure. Many of the laws on the current congressional docket—including the recently introduced National Cybersecurity Protection Advancement Act of 2015—emphasize voluntary compliance and safe harbors from litigation. Still, on a net basis, the body of burdensome federal laws and regulations is growing.
These laws, in turn, generate federal regulations. The United States Code, which codifies the general and permanent laws of the United States by subject matter, has 51 titles. The Code of Federal Regulations, which lists the regulations that have come out of those laws, has 50 titles. Each of these 100-plus titles, when printed out, takes up volumes. The laws and regulations they contain number in the hundreds of thousands. The sheer volume of new laws can be seen in the Federal Register, which prints new laws as they emerge on a daily basis. The Cato Institute, a public policy research organization dedicated to limited government and other conservative principles, claims on its website that “there is no greater impediment to American prosperity than the immense body of regulations chronicled in the Federal Register.”
Who Sues Directors, and Why?
So who sues directors and officers, and why, and how often, do D&O lawsuits come directly from Uncle Sam? The following list highlights some, but not all, of the sources of D&O litigation and related settlements.
D&O Insurance Settlements. One indicator of liability exposure is the tally of D&O insurance settlements over time. We know about these from annual surveys conducted over the past three decades by predecessors of Towers Watson (namely, Watson Wyatt and later Tillinghast, a unit of Towers Perrin). By the time this long-running D&O insurance settlement survey was discontinued in 2013, it had accumulated important evidence on the sources and costs of D&O litigation.
In 2012 (the final Towers Watson survey year), respondents were asked to identify the sources of claims against D&O insurance over the past 10 years, checking all sources that applied. Here is what this survey revealed about the percentage of companies reporting insurance payments to settle lawsuits against their directors and officers:
- Shareholders suing on behalf of corporations in “derivative” lawsuits (claiming inability to sue directly due to “futility of demand”), often over allegedly misleading financial statements and/or mergers and buybacks: 40 percent of insureds reported pay-outs on claims from this source.
- Shareholder suing on their own behalf (for example, in class action suits) for the same reasons: 36 percent.
- Employees suing over employment issues such as defamation: 32 percent.
- Federal and state regulators suing over alleged federal or state legal violations: 23 percent.
- Federal regulators suing under ERISA retirement funding issues: 9 percent.
- Other plaintiffs, such as competitors, customers, suppliers, contractors, or other outside parties: 17 percent.
We know from this survey series that most regulatory lawsuits allege violations in antitrust; consumer protection; employee health, safety, and working conditions; the environment; securities law; and taxes.
In recent years, Advisen, a tracker of D&O action, has created a new category of litigation exposure called “capital regulatory actions,” which encompasses cases in which a federal regulator sues directors and officers over a financial or securities matter. These were the leading cause of D&O-related lawsuits in the first quarter of 2015, accounting for 62 percent of all recorded events. Previously, many of these were referred to as securities fraud and combined with shareholder lawsuits.
Follow-on Lawsuits. There can be an echo effect on this kind of lawsuit from federal lawsuits. Non-governmental parties may and often do sue under these same laws. For example, if directors violate securities laws, the SEC may announce an investigation and/or sue, and then shareholders may sue. These are called “follow-on” lawsuits, and they often mimic regulatory litigation topics to a T. For example, as The Wall Street Journal recently noted, the number of SEC accounting-fraud enforcement actions increased 46 percent in 2014, and the number of shareholder lawsuits charging accounting malfeasance increased 47 percent during that same period.
Shareholders Suing and Settling. In fact, one of the most common types of D&O lawsuit alleges violation of a federal securities law—typically Section 10b-5 of the 1934 Act regarding false statements in the sale or purchase of securities, or Section 11 of the 1933 Securities Act regarding material misstatements. Neither of these requires that the directors did so knowingly (scienter ). In these cases, shareholders sue as a class and often settle outside of court. These so-called “securities class-action settlements” are a key source of D&O liability for public company directors and are tracked regularly by a number of sources, including Cornerstone Research and PwC. In 2014, there were 170 settlements, according to Cornerstone. This was a slight rise from the previous two years but down 10 percent from historic levels earlier in this century. The Cornerstone report attributes these trends to changes in the number of public companies rather than to changes in the litigation climate. Most of the companies sued had revenues of less than $50 million. In 2014, the total value of court-approved settlements was $1.1 billion, but in the previous nine years, largely driven by the financial crisis, mega-settlements pushed the yearly average to six times that amount.
Of course, some cases never get to settlement because they are thrown out of court. For example, on March 31, a federal district court in Arkansas dismissed a shareholder derivative suit alleging that the board of Wal-Mart Stores knew about bribes paid in Mexico to ease the course of building permits. The court stated: “Nothing in the complaint suggests any particularized basis to infer that a majority of the board had actual or constructive knowledge of the alleged misconduct, let alone that they acted improperly with scienter.” For the same reasons, the court dismissed claims that the directors allowed the filing of knowingly false proxy statements.
DOJ Suing. The failed shareholder lawsuit against Wal-Mart Stores was riding the coattails of federal investigations of the company by the U.S. Department of Justice (alarming because the DOJ handles criminal matters) and the SEC. The global retailer referred to lawsuits from the DOJ and SEC in its recently released annual report for 2014: “The Company has been informed by the DOJ and the SEC that it is also the subject of their respective investigations into possible violations of the FCPA.… Furthermore, lawsuits relating to the matters under investigation have been filed by several of the Company’s shareholders. The shareholder lawsuits name, among others, certain directors and former directors.”
In fiscal 2013 and 2014, Wal-Mart spent more than $600 million to respond to the charges—with two-thirds of the funds going toward investigation, and one-third going to strengthen compliance systems. The Wal-Mart report notes: “For fiscal 2014 and 2013, the Company incurred expenses of approximately $282 million and $157 million, respectively, related to these matters. Of these expenses, approximately $173 million and $100 million, respectively, represent costs incurred for the ongoing inquiries and investigations, and $109 million and $57 million, respectively, relate to the Company’s global compliance program and organizational enhancements.”
DOL Suing. The U.S. Department of Labor (DOL) currently administers and enforces more than 180 specific laws. Many of them have broad application across industries. According to SHRM, there are at least 40 laws that apply to large companies. Many of them apply to smaller companies as well: nine that apply to federal contractors; at least 19 federal laws that apply to companies of all sizes; and another 13 federal laws that may or may not apply depending on companies size. A subset of DOL lawsuits are filed under ERISA. As an example, consider the long-running case involving directors of California Pacific Bank in the U.S. District Court, Northern District of California: Perez v. California Pacific Bank. On Aug. 15, 2013, the DOL filed a complaint alleging that California Pacific Bank and its CEO and directors, who were all trustees, violated ERISA as fiduciaries of the California Pacific Bank’s employee stock ownership plan. The case is ongoing.
FDIC Suing. There are three main bank regulators: the Federal Reserve Bank (Fed), which oversees large bank holding companies; the Comptroller of the Currency, which oversees banks that have a national charter (a relatively small percentage of banks); and the Federal Deposit Insurance Corporation (FDIC), which, as its name suggests, insures bank deposits. The FDIC’s powers are broad. When a bank fails, the FDIC has to pay depositors the amount they lost, to a certain level (currently set at $250,000 per individual insured per bank). When banks fail, the FDIC sometimes sues officers and directors, among others, using a relatively harsh standard. The FDIC’s website reminds us that professionals “may be sued for, among other things, either gross or simple negligence.” Gross negligence involves willful disregard (but not necessarily misconduct); simple (or ordinary) negligence is merely being careless—making a mistake by accident.
If the FDIC wants to punish, it can use both weapons. The 1997 decision in Atherton v. FDIC reads: “The Supreme Court has ruled that the FDIC may pursue simple negligence claims against directors and officers if state law permits,” adding that federal law “preempts state law that insulates directors and officers from gross negligence or worse conduct.” This means that unless the bank a director serves is incorporated in a state that has corporation law specifically protecting directors against lawsuits for simple negligence, they could be sued for that by the FDIC.
From 2009 through April 2015, the FDIC initiated lawsuits against 1,200 individuals, most of whom (800) were former officers and directors. These cases often settled out of court. A recent and typical example involved Atlantic Bank of Charleston, S.C. In a case that began in May 2014 and settled last March, the FDIC tried to prove to a jury that the former board members were personally liable for approving a variety of high-risk deals without proper review. Insurers paid the $2.6 million. The vast majority of these lawsuits are against the directors and officers of small community banks—a vanishing breed in part because of the heavy regulatory burden they bear.
SEC Suing. The SEC can proceed in a number of ways to set directors straight. The two most prominent weapons are administrative proceedings and, if the situation is more serious, litigation (civil lawsuits in federal court).
In the first quarter of 2015, the SEC announced more than 200 administrative proceedings, and the second quarter shows a similar pace. A recent example is one that the SEC started against KBR Inc., a Delaware corporation headquartered in Texas. The SEC found fault with the language of its whistleblowing policy and charged it with violating the whistleblowing protection provision of Dodd-Frank. KBR changed the wording in its policy and settled the case on April 1, so it never turned into a D&O lawsuit.
The administrative proceedings that lead to litigation tend to target egregious behavior and rarely involve directors. There were 50 proceedings in the first quarter of 2015, and second-quarter activity is comparable. The objects of these lawsuits typically include CEO-chairman founders, chief financial officers, investment advisors, fund managers, accountants, and inside traders (typically employees and their relatives). Sometimes they involve directors.
On April 16, the SEC announced fraud charges against an individual in California and nine others in Florida and Georgia for their involvement in a “scheme” to sell stock in companies that really were only shells, aka “blank check” companies bound for reverse mergers. The SEC additionally charged four other “figurehead” officers and directors, who agreed to settle. The SEC claims that they violated the antifraud, reporting, recordkeeping, and internal control provisions of the federal securities laws.
As part of the settlement, the individuals are barred from serving as officers or directors of public companies and participating in penny stock offerings, and they must return the money they made, with interest. The SEC’s investigation, which is continuing, is being conducted by the Miami regional office as part of theMicrocap Fraud Task Force.
Prepare for War
If you are a director, chances are you will be named in a D&O lawsuit sooner or later. Yet it is relatively unlikely that you will have to go to court or pay out of pocket—many cases get dismissed as frivolous and/or get settled, with insurers paying. Many of the lawsuits launched by Uncle Sam, for example, end peacefully before they begin. Still, in time of peace, prepare for war!