Q1 2023 FINPRO Management Liability: Need to Know

Each quarter, our management liability team will provide updates on key trends and emerging issues to help US companies make decisions to manage their risks. We will cover topics related to directors and officers (D&O) liability, employment practices/wage & hour liability, and fiduciary liability risks and share insights on building an effective, customized insurance program that is fit for an evolving risk landscape.

Our Q1 2023 issue focuses on:

• D&O updates surrounding the recent challenges in the banking sector, the Department of Justice’s enforcement of insider trading, court ruling that corporate officers — like directors — owe a duty of oversight to their organizations, and slowing of SPAC litigation.
• Around employment practices liability, we look at expanded protections for pregnant and nursing mothers, the FTC’s proposed rulemaking to prohibit employers from imposing non-compete clauses on employees, and expanding protections in Illinois around BIPA.
• And finally, our fiduciary liability group looks at the Department of Labor (DOL) adding cybersecurity audits of Employee Retirement Income Security Act (ERISA) retirement plans and ESG factors when evaluating retirement plan options.

D&O Liability

Bank failures cause widespread concern

The failures of Silicon Valley Bank and Signature Bank and the collapse of Credit Suisse caused companies across industries to take notice and consider the possible impacts. Shareholders of both banks filed suit soon after the failures took place alleging that the banks’ directors and officers misled investors about their exposure to various systemic economic risks.

These events are an important reminder that directors and officers (D&O) liability insurance may provide protection in the case of shareholder litigation, even where companies are in receivership or bankruptcy and cannot indemnify directors directly. In that situation, individual directors and officers should seek access to the Side A portion of the policy which typically does not require the individual to pay an out of pocket retention before coverage is triggered. Individual insureds should also be mindful of common D&O policy extensions that can provide coverage for exposures that occur before formal litigation commences. Specifically, individual executives should seek reimbursement for interviews or depositions that they may be required to participate in as part a government investigation or inquiry or in connection with an internal review of a shareholder derivative demand. Many policies also contain sublimits for personal asset protection and various public relations or crisis exposures.

In addition, many start-up companies and other organizations that bank with one of the failed financial entities could see their operations significantly impacted by a disruption in banking services. D&O insurance may respond in the case of a shareholder suit against those companies’ directors and officers due to these challenges. It is therefore critical for policyholders to become familiar with the nuances of their D&O policies and to ask their insurance advisor or broker for ways to help them maximize their insurance recovery.

DOJ steps up enforcement as part of personal accountability push

The Department of Justice (DOJ) signaled that it plans to criminally enforce insider trading matters when it brought an action against the CEO of a healthcare company. The CEO had adopted a 10b5-1 trading plan before selling company shares. According to the DOJ, the CEO set up the trading plan a single day prior to selling the shares. The DOJ is accusing the CEO of putting this plan into action while in possession of material non-public information.

To encourage companies to voluntarily self-disclose misbehavior on the part of executives, the DOJ also unveiled a new plan that bolsters incentives for companies. Some incentives include that federal prosecutors will not seek a guilty plea against individuals at companies who voluntarily disclose misbehavior, lower fines by up to 50%, and shorten sentencing. The agency retains a lot of discretion with regard to offering incentives, however, if there are aggravating factors.  Policyholders should be prepared to answer questions from underwriters about internal procedures for compliance and voluntary disclosure, if necessary.

SEC poised for broad rulemaking in 2023

The Securities Exchange Commission (SEC) is set to act on a number of proposed rules in 2023, as they enter the final stage of deliberations.

The SEC’s climate disclosure rules have received wide criticism for being too broad by industry groups, law firms, and even some ESG-friendly investors. In dissenting commentary SEC commissioner Hester Peirce has claimed that the agency’s proposed rules deviate from the “materiality” standard to which companies are subject in requiring such detailed disclosures.

It is possible these rules will be passed in a stripped down form that omits some of the more onerous requirements, such as requiring disclosure of climate data for upstream and downstream usages of a company’s products.

Cyber disclosure rules have also attracted criticism, as some commenters argue that the disclosures are too burdensome — particularly as they relate to revealing to the public when a “material” cyber event occurs. Other rules on the horizon include those relating to ESG, private fund advisors, Special Purpose Acquisition Companies, and other areas.

As the so-called anti-ESG backlash has gained momentum, we can expect further SEC activity on both ESG and cyber issues to be the subject of challenges and litigation. Nevertheless, companies should be prepared to implement any possible rules and convey that preparation to D&O insurance underwriters at renewals.

Fast food restaurant ruling opens officers up to ‘oversight’ breach claims

It is long-settled that directors and officers both owe fiduciary duties to investors. And, both are often defendants in litigation resulting from company challenges. But courts have not fully examined the degree to which these duties are coextensive.

In a landmark decision, the Delaware Chancery Court held that corporate officers — like directors — owe a duty of oversight to their organizations. In recent years, corporate boards have faced an increase in claims for breach of oversight for allegedly failing to monitor mission critical risks, like product and food safety, diversity, or cybersecurity. This most recent decision, in a derivative lawsuit against the restaurant's chief people officer, shows that senior executives, not just board members, face breach of oversight threats if they ignore red flags in an area over which they have responsibilities. It is yet to be determined whether this decision will open up additional lawsuits against corporate executives and/or any impact it may have on D&O insurance underwriting.

SPAC litigation slows, with some exceptions

The prevailing narrative on Special Purpose Acquisition Companies (SPACs) and Initial Public Offerings in the last several months is that they are not happening. However, while there has been a lack of new SPACs completing public offerings, there is still a lot of activity, with more than 500 existing SPACs looking for merger targets. And, where there is merger activity, lawsuits often follow.

If a SPAC does not merge, it must liquidate — this process is designed to make investors whole. While the liquidation process should present limited litigation risk, this risk still exists. In January, a SPAC was sued for not including a failed merger “break up” fee in the proceeds it distributed to investors as part of the SPAC’s liquidation. A similar lawsuit was filed in the latter part of 2022. If a court decides SPAC officers can keep the proceeds from a breakup fee received following a failed merger, we can expect other SPACs to seek similar fees when making deals.  

Additionally, a recent decision in the Delaware Chancery gave credence to a theory critical of virtually all SPACs in existence. Specifically, investors sued a SPAC claiming that it misrepresented the true value of each share by failing to deduct costs associated with completing a transaction. Rather than shares being worth $10 per share, the plaintiffs claimed, they were actually worth $5.50 when accounting for those costs. The Delaware Chancery has allowed this case to proceed past the motion to dismiss stage. The defendant is arguing that SPAC investors are well aware of the purportedly undisclosed additional costs, which could prevent a rash of litigation under this theory.

Courts issue several D&O insurance coverage decisions so far in 2023

Courts decided several D&O insurance coverage disputes in the first quarter of 2023.

First, two different courts applied so-called “bump up” exclusions to preclude coverage for settlements in M&A-related cases on the grounds that those settlements constitute an increase in consideration. Insurers maintain that these provisions are aimed at preventing the “moral hazard” of insurers reimbursing companies accused of underpaying in an acquisition. The companies argued that the exclusion should only apply where the policyholder is the buyer, rather than the target, of an acquisition. The courts rejected these arguments. According to the courts, the defense of these matters is within the scope of coverage and was not at issue in these disputes.

Second, the Delaware Supreme Court held that an appraisal action, brought by company shareholders who are the subject of an acquisition, was not a “claim” triggering coverage under a D&O policy. An appraisal proceeding is a remedy under Delaware law and affords rights to company shareholders to seek judicial verification of the value of their shares. Specifically, the court held that the appraisal action did not fall within the definition of “claim” because it did not involve an alleged “violation of law.”

As with the cases above, a decision on “related claims” language highlighted the importance of understanding even small nuances in policy language when determining which policy year will respond to a claim.

Finally, a court held that no coverage was available under a D&O policy where plaintiffs included both insured and non-insured persons. According to the court, this was because the claim by non-insureds was not brought independently — a necessary exception to avoid a standard policy exclusion for claims brought by one insured against another.  

[Back to top]

Employment Practices/Wage & Hour Liability

Expanded protections for pregnant and nursing mothers

It’s clear that the Biden administration seems to be focused on expanding employee rights. As part of those efforts, Congress passed an omnibus spending bill that included two landmark pieces of civil rights legislation, which President Biden signed into law on December 29, 2022. The Providing Urgent Maternal Protections for Nursing Mothers Act (PUMP) takes effect in April 2023, while the Pregnant Workers Fairness Act (PWFA) takes effect in June 2023.

The PWFA expands protections available under the Americans with Disabilities Act (ADA) to pregnant workers by requiring employers to offer reasonable accommodations to qualified employees when needed due to “pregnancy, childbirth, or related medical conditions.” 

The PUMP Act amends the Fair Labor Standards Act (FLSA) and expands the Break Time for Nursing Mothers Act by providing additional employees, including salaried employees, reasonable break time to express breast milk and a private place to pump at work.  

Companies should be mindful of reviewing their reasonable accommodation and employee break policies. 

The FTC and a bipartisan bill aim to ban most non-compete agreements

The Biden administration is focusing on non-competes in what it deems to be anti-competitive labor practices.      

In January 2023, the Federal Trade Commission (FTC) released a Notice of Proposed Rulemaking to prohibit employers from imposing non-compete clauses on employees. Non-compete agreements are typically used to protect against unfair competition and misappropriation of trade secrets. However, from the FTC’s perspective, non-compete clauses reduce workers’ wages, stifle new businesses and new ideas, and can exploit workers and hinder economic liberty. The rule would ban employers from entering into non-compete clauses with their workers, including independent contractors. The rule would also require employers to rescind existing non-compete clauses with employees and actively inform their employees that the contracts are no longer in effect.

Note that many states already have their own laws that restrict agreements not to compete. If a final rule is adopted by the FTC, it will take effect 180 days after publication.      

Following on the heels of the FTC’s notice, a bipartisan group of US senators reintroduced the Workforce Mobility Act of 2023, which would also largely ban the use of employer non-compete agreements. If passed, the act would codify the use of employment non-competes as an unfair trade practice under federal law. Under the act, pre-dispute arbitration agreements or pre-dispute joint-action waivers would not be valid or enforceable.

While the final rule wording is not yet known, and employers do not need to take any immediate action, it is prudent to review any current restrictive covenants. 

Illinois court expands protections under BIPA

The Illinois Biometric Information Privacy Act (BIPA) — which regulates the collection, use, and handling of biometric data by private entities — continues to evolve. Illinois remains the only state that permits a private right of action. While employers primarily face BIPA cases in Illinois, employers in other states have also been sued. However, Illinois remains at the forefront in the development of employers’ exposure to BIPA-related claims.    

To start the year off, the Illinois Supreme Court issued two highly anticipated decisions. First, the court reversed an appellate court decision and ruled that the “catchall” five-year statute of limitation applies to all claims under BIPA. The court argued that retaining the longer five-year statute of limitations would provide a uniform limitations period with respect to claims arising under all subsections of BIPA and to accomplish the public policy goals in enacting BIPA.

In another ruling, the Illinois Supreme Court resolved the issue of whether BIPA claims accrue upon the first biometric collection or the final biometric collection. The plaintiff argued that a new claim accrued each time a fingerprint was scanned, while the Defendant argued that claims accrue only when the biometric data is initially collected.  The court ultimately held the plain language of the statute establishes violations under BIPA accrue on each and every biometric scan or collection.

In general, insurance markets have either specifically excluded this exposure or offered a minimal sublimit. Companies should consult with their broker to determine what, if any, coverage may be available under their Employment Practices Liability or cyber policy.          

[Back to top]

Fiduciary Liability

Cyber Risk

In April 2021, the Department of Labor (DOL) announced the addition of cybersecurity to its audits of Employee Retirement Income Security Act (ERISA) retirement plans. Shortly after, the DOL began adding questions about a company’s cybersecurity to audits of health and welfare plans. Several plan sponsors have expressed frustration, noting that the requirements for compliance, as well as penalties, seem unclear.

In the last few years we have seen some lawsuits stemming from plan participants’ loss of funds due to social engineering crime. While the funds were stolen from employees’ personal accounts, not from the plan sponsor, there were allegations that fiduciaries should have better vetted the vendors that monitor access to the funds.

There is significant focus on the outcome of the Disberry v. Employee Relations Committee of the Colgate-Palmolive Co. et al, which revolves around the theft of $750,000 from a former employee’s retirement account. The thieves called to change the mailing address and had the revised account access pin sent to that address. The plaintiff alleges that more controls should have been in place to prevent this.

Insureds should expect underwriters to ask more questions about vetting the cybersecurity procedures of vendors. 

ESG: Environmental, social, and governance considerations

Can fiduciaries consider environmental, social, and governance (ESG) factors when evaluating plan options? While the sole consideration when determining plan options should be the best financial interest of the assets, participants should be allowed to consider these factors in their investments.

A 2020 Department of Labor (DOL) rule seemed to discourage consideration of ESG factors for ERISA plans, saying that only “pecuniary factors” should be considered in evaluating investment options. But a DOL rule released in November 2022 indicated that fiduciaries should be allowed to consider these ESG factors if “financially relevant to an investment’s risk-return.” In early 2023, both the US House of Representatives and the Senate resolved to overturn the DOL’s November rule, but this resolution was vetoed by President Biden.

There have been other attempts to block the DOL’s updated rule allowing the consideration of ESG factors. Several plaintiffs have filed lawsuits alleging that it opens the door for politically and ethically motivated considerations to ERISA decision-making. One of these lawsuits includes attorneys general from 25 states. Note that most states have enacted rules governing the use of ESG factors in investing state pension funds.  

Fiduciaries will need to follow a carefully documented plan if they are considering including ESG factors in their pension investments. Expect insurance underwriters to ask for details on the considerations and whether outside counsel was engaged. 

[Back to top]