a. Since 2019, four separate securities class actions involving D&Os have settled for more than $1 billion each. See VEREIT, Bausch Health (fka Valeant), Dell Technologies and Wells Fargo settlements. These 10-figure settlements can no longer be considered isolated but suggest a trend toward dramatically increased settlement amounts in at least the most severe cases. An increase in settlement amounts in more modest cases has also occurred, probably reflecting in part a trickledown from these huge settlements. For example, the total dollar value of securities class action settlements in 2022 nearly doubled compared to 2021.

b. The risk of public-offering state court securities class action lawsuits following the 2018 Cyan U.S. Supreme Court case has largely subsided. In March 2020, the Delaware Supreme Court ruled in Sciabacucchi v. Slazberg that under Delaware law a bylaw provision which requires any securities lawsuits be filed in federal court (i.e., a federal forum provision or "FFP") is facially valid. Consistent with that Delaware Supreme Court ruling, beginning in September 2020 three California state trial court decisions, one California state appellate court decision, and one New York state court decision dismissed 1933 Act claims filed in state court based on the company's FFP. In light of these recent rulings, the vast majority of companies contemplating a securities offering now adopt an FFP bylaw provision, resulting in a dramatic drop in state court securities class actions.

c. The exploding popularity of Special Purpose Acquisition Companies ("SPACs") further increases the D&O liability exposure associated with IPOs. A SPAC is essentially a shell company which raises money through an IPO for the purpose of acquiring another unidentified company during the subsequent two years. Robust disclosures to investors are required both in the SPAC's IPO and in the subsequent acquisition of the ultimate target company, so the risk of someone later criticizing those disclosures (particularly in light of the time limitations and unique circumstances of each disclosure event) is unusually high.

Not surprisingly, as the number of SPACs increased, so did the number of SPAC-related investor lawsuits. But the success of these lawsuits is much different depending on whether the claims focus on conduct by the SPAC and its D&Os and sponsor before the de-SPAC transaction or focus on conduct after the de-SPAC transaction. As highlighted by the January 4, 2023 Delaware Chancery Court decision in Gig Capital3 Inc. class action on behalf of SPAC investors, many individuals and entities involved in the SPAC process have inherent conflicts of interest. As a result, courts are much more likely to require the defendants to prove the de-SPAC transaction was "entirely fair" to the SPAC investors, which is frequently an insurmountable standard, at least in a motion to dismiss context. In contrast, de-SPAC securities class actions focused on post-transaction disclosures have been dismissed by courts more frequently.

d. In February 2023, Elon Musk and other Tesla executives successfully defended at trial a securities class action lawsuit involving Musk's 2018 tweet that he had "funding secured" to take Tesla private. An actual trial in a securities class action is quite rare, so some commentators have predicted an increase in these trials following Musk's victory. That is very unlikely, though, because very few directors and officers have sufficient personal resources to bear the risk of a catastrophic judgment, which likely would not be insured (due to the conduct exclusion in D&O policies) or indemnified by the company (due to the failure to satisfy the standard of conduct in most indemnification statutes). Absent the practical ability to try these cases, defendants must eventually agree to plaintiffs' ever increasing settlement demands.

e. Crypto-related securities litigation has been described as the new frontier in securities fraud litigation. In 2022, the number of crypto-related securities class actions more than doubled to a record 23, although only eight of those cases involved companies traded on a public exchange. These cases present unique legal issues, including the fundamental question of whether cryptocurrency tokens are securities. The answer to that question will impact both the liability exposure in the cases and D&O insurance issues. For example, entity coverage under public company D&O policies only applies to "Securities Claims" and private company D&O policies usually contain exclusions for certain types of securities claims.

2. SEC Enforcement. In addition to private securities litigation, D&Os need to also be concerned about SEC enforcement activity. During its fiscal year 2022, the SEC brought increasingly broad enforcement proceedings and obtained unprecedented recoveries (nearly 70% increase in financial remedies and more than double the amount of penalties compared to 2021). Recent public statements by SEC officials clearly reflect a continuing commitment to this very aggressive enforcement activity in 2023, particularly against directors and officers. The three main factors which continue to create concern for D&Os in this context are summarized below.

First, the revolving leaders at the SEC's Division of Enforcement have repeatedly stated that "individual accountability" is one of the Division's "core principles," and that "pursuing individuals has continued to be the rule not the exception." This includes being more aggressive with "gatekeepers" (i.e., directors and officers), such as requiring defendants in certain enforcement action settlements to admit wrongdoing rather than merely "neither admit nor deny" wrongdoing which has been the norm for decades.

Second, during its 2022 fiscal year, the SEC received over 12,300 whistleblower reports, which was a record. This increased frequency of whistleblower reports to the SEC appears to be attributable to two recent developments. In February 2018, the U.S. Supreme Court held in Digital Realty Trust, Inc. v. Somers, that the Dodd-Frank Act's provision which protects whistleblowers against retaliation only applies to whistleblowers who report to the SEC, not to whistleblowers who report internally within their company. As a result, whistleblowers are now highly incentivized to report their complaints to the SEC. In addition, the size of whistleblower bounty awards from the SEC has increased significantly, thereby encouraging more whistleblower reports. In its 2022 fiscal year, the SEC paid $229 million to 103 whistleblowers, and in 2023 the SEC paid a record $279 million to one whistleblower (which was more than double the previous record).

Third, SEC enforcement actions can be particularly problematic for D&Os because they frequently last a long time and usually cannot be resolved at the same time as parallel securities class action and shareholder derivative litigation. As a result, a sufficient amount of the company's D&O insurance limits should be preserved following a settlement of the private litigation to fund the ongoing and potentially very large costs in the SEC action.

The SEC's impact on D&O exposures is not limited to enforcement actions. An increasing number of proposed SEC rules relating to a wide variety of topics will likely increase both SEC and private actions against D&Os. For example, in fiscal year 2022, the SEC proposed nearly 30 new rules, which is more than the number of new rules proposed during each of the preceding five fiscal years.

3. Derivative Suits. Historically, shareholder derivative lawsuits (which are cases brought by shareholders on behalf of a company against D&Os seeking damages incurred by the company as a result of alleged wrongdoing by the D&Os) have presented relatively benign exposures. Although frequently filed in tandem with a more severe securities class action, derivative suits usually have been dismissed by the court or settled for relatively nominal amounts because of the strong defenses available to the D&O defendants. For example, a committee of independent directors who were not involved in the alleged wrongdoing may determine that prosecution of the derivative suit on behalf of the company is not in the company's best interest, in which case the court may dismiss the case. Likewise, the defendant D&Os usually have several strong defenses in the derivative suit, including pre-suit demand requirements, the business judgment rule, state exculpation statutes, and reliance on expert advisors. Despite these procedural and substantive defenses, an increasing number of derivative suits are now settling for large amounts. The following summarizes many of the more recent "mega" derivative settlements.

Company Type of Incident Derivative Settlement

A number of factors appear to be contributing to this troubling trend of large derivative suit settlements, including:

• Caremark Erosion. One of the primary substantive defenses for D&Os in many derivative lawsuits is the so-called Caremark defense, which in essence says D&Os are not liable for lack of oversight of company operations absent the director or officer engaging in self-dealing, having a conflict of interest or committing gross dereliction of his or her duty (i.e., acting in bad faith). A series of decisions issued over the last few years from Delaware courts suggests an erosion of this important defense, at least in derivative lawsuits involving public health and safety issues or egregious workplace behavior. For example, Delaware courts have not applied the Caremark defense in recent derivative lawsuits involving listeria-tainted ice cream (2019 Marchard case) and 737 Max airplane crashes (2021 Boeing case). But, Delaware courts have recently applied the defense in other less alarming derivative lawsuits, such as the 2021 Marriott and the 2022 Solar Winds cases involving a cyber breach. In the latter case, the Delaware Chancery Court recognized Caremark oversight claims have recently "bloomed like dandelions after a warm spring rain" based on some recent court decisions, but those claims "remain, however, one of the most difficult claims to clear a motion to dismiss."

The derivative litigation against McDonald's directors, CEO and Chief People Officer involving company-wide sexual harassment allegations demonstrates the changing and confusing legal landscape today regarding Caremark claims. In January 2023, the Delaware Chancery Court refused to dismiss the claims against the executive officers, finding for the first time that officers have the same oversight duty as directors and the officers' alleged wrongdoing in this case was sufficiently egregious to survive the Caremark defense because the officers directly participated in the company's sexualized culture. But, two months later, the Court dismissed the oversight claims against the directors even though the directors knew about the sexual harassment allegations. Because the directors responded to the problem (albeit insufficiently), the Court determined the directors' conduct did not constitute bad faith and thus dismissed the claims.

• Duplicate Lawsuits. Unlike most securities class actions which must be litigated in federal court, derivative litigation is usually filed in state court. Also, unlike securities class action litigation, there is no mechanism to consolidate multiple derivative lawsuits into one state court proceeding. As a result, multiple derivative cases, each prosecuted by a different plaintiffs' firm, will often proceed in different courts, even though all of the lawsuits assert essentially the same claims on behalf of the company. This results in higher defense costs, inconsistent court rulings in the parallel cases, and the potential for higher settlement amounts to resolve all of the lawsuits.

A forum selection clause in a company's bylaws is an increasingly important tool to avoid such duplicate derivative lawsuits. Under relatively new statutes in Delaware (Section 115, Delaware General Corporation Law) and a few other states, public companies chartered in those states may adopt a forum selection bylaws provision which requires all proceedings relating to internal affairs of the company (such as derivative suits) to be filed and adjudicated only in the state designated in the bylaws. Such forum selection bylaw provisions (which are different than the federal forum selection bylaw provisions discussed above for securities claims under the 1933 Act) can prevent multiple derivative lawsuits being prosecuted in multiple and hostile forums. The Seventh and Ninth Circuits recently issued conflicting opinions regarding the enforceability of such a state forum selection bylaws provision if the derivative suit includes claims for false proxy statements in violation of Section 14(a) of the Securities Exchange Act. The Seventh Circuit held the provision is invalid as to Section 14(a) claims because such claims must be brought in federal court (i.e., plaintiffs would be precluded from asserting Section 14(a) claims in a derivative suit if the state forum selection provision is enforced). But the Ninth Circuit upheld the enforceability of the provision even with respect to Section 14(a) claims.

• Large Event Exposures. The most troubling recent phenomenon involving shareholder derivative litigation is the increasing frequency of lawsuits arising out of an unexpected event which causes huge financial loss to the company. There is now a higher likelihood that such large company losses will result in a large derivative suit settlement. Although it is tempting to question why directors and officers should be liable for the unexpected event, plaintiffs' lawyers allege that the D&Os could have prevented or at least mitigated the company loss through better management practices. Types of incidents that have or are likely to fuel this type of derivative lawsuit include very large cyber breaches, a large environmental catastrophe, systemic sexual harassment, COVID-19 losses, decommissioning of nuclear plants, large product recalls or product liability claims, gas line explosions and unforeseen oil spills and large-scale energy outages. Equally alarming is the increased frequency of securities class actions arising out of these unexpected events if there is even a modest stock price decline following the event. These disclosure-based lawsuits allege the defendants failed to disclose or downplayed the risks of the event occurring and test the age-old distinction between mismanagement claims (i.e., derivative lawsuits) and disclosure claims (i.e., securities class action lawsuits).

• Exculpation of Officers. A recent development that may appear to moderate the liability of officers in derivative lawsuits in fact will likely have little if any impact. Effective August 1, 2022, the Delaware exculpation statue for directors in Section 102(b)(7) was amended to also apply to officers. But, unlike the exculpation of directors, the exculpation of officers does not apply to claims by or on behalf of the company (including derivative lawsuits). The exculpation exists only if the company's charter is amended to implement the exculpation. The process used to adopt those charter amendments has resulted in several lawsuits in 2022 and 2023 by certain classes of shareholders who contend they were wrongly denied the opportunity to vote on the proposed amendment.

4. Criminal Proceedings. In recent years, regulators, prosecutors and commentators have repeatedly discussed the importance and purported commitment by the government to hold executives criminally accountable for wrongdoing. In the aftermath of the financial crisis in the late 2000s, there was a large public outcry for the prosecution of responsible individuals. Regulators and prosecutors both then and now repeatedly express the importance of creating individual and corporate accountability through criminal prosecution of executives. During the Trump administration, these statements were little more than rhetoric. But, beginning in late 2021, the Biden administration announced a series of new actions intended to reinforce the Department of Justice's "unambiguous" prioritization of individual accountability in corporate criminal matters, including a return to the so-called Yates Memorandum and other Obama-era initiatives.

However, the prosecution of white-collar crime remains surprisingly infrequent, particularly with respect to directors and senior executives of large public companies where decisions are often made "by committee" without clear attribution to one or a few individuals who possess the necessary intent to violate the law. In addition, prosecutors often have limited resources and usually only bring cases they believe they can win. As an example of these challenges, in January 2021, a federal appeals court overturned the convictions of four former executives of Wilmington Trust, which was the only financial institution criminally charged in connection with the federal bank bailout program following the 2008 financial crisis. Similarly, in late 2021 a jury found the CEO of Iconix Brand Group not guilty of fraudulently booking $11 million of revenue, although a year later another jury convicted him of related charges in a separate proceeding. Despite these challenges, numerous recent examples demonstrate that criminal exposure for executives is very real in several circumstances.

First, even in a large public company, senior executives who have direct responsibility for matters which create spectacular losses can be incarcerated. For example, the former CEO and COO of SCANA pled guilty in 2020 to defrauding customers and others with respect to a failed $9 billion nuclear construction project, the former CEO of SAExploration and the former CFO of Roadrunner Transportation Systems were sentenced to three years and two years in prison, respectively, for their roles in fraudulent accounting schemes at their companies, and the former head of Wells Fargo's community banking division pled guilty to obstructing regulators' investigation of the bank's sales practices and agreed to pay a $17 million penalty.

Second, lower level executives who more easily can be shown to have knowingly participated in criminal wrongdoing are more frequently prosecuted than senior executives. From 2005 to 2021, the percentage of criminal cases against companies that also included charges against directors or senior executives dropped from nearly 73% to about 25%. Examples of charges against mid-level executives since 2020 include: (i) the former medical director of Indivior PLC pled guilty to criminal charges relating to the company's marketing and sale of opioid drugs (following a similar plea by the company's former CEO), (ii) six mid-level executives of Citigo were convicted in Venezuela of corruption charges, (iii) the Senior Vice President of Governmental Affairs of Com Ed pled guilty to charges involving the bribery of governmental officials, (iv) an executive of Sandoz, Inc. pled guilty to price-fixing charges involving generic drugs, (v) a former executive of Netflix was convicted of money laundering and bribery for accepting stock options, cash and gifts from third-party vendors in exchange for lucrative contracts with the company, and (vi) the former controller of a small insurance company pled guilty to a fraud scheme which diverted $6 million of company money to his personal accounts.

Third, individuals who are senior executives (and also large owners) of smaller companies are easier targets of criminal charges because of their more intimate knowledge of company operations. For example, in 2021, (i) the former CEO of Chimera Energy was sentenced to six years in prison for his involvement in a pump-and-dump scheme involving the company, and (ii) the former CEO of a group of pain clinics and medical providers was sentenced to 15 years in prison for approving a corporate policy which allowed millions of unnecessary opioid prescriptions. In 2022, the founder and former CEO of Nikola was convicted of securities fraud following the company's IPO in which the defendant allegedly lied about "nearly all aspects of the business." In 2023, (i) the former CEO of a drug cooperative was convicted of trafficking opioids to "bad pharmacies" and "bad doctors;" (ii) the COO of a company that operates a hydroelectric dam pleaded guilty in connection with a spill of pollutants into a local river; (iii) the CEO of a small clean-energy company was convicted of defrauding investors and forging documents to raise money for personal purchases, and (iv) the CEO of a software startup plead guilty to wire fraud and securities fraud in connection with a $100 million stock offering.

5. Cyber Claims. Unquestionably, cyber-related losses and claims are one of the most troubling future exposures for companies. It is virtually impossible for companies to prevent cyber attacks. Loss mitigation, rather than loss prevention, seems to be the only strategy available for most companies.

Surprisingly to some, the liability exposure of directors and officers for cyber-related claims is less predictable. Prior to 2017, no cyber-related securities class action lawsuits were filed even with respect to very large and highly-publicized cyber intrusions at large companies. But more recently, plaintiff lawyers have filed a growing number of such securities class actions, including cases against Marriott, Chegg, Google/Alphabet, FedEx, Capital One, First American Financial Corp., Solar Wind, Yahoo!, Equifax, Telos, Octa and their D&Os. These cases are still somewhat uncommon despite the large number of companies which experience data breaches because in most cyber attack situations, the company's stock price does not materially drop following disclosure of the attack. But, if there is a material stock drop following disclosure of the cyber breach, a securities class action is likely, and those securities class actions can be expensive. For example, the Yahoo! cyber-related securities class action was settled in March 2018 for $80 million while a motion to dismiss was pending, the Equifax data breach securities class action was settled in 2020 for $149 million, and the Solar Winds data breach securities class action was settled in 2022 for $26 million.

It is far from clear whether these cases will ultimately be successful on a widespread basis. Most of these securities class action lawsuits have been dismissed, primarily because the plaintiffs failed to sufficiently allege the defendants acted with the requisite scienter (i.e., plaintiffs did not allege facts showing the defendants knew the size or impact of the breach at the time of the allegedly incorrect disclosures) or because plaintiffs failed to sufficiently allege either a misstatement or omission of material facts. The likelihood of these cases being dismissed increases if the company's disclosures include detailed and specific cautionary statements about cyber risks and do not characterize the quality of the company's cybersecurity. But, a June 16, 2021 decision by the Ninth Circuit reversed the lower court's dismissal of the Alphabet/Google cyber securities class action, thereby confirming these cases can create meaningful exposure in certain circumstances.

Likewise, in March 2022 a District Court substantially denied Defendants' Motion to Dismiss securities litigation against Solar City and its D&Os. It is doubtful, though, these cases reflect a reversal of the general trend of courts dismissing these types of securities class actions, as evidenced by (i) the Ninth Circuit affirming on March 2, 2022 a District Court dismissal of a data breach-related securities class action against Zendesk, (ii) the Fourth Circuit affirming in April 2022 a District Court dismissal of a data breach-related securities class action against Marriott and its D&Os, (iii) a District Court in Virginia dismissing a cyber-related securities class action against Capital One in September 2022, and (iv) District Courts in California dismissing cyber-related securities class actions against First American and Okta in September 2021 and March 2023.

On March 9, 2022, the SEC announced proposed rules requiring enhanced disclosures by public companies regarding material cybersecurity incidents and the company's risk management and board oversight of cybersecurity matters. The proposed rules, if enacted, would significantly increase a company's disclosure requirements in this area. For example, material cybersecurity incidents would need to be disclosed within four days after discovery and those disclosures would need to be updated. Also, the board's oversight of cybersecurity risks, the company's policies and procedures for identifying and managing those risks, and the cybersecurity expertise of management and any director would need to be disclosed. These disclosure requirements will likely result in not only increased cyber-related scrutiny by the SEC, but also increased securities claims against companies and their directors and officers, not to mention very difficult compliance challenges. However, there is substantial doubt the SEC rules (when adopted) will be lawful. See the discussion below regarding similar proposed SEC rules regarding climate change disclosures.

Shareholder derivative lawsuits against directors and officers are another litigation response when a company suffers large cyber-related losses. However, this type of derivative litigation is also challenging for plaintiffs in light of the business judgment rule, the applicable state exculpatory statute for directors, and other state law defenses for the defendant directors and officers. A cyber incident will rarely involve conflicts of interest, and therefore should rarely give rise to large derivative litigation settlements absent unusual circumstances. But, a few cyber-related derivative lawsuits have recently settled or survived a motion to dismiss. Most notably, the Yahoo! derivative suit settled for $29 million, due in large part to the extraordinary number of people impacted by the breach (i.e., as many as 1.5 billion users) and the two-year delay in disclosing the breach. Other cyber derivative settlements are far smaller, often including a modest plaintiff fee award and the company agreeing to certain governance reforms. In October 2021, the Delaware Chancery Court dismissed a cyber-related derivative lawsuit involving the Marriott data breach.

The May 2021 ransomware attack on Colonial Pipeline dramatically elevated the visibility and importance of cyber attacks particularly against companies involved in critical infrastructure or public services. As ransomware becomes the preferred method of cyber attack by criminals, directors and officers are faced with very difficult decisions which can expose them to criticism at best or personal liability – should the requested ransom be paid (thereby quickly ending the disruption caused by the attack), or not paid (thereby discouraging future ransomware attacks)? Because plaintiff lawyers have not been consistently successful to date regarding cyber-related D&O claims, it seems likely these increasingly common ransomware attacks will provide to the plaintiffs' bar a new approach to attacking the conduct of D&Os in this area.

The area of greatest potential exposure for directors and officers regarding cyber matters does not arise from acts or omissions by directors and officers prior to the attack, but rather from conduct of directors and officers once the attack is identified. Disclosures regarding the scope, effect and cause of the attack, and the response by management immediately following the attack, can potentially create either securities class action or shareholder derivative litigation. Therefore, companies should develop and implement long before a cyber attack actually occurs effective protocols and action plans that describe what should and should not be done if a cyber attack against the company occurs. Careful advanced planning in this area can provide a unique opportunity to minimize the potential personal liability of directors and officers for post-attack conduct.

Another related D&O exposure in this context is the potential for criminal charges. For example, in October 2022, the former chief security officer of Uber was convicted of obstructing the FTC's investigation of a cyber breach involving private personal information about the company's customers. The company initially disclosed to the FTC the breach involved 50,000 customers. The defendant officer subsequently learned from the hackers in the context of a ransomware demand that the breach involved 57 million customers, but the officer failed to report that updated information to the FTC. In another case, the former chief information officer of Equifax was convicted of insider trading and sentenced to four months in prison based on his sale of $950,000 of company stock before the company's massive data breach was publicly disclosed.

6. ESG Claims. There is now an unprecedented number of D&O claims which arise out of highly publicized social issues. Whether each of those social issues is temporary or long-term, and thus whether the D&O claims arising from each of those social issues are aberrations or a permanent new exposure for D&Os and their insurers, is yet to be seen.

The following summarizes the primary examples of these types of claims. The legal theories asserted in these claims are not new or unusual, but the factors which are causing the claims to be prosecuted are recent. Ironically, most ESG-related claims are asserted against companies who are proactive in addressing ESG concerns as opposed to companies who seemingly ignore the issues. Those proactive companies are often in a no-win situation because they are criticized for not doing enough (or misrepresenting the impact of what they are doing) or for doing too much. For example, American Airlines and certain of its fiduciaries were sued in June 2023 for pursuing "leftist political agendas" through ESG strategies which fail to maximize profits.

a. COVID-19 Claims. The financial impact to companies and likely claims against companies arising out of the COVID-19 pandemic are staggering and impossible to overstate. The frequency and severity of D&O claims in this context are less predictable, though.

D&O claims directly related to the pandemic to date have not been as significant as many feared. For example, more than 60 securities class actions have been filed relating to the pandemic (depending on how one defines a COVID-19-related case). Relatively few of these cases have had motion to dismiss rulings, although a higher than normal percentage of those rulings dismissed the case. The one exception is securities class actions involving vaccine development companies, which typically have survived a motion to dismiss. The alleged misrepresentations in COVID-related suits generally fall into four categories: (i) statements relating to the company's ability to produce COVID-related vaccines, therapies, testing materials, safety equipment, etc. (i.e., disclosures about how the company may profit from the pandemic); (ii) statements relating to the impact of the virus on the company's financial performance, business operations, prospects or risk profile; (iii) statements relating to the company's receipt or use of federal funds or loans in connection with COVID-19 related programs; and (iv) statements relating to the likely continuation of the company's initial increase in business as a result of the pandemic. Even fewer derivative suits have been filed, which typically are in tandem with a related securities class action. Interestingly, the SEC has been particularly active in this context, commencing numerous investigations and enforcement proceedings.

A larger D&O exposure exists from "indirect" pandemic-related D&O claims arising out of a company's ongoing poor financial condition or financial performance due at least in part to the pandemic.

b. #MeToo Claims. It is hard to overstate the scope and effect of the so-called #MeToo movement, both legally and culturally. Following the public allegations of sexual misconduct by Harvey Weinstein beginning in late 2017, virtually every type of industry has experienced allegations of inappropriate or illegal sexual misconduct, and most organizations have adopted or updated their policies and practices in this area. Not surprisingly, wide-spread publicity of salacious allegations has spawned an increased number of claims against the alleged perpetrator and employers. Most of those claims impact EPL insurance policies rather than D&O insurance policies, but in the more egregious situations, mismanagement and disclosure claims against directors and offices can be and have been filed. For example:

● A derivative lawsuit on behalf of Alphabet (parent company of Google) based on the company's overall alleged culture of sexual discrimination and harassment and the company's alleged mishandling of sexual harassment allegations against senior executives was settled in September 2020, pursuant to which a $310 million diversity, equity and inclusion fund was established to implement extensive governance and employment policies.

● A derivative lawsuit on behalf of L Brands based on the company's hostile abusive environment rife with sexual harassment was settled in July 2021, pursuant to which a $90 million fund was established to implement and maintain a series of management and governance remedial measures. A somewhat similar securities class action against Signet Jewelers International, Inc. settled in March 2020 for $240 million. The settled claims involved unrelated allegations of misrepresentations concerning the company's in-house lending program for customers and alleged sexual harassment by senior executives.

● A derivative suit against 21st Century Fox D&Os arising out of alleged rampant sexual harassment by former Fox executives settled for $90 million.

● A sexual harassment related securities class action against CBS and its former CEO settlement in 2022 for $14.75 million after the court dismissed all of the alleged misrepresentations except one that "just barely" satisfied the pleading standard. But, a similar securities class action arising out of alleged sexual harassment by senior executives of Papa John's International, Inc., a shareholder derivative lawsuit on behalf of Lululemon Athletica Inc., and a similar securities class action against Liberty Tax Inc. were dismissed in March, April and September 2020.

The frequency of D&O claims in this context dropped significantly beginning in 2019, so the long-term effect of the #MeToo movement on D&O litigation and insurance is now questionable. But a new generation of these types of claims may be emerging. In November 2020, a shareholder derivative lawsuit was filed against directors and officers of Pinterest, Inc., alleging the defendants engaged in, facilitated and knowingly ignored the company's "systemic culture, policy and practice of illegal discrimination on the bases of race and sex." Similarly, in August 2021, a securities class action was filed against Activision Blizzard and its senior officers alleging the defendants failed to disclose the company's pervasive "frat boy" workplace culture of gender-based harassment, discrimination and retaliation. These lawsuits are similar to prior #MeToo derivative lawsuits based on sexual harassment allegations, but are broader in scope by focusing on gender and racial discrimination, not just sexual harassment. Even these broader lawsuits are not always successful particularly if prosecuted as a securities class action. For example, the Activision Blizzard lawsuit was dismissed by the court because plaintiff failed to sufficiently allege a false disclosure with specificity.

c. Climate Change Claims. Although climate change issues permeate many industries and generate a variety of legal concerns, D&O litigation has been largely immune to those issues.

On March 21, 2022, the SEC issued proposed new rules requiring all registered public companies to disclose a wide range of information related to climate change and greenhouse gas emissions information and risks. The sweeping and highly controversial rules have been described as "the most extensive, comprehensive and complicated disclosure initiative in decades." The proposed rules would, for the first time, require the disclosure to investors of climate risk information, unlike current practice pursuant to which companies largely provide that information on a voluntary and inconsistent basis. The detailed and complex requirements, set forth in the proposal's more than 500 pages, are intended by the SEC "to enhance and standardize climate-related disclosures to address…investor needs." By addressing climate change issues through disclosures to shareholders, the SEC is creating personal accountability for directors and officers who fail to comply with the new requirements. Not only will the SEC be a direct enforcer of the new requirements through proceedings against both the company and its directors and officers, but shareholders (and plaintiff lawyers) will undoubtedly use the new rules as a basis for securities class action lawsuits against directors and officers and their companies. Plus, the rules could increase investor scrutiny over energy project development and investment decisions, leading to more mismanagement claims against directors and officers. When the proposed rules are adopted by the SEC, the rules will undoubtedly be challenged in court based largely on a June, 2022 ruling by the U.S. Supreme Court which held that EPA rules limiting coal power plant emissions exceeded the EPA's legal authority and are therefore unlawful.

The lack of current D&O litigation relating to climate change issues does not mean climate change litigation does not exist. An estimated 1,000 climate change lawsuits have been filed in recent years against companies and governmental authorities, with the large majority of those cases being filed outside the U.S. against non-U.S. entities. One well-publicized example is litigation involving Shell plc, a U.K. company. In May 2021, a Dutch court ordered Shell to reduce its emissions by 45% by 2030. On February 9, 2023, an environmental advocacy group filed a shareholder derivative lawsuit in the High Court of England and Wales against Shell's directors alleging the board is not taking sufficient steps to address the future impacts of climate change and to comply with the court-ordered reduction in emissions.

It seems likely this highly litigious environment for climate change issues, when combined with increasing regulations in this area, will eventually result in meaningful D&O litigation in the U.S. and perhaps other countries.

d. Board Diversity Claims. The Black Lives Matter movement beginning in 2020 and the related sensitivity to racial equality and diversity has impacted virtually all aspects of society, including the business community. Corporations have quickly realized that real and immediate reform in this area is both socially and economically in their best interests. To further emphasize that point, California enacted a statute in September 2020 which requires public companies headquartered in California to include on their board of directors at least one representative of "underrepresented communities," such as persons who are Black, African-American, Hispanic, Latino, Asian, Native American, gay, bisexual or transgender, although the statute was ruled unconstitutional by a California Superior Court on April 1, 2022 and by a California federal court on May 15, 2023.. Washington has a similar statute requiring board of directors diversity. These statutes are similar to an earlier California statute enacted in 2018 which requires corporations headquartered in California to have a minimum number of females on their boards of directors.

In contrast, some other states, including Illinois, Maryland and New York, do not mandate such diversity but instead require companies to disclose the minority composition of their Boards in either publicly-available government filings or annual reports to shareholders. Yet another statutory approach, adopted by Colorado and Pennsylvania, urge but do not require board diversity by establishing non-binding diversity requirements.

Perhaps more impactful, in August 2021, the SEC approved new "comply or explain" guidelines issued by Nasdaq, which require most Nasdaq-listed companies to have—or explain why they do not have—at least two members of its board of directors who are "Diverse," including at least one Diverse director who self-identifies as female and at least one Diverse director who self-identifies as an Underrepresented Minority or LGBTQ+. Since July 2020, shareholder derivative suits on behalf of at least twelve publicly traded companies have been filed related to board and employee diversity, seeking a wide range of relief such as replacing current non-diverse directors, disgorgement of directors' fees and creating huge funds to hire minority employees. To date, none of these cases have survived a motion to dismiss.

*****

Dan A. Bailey is a Member of Bailey/Cavalieri in Columbus, OH. Dan is a nationally recognized expert regarding directors' and officers' responsibilities, liabilities, indemnification, insurance, and loss prevention. He can be reached at [email protected].