The current pandemic and attendant disruption in securities markets are creating unprecedented challenges for directors of both public and private companies. In the coming months, directors can expect to see a rash of shareholder derivative and class action lawsuits based on their actual and perceived missteps in handling the complex business issues that have arisen in the wake of these disruptions. Not only will investors seek to hold company directors personally responsible for falling share prices, but others, such as victims of cybersecurity and privacy failures and employees who become ill through contacts at their workplaces, can be expected to place blame on company management.
Claims against directors are likely to allege breaches of fiduciary duty falling into a few broad categories – false or insufficient disclosure, negligent or inadequate management or planning, and failure to supervise. Such claims may include:
We have already seen federal securities class actions filed against several companies, including against a cruise line for “employing sales tactics” that included “providing customers with unproven and/or blatantly false statements about COVID-19” as well as materially false and misleading or unsupported statements about the state of the company’s business and its purported “proactive” implementation of “several preventive measures to reduce potential exposure and transmission of COVID-19.” Douglas v. Norwegian Cruise Lines Holdings Ltd., et al., Case No. 1:20-cv-21107 (S.D. Fla. March 12, 2020). These cases are, of course, cause for concern, but generally do not raise issues of personal liability for companies’ directors.
On April 20, 2020, however, following the filing of a class action against Inovio Pharmaceuticals, Inc. for market manipulation, a separate shareholder derivative lawsuit was filed against the company’s directors, tracking the allegations in the class action suit and charging that the defendants breached their fiduciary duties by making or causing the company to make false or misleading claims that the company could develop a COVID-19 vaccine “within three hours,” and that clinical trials would supposedly start in April 2020. These statements allegedly led to a sharp uptick in the company’s share price, followed by a precipitous drop in its market value when a third party revealed the statements to be false. Beheshti v. Kim, et al., Case No. 2:20-cv-01962 (E.D. Pa, April 20, 2020). The claims against the directors also include unjust enrichment, abuse of control, gross mismanagement, and waste of corporate assets (for subjecting the company to the class action suit). More such suits can certainly be expected.
On March 25, 2020, the Securities and Exchange Commission (SEC) issued guidance addressed directly to reporting companies’ disclosures related to the COVID-19 situation. While careful to state that the guidance was not mandatory, the SEC noted that disclosures should address companies’ “assessment of, and plans for addressing, material risks to their business and operations resulting from the coronavirus to the fullest extent practical to keep investors and markets informed of material developments.” This guidance leaves it up to the company’s directors and officers to judge whether particular developments would be considered “material” to investors. For instance, some executives have chosen to reveal their COVID-19 diagnoses notwithstanding their right to keep personal medical information private. Others, like Morgan Stanley CEO James Gorman, only revealed their diagnoses after the fact, on the theory that the executive was never gravely ill or continued to work from home, making the illness not a material event. Companies also grapple with the need to tell the public about sick workers, balancing the materiality of these facts against employees’ privacy rights. Certainly if the illness is so widespread as to force a plant shutdown, for instance, materiality is obvious, but what if only a few workers are sick? Do other employees and the public have a right to know?
In addition, it is beginning to look as if a Caremark duty of oversight claim may no longer be the “most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” as it had previously been considered. Recently, the Delaware courts have denied preliminary motions to dismiss directors for breach of their duty of oversight in three cases, allowing the cases to proceed to discovery. In the latest, Hughes v. Hu, C.A. No. 2019-0112-JTL (Del. Ch., April 27, 2020), the plaintiff contended that, in the face of historically bad decisions by management, “the director defendants consciously failed to establish a board-level system of oversight for the Company’s financial statements and related-party transactions, choosing instead to rely blindly on management while devoting patently inadequate time to the necessary tasks.” This decision, like the two before it (Marchand v. Barnhill, C.A. No. 2017-0586-JRS (Del. S. Ct., April 24, 2019), and In re: Clovis Oncology, Inc. Derivative Lit., C.A. No. 2017-0222-JRS (Del. Ch., Oct. 1, 2019)), demonstrate that directors are particularly vulnerable when they have advance notice of a problem and fail to take action to correct it.
In the COVID-19 world, cybersecurity breaches may fall into this category. Today, no director can credibly claim not to have notice of the risks posed by cyber criminals that can result in loss of intellectual property and other critical company information, loss of customers’ or employees’ personal data, or costly ransom demands. The situation has been complicated by the need for many companies to allow their employees to work from home on devices that may not be adequately secured. Nevertheless, directors whose companies and shareholders are injured because they failed to properly anticipate, plan for, and insure against such events may be fair game for a claimed breach of fiduciary duty of oversight.
What can directors do to mitigate these risks?
Ulmer’s Governance Disputes & D&O Litigation Practice Group is available to provide you with strategic advice and counseling as you navigate the challenges of the COVID-19 pandemic. Please reach out to our attorneys if you have any questions.
The information provided in this client alert speaks only to the information and guidance we have available as of the date of publication and is subject to change. We will continue to follow further issued guidance and regulations and endeavor to post those updates via our website. Please continue to follow these updates at ulmer.com. This legal update was created by Ulmer & Berne LLP, and is not intended as a substitute for professional legal advice. Receipt of this client alert, by itself, does not create an attorney client relationship. For any questions, or for further information, please contact Frances Floriano Goins at fgoins@ulmer.com.