Tag Archives: tellabs

5 Changes Needed in Securities Litigation

I am committed to helping shape a system for securities litigation defense that helps directors and officers get through securities litigation safely and efficiently, without losing their serenity or dignity, or facing any real risk of paying any personal funds.

But we are actually moving in the opposite direction of this goal, and, unless some changes are made, securities litigation will pose greater and greater risk to individual directors and officers. It is time for the “repeat players” in securities litigation defense – D&O insurers and brokers, defense lawyers and economists – to make some fundamental changes to how we do things.

Although most cases still seem to turn out fine for the individual defendants, resolved by a dismissal or a settlement that is fully funded by D&O insurance, the bigger picture is not pretty. The law firms that have defended most cases since securities class actions gained footing through Basic v. Levinson – primarily “biglaw” firms based in the country’s several largest cities – are no longer suitable for many, or even most, securities class actions. Fueled by high billing rates and profit-focused staffing, those firms’ skyrocketing defense costs threaten to exhaust most or all of the D&O insurance towers in cases that are not ended on a motion to dismiss. Rarely can such firms defend cases vigorously through summary judgment and toward trial anymore.

Worse, these high prices too often do not yield strategic benefits. A strong motion to dismiss focuses on the truth of what the defendants said, with support from the context of the statements, as directed by the U.S. Supreme Court in Tellabs and Omnicare. Yet, far too often, the motion-to-dismiss briefs that come out of these large firms are little more than cookie-cutter arguments based on the structure of the Reform Act. And if a motion is lost, settlements are higher than necessary because the defendants often have no option but to settle to avoid an avalanche of defense costs that would exhaust their D&O insurance limits. On the other hand, if settlement occurs later, it can be difficult to keep settlement within D&O insurance limits – and defense counsel’s analysis of a “reasonable” settlement can influenced by a desire to justify the amount it has billed.

At the same time that defense costs are continuing to soar, securities class actions are becoming smaller and smaller, with two-thirds of cases brought against companies with market caps less than $2 billion, and almost half less than $750 million. Although catawampus securities litigation economics is a systemic problem, affecting cases of all sizes, the problem is especially acute in the smaller half of cases. Some of those cases simply cannot be defended both well and economically by typical defense firms. Either defense costs become ridiculously large for the size of the case and the amount of the D&O insurance limits, or firms try to reduce costs by cutting corners on staffing and projects – or both. We see large law firms routinely chase smaller and smaller cases. From a market perspective, it makes no sense at all.

So how do we achieve a better securities litigation system?  Five changes would have a profound impact:

  1. Require an interview process for the selection of defense counsel, to allow the defendants to understand their options; to evaluate conflicts of interest and the advantages and disadvantages of using their corporate firm to defend the litigation; and to achieve cost concessions that only a competitive interview process can yield.
  2. Move damages expert reports and discovery ahead of fact discovery, to allow the defendants and their D&O insurers to understand the real economics of cases that survive a motion to dismiss, and to make more informed litigation and settlement decisions.
  3. Increase the involvement of D&O insurers in defense-counsel selection and in other strategic defense decisions, to put those that have the greatest overall experience and economic stake in securities class action defense in a position to provide meaningful input.
  4. Increase the involvement of boards of directors in decisions concerning D&O insurance and the defense of securities litigation, including counsel selection, to ensure their personal protection and good oversight of the defense of the company and themselves.
  5. Make the Supreme Court’s Omnicare decision a primary tool in the defense of securities class actions. Obviously, Omnicare should be used to defend against challenges to all forms of opinions, including statements regarded as “puffery” and forward-looking statements protected by the Reform Act’s Safe Harbor. But defense counsel should also take advantage of the Supreme Court’s direction in Omnicare that courts evaluate challenged statements in their full factual context. Omnicare supplements the court’s previous direction in Tellabs that courts evaluate scienter by considering not just the complaint’s allegations, but also documents incorporated by reference and documents subject to judicial notice.  Together, Omnicare and Tellabs allow defense counsel to defend their clients’ honesty with a robust factual record at the motion to dismiss stage.

These five changes are among the top wishes I have to improve securities litigation defense, and to preserve the protections of directors and officers who face securities litigation.

Next Up for Cyber: Class Action Suits

Last fall, I wrote about board oversight of cybersecurity and derivative litigation in the wake of cybersecurity breaches.  In this post, I’d like to focus on cybersecurity disclosure and the inevitable advent of securities class actions following cybersecurity breaches.  In all but one instance (Heartland Payment Systems), cybersecurity breaches, even the largest, have not caused a stock drop big enough to trigger a securities class action.  But there appears to be a growing consensus that stock drops are inevitable when the market better understands cybersecurity threats, the cost of breaches and the impact of threats and breaches on companies’ business models.  When the market is better able to analyze these matters, there will be stock drops.  When there are stock drops, the plaintiffs’ bar will be there.

When plaintiffs’ lawyers arrive, what will they find?  They will find companies grappling with cybersecurity disclosure.  Understandably, most of the discussion about cybersecurity disclosure focuses on the SEC’s Oct. 13, 2011, “CF Disclosure Guidance: Topic No. 2” (“guidance”) and the notorious failure of companies to disclose much about cybersecurity, which has resulted in a call for further SEC action by Sen. Rockefeller and follow-up by the SEC, including an SEC Cybersecurity Roundtable on March 24, 2014.  But, as the SEC noted in the guidance, and Chair White reiterated in October 2013, the guidance does not define companies’ disclosure obligations.  Instead, disclosure is governed by the general duty not to mislead, along with more specific disclosure obligations that apply to specific types of required disclosures.

Indeed, plaintiffs’ lawyers will not even need to mention the guidance to challenge statements allegedly made false or misleading by cybersecurity problems. Various types of statements — from statements about the company’s business operations (which could be imperiled by inadequate cybersecurity), to statements about the company’s financial metrics (which could be rendered false or misleading by lower revenues and higher costs associated with cybersecurity problems), to internal controls and related CEO and CFO certifications, to risk factors themselves (which could warn against risks that have already materialized) — could be subject to challenge in the wake of a cybersecurity breach.

Plaintiffs will allege that the challenged statements were misleading because they omitted facts about cybersecurity (whether or not subject to disclosure under the guidance). In some cases, this allegation will require little more than coupling a statement with the omitted facts. In cybersecurity cases, plaintiffs will have greater ability to learn the omitted facts than in other cases, as a result of breach notification requirements, privacy litigation and government scrutiny, to name a few avenues. The law, of course, requires more than simply coupling the statement and omitted facts; plaintiffs must explain in detail why the challenged statement was misleading, not just incomplete, and companies can defend the statement in the context of all of their disclosures. But in cybersecurity cases, plaintiffs will have more to work with than in many other types of cases.

Pleading scienter likely will be easier for plaintiffs, as well. With increased emphasis on cybersecurity oversight at the senior officer (and board) level, a CEO or CFO will have difficulty (factually and in terms of good governance) suggesting that she didn’t know, at some level, about the omitted facts that made the challenged statements misleading. That doesn’t mean that companies won’t be able to contest scienter. Knowledge of omitted facts isn’t the test for scienter; the test is intent to mislead purchasers of securities. However, this important distinction is often overlooked in practice.  Companies will also be able to argue that they didn’t disclose certain cybersecurity matters because, as the guidance contemplates, some cybersecurity disclosures can compromise cybersecurity. This is a proper argument for a motion to dismiss, as an innocent inference under Tellabs, but it may feel too “factual” for some judges to credit at the motion to dismiss stage.

As this analytic overview shows, cybersecurity securities class actions, on the whole, likely will be virulent. Companies, of course, are talking about cybersecurity risks in their boardrooms — and they should also think about how to discuss those risks with their investors. The best way for companies to lower their risk profile is to start to address this issue now, by thinking about cybersecurity in connection with all of their key disclosures, and enhancing their disclosures as appropriate.

Perfection and prescience are not required. Effort matters most. Companies that don’t even try will stand out. As I’ve written in the context of the Reform Act’s Safe Harbor for forward-looking statements, judges are skeptical of companies whose risk factors remain static over time, and look favorably on companies that appear to try to draft meaningful risk factors. I thus construct a defense of forward-looking statements by emphasizing, to the extent I can, ways in which the company’s risk disclosures evolved, and were tailored and focused. I predict that the same approach will prove effective in cybersecurity cases.