SEC

Subscribe to SEC

The U.S. Securities and Exchange Commission (“SEC”) implemented rules governing registrants’ disclosure requirements pertaining to cybersecurity risk management, governance, and incident reporting on July 26, 2023. These rules are likely to give rise to novel issues pertaining to public companies’ insurance portfolios, in particular, directors’ and officers’ liability (“D&O”) and cyber insurance policies. This post provides a short overview of the rules and some of the insurance issues likely to arise going forward.

The SEC’s cyber security disclosure rules and increased exposure

The new rules require registrants to disclose information in three categories: (1) cybersecurity risk management; (2) cybersecurity governance; and (3) cybersecurity incident reporting.

With regard to cybersecurity risk management and governance, public companies are now required to annually report their cybersecurity risk processes and governance of risks in Form 10-K SEC. Under the cybersecurity risk management disclosure rules, registrants have to describe how they assess, identify, and manage material cybersecurity risks and whether they have materially affected or are reasonably likely to materially affect their businesses. Similarly, under the cybersecurity governance disclosure rules, registrants have to describe board oversight of cybersecurity risks and the role management plays in assessing and managing material cybersecurity risks.Continue Reading Insurance coverage implications of SEC’s cybersecurity disclosure rules

Government investigations by SEC, DOJ, and state attorney generals are a significant source of exposure for companies and their directors and officers. Companies can spend millions of dollars responding to a government subpoena or investigative demand. The broadly worded demands for information or testimony typically require extensive searches through mountains of paper documents and electronically stored information (“ESI”).

As investigation defense costs rise, the question inevitably follows: Will the company’s D&O or professional liability insurance cover the costs of responding to a formal investigative order, civil investigative demand or subpoena? The answer to this question is not always clear-cut. Given the stakes, insurers and policyholders frequently litigate this issue, with courts across the country reaching different conclusions depending on the unique terms, definitions, and conditions of the policies and the type of investigation at issue. A recent decision in Delaware addressing insurance coverage for the costs of responding to a civil investigative demand provides helpful guidance for policyholders seeking coverage for these costs.

In Guaranteed Rate, Inc. v. Ace Am. Ins. Co., No. N20C-04-268 MMJ CCLD (Del. Super. Ct. Aug. 18, 2021), appeal refused, 266 A.3d 212 (Del. 2021), the Delaware Superior Court considered whether a civil investigative demand – issued by the U.S. Attorney’s Office for the Northern District of New York and the U.S. Department of Justice – qualified as a “Claim” as required to trigger coverage under the policyholder’s Private Company Management Liability Policy. The civil investigative demand was issued pursuant to the False Claims Act “in the course of an investigation to determine whether there is or has been a violation of 31 U.S.C. § 3729.”Continue Reading Guaranteed Rate v. Ace American Insurance – a victory for policyholders seeking coverage for government investigations

Ever since the Seventh Circuit’s 2001 decision in Level 3 Communications, Inc. v. Federal Insurance Co., 272 F.3d 908 (7th Cir. 2001), insurance companies have argued that settlements constituting restitution or disgorgement are uninsurable on grounds of public policy. While numerous decisions since 2001 have undercut this defense, two recent decisions out of the New York Court of Appeals and the Northern District of Illinois further confirm that coverage does not depend on how the damages paid are characterized. In both J.P. Morgan Securities Inc. v. Vigilant Insurance Co., No. 61, 2021 N.Y. slip op. 06528 (N.Y. Nov. 23, 2021), and Astellas v. Starr Indemnity, No. 17-cv-8220 (N.D. Ill. Oct. 8, 2021), the courts looked beyond the labels of “restitution” and “disgorgement” affixed to the insureds’ settlement payments to determine whether such payments were covered by each insureds’ respective insurance policies.

Last week’s post on The Policyholder Perspective took an in-depth look at Vigilant Insurance Co.  This week we consider how Vigilant, in tandem with Astellas, demonstrates a trend in how courts interpret labels on payments in an insured’s settlement agreement.

In Astellas, the insured (Astellas) entered a settlement agreement relating to a False Claims Act investigation and agreed to pay $100 million plus interest to the United States, with $50 million of such settlement labeled as “restitution to the United States.” In a similar vein, the insured (Bear Sterns) in Vigilant Insurance Co. entered a settlement agreement with the SEC for alleged illegal trading practices and made a $160 million “disgorgement” payment – $140 million of which was an estimate of the profits gained by Bear Sterns’ clients – and a $90 million payment for “civil money penalties.” Astellas submitted a claim to its insurers for the $50 million “restitution to the United States,” and Bear Sterns submitted a claim for the $140 million “disgorgement” payment reflecting its clients’ profits gained.Continue Reading Labels, Shmabels: Recent Decisions Confirm No “Restitution / Disgorgement” Exclusion in Management Liability Policies

Putting an end to a 12-year-old dispute between J.P. Morgan Securities’ predecessor, Bear Stearns & Co., and several of its insurers, on November 23, 2021, New York’s high court held that J.P. Morgan’s $140 million payment to the Securities and Exchange Commission (SEC) did not constitute an uninsurable “penalty” under J.P. Morgan’s excess directors & officers (D&O) liability policies. This is welcome news for policyholders faced with coverage denials from their insurers based on “public policy,” “fines or penalty,” “disgorgement” or other grounds of alleged uninsurability.

In J.P. Morgan, J.P. Morgan’s $140 million “disgorgement” payment was part of a larger $250 million settlement between J.P. Morgan and the SEC. $90 million of the settlement was specifically allocated to “civil money penalties.” The settlement resolved allegations that Bear Stearns & Co. and other securities broker-dealers facilitated late trading and deceptive market timing practices by their customers in connection with the purchase and sale of mutual funds.

J.P. Morgan’s excess policies covered “loss” that the insured entities became liable to pay as the result of any civil proceeding or governmental investigation alleging wrongful acts constituting violations of laws or regulations. The policies defined “loss” to include various types of compensatory and punitive damages where “insurable by law,” but specifically excluded matters uninsurable as a matter of public policy and “fines or penalties imposed by law.” The insurers argued that the disgorgement payment was uninsurable as a matter of New York law both as form of restitution of ill-gotten gains and as a penalty imposed by law.Continue Reading End to long-running dispute over uninsurability under D&O insurance

The District Court of Massachusetts’ January 6, 2015 opinion in Biochemics, Inc. v. Axis Reinsurance Co., 2015 WL 71493 (D. Mass. Jan. 6, 2015), reaffirms the importance of providing timely notice of all D&O liability claims – including subpoenas. In Biochemics, the policyholder sought coverage from its primary D&O liability insurer, Axis, for defense costs it incurred in an SEC enforcement action commenced during the AXIS policy period. Judge Rya Zobel held that Biochemics had no coverage for the SEC enforcement action because it related back to two deposition subpoenas that the SEC served on Biochemics before the AXIS policy incepted. Because those deposition subpoenas indicated on their face that the SEC had commenced a formal investigation against Biochemics, each subpoena was a “Claim” that should have been reported to Biochemics’ prior D&O carrier. Because the Claim was “first made” before the AXIS policy period, Judge Zobel granted AXIS’ motion for summary judgment and found that AXIS owed Biochemics no coverage under its policy.
Continue Reading Lessons Learned: Report All Potential D&O Liability Insurance Claims Without Delay