Large-scale data breaches can give rise to a host of legal problems for the breached entity, ranging from consumer class action litigation to congressional inquiries and state attorneys general investigations. Increasingly, issuers are also facing the specter of federal securities fraud litigation.
The existence of securities fraud litigation following a cyber breach is, to some extent, not surprising. Lawyer-driven securities litigation often follows stock price declines, even declines that are ostensibly unrelated to any prior public disclosure by an issuer. Until recently, significant declines in stock price following disclosures of cyber breaches were rare. But that is changing. The recent securities fraud class actions brought against Yahoo! and Equifax demonstrate this point; in both of those cases, significant stock price declines followed the disclosure of the breach. Similar cases can be expected whenever stock price declines follow cyber breach disclosures. Continue reading →
In late June, FIFA, the world’s governing soccer organization, released the “Garcia Report,” chronicling the extensive corruption and conflicts of interest that occurred in FIFA’s awarding of the men’s 2018 and 2022 World Cup venues. Part1 summarized the report’s findings. Part 2 discusses how specific steps and safeguards can mitigate the risks of misconduct and ensure cooperation among FIFA officials – and at any organization.
FIFA’s problems started at the top. FIFA’s investigators found an astounding number of executive committee members committed misconduct and showed disdain for the investigation. FIFA’s failures were systemic and reflected a culture of corruption. An organization’s culture cannot be fixed simply by strengthening rules or creating a targeted compliance program. Indeed, these are meaningless if the leaders themselves are corrupt. Executives must have integrity and show a commitment to everyone’s compliance with the law. FIFA needs to identify candidates for its executive committee that have shown integrity and a dedication to complying with rules and laws. Continue reading →
The first installment of this two-part series summarizes the Garcia Report’s findings of misconduct. Author Brandon Fox also focuses on the difficulties investigators faced as a result of leaders failing to cooperate and contrasts the misconduct and lack of cooperation to the U.S. Soccer Federation’s behavior.
In late June, FIFA, the world’s governing soccer organization, released the Garcia Report chronicling the extensive corruption and conflicts of interest that occurred in FIFA’s awarding of the men’s 2018 and 2022 World Cup venues. This article summarizes the Garcia Report’s findings of misconduct, focusing on the difficulties investigators faced as a result of leaders failing to cooperate, and discusses how specific steps and safeguards can mitigate the risks of misconduct and ensure cooperation among FIFA officials – and at any organization.Continue reading →
On September 19, Senator Chuck Grassley (R-IA) issued a press release stating that the bipartisan authors of a 2015 landmark criminal justice reform bill were preparing to reintroduce that legislation. The Sentencing Reform and Corrections Act of 2015, to which Sen. Grassley will grant new life, was part of a widespread effort at criminal justice reform that appeared to have died with the 2016 election. A centerpiece of the effort would have clarified and enhanced the mens rea (or mental state) necessary for conviction: in the House version, a defendant could be convicted only if she knew she was engaged in criminal activity; the Senate version was even more defendant-friendly, requiring willful participation.
Criminal justice reform has a laudable overarching ambition—to reduce sentences and incarceration rates, especially for minor drug and firearms offenses. As Yale Law Professor Gideon Yaffe writes, this would benefit “those who are especially ill-treated by the criminal justice system: the poor and racial minorities.” But these efforts are being championed by some unusual suspects: Republican members of Congress, who don’t ordinarily vie for more leniency when it comes to street crime, and the Koch brothers, who also are notusually poster boys for the plight of the underclass, who are over-represented in criminal prosecutions, convictions and America’s prisons. Continue reading →
Despite the increase in cyberattacks and data breaches against large corporations, directors have avoided personal liability. In three recent data breaches—Wyndham, Target, and Home Depot—shareholders have unsuccessfully brought derivative claims against directors. These Caremark claims against directors have failed because oversight duties for cybersecurity are not yet specific enough to establish that directors deliberately breached a known duty of care.
The current protection that directors have enjoyed from cybersecurity-related Caremark suits may soon come to an end. New and pending regulations from the New York Department of Financial Services and the Federal Reserve System provide more specific cybersecurity guidance for corporations. Failing to comply with these more detailed regulations prior to a cyberattack may increase the possibility that directors will be held liable for violating their Caremark oversight duties. Accordingly, directors should familiarize themselves with these new regulations that are applicable to the corporations they serve, and develop best practices to both protect corporate data and inoculate themselves from personal liability. Continue reading →
The recent release of substantive compliance program guidance by the Fraud Section of the Department of Justice (“DOJ”) provides an excellent opportunity for corporations to re-examine the effectiveness of their current internal compliance mechanisms. While the “Evaluation of Corporate Compliance Programs” (“the Guidance”) is not specific to the any particular industry, it provides a practical set of benchmarks that can be referred to throughout an organization and is of particular relevance to the board of directors (logically through its audit & compliance committee), in the exercise of its compliance oversight duties. Continue reading →
Delaware court interpretations of the Caremarkstandard provide a daunting pleading barrier to derivative actions based on alleged breach of compliance oversight responsibilities. The Chancery Court’s October 18 decision in Reiter v. Fairbank is particularly notable for its thoughtful analysis of the duty of oversight. But corporate leadership should recognize that these decisions may not provide impenetrable protection to them, and to the corporation, from compliance-based liability exposure, especially in the current individual accountability environment. Continue reading →