much litigation arising out of the Year 2000 problem, including complex and numerous coverage defenses advanced by insurers. Both insurers and insureds alike should already be giving careful consideration to this newly developing area of law. Policyholders should consider any possible types of insurance coverages to address their claims and should carefully review existing policies for exclusionary language, thoroughly answer insurance company questionnaires and scrutinize newly delivered policies following renewals. As business owners and policyholders assess their risk of exposure to liability, consideration should be given to the purchase of Y2K coverage products providing they are affordable.
Year 2000 articles
1. Testing Law Office Systems "2000: A Computer Odyssey," Allen L. Shapiro and Robert S. McNeill, ABA Technology and Practice Guide, p.4, vol.2, no. 1, Summer, 1998.
2 "The Year 2000 Problem," Gene Barrett and Sharon R. Klein, Law Office Computing, February, 1998.
_______________
1 The Garter Group, Inc., an information technology research firm, has estimated the cost of the Year 2000 problem. See "Year 2000 Problem Gains National Attention," at the URL of <http://www.gartner.com/aboutgg/pressrel/pry2000.html
2 See National Union Fire Insurance Co. of Pittsburgh, PA vs. Brown, 787 F.Supp. 1424 (S.D.Fla. 1991) aff'd, 963 F2d 385 (11th Cir. 1992).
3 See USM Corporation vs. First State Insurance Co., 641 N.E.2d 115 (Mass.App. Ct. 1994).
4 See Christopher Adams, The Millennium Bomb; Policies Can Protect Firms Against Financial Loss, but Risk Managers Say Payments Are "Remarkably High," J. of Commerce, Sept. 11, 1997 at 7A.
5 See Margo D. Beller, Back to the Future: Looking Ahead to Millennium Headaches, J. of Commerce, Sept 11, 1997, at 7A.
Roger L. Rutherford is a principal with Rutherford Law Offices in Springfield, and Vice Chair of the Illinois State Bar Association (ISBA) Standing Committee on Legal Technology. He is a prolific speaker and author on Insurance Law topics.
Directors and officers at risk for Y2K liability
By Lori Iwan and James K. Horstman
"Chaos reigns within.
Reflect, repent, and reboot.
Order shall return."
Japanese Haiku error message
The chaos to come
The Year 2000 technology problem may create liability for many, but none so much as America's corporate directors and officers, and the lawyers assigned to protect them. The directors and officers are likely to be primary targets for Year 2000 claims because they are presumed to have the authority and resources (if anyone has) to avert anticipated Year 2000 losses. They initiated the analysis of the problem, they decided what should be done about the problem, they authorized the funding for the company's Y2K efforts, and they will be the defendants if their company's efforts to prevent Y2K losses prove to be insufficient.
Attorneys in corporate practice must be aware of the Year 2000 exposures of directors and officers. This knowledge is critical to effectively represent and counsel corporate clients. Self-interest provides an additional reason. Lawyers who advise corporate clients on Year 2000 matters will themselves be targets for Year 2000 claims, simply because of their advisory role and the fact that they are insured. Year 2000 work will be a boon to some law practices, but a liability for others.
This article is intended to give an overview of potential Year 2000 director and officer ("D & O") exposures, for loss control and defense purposes. When systems fail or malfunction due to the technology date challenge, the ultimate question facing directors and officers will be "Did you do enough?" The legal theories underlying Y2K claims may appear in several different forms, and lawyers advising directors and officers need to understand them.
What do directors and officers have to do with the Year 2000 problem?
Although directors and officers may be far from the network server rooms and technology workshops of corporate America, they are critically involved in the corporation's effort to overcome the Year 2000 challenge. Understanding how they are involved in this process is crucial to understanding the Y2K liability exposure of directors and officers.
What do directors and officers have to do with the Year 2000 problem? Failures in any of the following functions might result in Y2K liability for directors and officers:
1. Timely recognition of the Y2K problem.
2. Timely and complete identification of computer systems (including embedded technology systems) requiring remediation.
3. Adoption of an adequate remediation plan (accounting for time, cost and reliability requirements).
4. Selection of qualified and available remediation personnel.
5. Supervision of the remediation work.
6. Timely and complete testing of remediation work.
7. Confirmation that important vendors, suppliers and clients are Y2K ready.
8. Sufficient disclosure of Y2K problems and costs for purposes of tort law, securities laws and shareholder expectations.
9. Consideration of important purchasing decisions based on Year 2000 compliance and warranty factors.
10. Enforcement of obligations of third parties to correct Y2K problems.
11. Investigation of the Year 2000 qualifications of potential merger and joint venture candidates.
12. Maintenance of duty of loyalty with respect to insider trading opportunities concerning undisclosed Year 2000 problems.
13. Timely conclusion of all remediation and testing efforts.
14. Adoption of an adequate contingency plan.
15. Maintenance of business operations necessary to fulfill obligations to shareholders, customers, regulatory authorities, vendors, suppliers and others.
16. Timely compliance with the Year 2000 Information and Readiness Disclosure Act.
17. Compliance with the Y2K Act (HR 775).
18. Timely response to non-Y2K problems identified during Y2K remediation and testing.
A multitude of possible causes of action
With all the publicity for the imminent arrival of the Year 2000, one might wonder how an officer or director could be left standing in a courtroom, unable to explain how and why the Y2K failure damaged his or her company. But many are still unprepared. There are a myriad of actions that could lead to these claims, any of which is equally probable of being made against any particular corporation.
For example, the failure to fully investigate the Year 2000 readiness of a company involved in a merger or acquisition can affect the value of shares in a corporation when a Year 2000 failure occurs. Similarly, failure to oversee and remain informed as to the status of the Information Technology department's ("I.T.") activities in prioritizing and remediating Year 2000 problems can result in the failure to identify a mission-critical function, resulting in a significant loss to the corporation. Failing to commit the resources to the Y2K problem, such that a timely program of prioritizing, testing and remediating Year 2000 problems can be implemented, could be the source of criticism if a company has a Year 2000 failure. Allowing a deadline to pass that was critical to preserving a cause of action for the recovery of monies on behalf of the corporation also can be a basis for liability. Of course, the ultimate embarrassment could be failing to even recognize these issues because the level of awareness of the Year 2000 problem in the corporation did not rise to the level reasonably to be expected within the particular industry. In short, directors and officers will be graded in their performance of their Year 2000-related functions based upon what they knew, and when they knew it, and what others in similar positions were doing to avert Y2K losses.
Shareholder derivative exposures
As the owners of a corporation, the shareholders have the most to lose as a result of Year 2000 failures and malfunctions. Consequently, shareholders will be among the first to sue for Year 2000 losses. The technological background of Y2K losses will be merely incidental to disgruntled shareholders. The important thing to shareholders is money, and when directors and officers lose their money under circumstances in which losses were reasonably avoidable, they will sue for the alleged breaches of the duties which their directors and officers owe them.
The duty of loyalty
A corporate director owes an undivided, unselfish loyalty to the corporation. (Smith v. VanGorkem, 488 A.2d 858 (Del. 1985)). The duty of loyalty can be breached in several ways: by competing with the corporation, appropriating a corporate opportunity, using insider information, disclosing trade secrets, or taking customers or spending corporate money for personal gain.
The duty of care
A director, in managing a corporation, is bound to use that amount of care which an ordinarily careful and prudent person would use in similar circumstances. An element of the duty of care is the obligation to use reasonable diligence in gathering and considering material information. Directors are under a continuing obligation to keep informed about the activities of the corporation.
The corporate director's duty of care is specifically defined by statute in a majority of states. A typical statute provides:
A director shall discharge his duties as a director, including his duties as a member of a committee:
1. in good faith;
2. with the care an ordinarily prudent person in a like position would exercise under similar circumstances; and
3. in a manner he reasonably believes to be in the best interests of the corporation.
Defense: The business judgment rule
Courts are generally reluctant to substitute their judgment for the judgment of corporate directors, if there is a rational business purpose. Under the "business judgment rule" there is a presumption that the directors acted on an informed basis in good faith and in honest belief that the actions taken were in the best interest of the corporation. Arson v. Lewis, 473 A.2d 805 (Del. 1984); Stamp v. Touche Ross, 263 Ill.App.3d 1010 (1993).
When corporations are stricken by Year 2000 losses, shareholders will ask why the losses were not averted by their directors and officers. The Year 2000 technology problem has been the subject of active debate in the business community for several years. Directors and officers will undoubtedly seek to explain the losses and justify their action or inaction by reference to the business judgment rule. In a great majority of cases, these important issues will be determined as questions of fact.
Shareholders' actions in progress
The specter of shareholder derivative suits is not merely a theoretical possibility. A large percentage of the Year 2000 suits filed to date have been brought as shareholder derivative actions. Most of the actions were initiated in 1999. In some of these actions, shareholders have alleged that their corporation overstated its ability to profit from Year 2000-related business. See, e.g., Steinberg v. P.R.T. Group, Inc. (U.S.D.C. Southern District of New York, 1999); Lindsay v. Peritus Software (U.S.D.C. Mass. 1999). In others, shareholders have alleged that the potential impact of Year 2000 claims was not adequately disclosed in stock offering documentation. See, e.g., Courtney v. Medical Manager Corp. (U.S.D.C. N.J. 1999). Although the shareholder derivative actions filed thus far are limited to disclosure issues, future shareholder derivative actions will likely also concern losses occasioned by actual failures or malfunctions of computer systems due to the Year 2000 problem.
Securities laws exposure
Disclosure of "material" facts required
Federal securities laws require that corporations disclose all material facts in connection with the sale or purchase of securities. A fact is "material" is there is a substantial likelihood that a reasonable shareholder would consider it important in deciding how to act. TSC Industries, Inc. v. Northway, Inc. (1976), 426 U.S.438, 449. In the context of Year 2000 concerns, two distinct categories of information may require disclosure: (1) the costs associated with the company's Year 2000 remediation efforts, and (2) legal liability to others for failure to achieve full Y2K compliance.
Y2K disclosure guidelines
In addition to the general statutory disclosure requirements of the federal securities laws, corporations should be guided by the specific Year 2000 disclosure guidelines propounded by the Securities Exchange Commission http://www.sec. gov/. In fact, the SEC has made several efforts to clarify corporate disclosure obligations in this area. In October of 1997, two SEC divisions jointly published "Staff Legal Bulletin No. 5" to provide a suggested protocol for corporate Y2K disclosures. Subsequent revisions have further specified the expected disclosures. Bulletin No. 5 specifically directed that disclosures should include the following information concerning a corporation's Year 2000 readiness:
The company's general plans to address the Year 2000 issues relationed to its business, its operations, and if material, its relationships with customers, suppliers, and other constituents; and its timetable for carrying out those plans; and the total dollar amount that the company estimates will be spent to remediate its Year 2000 issues, if such amount is expected to be material to the company's business, operations or financial condition, and the material impact these expenditures are expected to have on the company's results of operations, liquidity and capital resources.
Y2K is "material"
Greater detail in the reporting requirements was provided by the SEC's Release on "Disclosure of Year 2000 Issues and Consequences by Public Companies, Investment Advisors, Investment Companies, and Municipal Securities Issuers" in July, 1998. See Release No. 33-7558. In the Release, the SEC warned: "We expect that for the vast majority of companies, Year 2000 issues are likely to be material, and therefore disclosure would be required." The Release clarifies that disclosure of Year 2000 issues is mandated not only if those issues would have a material effect on the company's business but also if the company's assessment of its Year 2000 situation is not complete. When a company makes its Year 2000 disclosures, the SEC expects to see:
1. The company's state of readiness;
2. The costs to address the company's Year 2000 issues;
3. The risks of the company's Year 2000 issues; and
4. The company's contingency plans.
As time goes on, the SEC's expansion and clarification of its Y2K disclosure expectations becomes increasingly demanding. In effect, the disclosure requirements of the federal securities laws represent a moving target for corporate directors and officers. Not only is it important for directors and officers to ensure that their corporation's year 2000 disclosures comply with all current securities laws requirements, it is critical for directors and officers to keep abreast of developing SEC bulletins and releases giving further definition to the disclosure requirements.
Potential liability under many SEC laws
Directors and officers may face substantial liability under a variety of securities laws if a company's Year 2000 disclosures are inadequate. Under section 11(a) of the 1933 Securities Act, directors and signatories to registration statements that make untrue statements of material fact or omit facts necessary to be disclosed may be liable to purchasers of stock who detrimentally rely upon the omissions or misstatements. Under section 12(2) of the 1933 Act, liability may be imposed on offerors and sellers of securities for omissions or misstatements, unless the defendant did not know and in the exercise of reasonable care could not have known of the material misstatements. section 12(2) grants a private right of action to shareholders who have purchased securities of a corporation based upon untrue statements of material fact and prospectus, or failure to make statements in a prospectus which are not misleading.
Section 10(b) and 10(b-5) of the 1934 Securities and Exchange Act create a private right of action against any persons selling securities who makes an untrue statement of a material fact or omits to state a material fact necessary in order to make the statements made, in the light of the circumstances in which they are made, not misleading. Certain safe harbors were created by the 1995 Private Securities Litigation Reform Act, which may be of importance to defenses in actions brought pursuant to Rule 10(b-5) and other statutory provisions.
Exposures related to laws other than securities laws
Although some people may argue that Congress and the President recently provided a safe haven from litigation so that directors and officers may once again relax in the safety of the corporate boardroom, nothing could be further from the truth. The recent Y2K Act and more distant Year 2000 Information and Readiness Disclosure Act ("IRDA") set numerous traps for the unwary corporate officer and director upon which liability may be based. It behooves every corporation to take the time to carefully compare the requirements of the recent legislation with the status of the corporation's Y2K remediation efforts to avoid any missteps.
The Year 2000 Information and Readiness Disclosure Act (IRDA)
The Year 2000 Information and Readiness Disclosure Act became effective on October 19, 1998. It was intended to encourage companies to issue truthful and specific statements about the status of companies and products relative to the Year 2000 issue by providing protection for Year 2000 statements. Accordingly, IRDA set standards for the evidentiary exclusion of, liability for, and the level of proof required, for Year 2000 statements. If a corporation issued a Year 2000 statement pursuant to IRDA, those statements would be inadmissible to prove the truth of the contents. IRDA further provided that there would be no liability for false or misleading disclosures unless those statements were knowingly false and material at the time the statements were issued. Finally, IRDA required that proof the falsity of a statement be made based on clear and convincing evidence, a high standard of proof.
Unfortunately, IRDA did not go far enough to protect the businesses most in need of protection. The Year 2000 statements provided for in IRDA do not alter contracts or warranty guarantees. Securities and Exchange Commission disclosures also are not covered. Even if a corporation took advantage of the IRDA provisions, if the corporation did not follow the strict notice language required in the Act, the protections would be non-existent.
Most disturbing of all in IRDA is the 45-day window of time within which a corporation must extend the protection of IRDA to statements made between 1996 to October 19, 1998, and the 45-day window of time in which a corporation could object to the receipt of any such statement. When IRDA was signed into law on October 19, 1998, it provided that the 45 days commenced immediately and would expire on December 3, 1998. By the time most corporations had heard of IRDA, the window of time available to take advantage of its provisions had already expired. In short, the government's intended panacea added to the corporate burden and problems posed by the Year 2000.
The Y2K Act (HR 775/S 96)
Similarly, the recently enacted "Y2K Act" offers little relief from litigation for the publicly traded corporation. The Y2K Act appears to have set more traps for the unwary corporation than it has resolved. The purpose of the Act was "to establish certain procedures for civil actions brought for damages relating to the failure of any device or system to process or otherwise deal with the transition from the year 1999 to the year 2000." Based in part on Congress' concern about a "proliferation of frivolous lawsuits relating to Year 2000 computer date change problems by opportunistic parties," Congress sought to discourage lawsuits by providing a "cooling down" or cure period of time for potential defendants in which they can either attempt to resolve a Year 2000 dispute or engage in alternative dispute resolution before the matter proceeds through the traditional litigation process. However, in executing this seemingly laudable goal, the Act is replete with provisions likely to fuel litigation and provides little respite from traditional actions expected to be brought as a result of Y2K failures.
For example, the Y2K Act excludes by its terms any claims for personal injury or wrongful death. Warranties and contracts are preserved and interpreted as written. The provisions of the Year 2000 Information and Readiness Disclosure Act are not superceded by any provision in the newer Y2K Act. And, similar to IRDA, the Y2K Act does not provide any exemptions from securities litigation except with respect to "bystanders" such as officers, directors and fiduciaries. Hence, it would be premature for a corporate officer or director to become complacent about the risk of Y2K litigation against the corporation. Some examples from the Act illustrate this point.
Y2K "upset"
In section four "Application of Act," the Act permits actions brought by a government entity that permits a defendant to establish the affirmative defense of "Y2K upset." Unfortunately, in order to establish "Y2K upset," the defendant must prove through a "properly signed, contemporaneous operating log, or other relevant evidence that . . . (a) the defendant previously made a reasonable good faith effort to anticipate, prevent and effectively remediate a potential Y2K failure;" and a host of other facts. If the corporation does not now have in place the specific procedure (creating an operating log) for creating the evidence necessary to respond to an imminent Y2K failure, the corporation is likely to have failed to preserve the evidence necessary to prove the only defense allowed by the Y2K Act in actions against government entities.
Pre-litigation notice
A second example in which the Y2K Act is likely to escalate litigation costs rather than eliminate them, can be found in section seven "Pre-litigation Notice." Before commencing a Y2K action, a prospective plaintiff must send written notice by certified mail to each prospective defendant (the recipient of the notice is specifically defined in the Y2K Act) in which the notice has specific and detailed information on a number of topics enumerated on the Y2K Act. The prospective defendant must then respond to the notice in a very specific manner, also set forth in the Y2K Act.
Unresolved legal issues
An overall look at the Y2K Act indicates that there are numerous unresolved legal issues raised by its terms that will fuel, not avoid, litigation. For example, there is an inconsistency in application of law in which some sections of the Act apply the laws in existence on the day before January 1, 1999 while other sections apply the law in effect at the time a contract was entered into, and other sections impose the law in existence on January 1, 1999. This inconsistency invites rather than discourages litigation.