In our June 4, 2014 article on cyber security and cyber governance  we noted that for many reasons, boards of directors and executives of U.S. companies needed to reexamine how they protect (and respond to the successful hacking of) their most critical intellectual property and customer information. One of the reasons was that all signs out of Washington, D.C. pointed towards increasing federal regulation and oversight of cyber security for public and private companies, and particularly for those in the financial services sector. Further, we foresaw not only heightened scrutiny from regulators, but increasing class action litigation, with plaintiffs accusing boards and management of not taking the appropriate steps to protect company and client data. Our predictions were correct on all fronts.
Posts Tagged ‘Paul Ferrillo’
Why the Cybersecurity Framework was created and why it is so important
Despite the fact that companies are continuing to increase spending on cybersecurity initiatives, data breaches continue to occur. According to The Wall Street Journal, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier according to Allied Business Intelligence Inc.”  Despite the boost in security spending, vulnerabilities, threats against these vulnerabilities, data breaches and destruction persist. To combat these issues, the President on February 12, 2013 issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity.”  The EO directed NIST, in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks.
There are four competing business propositions affecting most American businesses today. Think of them as four freight trains on different tracks headed for a four-way stop signal at fiber optic speed.
First, with a significant potential for cost savings, American business has adopted cloud computing as an efficient and effective way to manage countless bytes of data from remote locations at costs that would be unheard of if they were forced to store their data on hard servers. According to one report, “In September 2013, International Data Corporation predicted that, between 2013 and 2017, spending on pubic IT cloud computing will experience a compound annual growth of 23.5%.”  Another report noted, “By 2014, cloud computing is expected to become a $150 billion industry. And for good reason—whether users are on a desktop computer or mobile device, the cloud provides instant access to data anytime, anywhere there is an Internet connection.” 
The number, severity, and sophistication of cyber attacks—whether on our retail economy, our healthcare sector, our educational sector or, in fact, our government and defense systems—grows worse by the day. 
Among the most notable cyber breaches in the public company sphere was that hitting Target Corporation (40 million estimated credit and debit cards allegedly stolen, 70 million or more pieces of personal data also stolen, and a total estimated cost of the attack to date of approximately $300 million).  Justified or not, ISS has just issued a voting recommendation against the election of all members of Target’s audit and corporate responsibility committees—seven of its ten directors—at the upcoming annual meeting. ISS’s reasoning is that, in light of the importance to Target of customer credit cards and online retailing, “these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information.” 
On July 2, 2013, the United States Securities and Exchange Commission (the SEC) announced two new initiatives aimed at preventing and detecting improper or fraudulent financial reporting.  We previously noted that one of these initiatives, a computer-based tool called the Accounting Quality Model (AQM, or “Robocop”),  is designed to enable real-time analytical review of financial reports filed with the SEC in order to help identify questionable accounting practices.
No less than two years ago, had one tried to initiate a conversation with a Private Equity Sponsor or an M&A lawyer regarding M&A “reps and warranties” insurance (i.e., insurance designed to expressly provide insurance coverage for the breach of a representation or a warranty contained in a Purchase and Sale Agreement, in addition to or as a replacement for a contractual indemnity), one might have gotten a shrug of the shoulders or a polite response to the effect of “let’s try to negotiate around the problem instead.” Perhaps because it was misunderstood or perhaps because it had not yet hit its stride in terms of breadth of coverage, reps and warranties insurance was hardly ever used to close deals. Like Harry Potter, it was the poor stepchild often left in the closet.
Today that is no longer the case. One global insurance broker with whom we work notes that over $4 billion in reps and warranties insurance worldwide was bound last year, of which $1.4 billion thereof was bound in the US and $2.1 billion thereof was bound in the EU. Such broker’s US-based reps and warranties writings nearly doubled from 2011 and 2012. Reps and warranties insurance has become an important tool to close deals that might not otherwise get done. This post is meant to highlight how reps and warranties insurance may be of use to you in winning bids and finding means of closing deals in today’s challenging environment.
About a year ago, we published A New Playbook for Global Securities Litigation and Regulation, in which we detailed dramatic changes in the global securities regulatory and litigation arena driven by various factors, including not only the financial crisis of 2007-2008, but also changes in tolerance in the United States to litigation brought by foreign investors against public companies listed on non-U.S. exchanges.
One year later, the regulatory environment continues to revamp with new rules being issued constantly in the United States to conform to the legislative mandates set forth in the Dodd Frank Act. The United Kingdom and European Union also seek to reinforce previous global initiatives to reform and strengthen the Pan-European financial markets.
What is more ever-present, however, is the marked increase in global enforcement activities by regulators in the United Kingdom, Canada, and the European Union, which are attempts to give teeth to the global financial reforms each jurisdiction felt necessary to potentially prevent a “repeat” of the financial crisis. This article seeks to address the increase in global securities enforcement activity and concludes that continued cooperation and coordination in enforcement activities will be required to seamlessly address the desire to strengthen global regulatory initiatives aimed at harmonizing and centralizing international securities regulation to create safer, more fundamentally sound financial markets for investors.
In 2002, Arthur Andersen LLP collapsed in the wake of an obstruction of justice conviction. Since then, conventional wisdom has been that the U.S. Department of Justice (DOJ) resists filing criminal charges against large business entities because of fears of another similar failure. Indeed, the DOJ has consistently acknowledged that it considers such risks, and the U.S. Attorneys’ Manual expressly identifies “collateral consequences” as a factor that should be weighed in making charging decisions. In the wake of the Great Recession, however, the DOJ has been faced with competing pressures, especially with respect to financial institutions. On the one hand, the Lehman Brothers bankruptcy, among other bank failures and near-failures, suggested vulnerability on the part of some financial institutions and illustrated the potentially grave consequences that the collapse of a financial institution can have on the broader economy. The DOJ clearly does not want to cause a financial institution to fail. On the other hand, there is a pervasive public sentiment that large financial institutions were responsible for the economic collapse from which the country is only now emerging. Particularly in recent months, the DOJ has been criticized for its decision not to bring criminal charges against any major financial entity.
On November 5, 2012, the United States Supreme Court heard oral argument in Amgen Inc. v. Connecticut Retirement Plans & Trust Funds (No. 11-1085) (“Amgen”). In Amgen, Plaintiff/Respondent Connecticut Retirement Plans and Trust Funds (“Connecticut Retirement”) brought a putative class action under the Exchange Act of 1934, alleging that Defendant/Petitioner Amgen and several of its directors and officers misstated and failed to disclose safety information concerning two of its drugs. Amgen contends that it did not mislead investors and that the information it allegedly concealed was widely known.
Background of Amgen and Path to the Supreme Court
The issue in Amgen is the predominance requirement of Federal Rule of Civil Procedure (“Rule”) 23(b)(3), which states that a court may not certify a class for trial without determining that “questions of law or fact common to class members predominate over any questions affecting only individual members.” Because of the near-impossibility of establishing commonality of direct reliance on alleged misstatements in securities fraud litigations, plaintiffs typically rely on a rebuttable presumption of common indirect reliance on the integrity of the market price for the securities at issue. The Supreme Court first recognized this presumption in Basic Inc. v. Levinson, 485 U.S. 224, 241-47 (1988), relying in part on the “fraud-on-the-market” (“FOTM”) theory. The FOTM theory assumes that the market price of securities traded in an efficient market reflects all publicly-available material information, including any material misrepresentations.
In November 2012, the United States Supreme Court will again hear an appeal of a federal securities class action in Amgen Inc. v. Connecticut Retirement Plans & Trust Funds (No. 11-1085) (“Amgen”). In the past two years, the Supreme Court has heard no less than five appeals arising from securities class actions.
Amgen requires the Court to reconsider its own landmark decision in Basic Inc. v. Levinson, 485 U.S. 224 (1988), adopting a rebuttable classwide presumption of reliance based on the “fraud-on-the-market” (“FOTM”) theory. The FOTM theory assumes that the market price of securities traded in an efficient market reflects all publicly-available information, including any material misrepresentations. Twenty-five years later, the parties in Amgen ask the Court to resolve whether, in such a case, a district court must (1) “require proof of materiality” concerning the challenged statements and/or (2) “allow the defendant to present evidence rebutting the applicability of the fraud-on-the-market theory” before certifying a class under Fed. R. Civ. P. 23(b)(3). To fully understand the import of these questions, some background on the relevant concepts is helpful.