Category: Litigation
McDonald’s court dismisses Caremark claims against directors
Here we have another in a string of McDonald’s cases—all of them arising out of workplace misconduct at McDonald’s, none even dipping its toe into employment law. First, you’ll remember, there were settled charges brought by the SEC against McDonald’s and its former CEO, Stephen Easterbrook, arising out of disclosure about the termination of Easterbrook on account of workplace misconduct. Then there was the derivative Caremark litigation for breach of fiduciary duty against David Fairhurst, who formerly served as Executive Vice President and Global Chief People Officer of McDonald’s, for consciously ignoring red flags about workplace misconduct and engaging in some pretty extensive workplace misconduct himself. Now, we have a new decision out of Delaware regarding the derivative Caremark litigation against the company’s directors alleging that they ignored red flags about the company’s culture that condoned workplace misconduct. But this case turned out to be different—VC Laster of the Delaware Chancery Court dismissed the complaint against the directors. The Court held that, in this case, the directors did not ignore the numerous red flags: the facts cited in the pleadings did “not support a reasonably conceivable claim against them for breach of the duty of oversight.” Once again, the case reinforces that high bar described by former Chief Justice Leo Strine for Caremark claims: “Caremark claims are difficult to plead and ultimately to prove out,” and constitute “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” (See this PubCo post.)
SEC charges DXC with misleading non-GAAP disclosures and absence of non-GAAP disclosure controls
The SEC has announced settled charges against DXC Technology Company, a multi-national information technology company, for making misleading disclosures about its non-GAAP financial performance in multiple reporting periods from 2018 until early 2020. According to the Order, DXC materially increased its reported non-GAAP net income “by negligently misclassifying tens of millions of dollars of expenses ” as non-GAAP adjustments related to strategic transactions and integration and improperly excluding them from its reported non-GAAP earnings. In addition to misclassification, DXC allegedly failed to accurately describe the scope of the expenses included in the company’s non-GAAP adjustment, with the result that “its non-GAAP net income and non-GAAP diluted EPS in periodic reports and earnings releases were materially misleading.” What’s more, the SEC alleged, DXC’s disclosure committee “negligently failed to evaluate the company’s non-GAAP disclosures adequately,…and failed to implement an appropriate non-GAAP policy” or adequate disclosure controls and procedures specific to its non-GAAP financial measures. Consequently, DXC “negligently failed to evaluate the company’s non-GAAP disclosures adequately.” DXC agreed to pay a civil penalty of $8 million. According to the SEC’s Associate Director of Enforcement, “[i]ssuers that choose to report non-GAAP financial metrics must accurately describe those metrics in their public disclosures….As the order finds, DXC’s informal procedures and controls were not up to the task, and, as a result, investors were repeatedly misled about its non-GAAP financial performance.”
Ransomware attack—SEC charges misleading disclosures and disclosure control failure—again!
Last week, the SEC announced settled charges against Blackbaud, Inc., a provider of donor data management software to non-profit organizations, for misleading disclosures and disclosure control failures. According to the SEC, in May 2020, employees at the company discovered evidence of a ransomware attack. After an investigation, the company announced the incident and advised affected customers—specifying that sensitive donor data was not involved. But just a couple of weeks later, the SEC alleged, company personnel learned that the attacker had, in fact, accessed sensitive donor data for a number of customers—including bank account and social security numbers. But—you guessed it—it’s disclosure controls again! The personnel with knowledge of the scope of the breach “did not communicate this to Blackbaud’s senior management responsible for disclosures, and the company did not have policies or procedures in place designed to ensure they do so.” As a result, the SEC claimed, the company filed a Form 10-Q that still omitted mention of the exfiltration of sensitive donor data and framed its cybersecurity risk factor disclosure as purely hypothetical. The SEC viewed Blackbaud’s disclosure as misleading and its disclosure controls as inadequate and imposed a civil penalty of $3 million. According to the Chief of SEC Enforcement’s Crypto Assets and Cyber Unit, “Blackbaud failed to disclose the full impact of a ransomware attack despite its personnel learning that its earlier public statements about the attack were erroneous….Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so.”
DOJ and SEC bring charges for insider trading and fraudulent scheme using purported 10b5-1 plans
Government officials, especially those in SEC Enforcement, have been making noise about the potential for insider trading abuse of Rule 10b5-1 plans since at least 2007, when then-SEC Enforcement Chief Linda Thomsen expressed concern that “executives are taking advantage of a legal safe harbor to sell their stock and profit before their companies report bad news….[A]cademic studies suggest that the rule may be a cover for improper activity, Thomsen said. ‘We’re looking at this hard….If executives are in fact trading on inside information and using a plan for cover, they should expect the ‘safe harbor’ to provide no defense.’” (See this Cooley News Brief.) Now, in 2023, DOJ has unsealed an indictment against Terren Peizer, the executive chair of Ontrak, Inc., representing the first time, according to the press release, that DOJ has brought “criminal insider trading charges based exclusively on an executive’s use of 10b5-1 trading plans.” (Note, however, that the SEC did bring a case last year against executives of Cheetah Mobile related to sales under a purported 10b5-1 trading plan entered into while in possession of material nonpublic information. See this PubCo post.) DOJ charged that Peizer entered into a fraudulent scheme using 10b5-1 plans and engaged in insider trading, both of which charges carry stiff criminal penalties. DOJ said that the FBI is continuing to investigate this case. Not to be completely outdone—although it’s hard not to be outdone by the threat of serious jail time—the SEC has also filed a civil complaint against Peizer, charging that he engaged in insider trading in Ontrak shares using 10b5-1 plans as part of a scheme to evade insider trading prohibitions: when Peizer entered into the plans, the SEC alleged, he was aware of material nonpublic information about the company. As you probably know, to be effective in insulating an insider from potential insider trading liability, the 10b5-1 plan must be established when the insider is acting in good faith and not aware of MNPI. Creating the plan once the insider has learned of MNPI, as alleged in this case, would seem to defeat the whole purpose of the rule—to ensure an even playing field for all investors. The SEC alleged that Peizer sold more than $20 million of Ontrak stock, avoiding more than $12.7 million in losses. At the end of last year, Bloomberg reported that the SEC and DOJ were using data analytics “in a sweeping examination of preplanned equity sales by C-suite officials.” (See this PubCo post.) That effort appears to have paid off in this case; DOJ advises that this investigation was “part of a data-driven initiative led by the Fraud Section to identify executive abuses of 10b5-1 trading plans,” suggesting perhaps that this may not be the last prosecution we will see for abuse of 10b5-1 plans.
SEC brings settled charges against Roadrunner—no, not the cartoon character—for accounting fraud
Here’s another earnings management case from SEC Enforcement, this time against Roadrunner Transportation Systems, Inc., a shipping and logistics company formerly traded on the NYSE, involving a veritable pu pu platter of alleged financial manipulations. As charged in the SEC’s Order, from July 2013 through January 2017, the company engaged in an “accounting fraud scheme by manipulating its financial reports to hit prior earnings guidance and analyst projections.” Among other things, Roadrunner was alleged to have improperly deferred and stretched out expenses over multiple quarters to minimize their impact on earnings, failed to write down worthless assets and uncollectable receivables, and manipulated earnout liabilities related to its numerous acquisitions. The company agreed to pay disgorgement of just over $7 million, with prejudgment interest of approximately $2.5 million—except that the company paid nothing additional: the penalties were deemed satisfied by the settlement payment the company made in connection with prior private securities litigation.
DOJ announces nationwide voluntary self-disclosure policy
On Wednesday, the DOJ announced a new Voluntary Self-Disclosure Policy, which sets out the criteria for determining when a company is deemed to have made a voluntary self-disclosure of misconduct to a US Attorney’s Office and how the company might benefit from a “resolution under more favorable terms.” According to the press release, the policy is intended to provide “transparency and predictability to companies and the defense bar concerning the concrete benefits and potential outcomes in cases where companies voluntarily self-disclose misconduct, fully cooperate, and timely and appropriately remediate. The goal of the policy is to standardize how VSDs are defined and credited by USAOs nationwide, and to incentivize companies to maintain effective compliance programs capable of identifying misconduct, expeditiously and voluntarily disclose and remediate misconduct, and cooperate fully with the government in corporate criminal investigations.”
SEC Enforcement’s “EPS Initiative” chalks up another one
Last week, the SEC announced settled charges against Gentex Corporation, a manufacturer of digital vision, connected car, dimmable glass and fire protection products, and its former Chief Accounting Officer and current CFO, Kevin Nash, related to financial reporting, books-and-records and internal accounting controls violations. Allegedly, these violations were the consequence of deficiencies in the company’s accounting practices for its bonus programs, which practices allowed the company to manage its earnings by adjusting its accruals for bonuses to ensure that publicly reported EPS was in line with consensus EPS estimates—without the required accounting analysis or adequate supporting documentation. According to the SEC, had the company not reduced the accrual for bonuses, it “would have missed consensus EPS estimates by one penny.” Gentex was ordered to pay a civil money penalty of $4 million and Nash to pay $75,000. These charges represent yet another case resulting from SEC Enforcement’s “Earnings-Per-Share Initiative,” which applies risk-based data analytics to detect potential violations from earnings management, among other things.
SEC floats dialing back climate disclosure rules
The SEC has apparently let it be known—or perhaps a few reporters are especially intrepid—that it may well pare down and loosen up some of its proposed rules on climate disclosure (see this PubCo post, this PubCo post and this PubCo post). In this article in Politico and this article in the WSJ, “three people familiar with the matter” and “people close to the agency” told reporters that SEC Chair Gary Gensler is “considering scaling back a potentially groundbreaking climate-risk disclosure rule that has drawn intense opposition from corporate America.” According to Politico, SEC officials “stress that no decision has yet been made,” so time will tell where the final rulemaking will end up.
Workplace misconduct again! SEC charges failure of disclosure controls
Alleged workplace misconduct—and the obligation to collect information and report up about it—rears its head again in yet another case, this time involving Activision Blizzard, Inc. Just last month, in In re McDonald’s Corporation, the former “Chief People Officer” of McDonald’s Corporation was alleged to have breached his fiduciary duty of oversight by consciously ignoring red flags about sexual harassment and misconduct in the workplace. According to the court in that case, the defendant “had an obligation to make a good faith effort to put in place reasonable information systems so that he obtained the information necessary to do his job and report to the CEO and the board, and he could not consciously ignore red flags indicating that the corporation was going to suffer harm.” (See this PubCo post.) Now, the SEC has issued an Order in connection with a settled action alleging that Activision Blizzard, Inc., a videogame developer and publisher, violated the Exchange Act’s disclosure controls rule because it “lacked controls and procedures designed to ensure that information related to employee complaints of workplace misconduct would be communicated to Activision Blizzard’s disclosure personnel to allow for timely assessment on its disclosures.” In addition, the SEC alleged that the company violated the whistleblower protection rules by requiring, in separation agreements, that former employees “notify the company if they received a request from a government administrative agency in connection with a report or complaint.” As a result, Activision Blizzard agreed to pay a $35 million civil penalty. These cases suggest that company actions (or lack thereof) around workplace misconduct and information gathering and reporting about it have resonance far beyond employment law. It’s also noteworthy that this Order represents yet another case (see this PubCo post) where a “control failure” is a lever used by SEC Enforcement to bring charges against a company notwithstanding the absence of any specific allegations of material misrepresentation or misleading disclosure, a point underscored by Commissioner Hester Peirce in her dissenting statement, discussed below.
Delaware VC Laster finds a “black swan”—a fiduciary duty of oversight for officers
In In re McDonald’s Corporation, defendant David Fairhurst, who formerly served as Executive Vice President and Global Chief People Officer of McDonald’s Corporation, contested a stockholders’ claim that he had breached his fiduciary duty of oversight by arguing that there is no fiduciary duty of oversight for officers, only for directors. VC Laster of the Delaware Chancery Court responded this way: “That observation is descriptively accurate, but it does not follow that officers do not owe oversight duties. For centuries dating back to the Roman satirist Juvenal, Europeans used the phrase ‘black swan’ as a figure of speech for something that did not exist. Then in the late eighteen century, Europeans arrived on the shores of Australia, where they found black swans. The fact that no one had seen one before did not mean that they could not or did not exist…. Framed in terms of the issue in this case, decisions recognizing director oversight duties confirm that directors owe those duties; those decisions do not rule out the possibility that officers also owe oversight duties.” With that—and a lengthy exposition—Laster confirmed that Fairhurst did indeed have a duty of oversight, much like the Caremark duties applicable to corporate directors.
You must be logged in to post a comment.