Can Shareholders Hold Directors Liable For Failing To Address Social Issues?July 24, 2018 – Articles Wiley
Directors and officers face mounting pressure from shareholders to ensure that social issues are reflected in how their companies do business. The equal and proper treatment of women, maintaining data privacy, addressing the company’s environmental impact, and promoting diversity are among the pressing social concerns that shareholders are raising with directors and officers.
As companies consider how to address these important social issues, they must also consider potential legal liability for their failure to do so. As shareholder pressure increases and theories of liability and corporate injury continue to evolve rapidly, the stakes for corporations and their directors and officers have never been higher.
Changing Corporate Culture: Address Harassment and Discrimination
Sexual harassment in the workplace is, unfortunately, not a new phenomenon. However, the rise of, among other things, the #MeToo movement has made the eradication of sexual discrimination and harassment a key concern for shareholders. Historically companies have faced liability for the failure to properly address allegations of sexual harassment or sexual misconduct. In more recent cases, the allegations depict toxic work environments and willful blindness by directors. The trend should give directors and officers pause and prompt them to reevaluate the integrity of their anti-harassment policies and the potential liability if the policies are not meaningfully enforced at all levels.
For instance, in the wake of allegations of pervasive sexual misconduct, gaming magnate Stephen Wynn stepped down from his position as chairman of Wynn Resorts, Ltd. and shareholder derivative actions have followed. They focused not only on the alleged failures of the board to address purportedly known incidents of sexual misconduct or combat a corporate culture that condoned such behavior, but emphatically “connected the dots” from those alleged failures to address the conduct to resulting monetary damages stemming from the failure to do so.
The complaints against Wynn Resorts, Ltd. and its board cite the dramatic (10%) drop in share prices following the revelation of misconduct as well as the company’s downgrade in investment rating as bases of damages. The complaints also allege the creation of a separate entity used to pay a $7.5 million settlement to an alleged victim and the exposure of additional lawsuits. The complaints, however, also include allegations of loss in value based on prior statements by the company regarding a “Wynn premium” in reference to the value the company enjoyed from its association with Steve Wynn and his track record of success that has been lost as a result of Wynn’s alleged actions and subsequent resignation. In addition, the complaints raise the possible loss of the company’s gaming licenses in Nevada and other jurisdictions, where the relevant regulations contain prohibitions on associating with criminal or “unsavory” actors.
This case, among others making headlines, signals a fundamental shift in what constitutes an appropriate response to sexual harassment and abuse in the workplace. Implementing an anti-harassment policy and reacting to violations of the policy with settlement payments can no longer be considered a sufficient response. Directors and officers must reflect on whether their anti-harassment polices and reporting systems truly address and repair the corporate cultures that allow harassment, discrimination and abuse to continue.
A successful anti-harassment policy must be enforced at all levels. It must be clear and direct with respect to what constitutes appropriate conduct. Regular trainings of employees, management and the board should include specific examples of proper and improper conduct and should be tailored for the type of work environment and the nature of the interactions that occur between employees.
Trainings should also include clear instructions for making a report of harassment or discrimination. Moreover, employees should be provided with a list of individuals in the company who have been identified to receive and investigate complaints appropriately. Employees should be assured that all reports are confidential and that retaliation against a reporting employee will not occur. Management training regarding the processes for complaint investigation and escalation is also essential. Promptly addressing complaints and reporting them to upper management and the board for corrective action is critical. Indeed, if improper conduct is widely perceived and employee reports are received – but management fails to act – the system has utterly failed.
Moreover, if complaints, particularly those regarding high-level personnel, such as c-suite officers and business generators, are susceptible to being downplayed or disregarded, liability and substantial monetary damages will result and criminal charges are also possible. For anti-harassment programs to remain effective, it may be necessary to ensure that reporting structures eliminate managerial discretion from escalating complaints and automatically generate reports to the board no matter how egregious.
Boards must take steps to ensure that robust anti-harassment policies are in place and – most significantly – that they are seriously considered and enforced at all levels of the company.
Ensuring Sufficient Safeguards for Digital Information
Individual privacy and the security of digital data have become social issues of their own. The technological safeguards and procedures for responding to cyber-attacks are complex and often involve sophisticated technologies. Nevertheless, officers and directors must understand the steps that their company is taking to protect its digital assets.
Despite some early unsuccessful attempts by consumers and shareholders to hold directors and officers liable for failures to address cyber threats, recent litigation involving the catastrophic Equifax data breach may have created a new focus of liability for directors and officers when a data breach occurs.
In September 2017, credit monitoring and reporting firm Equifax announced a cyber “incident” that may have effected as many as 143 million U.S. customers. The misappropriated information included names, social security numbers, birth dates, addresses, and, in some cases, driver’s license and/or credit card numbers.
One securities class action complaint filed in the wake of the breach asserted a direct nexus between oft-pled allegations that the company failed to maintain adequate measures to protect its data systems and the precipitous decline in Equifax’s stock price following the announcement of the data breach. This connection between a data breach and a decline in stock price creates a tangible injury, which prior actions against directors and officers lacked. Equifax may have experienced a particularly conspicuous decrease in its stock price because its business is largely dependent on its ability to protect confidential consumer information. However, the theory that a decrease in stock price may create sufficient damage to support claims that a company or its directors and officers failed to adequately safeguard digital information may lead to increased litigation.
With data breaches of increased size and sensitivity continually in the headlines, directors and officers cannot merely rely not technology officers and employees to safeguard corporate data. Instead they must be in a position to genuinely participate in the decisions made to protect the company’s technological assets. To discharge their duties in evaluating threats and assessing whether their protections are adequate, directors and officers must personally understand how their company’s technologies work and how the selected safeguards are designed to react to potential threats.
Part of developing appropriate security measures is responding – in some fashion – to every digital security incident. Because the reasonableness of cyber protections are measured, in part, by the known and potential threats to specific industry or company, the failure to evaluate, learn and upgrade security in response to smaller incidents could create liability if a catastrophic breach occurs. Indeed, otherwise mundane irregularities and innocuous anomalies may be preliminary attempts by cyber criminals to probe for weaknesses in a company’s security.
Finally, the weakest link in digital security policies is often the human users. Regular trainings should help management and employees understand data breach protocols and make them aware of email phishing and other scams that cyber criminals use to gain access to corporate networks.
Ultimately, to implement effective data security, directors and officers must genuinely understand the threats their company faces as well as the policies, technologies and trainings they are deploying to meet those threats.
Staying Vigilant As Social Issues Emerge as Potential Sources of Liability
Directors and officers must continually evaluate and prepare to address social issues, such as environmental concerns, for which damages have long been difficult to demonstrate, but for which liability may be on the horizon.
For example, it is has long been difficult for a shareholder-plaintiff to demonstrate how the failure of directors and officers to adopt environmentally conscious policies has adversely affected the company’s earnings. In fact, in many cases, “green” policies decrease profits because they internalize environmental costs for which a company may not otherwise be financially responsible. However, recent analyses from firms such as Vanguard and BlackRock are beginning to examine how environmental concerns and sustainability should be factored into long-term corporate growth plans. As these analyses continue to gain mainstream acceptance, they may eventually be used by shareholders to demonstrate that a board’s failure to plan for environmental costs has stifled long-term growth.
In addition, with increased pressure to bring environmentally conscious products to market, managers, directors and officers face substantial liability if they fail to comply with strict environmental regulations. Volkswagen, for example, faced consumer and shareholder class actions in 2015 based on the declines in vehicle values and the company’s stock after it was revealed that Volkswagen had programmed its diesel vehicles to produce acceptable emissions only during laboratory testing. Volkswagen was in the news again in January 2018, when its Director of Government Relations stepped down amid allegations that he was aware of emissions testing on animals, but did not inform the company’s then-CEO.
The “take away” is that directors and officers must be vigilant in staying informed of emerging reports about the environment as well as their company’s practices for complying with regulatory and market pressures to create environmentally conscious products.
Encouraging Diversity Through Board Refreshment
Increased diversity in race, religion, gender, age and other demographics of officers and directors is another social issue about which shareholders are demanding action. In many cases, increased diversity will create a board that is better equipped to deal with all of the social, political and economic pressures companies face.
To attract and retain motivated directors and officers with diverse perspectives, a company must first examine the composition of its current board. One widely used mechanism to encourage refreshment and promote transparency in the board appointment process are evaluations of current directors and officers. Such evaluations help determine the skill sets and performance of individual officers and directors and the board as a whole. Evaluations can help the company avoid liability by creating comparable data that directors and officers can rely on when identifying, addressing concerns with and/or removing underperforming board members. In addition, having performance historical performance data can be particularly valuable where prevailing board culture may have permitted underperforming directors and officers to remain.
Removing underperforming directors and officers, however, is only part of responsible board refreshment. Recruitment efforts must be undertaken not merely to fill vacant director and office positions or address shortcomings in diversity among directors and officers. Instead, directors and officers must critically assess the strengths and weaknesses of the collective board and determine the skills and attributes that should be prioritized among new directors and officers. Inviting shareholder input into a transparent process of determining these priorities may also aid shareholder relations and provide the directors and officers with a more clear understanding of shareholders’ most pressing social concerns.
Ultimately, while diversity is often held out as a lofty corporate aspiration, developing a board with diverse qualifications and perspectives will enhance the Board’s effectiveness. Further, ongoing and transparent refreshment will ensure that the board reflects changing demographics and shareholders’ increasing demand for socially responsible corporate governance.
As shareholders demand that companies’ business practices are in line with prevailing social issues, claims that directors and officers have failed to properly address these concerns is a near certainty. The steps boards take today to stay genuinely informed about these issues, understand the sources of potential liability, and help evolve their corporate culture may be the only way to avoid substantial liability in the years to come.
Copyright © 2018 Wiley Periodicals, Inc., A Wiley Company. Reprinted with permission.