Disclosure of Year 2000 Problems and Securities Liability

Disclosure of Year 2000 Problems and Securities Liability

In this section, we discuss disclosures that may be necessary or appropriate, Officer and Director issues, and industries targeted for special Year 2000 reporting scrutiny.

i. Disclosures To Satisfy Securities Law Obligations or To Reveal
Risks and Build Protections Against Future Securities Lawsuits

A company owes shareholders certain duties to inform them of issues that are material to the operation of the business. If a company's Year 2000 problems approach its "materi-ality" threshold, management and the board should consider how such problems affect their disclosure obligations. Every signatory to the registration statement (and every director, whether a signatory or not) is liable for material misstatements or omissions to anyone who purchased securities under the registration statement.¹ Issuers are also liable to sharehold-ers for any untrue statement in a "prospectus" or related oral communication of a material fact or failure to state a material fact necessary so that the statements actually made are not misleading.² Due diligence defenses are available to officers and directors for both actions. In addition, the SEC may institute actions for material and false statements in registration statements. Accordingly, companies filing registration statements and prepar-ing prospectuses should consider whether they should make Year 2000 disclosures in those documents.

Under certain circumstances, issuers, officers, and directors can be liable under section 10(b) of the Securities Exchange Act and Rule 10b-5 for deliberate false statements in press releases, 10Ks, 10Qs, interviews, and quarterly conference calls with analysts. While there is a debate in the courts as to whether the Private Securities Litigation Reform Act elimi-nated 10b-5 liability in private cases for "recklessness," until that debate is resolved, the safest course is to guard against "recklessness" in the sense of an extreme departure from the standards of ordinary care creating a risk so obvious that the speaker must have been aware of it. Officers should be cautioned that false statements to reporters or analysts about Year 2000 issues could lead to securities lawsuits.

Public companies must file Forms 10-K (annual reports) and 10-Q(quarterly reports). These reports must include a section entitled "Management's Discussion and Analysis of Financial Condition and Results of Operations" (MD&A). Reg. S-K, Item 303. 17 C.F.R. § 229.303. These MD&As must focus on "material events and uncertainties . . . that would cause reported financial information not to be not necessarily indicative of future operating results or financial condition." Item 303(a), Instruction 3. MD&As should include descrip-tions of factors that did not affect the company in the past but may in the future. Id. Considering that the Year 2000 problem is (1) foreseeable, and (2) will arise if immediate corrective measures are not undertaken, companies should consider the materiality of Year 2000 problems and the extent to which they must be disclosed.

On October 8, 1997, the SEC issued Staff Legal Bulletin No. 5. Three months later in January 1998, the SEC issued a substantially revised Legal Staff Bulletin No. 5 devoted exclusively to Year 2000 disclosure. While the revised bulletin repeated much of the lan-guage in the original bulletin published in October 1997, the staff revisions are significant. The revised Bulletin states:

If a company has not made an assessment of its Year 2000 issues or has not determined whether it has material Year 2000 issues, the Staff believes that the disclosure of this known uncertainty is required. In addition, the Staff believes that the determination as to whether a company's Year 2000 issues should be disclosed should be based on whether the Year 2000 issues are material to a company's business, operations, or financial condition, with-out regard to related countervailing circumstances (such as Year 2000 remediation programs or contingency plans). If the Year 2000 issues are determined to be material, without regard to countervailing circumstances, the nature and potential impact of the Year 2000 issues as well as the coun-tervailing circumstances should be disclosed.

This Bulletin was somewhat ambiguous, but capable of an interpretation holding that, if a company says nothing about its Year 2000 issues, the staff will take that silence as an implied representation that the company has in fact reviewed its Year 2000 issues and has made a determination that Year 2000 problems would not be material, even if the company did nothing. The risks for future litigation from such a stance would be substantial.

The revision also describes in more detail the nature of the disclosures companies should make. The revised bulletin states that "the staff expects, at the least," the following topics will be addressed: (1) the company's general plans to address the Year 2000 issues relating to its business, its operations (including operating systems) and, if material, its relationships with cus-tomers, suppliers, and other constituents; and its timetable for carrying out those plans; and (2) the total dollar amount that the company estimates will be spent to remediate its Year 2000 issues, if such amount is expected to be material to the company's business, operations or financial condition, and any material impact these expenditures are expected to have on the company's results of operations, liquidity, and capital resources.

By mid-1998, many companies had begun to make disclosures, but the SEC staff complained about the quality of the disclosures. The SEC itself concluded to make clear, in a statement of official "interpretative guidance", that all public companies must make disclosures about the Year 2000 issue if:

• The company's assessment is incomplete, or
• Management determines that the consequences of its Y2K issues on a gross basis would have a material impact on the company's operations or financial condition, that is, without taking into account in most instances the company's efforts to avoid those consequences.

Moreover, the Commission stated that a company's assessment should not be considered complete until it considers the impact of Y2K non-compliance by third parties with which the company has material relationships and takes reasonable steps to verify the Year 2000 readiness of each third party that could cause a material impact on the company.

This pronouncement, which had been anticipated for several weeks, should be followed and applied to the annual reports filed by a public company after August 4, 1998, and the reports for quarters ending after August 4, 1998. The full text of the pronouncement, which provided guidance for investment advisers, investment companies, and municipal issuers as well as public companies, can be found on the SEC's web site at http://www.sec.gov/rules/concept/33-7558.htm.

The Commission stated that it expected that, for "the vast majority" of companies, Year 2000 issues are likely to be material, and therefore disclosures must be made. "Because of the prevalence of computers and embedded technology in virtually all businesses and the potential consequences of not adequately addressing the Year 2000 problem, we believe that almost every company will need to address this issue," the Commission's guidance states. Full and fair disclosure, the Commission continued, will generally include:

1. The company's state of readiness
2. The costs to address the company's Year 2000 issues
3. The risks posed by the company's Year 2000 issues, and
4. The Company's contingency plans.

The disclosure should be specific to each company, and quantified to the extent practicable. Some companies may have to provide information by business segment or subdivision. Each company should also consider if its own Year 2000 circumstances require MD&A disclosure of additional information. While noting that MD&A is intended to give investors the opportunity to look through the eyes of management and that the Commission cannot establish firm rules for MD&A disclosures, the Commission elaborated on what it believes a company will have to address in order for the Year 2000 disclosure to be "meaningful":

• A description of the company's readiness should generally cover three elements: (1) information technology (IT) systems, and non-IT systems; (2) the company's progress towards Y2K compliance with respect to both systems; and (3) the company's Year 2000 issues relating to third parties with which they have material relationships. As the Commission pointed out, this third element will require a company's monitoring the Y2K disclosures of its major vendors and customers: "[E]ach company's Year 2000 issues may affect other companies' disclosure obligations."
• With respect to costs, a company should disclose material historical and estimated costs of remediation, including costs of modifying software, replacing hardware (in some cases) or hiring Y2K solution providers. The Commission also recommends that a company disclose the source of funds for Year 2000 costs, and whether other IT projects are being deferred due to Year 2000 efforts.
• With respect to risks, a company should disclose a reasonable description of its most reasonably likely worst case Year 2000 scenario.
• As to contingency plans, a company should describe how it is preparing to handle the most reasonably likely worst case scenario.

The Commission was quick to point out that companies could take some comfort from knowing that Year 2000 disclosures in many instances will be "forward-looking" and therefore may qualify for the statutory safe harbors provided by the Private Securities Litigation Reform Act of 1995, unless they are knowingly false. For example, a projection of capital expenditures or other financial items such as estimated costs of remediation and testing is forward-looking; so too are estimates of business disruption costs caused by Y2K problems. On the other hand, whether a company has a contingency plan is a matter of fact and therefore outside the safe harbor. The Commission also gave other examples, and noted that any forward-looking statement must be accompanied by "meaningful cautionary statements" in order for the safe harbor to apply.

Finally, the Commission provided specific guidance concerning the accounting and financial statement treatment of Year 2000 issues which public companies might choose to use. Subjects discussed in this section of the guidance included costs of modifying software, costs of failure to be Year 2000 compliant, disclosure of Year 2000-related commitments, revenue and loss recognition, allowances for loan losses, losses from breach of contract, impairment of assets, and disclosure of risks and uncertainties.

Companies may have become more comfortable in making Year 2000 disclosures in light of the passage in October 1998 of the Year 2000 Information and Readiness Disclosure Act. ⁴This Act attempts to minimize the risks involved in sharing Year 2000 information by (i) preventing qualifying Year 2000 statements from being used as a basis for civil actions arising under federal or state laws, and (ii) protecting those who make qualifying Year 2000 statements from liability for inadvertently false, inaccurate, or misleading statements. On the other hand, in February 1999, aides to Sen. Robert Bennett (who spearheaded the information-sharing legislation) indicated that the senator might seek to hold hearings in the spring - or urge the SEC to take action -- if the quality of corporate Y2K disclosures did not improve. Potential Officer and Director Liability

ii. Potential Officer and Director Liability

If a public company fails to disclose the extent of its Year 2000 problem and then fails to become Year 2000 compliant in time, the officers and directors of the company could face shareholder suits based upon sections 11 and 12 of the Securities Act and Section 10(b) of the Securities Exchange Act (as discussed above). Furthermore, the directors and officers of a private or public company can face derivative suits for failing to exercise the applicable standard of care under the relevant state law. Some commentators have pointed out that, at the very least, the prospect of holding individual CEOs liable should be enough to force most companies to take action.⁵

While the statutes and decisions of different states employ different formulations and, in some cases, different substantive standards, one general formulation of the duty of care owed by officers and directors is section 4.01 of The American Law Institute's Principles of Corporate Governance:

(a) A director or officer has a duty to the corporation to perform the director's or officer's functions in good faith, in a manner that he or she reasonably believes to be in the best interests of the corporation, and with the care that an ordinarily prudent person would reasonably be expected to exercise in a like position and under similar circumstances. This Subsection (a) is subject to the provisions of Subsection (c) (the business judgment rule) where applicable.

(1) The duty in Subsection (a) includes the obligation to make, or cause to be made, an inquiry when, but only when, the circumstances would alert a reasonable director or officer to the need therefor. The extent of such inquiry shall be such as the director or officer reasonably believes to be necessary.

* * *

(c) A director or officer who makes a business judgment in good faith fulfills the duty under this Section if the director or officer:

(1) is not interested in the subject of the business judgment;

(2) is informed with respect to the subject of the business judgment to the extent the director or officer reasonably believes to be appropriate under the circumstances; and

(3) rationally believes that the business judgment is in the best interest of the corporation.

Some state statutes also permit corporations to include provisions in articles or by-laws further limiting director liability.

The facts particular to each corporation will determine the extent to which its officers and directors are realistically at risk for derivative actions based upon failure to exercise the requisite care in identifying and addressing Year 2000 problems. However, the wide publicity being given to this issue suggests that directors might further protect themselves against the possibility of any future lawsuits under the securities laws or in derivative actions by asking management what it is doing to address the Year 2000 issue and how large the problem appears to be for that particular company. Depending upon the response, board members may wish to follow up. Similarly, officers might protect themselves further by making a particular study of the problem, documenting the results, establishing some plan to address the issue, and following and monitoring that plan.

Officers and directors should review their personal indemnification agreements and limitation of liability provisions as regards the distribution of risk of personal liability. In addition, companies should review their officer and director insurance to ensure that decision-makers can proceed confidently with the implementation of a compliance plan. Insurers are now offering specific Year 2000 riders.

iii. Some Industries are Already Targeted for Special Scrutiny

Government officials have already identified some industries as particularly vulnerable to Year 2000 problems. Companies in these industries should consult with counsel to protect against the heightened possibility that Year 2000 difficulties might produce securities or derivative lawsuits. Securities trading and financial institutions are two such industries.

Rep. John D. Dingell (D-Mich.), the ranking minority member of the House Commerce Committee, who enjoys a reputation for being a bulldog on issues that interest him, stated in a June 18 press release: "We have been advised that some major broker-dealers are behind other parts of the financial industry in addressing the problem." To ameliorate this problem, Dingell suggested that the SEC implement more radical disclosure requirements than those that appear to already be in place: "Sunlight being the best ingredient, it may be time to 'name names' so that we know who is lagging and posing a threat to our financial system." He further advised that the SEC "develop its own capability for evaluating these efforts in order to spot potential train wrecks." In addition, the SEC will also include sample Year 2000 disclosures in its June 1998 report.

Lawmakers are also calling for increased scrutiny of the banking industry, where the use of computers and date coding is pervasive. Senate Banking Committee Chairman Alfonse D'Amato (R-N.Y.) strongly criticized the Federal Reserve Board, the Securities Exchange Commission and the National Credit Union Administration ("NCUA") for their failure to create action plans. Senators Blast Agencies Over Year 2000 Crisis, 16 Banking Pol'y Rep. 3 (May 5, 1997). Further, D'Amato and Senator Robert Bennett (R-Utah) wrote a letter to Alan Greenspan and the NCUA chairman, expressing their concerns that "[s]imple awareness of the issue does not guarantee a strong Year 2000 effort. Senior management must not only be aware, but must comprehend the potential breadth and cost impact of the problem." Id.

In response to such concerns, the Federal Financial Institutions Examinations Council ("FFIEC") issued a statement May 5 calling on banks and federal examiners to focus their attention on the issue and "strongly encourag[ing]" insured depository institutions to complete an inventory of core computer functions and set priorities for goals by September 30. FFIEC Increase Pressure on Banks to Speed Cure for Year 2000 Problem, 16 Banking Pol'y Rep. 7 (May 19,1997). In addition, Federal Deposit Insurance Corporation ("FDIC") Chairman Andrew Hove, Jr., told a Senate subcommittee July 30 that "[w]hile it is too early for the FDIC to predict whether any institution may fail as a result of Year 2000 problems, we will be ready to intervene should an institution's viability be threatened by its inability to maintain accurate books and records." See Mark Calvey, "End of Century Could Be End of the World for Some Banks," High Tech Journal: San Francisco Business Times (Aug. 18, 1997).

In addition to ensuring that banks are adequately addressing the risks associated with their own databases, the FDIC will probably suggest that bank examiners begin reevaluating their loan portfolios to determine whether adequate allowances have been made for possible loan defaults due to Year 2000 compliance problems among major debtors. See Grant Buckler, "Financial Sector Grapples with 2000 Bug," Newsbytes, July 11, 1996.

---

Endnotes

1..§ 11(a). RETURN

2..§ 12(a)(2). RETURN

3..See, e.g., Reasonable Investigation and Reasonable Grounds for Belief Under Section 11, Securities Act Release No. 6335, 17 C.F.R. § 230.176. RETURN

4..Year 2000 Information and Readiness Disclosure Act, Pub.L. 105-271, 112 Stat. 2386 (October 19, 1998). RETURN

5..See, e.g., Adam Gifford, Director Liability and Year 2000, Business Herald, Aug. 5, 1997, at D-14. RETURN