D&O Liability Update; High Technology Update
The "Year 2000 Software Crisis" (a/k/a "Y2K") should require no introduction. Any company that is not yet intimately familiar with the so-called millennium bug and taking proactive steps to fix it is already in deep -- perhaps unsalvageable -- trouble.
Y2K is not just a technology problem and not just a project management problem, although many companies currently view it that way. It is also a multi-faceted legal and risk management problem of large proportions and complexity, cutting across all industry boundaries. Current estimates of the costs just to "fix" the problem are in the range of 400 to 600 billion. And those estimates exclude the inevitable transaction costs of attempting to shift liability for the "fix" through claims and legal proceedings, as well as the costs of failure resulting in business disruption and third party liability claims -- cost that could easily dwarf 400 to 600 billion.
High technology companies should be especially concerned about Y2K because many are in the unique position of being both users of computer systems that are not Year 2000 compliant and vendors of systems that are non-compliant. Managing the legal risks and maintaining the procuring coverage appropriate for the dual role of user and vendor is a daunting task.
In their capacity as system users, high tech companies face the same legal risks as other businesses. To name just a few, these risks include directors' and officers' liability and securities law issues, as well as potential exposure to a wide variety of third party claims. To avoid personal liability, directors and officers are required to meet the applicable legal standard of care in taking the actions necessary to fix the problem in the company's own systems without business disruption. If the problem is significant (in terms of possible effect on the business or fix costs) failure to disclose currently the existence of the problem and the potential costs of dealing with it (1) in connection with the sale of securities or (2) in Management's Discussion and Analysis of Financial Condition and Results of Operations ("MD&A"), poses a serious risk of liability on the part of the company, directors and officers under federal and state securities laws. If the company fails in whole or in part to fix the problem in the company's own systems, the resulting disruption of the company's operations will inevitably spawn claims by third parties harmed by the disruption, including customers, employees and others.
In their capacity as system vendors, high tech companies face different risk management problems. Now that Y2K is a well-known phenomenon, if a company is currently marketing any systems that are non-compliant, the company faces serious legal risks regardless of how carefully contractual disclaimers and limitations on liability (which are seldom bullet proof under existing law) are drafted. The company's current product line is, however, only the tip of the Y2K iceberg. If the company has licensed or sold non-compliant systems during the past twenty years -- a virtual certainty -- the company will undoubtedly face claims when past customers begin to incur the enormous costs (ranging from several million dollars for small businesses, tens of millions for medium-sized businesses, to hundreds of millions for large businesses) of bringing their systems into compliance. These claims will be based on many legal theories, including breach of express or implied warranties, fraud, negligent misrepresentation, failure to warn and others. To make matters worse, if even a few past customers fail to fix the Y2K problem in their systems -- another virtual certainty -- the customer's failure will in turn lead to damages to other third parties, who will either (1) sue the high tech company directly or (2) sue the customer, who will then assert indemnity claims against the high tech company.
In their dual capacity as users and vendors, high tech companies should also be wary of pending or contemplated merger and acquisition transactions. Acquiring or merging with another company which (1) uses non-compliant systems or (2) is currently marketing or has in the past marketed non-compliant systems is a sure-fire way to inherit substantial liabilities. Indemnities and escape clauses in M&A contracts will give cold comfort against the magnitude of Y2K liabilities the company may inherit.