Why the Duty of Cybersecurity is the Next Evolution for Fiduciary Duties

Written by

Bank directors know they can be personally liable for breaches of their fiduciary duties.

Through cases like In re Caremark International Inc. Derivative Litigation 698 A.2d 959 (Del. Ch. 1996), Stone v. Ritter, 911 A.2d 362 (Del. 2006), and Marchand v. Barnhill, 212 A.3d 805 (Del. 2019), Delaware courts have held boards responsible for failing to implement systems to monitor, oversee and ensure compliance with the law.

Recently, the Delaware Court of Chancery formally expanded those rules in In re McDonald’s Corporation Stockholder Derivative Litigation, Del. Ch. Ca. No. 2021-0324-JTL. The ruling established that the fiduciary duties of the officers of a Delaware corporation include a duty of oversight that is comparable to the responsibility of directors. These cases make clear that when the duty of oversight meets with the immense cybersecurity responsibilities of financial institutions, a duty of cybersecurity is added to the fiduciary responsibilities of directors and officers.

The lawsuit by 25 former McDonald’s employees alleged that corporate executives failed to address systemic harassment, leading to a hostile work environment. By allowing failure to oversee and monitor claims against the officers in that case, all corporate executives are now forced to take a leadership role in monitoring and addressing company-wide issues.

Given prior rulings in Delaware courts concerning the duty of oversight and officer fiduciary duties, the McDonald’s decision reiterates the importance of implementing robust compliance programs. It also clarifies that officers and directors must actively address compliance.

Cybersecurity is paramount among the myriad of compliance issues that all corporate officers and directors must address. For example, in 2019, In re Google Inc. Shareholder Derivative Litigation, the proceedings against Google’s parent company involved claims that the company’s board of directors and officers failed to discharge their oversight duties related to the 2018 Google+ security vulnerability. That suit settled for $7.5 million and the company agreed to implement significant governance reforms to address data privacy issues. Similarly, In re Yahoo! Inc. Shareholder Derivative Litigation, multiple cybersecurity breaches between 2013 and 2016 led to a shareholder derivative lawsuit, which settled for $29 million in 2019.

And, in the past year, multiple financial institutions, including Wells Fargo & Co., JPMorgan Chase & Co., and Bank of America Corp., faced lawsuits also seeking to hold their officers and directors personally liable for, amongst other things, failing to:

1. Protect customer data adequately.
2. Oversee the bank’s cybersecurity practices.
3. Prevent data breaches that exposed customer personal information.

In these cases, and many others, cybersecurity and data breaches have caused reputational damage for officers and directors and damaged the corporation’s relationships with customers and partners. In addition, these corporate leaders risk:

Breach of fiduciary duty claims. If directors or officers do not take reasonable steps to protect the corporation from a data breach, they risk breaching their fiduciary duties and could be held personally liable for the damages caused by the breach.
Accusations of Negligence. Directors and officers can be accused of negligence for failing to implement appropriate security measures, train employees on cybersecurity best practices and respond to a breach in a timely and effective manner.
Criminal prosecution. If directors and officers intentionally or recklessly cause a breach or fail to report it to the authorities, they may face criminal prosecution.
Regulatory penalties. Government or financial regulators can impose significant fines for cybersecurity failures.

And, just as the risks for directors and officers explode, they face an insurance whipsaw. First, directors’ and officers’ (D&O) insurance policies may include specific exclusions for cyber-related claims or require separate cyber insurance to cover these risks. Next, increased personal exposure for officers and directors will increase the likelihood facing lawsuits, increasing the premiums for D&O insurance. To protect themselves, directors and officers should insist on increased corporate governance protection, including:

• The prioritization by boards of cybersecurity and data privacy as crucial risk management areas, including putting proper reporting and monitoring systems into place.
• Requiring directors and officers to actively understand the evolving landscape of cybersecurity and data privacy risks and regulations.
• Corporate investment in appropriate cybersecurity measures and employee training to minimize the risk of data breaches as well as the associated legal and reputational risks.

To mitigate their risk of personal liability, corporate officers and directors must understand, implement and monitor the cybersecurity safeguards their financial institutions need. And, the courts have sent a clear message to bank directors and officers: To discharge your duty of cybersecurity, you must actively oversee and monitor institutional cybersecurity and data privacy programs.

The Uncertain Impact of COVID-19 on the Bank M&A Playbook

Written by

As banks across the country grapple with market and economic dynamics heavily influenced by COVID-19, or the new coronavirus, separating data from speculation will become difficult.

The duration and ultimate impact of this market is unknowable at this point. The uncertain fallout of the pandemic is impacting previously announced deals and represents one of the biggest threats to future bank M&A activity. It will force dealmakers to rethink risk management in acquisitions and alter the way deals are structured and negotiated.

As we have seen in other times of financial crisis, buyers will become more disciplined and focused on shifting risk to sellers. Both buyers and sellers should preemptively address the impact of the coronavirus outbreak on their business and customers early in the socialization phase of a deal.

We’ve compiled a non-exhaustive list of potential issues that banks should consider when doing deals in this unprecedented time:

  • Due Diligence. Due diligence will be more challenging as buyers seek to understand, evaluate and quantify the ways in which the coronavirus will impact the business, earnings and financial condition of the target. Expect the due diligence process to become more robust and protracted than we have seen in recent years.
  • Acquisition Funding. Market disruption caused by the virus could compromise the availability and pricing of acquisition financing, including both equity and debt financing alternatives, complicating a buyers’ ability to obtain funding.
  • Price Protections. For deals involving publicly traded buyer stock, the seller will likely be more focused on price floors and could place more negotiating emphasis around caps, floors and collars for equity-based consideration. However, we expect those to be difficult to negotiate amid current volatility. Similarly, termination provisions based upon changes in value should also be carefully negotiated.

In a typical transaction, a “double trigger” termination provision may be used, which provides that both a material decline in buyer stock price on an absolute basis (typically between 15% and 20%) and a material decline relative to an appropriate index will give the seller a termination right. Sellers should consider if that protection is adequate, and buyers should push for the ability to increase the purchase price (or number of shares issued in a stock deal) in order to keep the deal together and avoid triggering termination provisions.

  • Representations and Warranties. As we have seen in other economic downturns, expect buyers to “tighten up” representations and warranties to ensure all material issues have been disclosed. Likewise, buyers will want to consider including additional representations related to the target business’ continuity processes and other areas that may be impacted by the current pandemic situation. Pre-closing due diligence by buyers will also be more extensive.
  • Escrows, Holdbacks and Indemnities. Buyers may require escrows or holdbacks of the merger consideration to indemnify them for unquantifiable/inchoate risk and for breaches of representations and warranties discovered after closing.  
  • Interim operating covenants. Interim operating covenants that require the seller to operate in the ordinary course of business to protect the value of their franchises are standard provisions in bank M&A agreements. In this environment we see many banks deferring interest and principal payments to borrowers and significantly cutting rates on deposits. Sellers will need some flexibility to make needed changes in order to adapt to rapidly changing market conditions; buyers will want to ensure such changes do not fundamentally change the balance sheet and earnings outlook for the seller. Parties to the agreement will need focus on the current realities and develop reasonable compromises on interim operating covenants.
  • Investment Portfolios and AOCI. The impact of the rate cuts has created significant unrealized gains in most bank’s investment portfolio. The impact of large gains and fluctuations in value in investment securities portfolios will also come into focus in deal structure consideration. Many deals have minimum equity delivery requirements; market volatility in the investment portfolio could result in significant swings in shareholders’ equity calculations and impact pricing.
  • MAC Clauses. Material Adverse Change (MAC) definitions should be carefully negotiated to capture or exclude impacts of the coronavirus as appropriate. Buyers may insist that MAC clauses capture COVID-19 and other pandemic risks in order to provide them an opportunity to terminate and walk away if the target’s business is disproportionally affected by this pandemic.
  • Fiduciary Duty Outs. Fiduciary duty out provisions should also be carefully negotiated. While there are many variations of fiduciary duty outs, expect to see more focus on these provisions, particularly around the ability of the target’s board to change its recommendation and terminate because of an “intervening event” rather than exclusively because of a superior proposal. Likewise, buyers will likely become more focused on break-up fees and expense reimbursements when these provisions are triggered.
  • Regulatory approvals. The regulatory approval process could also become more challenging and take longer than normal as banking regulators become more concerned about credit quality deterioration and pro forma capitalization of the merged banks in an unprecedented and deteriorating economic environment. Buyer should also consider including a robust termination right for regulatory approvals with “burdensome conditions” that would adversely affect the combined organization.

While bank M&A may be challenging in the current environment, we believe that ample strategic opportunities will ultimately arise, particularly for cash buyers that can demonstrate patience. Credit marks will be complex if the current uncertainty continues, but valuable franchises may be available at attractive prices in the near future.

Two-Thirds of Bank Directors Are Worried About the Same Thing

Written by


risk-6-12-19.pngAt around a quarter to seven o’clock on the evening of Saturday, May 11, firefighters showed up at Enloe State Bank in Cooper, Texas, to find a stack of papers on fire on the conference room table.

“We believe it is suspicious,” said the sheriff, “but we don’t have any more information at this point.” Three weeks later, regulators seized the bank “due to insider abuse and fraud by former officers,” according to Texas Banking Commissioner Charles Cooper.

It’s fair to say that Enloe State Bank is an outlier. It was the first bank to fail in a year and a half, in fact. And one can’t help but wonder what would lead someone to set papers ablaze on a conference room table.

Yet, incidents like this are important for bank executives and directors to register, because they underscore the importance of proactive oversight by a bank’s board—especially the audit and risk committees.

“The essence of the audit committee’s responsibilities is protecting the bank,” said Derrick Hong, the chief audit executive at Pacific Premier Bank, at Bank Director’s 2019 Bank Audit & Risk Committees Conference taking place in Chicago this week. “There are so many pitfalls and risks that could potentially take down a bank, so focusing on those things is the key responsibility of the audit committee.”

Admittedly, it seems like an odd time to worry about risk.

Bank capital levels have never been stronger or of higher quality, noted Steven Hovde, chairman and CEO of Hovde Group. Net charge-offs are lower across the industry than they’ve been in decades. And tax reform has catalyzed profitability. Despite narrow lending margins and subpar efficiency, the banking industry is once again earning more than 1 percent on its assets, exceeding the benchmark threshold last year for the first time since the financial crisis.

But it’s in the good times like these that banking’s troubles are sowed.

“You have to be proactive rather than reactive,” said Mike Dempsey, senior manager at Dixon Hughes Goodman LLP. This approach stems from culture, said Dempsey’s co-presenter LeAnne Staalenburg, senior vice president in charge of corporate security and risk at Capital City Bank Group.

“Culture is key,” said Stallenburg. “Having that culture spread throughout the organization is critical to having a successful risk management program.”

To be clear, the biggest threat to banks currently isn’t bad loans. Credit policy isn’t something to ignore, of course, because loan losses will climb when the cycle takes a turn for the worse. But banks have plenty of capital to absorb those losses, and memories of the last crisis are still fresh in many risk managers’ minds.

The biggest threat isn’t related to funding, either. Even though bankers are concerned about large institutions taking deposit market share as interest rates climb, 74 percent of attendees at Bank Director’s Audit & Risk Committees Conference said their institutions either maintained their existing share or gained share as rates inched higher.

Instead, according to conference attendees, the biggest threat is related to technology. When asked which categories of risk they were most concerned about, 69 percent identified cybersecurity as the No. 1 threat.

Vendor relationships only aggravate this concern. As Staalenburg and Dempsey noted in response to an attendee’s question, vendors offer another way for malicious actors to infiltrate a bank.

Even though we are in a golden age of banking, Hovde emphasized, now is not the time for a bank’s board, and particularly its audit and risk committees, to be complacent.

“Generally, we have seen that the institutions that are well run and have fewer problems are under the oversight of an engaged and well-informed board of directors,” wrote Kansas City Federal Reserve President Esther George in the Fed’s governance manual, Basics for Bank Directors. “Conversely, in cases where banks have more severe problems and recurring issues, it is not uncommon to find a disengaged board that may be struggling to understand its role and fulfill its fiduciary responsibilities.”

What You Should Know About Recent Trends in 401(k) Fee Litigation

Written by


litigation-6-25-18.pngParticipation in 401(k) plans has grown astronomically since they came into existence almost 30 years ago. Today, tens of millions of employees participate in 401(k) plans, and total assets under management exceed $7 trillion. It is little wonder that 401(k) plans have increasingly become targets for litigation over the last decade. In 2017 alone, dozens of new cases were filed against 401(k) plans, with settlements collectively exceeding $145 million. Litigation has also extended to substantively similar 403(b) plans. It is therefore important for plan sponsors and administrators to be aware of recent litigation trends and take appropriate steps to minimize litigation risks.

Basis of 401(k) Fee Litigation
401(k) plans are “employee welfare benefit plans” governed by the Employer Retirement Income Security Act (“ERISA”) and, as such, must be managed exclusively for the benefit of plan participants. Plan sponsors and administrators (collectively “plan fiduciaries”) are accordingly subject to a fiduciary duty—which courts refer to as “the highest duty known to law”—requiring them to act prudently (i.e. with the “care, skill, and prudence” of a prudent person) and loyally (i.e. only for the benefit of plan participants) towards plan participants. Practically, this means that plan fiduciaries must carefully consider the expenses of the plan; and the type and cost of investment options.

Common Allegations in 401(k) Fee Suits
Flowing from the fiduciary duties owed, fee suits commonly allege that plan fiduciaries:

  • Should have offered substantively identical but less expensive investment options;
  • Did not obtain the best possible price from plan service providers; and
  • Failed to adequately monitor the cost of investments and administrative expenses over time.
  • Poor investment performance (though many courts have found that poor performance alone does not indicate that the fiduciary’s decision-making process was flawed); and
  • Prohibited transactions claims, as ERISA prohibits fiduciaries from making payments to “parties in interest” from plan assets (though often, courts have found that exemptions clearly applied to permit payments).

Recent Trends in 401(k) Fee Litigation
Recent trends indicate the plaintiffs’ bar has broadened their sights: increasingly targeting other defendants apart from larger 401(k) plans, and alleging new bases of breach.

Plaintiffs’ Bar Increasing Targets of Litigation
Historically, plaintiffs have targeted larger 401(k) plans. Recent settlement successes against 401(k) plans have buoyed the plaintiffs’ bar, and smaller plans are increasingly targeted. Large universities, which offer 403(b) plans, are also increasingly targeted. In August 2016, a dozen suits were filed against universities. In 2017 and 2018, new suits have continued to be filed with regularity against universities.

Recent Bases of Fiduciary Breach
There has been an uptick of claims targeting investment options. Plaintiffs are challenging proprietary funds (wherein fiduciaries include their own proprietary funds in the 401(k) plan), alleging that those investments benefit the fiduciary at the expense of plan participants. Plaintiffs are also targeting money market funds, claiming that the plans should have offered stable value funds instead; as the latter serves the same purpose but yields highest interest rates.

What Can I Do to Minimize Litigation Risk?
Unfortunately, there is no magic bullet. Plaintiffs’ firms are savvy, and whether plan fiduciaries have discharged their fiduciary duties is often a fact-sensitive inquiry; meaning that early resolution of litigation (i.e. at the motion to dismiss stage), is not always possible.

However, ERISA does not impose a duty on fiduciaries to achieve perfect outcomes. As long as fiduciaries consistently strive to make decisions in the best interests of plan participants, they have a good chance of demonstrating that they have discharged their fiduciary duties when challenged in court. In other words: process, process, process. Brotherston v. Putnam Investments, LLC, 2017 WL 1196648 (D. Mass. Mar. 30, 2017) illustrates this. There, plaintiffs claimed that Putnam’s proprietary products were too expensive and that Putnam lacked a fiduciary process. The court had the opportunity to review Putnam’s processes post-discovery, and found that there was no evidence to show that Putnam had breached its fiduciary duties by placing its interests ahead of participants, or that a reasonable fiduciary “in the shoes of” Putnam would have chosen a different investment lineup.

Thus, while obtaining early judgment may be difficult, establishing a robust process to consistently monitor the plan’s investment selection and plan expenses is key to demonstrating discharge of fiduciary duties and increasing the odds of success on a dispositive motion later in the litigation.

A Cautionary Tale for Compensation Committee Members

Written by


committee-8-25-17.pngThe Office of the Comptroller of the Currency (OCC) recently took an enforcement action in the form of a consent order against a bank director that serves as a cautionary tale for the banking industry. The consent order, agreed to by and between the OCC and a director and former senior vice president of a small national bank in Wisconsin, reminds bank boards of directors of their fiduciary duties with respect to executive compensation and the consequences of breaching those duties. In particular, this action puts board compensation committee members on notice that they may be found liable for unsafe or unsound executive compensation practices that occur on their watch.

Enforcement Action Details
The consent order described that the director had a longstanding affiliation with the bank, serving in multiple operational positions throughout her tenure, culminating in her election to the bank’s board of directors in 2005. Despite these 32 years of service, the OCC’s findings in the consent order focused on the director’s relatively short period of service on the board’s executive compensation committee, where she served from 2010 to 2013.

During this period, it appears, based on a notice of charges issued in 2016 and a $1.6 million civil money penalty issued in 2017—both against the bank’s former chief executive officer (who also held the titles of president and chairman of the board)—that this individual abused his power and used it to reap excessive compensation from the bank. In particular, the notice of charges cited a report finding that the former CEO “was a dominant influence in all aspects of bank operations,” which ultimately led to insider abuse with respect to compensation and breaches of his fiduciary duties.

Based on such abuse and the resulting action against the former CEO, the OCC apparently then turned its attention to the director. Indeed, the consent order identified the director’s conduct during the period of 2012 to 2013 as the relevant period leading to the issuance or the consent order. During this time, the OCC said that the director failed to do the following:

  • Oversee or control the use of bank funds by its former CEO for his personal expenses despite knowing that he had previously used bank funds for personal expenses.
  • Ensure that disinterested and independent directors determined and approved the compensation of the bank’s former CEO, thereby allowing him to receive excessive compensation.
  • Recuse herself from voting on the bank’s former CEO compensation even though she had a conflict of interest because he was personally indebted to the director and her husband in an amount exceeding $2 million.

Based on these failures as a member of the board’s executive compensation committee, the OCC concluded that the director engaged in conduct satisfying 12 U.S.C. 1818(i) and ordered her to pay a civil money penalty in the amount of $5,000.

Takeaways for Bank Directors
As banks continue to report an uptick in regulatory inquiries and examination findings focusing on executive and incentive compensation, agency enforcement actions relating to compensation issues may become more common in the coming years. This is a trend that is developing even in the face of recent reports that some of the federal banking agencies are likely to postpone consideration of currently proposed regulations regarding incentive compensation required under the Dodd-Frank Act.

Boards should utilize this trend and the lessons learned from the consent order as a reminder to periodically review compensation arrangements and compensation standards at their bank to ensure they are adequately fulfilling their fiduciary duties. Such reviews should critically analyze executive and incentive compensation arrangements and seek to ensure that bank and board policies governing such arrangements meet regulatory expectations. In addition, boards should periodically inquire about and analyze any relationships board compensation committee members may have with senior management to be able to confirm the independence of the committee members.

How Fintech Is Co-opting the Banking Industry’s Directors and What to Do About It

Written by


directors-7-8-16.pngOver the last several years, companies which can be broadly grouped under the umbrella of “fintech,” or financial technology, have been making notable additions to their boards of directors by acquiring talent from traditional financial institutions and regulatory agencies. These additions include Sheila Bair, former chair of the Federal Deposit Insurance Corporation joining the board of directors of Avant, which specializes in digital lending to subprime customers, and Anshu Jain, former co-CEO of Deutsche Bank, joining online lender SOFI. This effort is certainly not unprecedented.

Many industries undergoing transformation often reach out to individuals in the industry they are attempting to disrupt to create an air of legitimacy to their efforts and facilitate communication and transparency with the primary regulatory organizations. In the case of financial services, banks should take this opportunity to turn the model around and cast their nets in the opposite direction. By reaching out to technology-based companies and sophisticated technology professionals, banks can enhance their ability to meet the challenges associated with delivery of financial services and be better equipped to assess the risks associated with an increasingly technological environment.

Directors are broadly responsible for the management of business and affairs of a corporation and the proverbial “buck” ultimately stops with the board. Directors must fulfill their fiduciary duties with due care and always be properly informed about the critical matters facing their respective institutions. This means that directors need to be able to understand the challenges posed by technological innovation and how technology can successfully be incorporated into a bank’s existing platform. Most directors, however, do not come to a bank board with the technological expertise or sophistication to truly understand how technology works and the risks posed through the use of that technology.

By the same token, at their nascent stage, fintech companies typically do not have boards of directors comprised of individuals who are well-versed in the panoply of regulations which affect the financial services industry or anti-money laundering compliance. Realistically, most fintech companies, even at a more mature level, are often populated with smart technologists, founders and the venture capital representatives who have funded them. But as they grow and move closer to significant liquidity events, whether they be initial public offerings, mergers or acquisitions, fintech companies are leveraging the expertise of establishment bankers and regulators who understand the risks and rewards posed by various business models. Traditional banks should do the same.

How should traditional banks approach this challenge? Of course, by thinking outside of the box. The characteristics that make for a director who understands net interest margin and the ins and outs of loan origination and credit risk are not necessarily the same ones that make for a cutting-edge technology expert who grew up with a computer in hand and who appreciates the cybersecurity and data privacy risks posed when financial information travels from point A to point B. That means that boards must expand their search profile and look for individuals who may not have horizontal breadth of understanding in a wide array of bank operations, but rather, have deep technology experience and can learn the other areas of bank operations while educating their board colleagues on the risks inherent in a technological world.

In addition, banks should inform retained search firms and internal cross-reference sources that the characteristics of leadership they are looking for are probably not sitting on existing bank boards, but instead, may be overseeing the operations of code-laden start-ups located in Silicon Valley. To that end, banks must rethink the manner in which they envision leadership. They must recognize that leadership does not always involve a horizontal breadth of knowledge across a wide spectrum of subjects, but rather, leadership can be articulated through a more narrow, vertical expertise which fills a critical niche in enabling financial service businesses to meet the challenges of today….and tomorrow.

How to Protect Your Bank in a Sale: Reverse Due Diligence

Written by


due-diligence-4-22-16.pngReverse due diligence in the context of bank mergers and acquisitions has become more relevant in the current regulatory environment. Bank regulators are more closely scrutinizing transactions and taking a stricter approach to supervisory and regulatory matters. This may generally extend processing timeframes and increase risk to not only the buyer, but also the seller. Therefore, a seller should develop a fairly comprehensive understanding of the regulatory condition of a proposed suitor as early as possible, even in an all-cash deal.

Reasons for Reverse Due Diligence
The purpose of a seller’s due diligence investigation of a buyer is to obtain sufficient data to allow the board of directors to make well-informed strategic decisions in accordance with its fiduciary duties. Such an investigation is important not only in transactions in which seller’s shareholders receive the buyer’s securities, but also in transactions in which the consideration is paid entirely in cash. A regulatory issue affecting the buyer can delay processing and lead to adverse consequences regardless of the form of consideration.

Recently, several transactions have been halted indefinitely as a result of regulatory concerns regarding the buyer, including fair lending practices, Bank Secrecy Act compliance and anti-money laundering protections. Under these circumstances, regulators may require remediation of the issues before resuming their review, which further extends the transaction timeframe. There are also recent examples of regulators staying review until satisfactory remediation is confirmed by the institution’s next full-scope examination. Furthermore, publication of regulatory delays may prompt public comments on the application, which could further delay approval.

A material delay in a pending transaction presents potential risks to a seller. If a definitive agreement provides a stand-still covenant, the seller is generally unable to pursue other transactions until a termination right becomes available (which may be several months down the road). A seller runs the risk of having to forego other strategic opportunities during any extended immobilization. Moreover, unanticipated delays may expose a seller to instability and disruption in its operations as a result of diverting personnel from ordinary banking duties, additional transaction costs and professional fees, criticism from investors and reputational risk.

Scope of Reverse Due Diligence
While the scope of the investigation will depend on the nature and size of the institutions involved, a seller should at a minimum evaluate the following items:

  • the two or three most recent year-end financial statements (audited, if available) of the buyer;
  • sources of the buyer’s funding for the proposed transaction;
  • the status of any capital raising transactions or incurrence of indebtedness of the buyer;
  • anticipated capital requirements necessary for the buyer to fund the proposed transaction and execute its strategic plan;
  • buyer’s shareholder composition, including outstanding capital commitments; and
  • material pending or threatened litigation involving the buyer or its affiliates.

Ideally, a seller also should be satisfied with the buyer’s regulatory condition and should be aware of any regulatory enforcement actions. A seller should also be aware of the timing of the buyer’s next examination and whether it will occur during the anticipated application period.

However, reverse due diligence is challenged by legal restrictions on disclosing confidential supervisory information, including examination reports, to third parties, which could prevent a seller from obtaining reasonable comfort in the buyer’s ability to obtain regulatory approval. In such case, a seller may consult its legal advisor regarding alternative methods for completing its review of the buyer. Furthermore, there may be conditions affecting the buyer that do not become material until after the definitive agreement is signed and applications are filed.

Depending on the results of reverse due diligence, a seller may consider negotiating contractual protections, including representations and warranties related to the buyer’s compliance with laws and regulatory condition, limitations on the buyer’s ability to terminate for burdensome regulatory conditions, and acceleration of seller’s termination right in the event of delays in obtaining regulatory approval. In addition, a seller may consider negotiating reverse break-up fee arrangements or purchase price adjustments related to delays in obtaining regulatory approval.

Conclusion
Bank regulators are taking a more authoritative approach to supervisory and regulatory matters in the context of bank mergers and acquisitions. Accordingly, sellers should plan fairly comprehensive reverse due diligence in all potential transactions. While reverse due diligence will not eliminate all of seller’s transaction risk, it can better the position seller in making strategic decisions and negotiating contractual safeguards that are commensurate with the anticipated risk.

How Will New Fiduciary Rules Impact the Bank?

Written by


fiduciary-rules-4-13-16.pngThe new fiduciary rules from the Department of Labor stand to impact a huge number of banks, as more employees will fall under “fiduciary” standards that will change the way they do business. Boards should be asking questions now about how the revised rules will affect their banks, especially if they have wealth management or trust departments or subsidiaries, which are likely to see the greatest impact.

The Department of Labor, which has rule-making authority for ERISA, the Employee Retirement Income Security Act of 1974, last week expanded the definition of fiduciary to include a wider variety of people who give advice on retirement accounts. The rules don’t apply to non-retirement accounts. Although some employees may already be fiduciaries and familiar with the rules, others may be encountering them for the first time. There also could be an impact on certain fee-generating products such as the sale of proprietary funds and variable annuities, and boards should ask questions of the bank’s senior management to assess the effect on their bank. “Over the next several months, we will find out what the impact is,” says Andrew Strimaitis, a partner at the law firm Barack Ferrazzano in Chicago.

The rules go into effect a year from now, April 2017, with some requirements delayed until January, 2018.

Saying outdated rules didn’t protect Americans as their retirement savings increasingly move away from employer-provided pensions and into self-directed individual retirement accounts (IRAs) and 401(k)s, the labor department said Americans were too often exposed to conflicted advice that moves them into high-fee products that benefit advisors more than clients. The labor department estimated Americans would save $40 billion over 10 years under the new rules. “While many investment advisers acted in their customers’ best interest, not everyone was legally obligated to do so,’’ the labor department said. “Instead, the broken regulatory system had allowed misaligned incentives to steer customers into investments that have higher fees or lower returns—costing some middle-class families tens of thousands of dollars of their retirement savings.”

What’s Changed?
Any investment advisor who handles retirement accounts becomes a fiduciary and has to comply with ERISA standards, which means providing impartial advice and not accepting payments that represent a conflict of interest, according to the department of labor. The industry has been concerned that the new rules would eliminate the possibility of brokers making commissions on trades or fees for selling insurance, or prohibit certain products such as a bank’s proprietary funds, or even variable rate annuities. But none of those products were ruled out, and neither are commissions. Instead, there is a “best interest contract exemption” that allows brokers and other advisors to continue their compensation practices and to sell products such as proprietary funds as long as they promise to put their clients’ best interest first, pay “reasonable” compensation to advisors and disclose all conflicts and fees.

What’s the Impact?
There will be new compliance costs associated with the rule. Analysts at the investment bank Keefe, Bruyette & Woods estimated that Morgan Stanley, as an example, could face a two-year implementation cost of $2,500 per financial advisor, plus about $600 yearly per advisor after that for on-going compliance, based on calculations from the trade group SIFMA, the Securities Industry and Financial Markets Association. The costs could potentially push some banks with marginally profitable asset managers to sell or outsource their compliance, and many of them already do the latter. Some think the rule could have far-reaching effects in terms of changing the types of products advisors are willing to sell, because of the uncertain liability. “It is fundamentally changing the way a bank will interact with the typical IRA client,’’ says Richard Arenburg, a partner at the law firm Bryan Cave LLP in Atlanta. Customers can sue advisors who don’t represent their best interests. Recommending products that benefit the advisor when lower-cost or more appropriate products are available could be a bad idea. “To continue to recommend funds where it is questionable whether they are in the best interest of consumers, you will have a tougher road to hoe to avoid liability,’’ Arenburg says. Some banks may react by limiting the number of advisors who handle retirement accounts such as IRAs. “I think you’re going to see consolidation definitely,’’ says Strimaitis. “People are going to have larger operations to make the compliance costs worth it.”

Boards should review the impact on the bank periodically, says Nancy Reich, an executive director with accounting and advisory firm Ernst & Young LLP. What’s the impact on the business model? What changes to its policies and procedures is the firm considering to address the impact?

Could Your 401(k) Plan Come Back to Bite You?

Written by


401k-4-6-16.pngMost every banking survey I have seen in the last five years includes a question about the ways banks could improve non-interest income fees with the answer of wealth management being the overwhelming number one response. Wealth management is fraught with increased regulation, execution risk, a lack of expertise and culture integration issues. However, it is a wonderful tool to build cross-selling opportunities, customer loyalty and fee income, if done correctly. What is the best direction to begin for a community bank? One of the best ways is to not reinvent the wheel, yet try to do something that differentiates you from others and is easy to implement. How about considering the 401(k) business? But before you decide to market 401(k)s, you might consider reviewing your own 401(k) program.

401(k)s have an inherent risk that many bankers haven’t considered and it is fast becoming a nationwide problem for those worried about Enterprise Risk Management.

  • Did you know there are 38 cases of ongoing lawsuits where employers are being sued by employees for issues related to employer-provided 401(k) programs? Did you know this includes employers such as The Boeing Co., Walmart Stores, Lockheed Martin as well as 401(k) providers like MassMutual Financial Group, which are being sued or have been sued by their own employees over 401(k) programs?
  • Do you know if your provider is or has been sued by its employees or others?
  • Do you know what your fiduciary risk is as a plan sponsor?
  • Do you know if your provider is a fiduciary or whether you, as a sponsor, bear that risk exclusively?

So what’s all the fuss about? 401(k)s have been around for about 40 years. Yet, providers have been more focused on making money and pushing product than providing the best portfolio and overall solutions for employers and their employees.

Most plans contain many issues:

  • Provider companies don’t act as a fiduciary alongside the employer plan sponsor.
  • There is no investment advisor fiduciary to assist the plan sponsor (i.e. the employer).
  • The provider is pushing its own funds, which represents a conflict of interest.
  • High fees look egregious, especially in a market that has a poor outlook for stocks, bonds and cash.
  • There is a lack of disclosure of all fees involved, although recent legislation is improving the level of disclosure.
  • Many plans offer poor structure and poor performance. Recent studies over the past 20 years show the average stock and bond mutual fund investor has under-performed the S&P 500 and the Barclays Aggregate U.S. Bond Index by a whopping 4 percent to 5 percent per year.
  • Even plans with stable value and target-date funds have issues of fees, structure and poor performance.

The recent Supreme Court ruling in May, 2015, requires plan sponsors to “monitor trust investments and remove imprudent ones. This continuing duty exists separate and apart from the trustee’s duty to exercise prudence in selecting investments at the outset.”

An independent review of your plan can have the following benefits for you:

  • Reduce enterprise risk management issues
  • Lower fees, improve structure
  • Improve performance
  • Lessen fiduciary risk exposure
  • Lessen other liability risk
  • Improve employee morale
  • Provide a competitive hiring edge
  • Satisfy ongoing monitoring obligations

Despite the risks, 401(k)s are a great way to enter or enhance wealth management divisions and add interest income to the bank. It’s a fairly easy way to compete given the large problems in the industry that are loaded with many poorly structured and under-performing 401(k) plans. We know many banks with large trust departments and wealth management businesses where 401(k) sales are the biggest profit center in that line of business. Designing a great 401(k) can help shape your employees’ future and make a long-lasting impact on their lives. Don’t settle for a mediocre plan. When your employees and your customer’s employees deserve a really great plan that helps them meet their financial goals.

Do you want a chance to impact your employees’ well-being, reduce your enterprise risk, improve performance for employees, the bank and the bank’s customers? Consider learning more about 401(k)s.

A New Delaware M&A Case Is a Warning to Investment Bankers: Take Care That You Don’t Mislead the Board

Written by


investment-bankers-12-21-15.pngMerger and acquisition activity appears to be accelerating among community banks large and small. Despite the nearly ubiquitous shareholder lawsuit that follows a merger announcement from a publicly traded target company, the corporate law relating to the obligations of a board of directors in a merger transaction is well developed and favorable. There is a high bar for board culpability in an M&A transaction, and an even higher bar for board liability. However, recent Delaware court cases have highlighted potential liability for investment bankers that is not shared by directors. This is quite an alarming development, which is of obvious concern to investment bankers, but also should impact boards of directors as they consider deals.

Under Delaware law, which is followed by most states, the primary obligations of the board in a merger transaction relate to good faith, a component of the duty of loyalty, and making an informed decision, duty of care. Fortunately, most companies have a charter provision eliminating director personal liability for monetary damages for breaches of the duty of care, which is not allowed for breaches of the duty of loyalty. And, according to the Delaware Supreme Court in the Lyondell case, director personal liability for “bad faith” requires a knowing violation of fiduciary duties. For example, in a sale transaction, shareholders aren’t supposed to act on a goal other than maximizing value, or in a non-sale merger, act for reasons unrelated to the best interests of the stockholders generally.

Another important hallmark of Delaware M&A case law is the extreme reluctance of judges to enjoin a stockholder vote on a merger transaction when there is no competing offer. And once a transaction closes, and the challenged target company directors were independent and disinterested, and did not act with the intent to violate their duties, judges typically dismiss the lawsuits against directors.

However, in a recent case, which involved the sale of a company called Rural/Metro Corporation, the Delaware Supreme Court ruled that third parties, such as investment bankers, can be liable for damages if their actions caused a board to breach its duty of care, even if directors are not liable for the breach. Moreover, simple negligence by the board, rather than gross negligence, can serve as the basis for third party liability.

In Rural/Metro, the investment bankers were found to have had numerous conflicts of interest, most of which were not discussed with the board. They sought to participate in the buyer’s financing of the acquisition and they sought to leverage their involvement with the seller, Rural/Metro, to obtain a financing role in another merger transaction. They were also found to have manipulated the fairness analysis to serve their conflicted interest in having a particular party win the bid for Rural/Metro. The court held the behavior of the investment bankers caused the board to be uninformed as to the value of the company and caused misleading disclosure. They were held liable to stockholders for $76 million in damages.

The Delaware Supreme Court stated that a board needs to be active and reasonably informed in its oversight of a sale process and must identify and respond to actual or potential conflicts of interest as to its advisers. Importantly, the Delaware Supreme Court rejected the lower court’s characterization of the role and obligations of an investment banker as a quasi fiduciary “gate keeper,” and stated that the obligations of an investment banker are primarily contractual in nature. It further held that liability of an investment banker will not be based on its failure to take steps to prevent a director breach but on its intentional actions causing a breach.

The case is a warning for both boards and investment bankers: Take care when there is a conflict of interest. Investment bankers should avoid conflicts where possible, disclose all conflicts to the board and the board and the investment bankers need to work diligently to address conflicts adequately. In order to do their job well, board members must make sure their advisors are telling them what they need to know.