Did the PPP Create Class Action Liability for Banks?

Written by

The federal government has a history of assisting businesses when a crisis occurs, but one of its latest interventions may have created risk for bank partners providing aid.

Most recently, the CARES Act’s Paycheck Protection Program, commonly called PPP, helped businesses affected by Covid-19 by providing forgivable loans if, among other things, a company used the funds for “payroll costs, interest on mortgages, rent, and utilities” and used at least 60% of the amount forgiven on payroll. The program’s rocky rollout came during an extremely turbulent time, so it should surprise no one that disgruntled applicants and agents have filed a series of class action lawsuits with similar patterns of claims and allegations.

The first PPP class action lawsuits were filed against Bank of America Corp. and Wells Fargo & Co. in early April. In both cases — Profiles v. Bank of America Corp. and Scherer v. Wells Fargo Bank — the plaintiffs alleged the banks improperly restricted access to PPP loans to customers with a pre-existing banking relationship. Per this theory, the banks favored established, pre-existing clients in order to receive larger fees from larger loans at the expense of new customers.

Critically, in Profiles, the district court denied the plaintiffs’ motion to enjoin Bank of America from imposing eligibility restrictions. Specifically, the court held that no express or implied private right of action exists under the PPP, and that only the Small Business Administration could file a civil suit for alleged violations of the PPP. The district court determined the alleged conduct was allowed, stating “[t]he statutory language does not constrain banks such that they are prohibited from considering other information when deciding from whom to accept applications, or in what order to process applications it accepts.”

Recognizing issues with asserting claims directly under the CARES Act, another group of class action plaintiffs brought claims under state law theories in separate cases against Bank of America, JPMorgan Chase & Co, U.S. Bancorp and Wells Fargo in California federal court. These plaintiffs assert that the banks prioritized applications for large loans to generate higher fees in violation of California’s Unfair Competition and False Advertising Laws and engaged in common law fraudulent concealment. The law firms that led the California class actions have filed suits under similar theories in New York against JPMorgan.

Utilizing different theories, class plaintiffs in California argue lenders are failing to process PPP loan applications on a first-come, first-served basis, as purportedly expected by the SBA. In Outlet Tile Center v. JPMorgan Chase & Co, the plaintiffs claimed Chase solicited applications from more-favored clients, making it impossible for the others to obtain loans. Even though there is no express requirement applications be processed on a first-come, first-served basis, plaintiffs claim they gave up opportunities to get loans from institutions that took applications as they came because of their pending applications with Chase. Suits employing this theory were also filed in New York, Illinois and Texas. 

Espousing novel-market theories under the Sherman and Clayton Acts, plaintiffs in Legendary Transport v. JPMorgan Chase & Co. allege lenders conspired to only provide PPP loans to their larger clients as a way to “protect their market share and to limit competition” with respect to PPP funds. That suit also accuses JPMorgan of negligence and misrepresentation in connection with its PPP application process.

Finally, loan seekers are not the only class action plaintiffs seeking relief. Parties purporting to be agents assisting clients with applying for PPP loans are also seeking compensation. Cases in Florida and Ohio assert, despite CARES Act fee requirements, agents including accountants, attorneys, consultants and loan brokers who helped businesses prepare and submit applications are not being paid. These suits allege banks are not properly processing agent fees, intentionally failing to process loans that refer to an agent and/or directing applicants to online portals that do not allow customers to designate an agent.

All of these suits are still in their early stages, and some may be abandoned now that additional PPP funds have been made available and named plaintiffs may have received funds. Nonetheless, class action theories and new targets will evolve and emerge over time. In defending these suits, banks will likely rely upon “no private right of action” rulings, the lack of specific process requirements (as opposed to statutory guidance) and, in cases when only state law actions are pled, federal preemption. Importantly, financial institutions that evaded the first strike of class action litigation should prepare for future attacks utilizing the same or very similar theories of liability.

Community Banks Released From ADA Liability

Written by


community-bank-12-29-17.pngMany community banks received threatening letters from the advocacy group Access Now alleging that the banks’ websites violated the Americans with Disabilities Act (ADA) for the visually impaired in provision of electronic information technology, including the banks’ websites, online banking, mobile banking and apps, ATM services, and telephone banking (known collectively as electronic banking services). These letters started arriving at banks in late 2016 and generally offered to resolve alleged claims by working with Access Now’s attorneys—Pittsburgh, Pennsylvania-based Carlson Lynch Sweet Kipela and New York-based KamberLaw LLC—to bring the banks’ websites into compliance with the ADA. The banks that chose not to work with Access Now were threatened with potential lawsuits.

On November 20, 2017, the Independent Community Bankers of America (ICBA) announced it had reached an agreement with Access Now to stop the mass distribution of letters to community banks threatening to bring actions against these banks for alleged violations of ADA. The industry trade group reached a mutually agreeable settlement with Access Now, in which the ICBA will adopt and distribute to its current members a restatement of voluntary access principles that are acceptable to Access Now, as a reaffirmation of the banking industry’s ongoing commitment to encourage accessibility for visually impaired persons. Access Now will release ICBA member banks and all U.S. banks with less than $50 billion in assets from all claims related to the provision of electronic banking services and the ADA.

It is unclear if the release requires all ICBA banks and non-member banks with assets of less than $50 billion to adopt the Access Now principles. In addition, it is unclear if adopting and following the Access Now principles by community banks will protect them from threatened litigation by organizations similar to Access Now. However, it is advisable to adopt and follow the principles for protection against claims.

The principles adopted by the ICBA are as follows:

  1. Ensure accessibility. The ICBA will encourage its members to make reasonable efforts to ensure that digital platforms and services are accessible to visually impaired and low vision customers, as well as potential customers and companions to such customers or potential customers.
  2. Train bank employees. The ICBA will encourage its members to conduct periodic training for bank employees responsible for electronic banking service accessibility to promote greater accessibility.
  3. Develop electronic banking service accessibility guidelines. The ICBA will encourage its members to develop electronic banking service accessibility guidelines that are designed to promote increased independent use of the member’s electronic banking services by customers and potential customers with disabilities, as well as their companions. The details of the accessibility policies adopted, if any, will be at the sole discretion of each member bank.
  4. Implement the principles within the next three years. In the event that formal guidelines are not issued by the U.S. Department of Justice in 2018, the ICBA encourages its members to implement its principles on or before December 31, 2020.
  5. Incorporate access information into existing customer service. The ICBA encourages its members to publicly post notification and contact information in connection with their provision of electronic banking services for customers and potential customers who claim to encounter access barriers. Members are encouraged to respond to inquiries or complaints related to any alleged access barriers in a reasonably prompt manner.
  6. Communicate with third-party vendors. The ICBA encourages its members to utilize their existing vendor management due diligence process and communicate to the vendor that consumer-facing digital content provided by that vendor should conform to the ICBA’s principles.

While the DOJ has not adopted a website accessibility standard, one acceptable set of voluntary principles for accessibility is the World Wide Web Consortium’s Version 2.0 of its Web Accessibility Guidelines. Nothing within the ICBA’s principles intends to suggest that members should adopt an accessibility standard greater than that which may ultimately be adopted by the DOJ, or that equal access may not lawfully be provided in an alternative fashion. All community banks should endeavor to adhere to the principles set out above and watch for the release of website accessibility standards by the Justice Department.

Could Your Insurance Cover the Latest Disability Claims?

Written by


insurance-12-26-16.pngAlthough Americans with Disabilities Act (ADA) claims have been in existence for several years, I have seen a dramatic increase in the frequency of demand letters against community and regional banks during the past couple of weeks. The typical demand letter states that the bank’s website is out of compliance with the ADA, as the site does not provide equal accessibility for visually impaired individuals who attempt to access the website. Often the letter will cite the Web Accessibility Initiative of the World Wide Web Consortium, referencing how many of the web pages fail to meet the Web Content Accessibility Guidelines.

Possible Insurance Response
Based on the allegations, the first places we would look for insurance coverage would be the cyber liability policy, as this is based on the bank’s website, or the employment practices liability insurance (EPLI) policy. And those are exactly the two coverages where we are seeing possible solutions, but that will be contingent on the insurance carrier’s approach and the language that may have been negotiated.

With regards to cyber liability, most policies will only be triggered after a breach of network security and/or the loss or theft of non-tangible property, specifically, personally identifiable information. In the case of these ADA infractions, neither of these triggers have been met. Additionally, many cyber policies will include a specific discrimination exclusion. With that said, several carriers have cyber policies with no such exclusion and have a very inclusive or broad language within the definition of Wrongful Electronic Banking Act or even the basic Cyber Liability Insuring Agreement.

With regards to the possibility of coverage within the EPLI placement, we compare this scenario with a similar scenario where a claimant demands that a handicapped ramp be built at a branch location. Both reference violations of ADA claiming an individual with a disability cannot access the bank’s services. Just as is the case in the building of the ramp scenario, there are several language obstacles that need to be overcome in the consideration of coverage:

  1. The definition of claim defines when claim coverage can begin. Your definition of claim should include non-monetary damages, just as it does for monetary damages. This will allow for coverage to be considered even if all that is requested is to fix the website.
  2. The bank should possess third-party discrimination coverage, which means that the bank is protected if a third-party, not an employee of the bank, is the claimant. Note that several versions of the third-party EPLI coverage extensions include only harassment exposures. Since these allegations relate to the scenario where a third party to the bank is alleging discrimination, it is critical that this extension includes discrimination as well as harassment.

One last comment relating to the possibility of claims coverage is that most insurance policies include some form of the following in the definition of loss:

… Loss shall not include costs to comply with any non-monetary or injunctive relief…

This means that while there could be coverage for defense costs and legal fees associated with defending the bank, as well as any actual financial settlement amounts, there will most likely not be any coverage for actually fixing the web site. Just as there was not insurance available to build the accessible ramp, fixing the web site would be a cost of doing business and typically is not insurable.

Steps You Can Take
If your institution wants to be proactive, the Department of Justice offers resources advising local governments on making web sites accessible. We also recommend the input of counsel prior to responding to any demand letters. Lastly, when considering if or how to respond to such a letter, I would like to reinforce an American Bankers Association report on the matter: “…unlike many other compliance obligations, there is much to be gained from making the world more accessible to the disabled. Not only is it the right thing to do, it is also potentially good for business as it expands the market for bank products and services to the broadest range of customers.”

Disability Claims Against Bank Websites: Is Your Bank Prepared?

Written by


disability-12-19-16.pngMany will recall painful lessons learned in the wake of the 1990 passage of the Americans with Disabilities Act (ADA) as numerous claims arose alleging that bank ATMs were not accessible to the disabled. Banks were required to retrofit facilities and equipment to meet the standards adopted in 1991 by the U.S. Department of Justice requiring ATMs to be accessible. Again in 2010, the Justice Department supplemented the general accessibility rules with standards setting out extensive technical specifications for ATMs, including speech output, privacy and Braille instructions, leading to another round of claims, lawsuits and retrofits of equipment.

Today, a new target for ADA claims has surfaced: online and mobile banking. Claims brought under Title III of the ADA are growing in number, targeting financial institutions for failing to make their websites and mobile applications accessible to individuals with disabilities.

Title III of the ADA covers public accommodations and commercial facilities and provides, in pertinent part: “[n]o individual shall be discriminated against on the basis of a disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages, or accommodations of any place of public accommodation by any person who owns, leases (or leases to), or operates a place of public accommodation.” Banks fall squarely within the category of “service establishments” that qualify as public accommodations. Thus, Title III’s accommodation requirements apply to at least the physical location of a bank.

At issue in the recent influx of claims is the extent to which a bank’s website must accommodate disabled patrons. Federal courts are split on whether websites for private businesses actually constitute a public accommodation under the ADA. Federal courts generally have taken one of three approaches regarding the applicability of ADA accessibility requirements to websites: the internet is not a place of public accommodation; the internet is a place of public accommodation; or the internet is a place of public accommodation to the extent a website serves as a gateway to the full and equal enjoyment of goods and services offered in a business’s physical locations.

The Justice Department, which also enforces the ADA, has not yet issued regulations, accessibility requirements or guidance relating to whether and how commercial websites are to comply with Title III. Originally, the Department planned to issue regulations implementing Title III in the spring of 2016; however, it changed course in late 2015, announcing that the regulations would not be finalized until 2018 at the earliest, stating that it wanted to concentrate first on similar regulations for government entities and federal contractors covered by Title II.

In the meantime, the Justice Department has taken the position, at least as far as state and local governments are concerned, that Title II obligates those entities to make their websites accessible to consumers with disabilities. The Justice Department is on record asserting that “[t]he internet plays a critical role in the daily personal, professional, civic, and business life of Americans. The ADA’s expansive nondiscrimination mandate reaches goods and services provided by public accommodations and public entities using internet websites.”

As to private business, the Justice Department has entered into several consent orders under Title III in which the businesses have agreed to bring their websites and mobile applications into compliance with the Web Content Accessibility Guidelines 2.0 AA, published by the Web Accessibility Initiative of the World Wide Web Consortium.

With alleged violations of ADA Title III finding their way into claims, lawsuits and Justice Department actions, it is important for board members to be alert to emerging website and mobile application accessibility issues, to be prepared to assess their institution’s exposure and to make sure their institutions address any unmet requirements. With a new administration arriving in Washington D.C., it is important to monitor its perspective on this topic. Expert consultants and legal counsel can provide valuable guidance in structuring the assessment process as well as any needed remediation. The process should include a review of the institution’s web and mobile platforms, a review of the institution’s technical capabilities, as well as applicable vendor agreements to ensure that gaps are addressed so that the bank meets ADA requirements.

A New Delaware M&A Case Is a Warning to Investment Bankers: Take Care That You Don’t Mislead the Board

Written by


investment-bankers-12-21-15.pngMerger and acquisition activity appears to be accelerating among community banks large and small. Despite the nearly ubiquitous shareholder lawsuit that follows a merger announcement from a publicly traded target company, the corporate law relating to the obligations of a board of directors in a merger transaction is well developed and favorable. There is a high bar for board culpability in an M&A transaction, and an even higher bar for board liability. However, recent Delaware court cases have highlighted potential liability for investment bankers that is not shared by directors. This is quite an alarming development, which is of obvious concern to investment bankers, but also should impact boards of directors as they consider deals.

Under Delaware law, which is followed by most states, the primary obligations of the board in a merger transaction relate to good faith, a component of the duty of loyalty, and making an informed decision, duty of care. Fortunately, most companies have a charter provision eliminating director personal liability for monetary damages for breaches of the duty of care, which is not allowed for breaches of the duty of loyalty. And, according to the Delaware Supreme Court in the Lyondell case, director personal liability for “bad faith” requires a knowing violation of fiduciary duties. For example, in a sale transaction, shareholders aren’t supposed to act on a goal other than maximizing value, or in a non-sale merger, act for reasons unrelated to the best interests of the stockholders generally.

Another important hallmark of Delaware M&A case law is the extreme reluctance of judges to enjoin a stockholder vote on a merger transaction when there is no competing offer. And once a transaction closes, and the challenged target company directors were independent and disinterested, and did not act with the intent to violate their duties, judges typically dismiss the lawsuits against directors.

However, in a recent case, which involved the sale of a company called Rural/Metro Corporation, the Delaware Supreme Court ruled that third parties, such as investment bankers, can be liable for damages if their actions caused a board to breach its duty of care, even if directors are not liable for the breach. Moreover, simple negligence by the board, rather than gross negligence, can serve as the basis for third party liability.

In Rural/Metro, the investment bankers were found to have had numerous conflicts of interest, most of which were not discussed with the board. They sought to participate in the buyer’s financing of the acquisition and they sought to leverage their involvement with the seller, Rural/Metro, to obtain a financing role in another merger transaction. They were also found to have manipulated the fairness analysis to serve their conflicted interest in having a particular party win the bid for Rural/Metro. The court held the behavior of the investment bankers caused the board to be uninformed as to the value of the company and caused misleading disclosure. They were held liable to stockholders for $76 million in damages.

The Delaware Supreme Court stated that a board needs to be active and reasonably informed in its oversight of a sale process and must identify and respond to actual or potential conflicts of interest as to its advisers. Importantly, the Delaware Supreme Court rejected the lower court’s characterization of the role and obligations of an investment banker as a quasi fiduciary “gate keeper,” and stated that the obligations of an investment banker are primarily contractual in nature. It further held that liability of an investment banker will not be based on its failure to take steps to prevent a director breach but on its intentional actions causing a breach.

The case is a warning for both boards and investment bankers: Take care when there is a conflict of interest. Investment bankers should avoid conflicts where possible, disclose all conflicts to the board and the board and the investment bankers need to work diligently to address conflicts adequately. In order to do their job well, board members must make sure their advisors are telling them what they need to know.

Stop Before Signing a 10-Year Core IT Contract

Written by


3-27-15-Paladin.pngHow can any of us bet on the function and value of technology 10 years from now? You cannot. However, vendors are doing a great job of convincing banks they need a 10-year technology contract.

Nobody except perhaps for the U.S. government should accept fixed IT cost structures and terms for 10 years. It is my opinion that proposing an eight, nine or 10-year contract is one of the biggest crimes committed upon bankers in recent years by core IT vendors. Frankly, they should be ashamed of tricking bankers into believing there is any strategic value in such an offering. How many banks offer a 10-year, fixed-rate commercial line of credit or a 10-year CD with guaranteed interest rate increases of 3 percent to 5 percent annually?

Bankers are doing their best to run their institutions, manage compliance issues, fight off margin compression and try to make a buck. I understand that some may think that a 10-year contract will lock their core IT vendor in to incredibly low pricing and favorable terms. A 10-year contract puts a check in the vendor management box and lowers bankers’ distractions, permitting focus on what bankers know best…banking. If you really knew what a 10-year deal actually does to a bank, you’d realize that you just locked yourself into a bad deal.

An eight, nine or 10-year core IT contract guarantees the vendor that no-matter-what, you are going to pay premiums for a long time, even if the cost of the technology delivery drops to near zero. The institution may grow, contract or change its mission, but the fees are going to continue growing annually as consumer price index increases chip away at your efficiency ratio.

Bankers are at a terrible disadvantage and must typically wait five to seven years to restructure these contracts. Once you complete the wait, you find very little switching leverage since a true oligopoly exists. Eighty-five percent of the market is controlled by three companies, Fiserv, FIS, and Jack Henry & Associates. Vendors know that only 4 percent of banks change vendors annually.

Your World Under a 10-Year Agreement
Pretend you want to switch vendors because your provider is no longer providing quality service or was hacked by the North Koreans. Nope. You’re stuck. Maybe your bank wishes to upgrade and buy a world-class Internet banking system because the version offered by your core is no good? You’re stuck until your grand-children graduate high school in 2025.

Search the fine print in your agreement for the exclusivity clause preventing a switch of any ancillary service to a competitive offering. Consider complaining to the vendor about the service level agreement (SLA). Sure, they’ll buy you lunch, but the complaints fall on deaf ears. Their nods of empty concern are backed by the fact you’re going nowhere for at least seven more years!

Imagine you happen to meet a colleague at a bank show and he tells you his bank is paying the same vendor 40 percent less for the same services? That’s nice but you’ll have to wait to get anything changed until the next two presidential elections. Decide to sell the bank? Get your shareholders ready to choke on millions in termination fees.

High Fives at the Water Cooler
I’m cynical about finding any value in a 10-year contract, because there isn’t any, unless of course you’re the vendor. In my opinion, the absolute longest term should be seven years, and even then, there better be a lot of language that begins protecting your backside in years five, six and seven. The sales guy that brings in the 10-year whale is immediately promoted to the corner office and is enshrined into the president’s club for the remainder of his career. Water cooler high-fives abound at any core IT provider that gets a bank or credit union to sign onto an eight, nine or 10-year deal. If you sign a 10-year deal and can’t find your sales rep, that’s because phones don’t work on cruise ships.

Trust your vendor, but ensure that you are getting fair market pricing and making the right decisions about business language and terms. Going into these multi-million dollar negotiations alone is like playing poker in the World Poker Tour when you only play Texas Hold’em once every five years.

Keeping Your Head Above Water: Four Tips for Managing Flood Insurance Law Changes

Written by


1-19-15-Dinsmore.pngAmong the various areas of regulatory compliance, one area—compliance with flood insurance regulations—seems to cause an out-sized level of anxiety, and for good reason. Over the past several years, field examiners have been diligent in identifying and citing violations of the flood regulations, and many of these violations have resulted in imposition of civil money penalties (CMPs) against the violating banks. During 2013 and 2014, nearly 100 flood-related CMPs were imposed on banks, ranging in amount from $1,000 to well over $100,000. Paying penalties is never enjoyable, but is even less so in this era of tight margins and strained profitability.

Last year, President Obama signed into law the Homeowner Flood Insurance Affordability Act (HFIAA) as a way to dial back some of the increased costs associated with 2012 Flood Insurance Reform Act. The HFIAA will bring about a number of new and modified obligations on banks, which will become effective at various times during 2015 and 2016. Changes are coming in the areas of forced placement of insurance, acceptance of private flood insurance, escrowing of premiums, and exemptions to the mandatory purchase of flood insurance.

The ultimate responsibility for ensuring compliance with consumer protection laws and regulations, including flood insurance laws and regulations, rests with the board and senior management. How do you keep your head above the changing waters?

  1. Policies and Procedures. Any change in law or regulation in a compliance area should trigger a review of the bank’s existing policies and procedures in the affected areas. The review should be done with an eye toward necessary or appropriate changes to the policies and procedures. Management also should use this review process to determine to whom the revised policies and procedures need to be communicated to ensure an effective flood insurance compliance program. Certain of the changes may affect personnel outside of the lending and compliance functions at the bank. Once identified, all appropriate personnel should be trained on the new policies and procedures.
  2. Education. The compliance officer’s and real estate loan origination staff’s knowledge and understanding of the changes in the law/regulations are critical to ensuring compliance. The board and senior management have to be willing to expend the necessary resources to educate these folks who are on the front lines of the flood insurance process. Additionally, directors and senior managers also should receive training on the basics of flood insurance regulations so that they can appropriately oversee the compliance function and manage the attendant risk. The regulatory agencies, industry trade associations, and FEMA (Federal Emergency Management Agency) are good sources of training materials.
  3. Customer Communication. Your bank already may be receiving inquiries from customers regarding the impending changes to the flood insurance rules. If not, expect that you will. The changes relating to escrowing premiums, exemptions from mandatory coverage, and private flood insurance are fertile ground for customer questions. Now is the time to review your existing customer communication procedures to be sure that appropriate personnel and/or departments are tasked with handling inquiries, and that all personnel, especially customer-facing personnel, know to whom they should direct customer inquiries regarding flood insurance.
  4. Monitoring and Audit. As previously mentioned, the board and management have ultimate responsibility for ensuring compliance with flood insurance regulations. An effective compliance monitoring/audit function is paramount in carrying out this responsibility. The coming changes in the regulations will require management and the board to revisit certain aspects, if not all, of the flood insurance compliance program. Despite your training and planning efforts to implement perfectly the changes to your flood insurance processes and procedures, mistakes will be made. The wise bank will test the new processes early and frequently to head off any systemic issues. Better you find any problems and fix them, than to have them discovered by the examiners at your next compliance exam.

Changes are coming, and it is safe to say these will not be the last. Getting out ahead of the changes and planning for them is the key to successfully navigating the changing flood waters.

Shareholder Lawsuits in a Sale: Are They Legit or is it a “Stick-Up” Business?

Written by


12-8-14-Hovde.jpgA troubling litigation trend in recent years has been the surge in lawsuits related to mergers and acquisitions. My first introduction to this phenomenon came in 2011 while representing a publicly traded bank in the Southeast that sold to a larger, stronger in-state buyer. Within an hour of announcing the deal, multiple class action lawsuits were filed in a variety of different states. Proponents of these suits contended that the sale process was flawed and that directors breached their fiduciary duties by not maximizing shareholder value. They cited the existence of restrictive deal protections that discouraged additional bids and conflicts of interest, such as change-of-control payments as well as insufficient disclosure in the proxy statement. The suit in 2011 was eventually settled with the selling shareholders receiving “beefed-up” disclosure with no increase in consideration. Plaintiffs’ lawyers, however, were awarded significant fees. These suits have become a given in virtually all transactions involving public sellers, including very small transactions. While essentially none of these lawsuits seem to have any true merit, they must be dealt with and settled in order to avoid costly and protracted litigation, including the risk of injunction that could block a deal.

In a paper originally published in January 2012 and subsequently published in January 2013 entitled “A Great Game: The Dynamics of State Competition and Litigation,” Matthew Cain, a Notre Dame business professor, and Ohio State University Associate Professor of Law Steven Davidoff reviewed all merger transactions since 2005 with over $100 million in deal value that involved publicly traded targets. They found a disturbing trend. According to the research, approximately 40 percent of deals in 2005 attracted litigation, whereas 97.5 percent (78 out of 80) of deals in 2013 resulted in a shareholder lawsuit. As the authors observe, “in plain English, if a target announces a takeover, it should assume that it and its directors will be sued.” The primary driver of this increased litigation, of course, is the money to be made in the settlement process. While fees paid to plaintiffs’ attorneys have been coming down over the years, the median fee paid in 2013 was still a hefty $485,000. The court system does seem to be coming around to the dubious nature of these suits with judges knocking down attorney’s fees, especially on disclosure-only settlements which made up nearly 85 percent of settlements in 2013. With these types of lawsuits following even the smallest bank transactions, there is increasing hope that reduced fees will discourage the practice.

Although there appears to be very little benefit to selling shareholders in these lawsuits, they are likely here to stay since large fees can sometimes be extracted in the process. It’s important for a board to understand this reality and be prepared for it. While these suits rarely derail a well-constructed M&A transaction, settling and paying this “merger tax” often makes the most sense to ensure a smooth close. Buyers should factor in this added cost to their purchase price and deal with the lawsuits accordingly. Until legal fees in unmeritorious lawsuits are knocked down in a way that discourages their filing, they will remain an unfortunate reality in M&A.

Negotiate the Best Directors & Officers Liability Contract for Your Board

Written by


11-26-14-AHT.jpgThe bank’s directors & officers (D&O) policy is there to protect the personal assets of the individual directors and officers. In dire cases, it very well could be the last line of defense to ensure that individuals do not have to pay out of pocket after a lawsuit or regulatory fine. With that context, having an organized renewal process can ensure the best results. Here is our recommended step-by-step timeline to ensure the most comprehensive placement.

90 – 120 Days in Advance of the D&O Renewal: Renewal Strategy
Typically, the chief financial officer or in-house attorney would be responsible for the renewal discussions. The renewal strategy discussion with a broker could:

  • Review any recent successes or challenges at the bank that may have arisen since the last renewal and discuss what impact those may have on the renewal.
  • Analyze any recent claims and litigation trends that are impacting other bank boards as well as any changes in carrier appetite, any new carriers in the market, new language grants and pricing trends.
  • Update the limits benchmarking analysis and review the current limits sharing structure to ensure it is appropriate for a bank based on the asset size and risk analysis.
  • Determine a marketing strategy. Our advice is to market the D&O insurance at least every other renewal cycle and if you are on a three-year policy term, every cycle.

60 – 90 Days in Advance of the D&O Renewal: Insurance Application

  • If you are not sure of an answer to a specific question, it is always better to leave it blank rather than guess.
  • If a question can be answered by a document that is publicly available, simply answer, “see public filings.” This way, when you are completing the same renewal application the following year, that field can remain as is.
  • Likewise, if the answer to a question requires more than a handful of words, it is always OK to respond, “see attached.” This way, at the following renewal, all you need do is update the attachment.

45 – 60 Days in Advance of the D&O Renewal: D&O Underwriter Meeting
The next step is to give the underwriters an opportunity to learn more about the bank other than from the insurance applications and the public filings. This is accomplished via the D&O underwriter meeting/call. The call leader is usually the chief executive officer or chief financial officer, but could include counsel or the chairman of the board as well. The process for this meeting is to collect all of the underwriters (including the incumbent) into either one location or one call. Having the incumbents on the call with competitors will let the incumbents know they are going to have to sharpen their pencils to keep the business. There are other benefits as well:

  • You can allow underwriters to hear from the bank executive(s) directly, the best advocates of the bank.
  • The call gives executives the chance to answer verbally instead of in writing.
  • You can express the importance of everyone’s time on the call, so underwriters should get the message that they should speak now or forever hold their peace. We typically find that this really streamlines the process from call to quote to bind.

Note that the process includes collecting all underwriter questions in advance of the call and providing these to the executive team several days prior to the call, so they have an understanding of what types of questions may get asked.

20-30 Days Prior to Renewal: Taking Bids
After the meeting, all that is left is to do is collect, compare and summarize the different quotations. Note that most underwriters will typically not offer a quote more than a month in advance of the renewal, so expect 20-30 days prior to renewal to start hearing about the different coverage improvements and recommendations. Because of all of the ground work already done, this part is typically the easiest, as the whole process normally has come to a positive end. Of course, the audit committee, or in most cases, the full board will want to hear the recommendations and make a final decision.

Underwriters Focusing on Rising M&A Claims and BSA Enforcement

Written by


Serving on a bank board comes with a lot of liability. State courts have decided that even independent, part-time directors can be guilty of gross negligence when their banks fail, for example. Directors often get sued by shareholders following an acquisition. And regulatory authorities can levy their own fines against individuals who serve on bank boards for the bank’s violations of regulatory rules. Bank Director magazine talked to Dennis Gustafson of AHT Insurance about the trends of particular interest to the board, such as directors and officers (D&O) liability insurance and cyber policies.

What trends are you seeing in claims?
We are seeing a shift. Last year at this time, the number one D&O claim was from the Federal Deposit Insurance Corp. (FDIC) relating to failed banks. A lot of these banks failed three to six years ago, so we are starting to see a decrease in those claims and M&A claims are on the rise as M&A activity heats up and as attorneys find opportunities to sue. If you are a public company getting acquired and have a market cap of greater than $100 million, there is a 97 percent chance of a lawsuit. The allegations are you didn’t do enough due diligence, you didn’t get a high enough price or you didn’t notify [shareholders] in an appropriate manner. Typically, the only impact of the lawsuit is an updated proxy statement but $500,000 to $1 million could be spent, mostly on legal fees. For those banks with more than $1 billion in assets, if there is any likelihood of the bank being acquired, the underwriter may require a separate, and higher, deductible for M&A claims.

Another shift in claims trends is in the cyber liability arena. It used to be the most frequent cyber claim was for notification costs after a breach of cybersecurity, because state laws require you to notify your customers of a breach. However, since more states are allowing for e-mail notification, the notification costs are decreasing and as such, so is the claim severity related to those notifications. In lieu of notification costs, we are seeing more and more claims relating to forensics, where the bank has to investigate the breach, why it happened and how, and sometimes hiring consultants to do these investigations can get very expensive.

What coverages are afforded in a typical cyber insurance policy?
In addition to coverage for notification costs and forensics, the typical cyber liability policy reacts to a lawsuit or demand from a customer or group of customers arising from a breach in network security. From there, coverages can differ based on the policy form and options offered. Some additional extensions of coverage include:

  • when a hacker accesses your client information and requests a ‘consulting fee’ or they will release the information
  • loss of revenue stemming from a network breach
  • a breach of physical security (i.e. dumpster diving or a lost laptop)

What changes are you are seeing from underwriters?
In previous years, most underwriter questions related to asset or loan quality. Now, we are seeing more questions related to the Bank Secrecy Act, wire transfer policies, and anti-money laundering programs. Common questions include: For wire transfers, what policies are in place relating to call backs [to confirm the authenticity of the transfer]? What controls do you have in place to protect the bank against money laundering? Are there any new hires or new procedures relating to bank secrecy?

What question do you hear most from bank directors?
The question I get most is about the gap in coverage for civil money penalties. The civil money penalty is assessed by the FDIC against the bank or against individuals if the FDIC perceived that those individuals did not work in the best interest of the customer. The most common allegation is gross negligence and more often than not, it is related to a loan or to a bypass in procedures. The FDIC put out a letter last October explicitly clarifying that if bank directors or officers were assessed a civil money penalty, they cannot be covered by the bank’s insurance or be indemnified by the bank. With that said, it would not be out of compliance with the guidelines if the individual were to purchase a policy on his or her own dime just to cover civil money penalties. The average civil money penalty was $51,250 and the median was $25,000 since 2012. The FDIC assesses the vast majority of these penalties.

Why should directors be worried about civil money penalties?
Most people do not join a board of a community or regional bank for the little or no compensation they may earn. The last thing they want is to have any of their decisions or activities possibly cost them out of pocket.