By Peter J. Whalen and Alan M. Anderson
Most directors and officers now realize that the Year 2000 is the biggest threat to the business community in decades. They also realize that a company's Year 2000 risk is not limited to its own internal systems, but extends to its key trading partners on which it depends for its day-to-day existence. Given these circumstances, directors and officers should understand the liability risks they face and how they can use the business judgement rule to take action to minimize their own Year 2000 exposure.
What are the Year 2000 risks for Directors & Officers?
Directors' and officers' management of the Year 2000 crisis may be attacked if their company suffers significant Year 2000 related losses. Shareholders in these circumstances may seek to hold them liable for failing to exercise prudent business judgement. Eight Year 2000 related lawsuits already have been filed, including seven class actions. If remediation projects fail , or the problem adversely affect the corporation for other reasons, directors and officers could face lawsuits alleging they breached their duty of care to the company. Fortunately, the "business judgement rule" can significantly reduce directors' and officers' exposure from Year 2000 litigation. To demonstrate the appropriate diligence, though, directors and officers should understand the business judgement rule and how it may affect a court's evaluation of their performance in handling Year 2000 issues. Below, we examine the business judgement rule, as it has been interpreted in the recent Caremark decision (In re Caremark International Inc. Derivative Litigation, (1996) 698 A2d 959 (applying Delaware law)), and then apply it to a hypothetical set of Year 2000 events.
What diligence is required by the business judgement rule and the Caremark decision?
Under the business judgement rule, directors and officers are bound by the fiduciary duties of loyalty and due care to ensure that the corporation is managed in the best interests of its shareholders. As codified in California, for instance, the business judgement rule requires that each director serve "in good faith, in a manner such director believes to be in the best interests of the corporation and its shareholders, and with such care, including reasonable inquiry, as an ordinary prudent person in a like position would use under similar circumstances." (See, California Corporation Code Section 309(a).) Although the rule ostensibly states an affirmative fiduciary duty, the body of law surrounding the business judgement rule provides one of the best defenses for directors and officers to claims that they should be held liable for corporate losses. The recent Caremark decision, teaches how reasonable decision making and information gathering procedures may shield directors from liability on claims that they breached their duty of care. These lessons are directly applicable to the Year 2000 context.
In Caremark, the complaint alleged that Caremark's directors breached their duty of care when Caremark suffered $250 million in losses due to alleged violations of health care provider laws (including Medicare). As alleged, the directors initially misinterpreted the laws to permit Caremark to enter into certain contracts with patient referral sources, then inadequately supervised employees who illegally, and against Caremark policy, paid kickbacks for patient referrals. Despite these allegations and the large losses, the court found that there was no substantial evidence to support the claims against the directors. The court explained that director liability for breaching the duty to exercise appropriate attention may arise in two distinct circumstances: 1) "Liability for directorial decisions;" that is, where directors make ill-advised or "negligent" decisions; and 2) "Liability for failure to monitor;" that is, where directors fail to act because of inattention.
As to the first circumstances (negligent decision), the Caremark court held that whether a court, after the fact, "believes a decision substantively wrong . . . provides no ground for director liability, so long as the court determines that the process employed was rational or employed in a good faith effort to advance corporate interests." The court noted that the case against the directors for violating this good faith decision standard was extremely weak because the Caremark board had been informed by experts that the company's practices were lawful. As to the second circumstances (inattention), the court explained that directors must "attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists." Again, the court determined that the evidence against the directors was weak because the company's information systems represented "a good faith effort to be informed of relevant facts." Significantly, Caremark's corporate information and reporting system utilized an internal audit plan to assure compliance with ethics policies, employed an outside auditor to evaluate its control structure, and informed the board about these and other efforts.
The business judgement rule and Caremark applied to the Year 2000. Put in the Year 2000 context, the Caremark decision highlights the need for directors and officers to establish: (1) an information gathering and reporting system that is reasonably calculated to bring important Year 2000 risks to their attention in a timely way; and (2) a decision making process (including appropriate expert consultation) that is reasonably calculated to lead to sound judgements regarding those risks. Because Year 2000 problems are pervasive and involve uniquely specialized and complex technological problems, many companies cannot rely on their regular procedures, but must create special Year 2000-focused programs to ensure that no key risk is overlooked and that informed decisions are made.
A director or officer might ask, "What if I have created a solid Year 2000 compliance program to address my company's risks - I have consulted experts and have committed substantial resources to the effort - but my company suffers Year 2000-related losses anyway? Won't these actions have been wasted?" Not likely. Not only will they have prevented even greater harm from occurring, they also will provide a solid defense to attacks on the company's management of the Year 2000 problem.
Consider the following hypothetical events: your pension fund manager (which assured you it was compliant) cannot execute trades due to a failure in its systems; you miss a key delivery deadline because your electronic data connection to an important trading partner is broken; you must delay the integration of a subsidiary acquired in 1995 because its data may corrupt your otherwise Year 2000 compliant database. As a result, your employees lose pension earnings, your company loses business and its stock drops in value. A lawsuit is filed alleging that the directors breached their duty of care to the company.
If, in this hypothetical, the directors had created a high-level Year 2000 committee, created a board-mandated remediation plan, conducted a thorough Year 2000 liability audit, and consulted experts, they will be able to use those efforts to show their due diligence. Under the analysis in Caremark, such efforts will be powerful evidence that the directors' decisions regarding Year 2000 risks were in good faith and that the directors met their duty of care. If, by contrast, the directors had failed to address Year 2000 risks in a rational way, they will be hard-pressed to demonstrate similar diligence and will face much greater risk of personal liability.
In sum, the Year 2000 liability risk to directors and officers is substantial. But, by ensuring that their company is taking appropriate action, directors and officers not only will help their company meet this crisis, they also will minimize their own personal exposure if Year 2000 losses occur..
(This article originally appeared in Corporate Officers and Directors Liability Litigation Reporter and Year 2000 Law Bulletin, June 1998 editions. Reprinted with permission. Copyright 1998, Andrews Publication)
Contingency Planning for Medical Devices: Human Know how
By L. Savannah Lichtman and Lisa A. Mango
In the last Millennium Bug Newsletter, we discussed the potential for medical device failures due to embedded chips that are not Year 2000 compliant. We listed some examples of the devices used in hospitals, laboratories or clinics that contain embedded chips--ventilators, defibrillators, pacemakers, intravenous drips, infusion pumps and dialysis machines, to name a few.
Many health care executives reluctantly have concluded that it is impossible to test all medical devices prior to January 1, 2000. Accordingly, at most health care delivery centers, triage has been and is being conducted, to identify the devices that absolutely must be tested and rendered compliant before the millennium arrives. Necessarily, this means that some medical devices will not be tested before they are put to the ultimate test -- use on a patient who needs the services performed by the medical device. What will health care providers do if the medical device fails under that circumstance (or in the process of being tested), leaving the entity unable to use the device for a period of time?
As part of an overall Year 2000 contingency plan, health care delivery centers need to develop protocols for delivering patient care without the assistance of particular medical devices. This includes identifying and implementing manual procedures that temporarily can replace certain medical devices and perform these functions. Of course, in this day of sophisticated technology, many devices perform functions that have no manual back-up, such as MRIs and CT scans. Health care providers, therefore, may consider this factor when developing testing plans for medical devices. To the extent possible, however, health care providers should focus on what functions can be performed without computerized technology in the event of a Year 2000 problem.
Believe it or not, before medical devices, many of the functions they perform were accomplished by human beings trained in the delivery of health care, e.g., doctors and nurses. For example, before ventilators, patients in need of oxygen were "bagged;" before mechanized infusion pumps and intravenous drips, particular dosages of medication were administered by hanging IV bags and letting gravity and the placement of a crimp determine the speed and amount of medication the patient received; before heart defribrillators, health care personnel used medications and performed CPR and cardiac massage on patients in cardiac arrest; and before the sophisticated monitoring equipment used in acute care units, health care personnel monitored patients by taking their vital signs, regularly observing the patients and tracking intake and output of fluids. While in most cases, the manual procedures may not be as effective and efficient as a medical device, they may be enough to save patients' lives or sustain them until a properly functioning device can be located.
Doctors and nurses generally have been trained in these procedures, but the availability of medical devices has meant that most of them have not been required to use their training in many years, if ever. John Neal (of Neal Laboratories, Inc.) in Seminole, Florida, made a cogent observation, analogizing this situation to that of riding a bicycle - once you learn to ride, you never forget how. However, Mr. Neal witnesses "from personal experience that if you do not ride a bicycle for 20 years and then climb back onboard, you are indeed able to ride. You are not, however, either swift or graceful until you have regained your 'touch', which takes many sessions of pedaling." Mr. Neal's point is that performing manual medical procedures on a patient requires at least a modicum of speed and grace on the part of a practitioner in order to perform the procedure properly. Certain procedures require a different type or potency of medication if they are performed manually instead of electronically. In all events, preliminary thought and planning are required to execute this alternative.
In addition, health care providers also should identify medications which, when used alone or in conjunction with manual procedures, may temporarily treat a medical condition regulated by a medical device. For patients who depend on implanted devices to regulate heart beats or monitor heart conditions, health care providers should consider and be prepared to use medications which control or help regulate heartbeats such as anti-arrhythmics.
Accordingly, contingency planning for medical device failures requires hospitals, surgery centers, laboratories and other providers to identify and stock proper medications, retrain personnel and refurbish predecessor (manual) equipment to the extent that it is available. Health care centers should survey each department to identify devices which contain embedded chips, determine what devices are essential, and for those which are essential, develop a contingency plan in anticipation of device failure or unavailability. Providers also may consider having additional staff on hand during the key transition time, as manual methods take more time and more hands. As part of an overall Year 2000 plan for the medical community, emergency dispatch and medical transport organizations should develop a contingency list of facilities which are Year 2000 capable for certain devices and procedures as this may determine where critical patients are first transported. After some testing has taken place, the medical community may wish to survey the availability of compliant devices in their area and arrange the pooling of certain devices into a common facility so that a full range of Year 2000 compliant equipment is available at one location. Medical practitioners should ensure that they are accepted to practice at facilities in their area which may have a greater number of compliant devices.
These tasks may be as daunting as the testing of medical devices with embedded chips, given the limited depth in staff at most hospitals and other health care delivery centers. However, they are necessary, given the possibility that a medical device on which a patient's life depends may fail.
As has become the mantra in the Year 2000 context: the time to begin the process is now . . . if not yesterday.
Year 2000 Disclosures Reveal Abysmal Performance
By Vito C. Peraino
On June 10, 1998, SEC Commissioner Laura Unger testified before Senator Robert Bennett's committee regarding the SEC's analysis of the disclosure of 1,023 publicly traded companies taken from a cross-section of industry. The analysis looked at companies that actually made disclosure.
We believe that this statement by the SEC is the most important analysis that has been compiled to date. Its message could not be clearer. This analysis is one of the most critical indicators to date regarding the year 2000 problem because the information provided is hard data derived directly from the public disclosures of public companies. Furthermore, unlike many of the analysis provided by consultants, the SEC has no bias or motivation to overstate the nature of extent of the problem.
The Statistics
Perhaps the most chilling statistic is the SEC's analysis of how many companies are past the assessment phase of their Year 2000 program. Those figures are as follows:
9% About to be started 56% Still in progress 27% Completed 8% No disclosure regarding assessment
Put another way, an astonishing 73% of companies have not begun their code remediation. To put that in perspective, well over 60%, and perhaps as much as 80%, of the time required to complete a Year 2000 effort is in the remediation and testing phases of a typical Year 2000 project. Assuming that these figures are accurate, they lead to one conclusion: we can expect to see major system failures among publicly traded companies. These companies simply do not have sufficient time to complete their projects.
Against these figures, the SEC reported that of these companies, 67% reported that the Year 2000 issues are not material as to remediation costs or operations. The obvious question that must be asked is, when 73% of companies have not started assessment, have assessment in progress or do not disclose anything about assessment, how could these companies possibly know that there will be no material impact on operations? One can only assume that the companies that have reports are providing their disclosures with an overly conservative bias, erring on providing the most pessimistic view of their Year 2000 effort.
These figures are even more grim when considered in light of the fact that the SEC only analyzed disclosures of companies that mentioned the Year 2000 problem. Again, the figures do not bode well. An amazing 30% of publicly traded companies' annual reports did not mention the phrase "Year 2000."
Of course, we do not know why these companies failed to disclose. Some will have a good faith belief that they do not fall within the SEC guidance. While it is possible that a small percentage of companies do not have a disclosable Year 2000 impact, it is difficult to imagine that this can account for a significant number of companies. Though we have long been critical of the less than clear guidance provided by Staff Legal Bulletin No. 5, it is unlikely that so many companies misinterpreted the statement.
Some companies will have failed to disclose because they are oblivious to the SEC guidance. Again, it is hard to imagine that this can account for a significant percentage of such a huge number.
Finally, it is possible that a significant number of companies chose not to disclose because their Year 2000 efforts are at ground zero.
Whatever the reason for the non-disclosure, the failure to disclose by such a massive number of companies gives rise to significant questions unrelated to the underlying rationale employed by these companies in making their decision not to disclose. Will mutual fund managers be called to task for continuing to hold stocks of companies that made no disclosure at all? Will banks with fiduciary obligations to their beneficiaries be discharging those obligations if they continue to hold stocks of non-disclosing companies? Will the SEC aggressively enforce this guidance against the companies that have failed to disclose? The impact of non-disclosure may be one of the hidden,but potent, time bombs embedded within the first round disclosures.
Where is the SEC Going?
Ms. Unger's testimony also provided a helpful indication of the path the SEC is taking regarding the Year 2000.
The SEC points out that because the Year 2000 problem is by its nature forward looking, companies should avail themselves of the forward looking safe harbors of the Private Securities Litigation Reform Act of 1995. We would expect this to be universally followed advice for the next round of disclosures.
Ms. Unger also testified that the SEC is targeting next year's annual reports as the best opportunity for a meaningful disclosure and that it will soon be clearing up an apparent misconception that a Year 2000 disclosure must be made only if the remediation costs are material. Pertinant excerpts from her testimony follows:
"The Commission has targeted the annual reports that the public companies will file during the next year as the best opportunity to gain meaningful disclosure sufficiently in advance of the next millennium. In the near future, Chairman Arthur Levitt will mail a letter to chief executive officers of public companies to remind them of the significance of the Year 2000 issue and the Commisioner's guidance regarding companies' Year 2000 disclosure obligations. The Commissioner also intends to publish an interpretive release in the near future that sets forth its views regarding the application of its disclosure requirements to the Year 2000 issue.
The interpretive release would formalize current staff guidance and, among other things, remedy the apparent misconception that the Year 2000 issue is material, and therefore must be disclosed, only if the cost of the remediation are material. The interpretive release would clarify that companies must, in addition to considering costs, determine materiality based on the potential consequences of inadequately resolving their Year 2000 issues. Further, the Commission's interpretive release may form the basis of Commission enforcement actions against companies that fail to disclose material information regarding their Year 2000 issues."
Conclusion
We recommend for everyone's study the full text of Ms. Unger's testimony and the full data provided by the SEC. We believe that the study is a clear indication of the state of the Year 2000 readiness among America's biggest companies. Her testimony can be found at Click Contact Link Take the time to read it.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
