ESG and the new mandate for corporate governance

For directors and officers of public companies, the growing importance of environmental, social and governance (ESG) concerns has dramatically altered the scope of their responsibilities. It’s not enough to reach profitability targets and strategic goals. Although those objectives remain key, public companies are also under greater scrutiny to establish and disclose their ESG goals and progress — in other words, they are being challenged to take accountability for financial performance by shareholders, as well as non-financial interests and risks by a variety of constituents, commonly referred to as “stakeholders.”¹

Today, businesses are expected to balance their return on investment for investors with important and worthy non-financial considerations impacting the planet and its people — or, to put it more simply, to be good corporate citizens.

From this perspective, ESG encompasses the broad array of non-financial considerations that a company and its management are accountable for, and not only to a company’s shareholders. Stakeholders now include employees, customers, suppliers, governments and the general public.

The growing prominence of ESG dramatically impacts how directors and officers of public companies define and carry out their responsibilities, beginning with a new corporate governance framework that now must consider this greater group of stakeholders, as well as an evolving regulatory landscape.

What is ESG?

Although ESG considerations are not new for many public companies, what has changed is the delineation and organization of these topics and issues into a broad framework harnessed by investors, regulators, media and the public at large to accelerate these goals.

Among the driving trends challenging public boards this year (and beyond) are more assertive, demanding investors; higher standards for attention to climate change and sustainability; and a new urgency regarding diversity, equity and inclusion (DEI) within workforces and executive boards.²

This has been reflected in the 2021 proxy year: Social and environmental proposals increased to 37% and 13%, respectively, from 2020, while governance proposals held steady at 37%.³ In addition, the always-evolving umbrella of general governance today includes such hot-button topics as cybersecurity and data privacy, which have also been a focal point for both investors and governmental bodies, including sweeping new regulations and enforcement mechanisms.

Let’s look a little closer at each segment. Generally speaking, each ESG category includes both universal topics (e.g., sustainability, DEI) and topics that are industry-specific or company-specific:

• Environmental criteria encompass a company’s role as a steward of the planet. Each organization’s environmental impact will vary. Concerns may include a company’s energy use, waste management practices, handling of air and water pollution, conservation of natural resources, raw material sourcing, and deforestation. This category also includes consideration of whether and how climate change and severe weather might impact the company’s business. Compliance with environmental regulations also plays a role. The issue of sustainability is generally regarded as impacting most companies, as evidenced by the fact that 92% of S&P 500 companies published sustainability reports in 2020.⁴
• Social criteria embrace a company’s internal and external relationships and are often represented by DEI principles. These include, but aren’t limited to, racial and gender equality, employee safety and engagement, human rights and social justice issues. A DEI lens can be focused on an organization’s principles, practices, approaches and monitoring mechanisms. Social concerns often have universal application, though some may be more industry-specific than others.
• Governance criteria within ESG are a broad catch-all. They are typically understood to involve the organization’s leadership, executive pay, audits, internal controls and shareholder rights.⁵ The best practices for optimal governance could be hotly debated for weeks, but four basic principles include accountability, transparency, fairness and responsibility.⁶

Certain hot-button topics within each of the ESG categories demand the attention of directors and officers and Directors & Officers (D&O) insurance providers because they represent perils that may increase the frequency or severity of existing D&O claim exposures — namely, securities class actions, shareholder derivative actions and regulatory matters.

What are the traditional ESG D&O exposures?

There are two principal ways in which ESG may result in a D&O lawsuit: (1) event-driven litigation following an ESG-related event, and (2) disclosure-related litigation concerning an ESG topic. As discussed later, corporate governance plays a critical role in identifying and managing critical risks to avoid or minimize the potential for adverse events, and helping ensure compliant and accurate disclosures on both mandatory reporting topics and voluntary ESG-related communications.

Event-driven litigation: The increasing prominence of ESG topics coincides with the now-common litigation risk that companies face whenever there is an adverse event: so-called “event-driven” litigation. This type of litigation tends to follow a headline that purportedly reveals adverse facts or allegations about a company’s business practices or products. While many have questioned the merits of these lawsuits, these types of cases are growing in prominence, and the litigation and settlement costs can be substantial.⁷ A key factor in many of the event-driven cases filed to date is that they involved a “material” risk to the company. That is, the adverse event involved an aspect of the company’s business that was “intrinsically critical to the company.”⁸

An adverse event may result in a securities class action (SCA) if shareholders are harmed, a shareholder derivative action if the company is harmed or suffers losses, or both. If the adverse event concerns a “material” risk or a “mission critical” aspect of the company’s business, the directors and officers will likely face a difficult hurdle to early dismissal. That is because both the U.S. securities laws and Delaware corporate law expect — and require — companies to proactively manage their material risks. (Over half of S&P 500 firms are incorporated in Delaware and consequently must follow that state’s laws, which subsequently wield influence throughout the business world.)⁹ The proliferation of event-driven derivative litigation coincides with a recent trend where derivative settlements have included significant monetary components and plaintiff lawyer fee awards.¹⁰ One study found that the average settlement for certain event-driven litigation was more than three times that of other cases.¹¹

Disclosure-related litigation: Robust and accurate disclosure has always been a cornerstone of ensuring the integrity of public equity markets. The securities laws require public companies to regularly provide reliable, timely and accessible information about significant corporate matters. We have seen securities litigation based on alleged misstatements in corporate filings with the U.S. Securities and Exchange Commission (SEC) that span a broad array of topics, including those now contained within the ESG rubric, most commonly relying upon Section 11 of the Securities Act and Section 10(b) of the Securities Exchange Act. In recent years, plaintiff lawyers have utilized new mechanisms to expand the scope of corporate communications that could form the basis of a disclosure claim. For instance, many recent lawsuits based on board diversity filed against public companies allege purported violations of Section 14(A) of the Exchange Act due to alleged misstatements in Corporate Social Responsibility reports and similar sources.

As with event-driven litigation, disclosure-related litigation typically manifests as an SCA if investors are harmed or a shareholder derivative lawsuit if the company is harmed. Incomplete or misleading disclosures may also trigger regulatory investigations and proceedings.

As stakeholders continue to pressure companies to take steps to develop, improve and report on ESG initiatives, it is critical for public company directors and officers to respond accordingly and responsibly address these challenges. For example, the SEC is including four ESG areas in its 2022 regulatory agenda: climate change, board diversity, human capital, and cyber risk governance.¹²

Given these challenges, let’s take a closer look at the three pillars of ESG and the potential impact of these risks on directors and officers.

Environmental governance: The growing challenge of a changing planet

Environmental risks continue to surface on boardroom agendas. Whether a company’s environmental impact is direct, indirect or remote, directors and officers need to consider how environmental risk may create management liability exposures. Consider:

• In March 2021, the SEC announced the creation of the Climate and ESG Task Force in the Division of Enforcement. Less than a year later, the Task Force issued its first enforcement action, challenging statements in a company’s sustainability reports after a dam operated by the company collapsed, releasing toxic waste into surrounding areas.¹³
• In March 2022, the SEC proposed rule changes that would require public companies to include certain climate-related disclosures in their registration statements and periodic reports, including information about climate-related risks that are reasonably likely to have a material impact on their business, results of operations or financial condition, and certain climate-related financial statement metrics in a note to their audited financial statements.¹⁴ These rule changes would require companies to disclose information about the governance of climate-related risks and relevant management processes.
• A consortium of 680 financial institutions from 28 countries have signed the Carbon Disclosure Project’s campaign to promote reporting on climate change, deforestation and water usage.¹⁵
• The CEO of the world’s largest asset manager announced last year that his firm would vote against management and board directors who are not making sufficient progress on sustainability measures.¹⁶
• A Harvard Business Review article noted research that showed a disconnect between directors and their organizations related to environmental concerns, with 72% of boards reporting their companies would reach their climate goals, even though 43% of those companies had yet to establish a carbon-reduction target.¹⁷
• In a groundbreaking decision, a court in the Netherlands ruled last year that a global oil company must reduce its carbon emissions by 45% by 2030. This is the first time that a company has been compelled to comply with the Paris Climate Agreement.¹⁸
• In June 2021, a small activist investor waged a successful proxy fight to install three directors on the board of a global energy giant with the stated goal of accelerating the company’s efforts to reduce its carbon footprint.¹⁹

Every company makes some form of impact on the environment, and therefore has some level of environmental risk, and directors and officers have to recognize this issue when evaluating their business strategy and risk management.

Environmentally driven SCAs: Several SCAs have arisen from environmental issues in recent years.

The U.S. Supreme Court has held that an adverse event can be the basis for a securities fraud class action.²⁰ Consequently, an adverse environmental event that corresponds with a drop in stock prices may result in an SCA. As with any other type of SCA, a viable event-driven SCA must allege a material misstatement, among other elements. A review of SCAs arising from environmental events reveals that plaintiffs pursuing these claims generally cite statements concerning safety measures, risk management or the company’s compliance with the law as actionable misstatements or omissions.

While the merits of event-driven SCAs continue to be hotly debated, the potential exposure presented by these cases is apparent: A study of SCAs filed between 2010 and 2015 found that the average settlement for environmental event-driven SCAs was $26.4 million.²³

Environmentally driven shareholder derivative litigation over safety and risk mitigation: There have also been several shareholder derivative lawsuits asserting claims for breach of fiduciary duty following an environmental event, or in connection with climate change more generally. Even if the company’s stock price does not fall following reports of an environmental event, the company may face shareholder litigation brought derivatively on behalf of the company.

A shareholder derivative action alleging breaches of fiduciary duties in connection with an environmental event will likely challenge the company’s internal controls and reporting with the benefit of 20/20 hindsight.

Mandatory environmental disclosure rules on the horizon

On June 16, 2021, the U.S. House of Representatives passed the ESG Disclosure Simplification Act of 2021.²⁴ If it becomes law, the legislation will require public companies at shareholder meetings to disclose (1) a clear description of the company’s views about the link between ESG metrics and long-term business strategy, and (2) a description of any process the company uses to determine the impact of ESG metrics on its long-term business strategy. The preamble of the proposed bill explains the legislation is intended “(to) provide for disclosure of additional material information about public companies,” which suggests Congress views ESG metrics as “material” under the securities laws.

Even if the legislation does not pass the Senate, the SEC is moving forward with ESG disclosures and reporting requirements on a parallel track. As the cases described above show, environmental exposures can be far-reaching — from greenhouse gas emissions to oil spills to PFAS (aka “forever chemicals”) contamination. With new legislation and regulation on the horizon, directors and officers will be asked to evaluate, manage and disclose environmental risks amid a shifting legal landscape.

Social governance and the increasing push for DEI

Social governance, driven by diversity, equity and inclusion (DEI), needs to be uppermost on directors’ minds. Social considerations such as racial and gender equality and social justice are at the forefront of a recent litigation trend, where shareholders have challenged corporate statements concerning DEI.²⁵

The litigation demonstrates that directors and officers of public companies face the risk of personal liability even if they previously identified ESG goals and implemented measures to monitor and achieve those goals.

Navigating the evolving DEI landscape: The DEI risk landscape is shifting, as evidenced by these recent calls to action:

• Shareholder proxy firms have emphasized board diversity as a key consideration when evaluating director nominees.²⁶
• Government pension plans are beginning to address board diversity as important criteria to their investment decisions.²⁷
• The SEC adopted NASDAQ’s new listing rules related to board diversity and disclosure.²⁸
• Global consulting firm McKinsey’s series of reports on DEI, including the most recent, conclude that diverse companies are more likely to outperform less diverse peers on profitability.²⁹
• One of the largest investment banks announced that it will only underwrite IPOs in the U.S. and Europe of private companies that have at least one diverse board member.³⁰
• California enacted legislation requiring publicly traded companies headquartered within the state to have at least one director from an underrepresented community by the end of 2021, and will require larger boards to have two to three by the end of 2022.³¹ Washington passed a similar mandate on Jan. 1, 2022. Several other states are considering similar legislation. These statutes face legal challenges in the courts and a California court has deemed the California statute unconstitutional.³²
• One report indicates that at least half of the 100 largest public companies domiciled in the U.S. have committed to disclosing DEI metrics.³³

The risk of DEI-driven shareholder derivative action: If shareholders believe companies have either misstated DEI information or overstated their commitment to DEI goals, they may file a lawsuit seeking to hold the directors and officers of the company liable for the alleged misstatements and for the purported harm sustained by the company.

Shareholder derivative litigation often follows reports of an adverse event, which, the shareholder will claim, should have been avoided or mitigated through good corporate governance and adherence to fiduciary duties. If the event results in significant liability or losses, a derivative suit generally will allege that the board failed to take appropriate steps to prevent the liability or exposure.

There has already been a wave of shareholder derivative litigation alleging that directors and officers are breaching their fiduciary duties by not meeting their stated intentions of increasing gender and racial diversity on the board. Some lawsuits also address a lack of diversity and other ESG-related issues affecting a company’s broader workforce, which also may impact profitability.

Since July 2020, several derivative shareholder lawsuits alleging breaches of fiduciary duty were filed against the boards of public companies for allegedly failing to live up to their diversity goals, which included diverse representation on their boards of directors.³⁴ The lawsuits generally refer to the same corporate statements and data, contain similar allegations, assert similar causes of action and seek similar relief.

In 2021, the first court to rule on a DEI case granted the defendants’ motion to dismiss based on two cornerstones of corporate law: (1) the requirement that a shareholder make a pre-suit demand on the board before commencing litigation, and (2) a forum selection provision designating Delaware Chancery Court as the exclusive forum for shareholder derivative litigation. The court also dismissed plaintiff’s claim for violations of Section 14(a) of the Securities Exchange Act, reaffirming that aspirational statements in the proxy statements are not actionable.³⁵ Despite these rulings, however, DEI litigation against other companies is ongoing.

To the extent that any DEI complaints are not resolved at the motion-to-dismiss stage, the lawsuits may very well generate significant expense. DEI claim trends also demonstrate how ESG issues can give plaintiff firms the ability to generate copycat lawsuits that may be aimed across a broad range of companies. Another less obvious but key consideration for directors and officers is that these and similar lawsuits may force the board to adhere to a plaintiff’s goals and timeline, rather than their own DEI goals and initiatives.

Governance: An ESG category and so much more

The topic of governance is somewhat unique. As an ESG category, it is a broad catch-all category that includes cybersecurity and product safety, with a definition and scope differing from one source to another. Corporate governance is more than just an ESG category; it is the manner in which the board manages all risks presented by the company’s operations. If ESG is the framework of non-financial risks that may have a material impact on the company’s stakeholders, corporate governance is the process by which the company’s directors and officers manage those risks.

The first step in that process is the composition of the board itself. A good board will be comprised of a majority of independent directors, including those with experience or even expertise in the company’s key areas of operations. A second related measure is the creation of a committee (or several) charged with risk oversight of the company’s “mission critical” operations and risks. Thirdly, the board should have a formal process in place to (1) identify key risks faced by the company; (2) inform the board of important risk issues or “red flags”; and (3) proactively address any risk oversight lapses or deficiencies.

Speaking of risks, it’s impossible to discuss governance in 2022 without addressing the significant and global cyber threats and the sweeping proposed rules from the SEC, which call for companies to report cybersecurity breaches in tandem with the actions that their boards and executive management are doing to mitigate cyber risks.³⁶ A recent article from the World Economic Forum notes, “Specifically, the SEC plans to ask: Who on the board is informed of cyber risk issues; how they receive that information; how often the board considers cyber risk; and how cyber risk is integrated into business strategy, risk management, and financial oversight.”³⁷

Strong governance helps provide protection from all manner of risks, including the event-driven litigation cited throughout this article. Recent shareholder derivative litigation demonstrates that boards of directors are increasingly vulnerable to these types of lawsuits, even if there has been neither an adverse event nor tangible (or even hypothetical) loss. Merely failing to undertake certain measures — or to implement existing measures more swiftly — has, so the shareholder and their lawyers will claim, caused the company harm and should subject the board and senior management to legal liability.

In certain jurisdictions, the company may not be permitted to indemnify the directors and officers if a settlement or judgment includes a monetary component. In addition to monetary and regulatory consequences, companies also need to consider the reputational risks posed by ESG shortcomings, perceived or actual.

Boards that heed best practices can help protect themselves in weathering event-driven litigation risks.

Takeaways for directors and officers

All public companies are operating within an evolving ESG landscape. Challenges will undoubtedly arise as directors and officers identify, develop and strive to meet their respective ESG goals, and positively respond to a changing societal mindset.

The litigation trend demonstrates that ESG decisions and disclosures will be challenged in court and that law firms representing shareholders will seek to compel substantial concessions, reforms and monetary commitments. These and future ESG lawsuits could potentially put the personal assets of a company’s directors and officers at risk. In addition to monetary compensation from the targeted corporations, recent lawsuits have sought to replace board members, recover their compensation and revise incentive plans.

Some points for directors to consider to responsibly address ESG:

Material considerations: Given the wide breadth of ESG issues, boards have to identify and prioritize which are the most relevant, or material, to their financial goals. These are the material considerations that may impact a company’s value drivers, earnings capacity, competitive positioning and long-term value for shareholders.

Material considerations can also include factors that have a significant impact on society or the environment. Material ESG issues can be viewed as those that may affect an entity’s business operations, cash flows, legal or regulatory liabilities, access to capital or reputation, as well as relationships with key stakeholders, the environment, or society more broadly — either directly or through its value chain (both upstream and downstream).

Although hundreds of ESG criteria might apply, only a handful of critical ESG factors usually impact the future success of a particular company’s business model in practice. Moreover, what are considered “material” factors will vary significantly across industries. While some ESG topics are material to all industries (e.g., corporate governance and diversity), others require an industry-specific evaluation.

Under securities laws, materiality is assessed by evaluating whether a reasonable investor would have viewed the information “as having significantly altered the ‘total mix’ of information made available.”⁴² A key issue at the motion-to-dismiss stage of event-driven SCAs is whether the challenged statements are “material,” or sufficiently specific for an investor to reasonably rely upon. General statements about safety and risk management, defendants will assert, are aspirational or too vague to be considered material. In many cases, the defendants seek to have the SCA dismissed because broad and generic statements about safety, risk mitigation and compliance with the law — similar to those noted above — are exaggerated or misleading and, therefore, not actionable.

Are ESG concerns being sufficiently prioritized? Obviously, companies that have not put ESG issues at the forefront of their agendas need to do so. But every organization should examine its level of commitment. Here are some questions to ask, both from a general ESG perspective and drilling down to the individual objectives of each pillar:

• Is there a committee that owns your company’s ESG statements and disclosures?
• Who monitors progress and how is it tracked?
• Does the incentive plan incorporate achievement of ESG goals?
• Does the company’s governing document include a forum selection clause?
• Are these goals published?
• What efforts have been made to identify material ESG risks and opportunities?
• Which ESG issues does the board proactively engage on?
• Is the board equipped to oversee and address material ESG issues?
• Is the board updated by management on key ESG matters and, if so, how often?
• Have ESG considerations been embedded within significant strategic decisions?

Aspirational goals and their attendant risk: As boards of public companies find themselves increasingly compelled to proactively manage ESG risks and exposures, there is also a heightened expectation that their organizations will establish and meet aspirational goals. Consequently, directors and officers could be held accountable for a company’s actual or perceived ESG underperformance relative to lofty ambitions, the company’s peers, or both. In addition, statements that imply significant actions are being undertaken, whether in articles or pronouncements on a company’s website, can be held against organizations whose actions fail to match their public statements.

Make sure your business lives up to any ESG claims it makes and that those claims are specific, accurate, and supported by credible and up-to-date evidence independently verified and communicated in a way the public can easily understand.

While some courts have rejected attempts to recast subjective assessments that refer to prioritization or improvement of safety procedures and risk management, aspirational statements coupled with specific representations about then-existing practices have been deemed actionable. Moreover, courts have noted that even generic statements about safety and sustainability may be material if they are “made repeatedly in an effort to reassure the investing public.”²¹

Are you prepared for a crisis? If the past few years of social, health and financial upheavals have taught us anything, it’s that a board cannot be expected to anticipate every crisis that occurs. But good governance does mean having a team prepared to respond to and recover from a crisis. Some questions to ask, from Deloitte’s “Crisis Management” checklist:⁴³

• Do you have a Crisis Management Organization plan that’s documented — and consistently referred to?
• Do you conduct at least one board-level crisis exercise each year?
• Should a crisis occur, is there a communication plan for stakeholders and key investors?
• What’s your broader disclosure plan and is it still relevant?

Corporate minutes: They can help, and hurt. Another practice that should not be overlooked is the attention paid to corporate minutes. “Well-prepared minutes can substantially benefit your company and its directors, while poorly prepared minutes can be perilous,” notes The National Law Review.⁴⁴ Most states require them, but minutes also can “help confirm the corporation’s separate existence for liability-shielding purposes,” the article states. It also notes that corporate minutes were key in defeating several prominent shareholder challenges, while also reminding directors “minutes that document inadequate decision-making processes can be used as a weapon by plaintiff attorneys.”

Managing risk and protecting directors: Regardless of a company’s size, industry or location, every board may be vulnerable to ESG claims against its directors and officers. D&O insurance coverage that was adequate 10 years ago may not be sufficient today.

From a risk management perspective, this emerging ESG framework presents new perils that may increase the frequency or severity of existing D&O claim exposures, namely, securities class actions, shareholder derivative actions and regulatory matters.

All public companies are operating within an evolving ESG landscape of regulatory and litigation trends. ESG lawsuits could potentially put the personal assets of a company’s directors and officers at risk, based on the potential lack of indemnification from the corporation, even for settlements.

D&O liability insurance protects the personal assets of directors and officers. It’s critical to review the scope of your D&O policies to help ensure optimal protection to the individuals tasked with steering your organization successfully into the future.

Learn more about Zurich North America’s Directors and Officers coverage and other Management Liability solutions.

 

References

1. “Business Roundtable Redefines the Purpose of a Corporation to Promote ‘An Economy That Serves All Americans.’ “ Business Roundtable. 19 August 2019.

2. Fields, Richard, Rusty O’Kelley III and Laura Sanderson. “2022 Global and Regional Trends in Corporate Governance.“ Harvard Law School Forum on Corporate Governance. 21 February 2022.

3. Gibson Dunn. “Shareholder Proposal Developments During the 2021 Proxy Season.” 19 August 2021.

4. “G&A Institute publishes ‘2021 Sustainability Reporting in Focus’ Trends Report.” Governance and Accountability Institute. 1 December 2021.

5. Environmental, Social, and Governance (ESG) Criteria. Investopedia website. Accessed 23 February 2022.

6. Chen, James. “Corporate Governance.” Investopedia. 4 July 2021.

7. Kent, Sarah. “BP Agrees to Pay $175 Million to Investors Over Deepwater Risks.” The Wall Street Journal. 3 June 2016.

8. Seidel, Martin L., et. al. “Recent Delaware Decision Highlights Heightened Board Oversight Requirements in Caremark Cases.” Holland & Knight. 30 September 2021.

9. “About Delaware’s General Corporation Law.” Delaware.gov. Accessed 12 May 2022.

10. LaCroix, Kevin. “L Brands Establishes $90 Million Fund in Sexual Misconduct Derivative Suit Settlement.” The D&O Diary. 2 August 2021.

11. Mezrahi, Nessim and Stephen Sigrist. “Limiting the Severity of Deficient Securities Fraud Claims.” Law360. 8 January 2021.

12. Sullivan, Kristen and Maureen Bujno. “Navigating the ESG Journey in 2022 and Beyond.” Deloitte. January 2022.

13. “SEC Climate and ESG Task Force Issues First Enforcement Action.” The National Law Review. 7 May 2022.

14. U.S. Securities and Exchange Commission. “SEC Proposes Rules to Enhance and Standardize Climate-Related Disclosures for Investors.” 21 March 2022.

15. “Companies Requested by CDP’s Capital Markets Signatories.” CDP Global. Web. Accessed 25 April 2022.

16. Sorkin, Andrew Ross. “BlackRock Chief Pushes a Big New Climate Goal for the Corporate World.” The New York Times. 26 January 2021.

17. Soonieus, Ron, Louis Besland, and Alice Breeden. “10 Ways Boards Can Act on Sustainability in 2022.” Harvard Business Review. 13 January 2022.

18. “Shell: Netherlands Court Orders Oil Giant to Cut Emissions.” BBC.com. 2021 May 26.

19. Phillips, Matt. “Exxon’s Board Defeat Signals the Rise of Social-Good Activists.” The New York Times. 9 June 2021.

20. Matrixx Initiatives, Inc. v. Siracusano, 563 U.S. 27 (2011); Omnicare Inc. v. Laborers Dist. Council Constr. Indus. Pension Fund, 575 U.S. 175. (2015).

21. In Re Vale S.A. Securities Litigation, at 21; Exide Technologies, 13cv260. 23 March 2017.

22. Kahn, Robert. “Plains Pipeline.” Courthouse News Service. 17 February 2019./p>

23. Strauss, Emily. “Is Everything Securities Fraud?” UC Irvine Law Review (forthcoming), Duke Law School Public Law & Legal Theory Series No. 2021-04, updated 31 December 2021.

24. H.R. 1187. Corporate Governance Improvement and Investor Protection Act. Rep. Vargas, Juan (D-CA-51). Congress.gov. Accessed 9 May 2022.

25. Greenwald, Judy. “More Firms May Be Exposed to D&O Suits Over Diversity.” Business Insurance. 14 September 2020.

26. Bell, David A., Dean Kristy and Ron C. Llewellyn. “Proxy Advisors Update Voting Guidelines for 2022 Focusing on Board Diversity, Climate and ESG Oversight.” Fenwick. 9 December 2021.

27. “Pension Funds Lead the Way in Prioritizing Diversity in Investing.” Morgan Stanley website. 20 October 2021.

28. Lee, Allison Herren and Caroline A. Crenshaw. “Statement on Nasdaq’s Diversity Proposals – A Positive First Step for Investors.” U.S. Securities and Exchange Commission. 6 August 2021.

29. Dixon-Fyle, Sundiatu, et.al. “Diversity Wins: How Inclusion Matters.” McKinsey & Co. 19 May 2020.

30. Board Diversity Initiative. Goldman Sachs website. Accessed 9 May 2022.

31. Ehisen, Rich. “Will More States Set Board Diversity Mandates?” LexisNexis Insights. 13 January 2022.

32. Milstead, Virginia. “Recent Ruling on Board Diversification.” Harvard Law School Forum on Corporate Governance. 8 May 2022.

33. Vaghul, Kavya. “Just Over Half of the Largest U.S. Companies Share Workforce Diversity Data as Calls for Transparency from Investors and Regulators Grow.” Just Capital. September 2021.

34. Clark, Donal, Eric C. Scheiner and Louise Cheney Lowe. “Why D&I Matters to D&O: Exposures from Diversity-Driven Lawsuits.” Kennedys Law. 2 March 2021.

35. “Court Dismisses Board Diversity Suit Against Facebook Directors.” Paul, Weiss. 24 March 2021.

36. U.S. Securities and Exchange Commission. “SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.” 9 March 2022.

37. Dobrygowski, Daniel. “How to Prepare Company Boards for New Cybersecurity Rules.” World Economic Forum. 23 March 2022.

38. Hayes, Peter. “Equifax’s $149 Million Data Breach Settlement OK’d.” Bloomberg Law. 27 February 2020.

39. “SEC Charges The Cheesecake Factory for Misleading COVID-19 Disclosures.” U.S. Securities and Exchange Commission. 4 December 2020.

40. “Wells Fargo: Securities Class-Action Settlement Approved by Court.” Business Wire. 19 December 2018.

41. “$320M Wells Fargo Derivative Suit Settlement Granted Final Approval.” Lieff Cabraser Heimann & Bernstein website. 8 April 2020.

42. “United States Supreme Court Reiterates Materiality Standard for Securities Fraud Claims Under Rule 10b-5.” Sheppard Mullin Corporate & Securities Law Blog. 29 March 2011. Accessed 25 April 2022.

43. “On the Board’s Agenda: Crisis Management.” Deloitte Global Center for Corporate Governance. September 2019.

44. Najder, Kenneth J. “The Role of Minutes in Protecting Companies and Their Directors.” The National Law Review. 16 September 2020.

The information in this publication was compiled from sources believed to be reliable and is intended for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy.