As the federal government gets more determined about prosecuting books and records and internal controls violations, gaps in directors and officers liability cover become apparent. Rodger Laurite, Mark Weintraub and Grady Kellogg of Lockton Financial Services discuss the regulatory trend and how companies can guard against it.

The U.S. Securities and Exchange Commission, like other regulators, has become increasingly aggressive in the past few years. One aspect of that has involved the prosecution of “books and records” and “internal controls” violations to assess costly fines when companies are found liable.

According to section 13(b) of the Securities Exchange Act of 1934, every issuer must:

• Keep “books, records and accounts” that accurately and fairly reflect the transactions and dispositions of the issuer's assets.

• Maintain and devise a system of internal accounting controls to provide reasonable assurance that transactions and assets are adequately recorded and in accord with management's authorization.

As straightforward as these requirements seem, they contain two critical components that expand liability that's not readily apparent from the section's language — the broad scope of what constitutes “books and records” and the low level of fault needed to be found liable.

On top of this, most companies subject to SEC oversight mistakenly believe such enforcement actions are covered by their directors and officers liability insurance, which protects directors and executives from suits arising from mistakes made in good faith but not criminal actions.

Books and records

When section 13(b) was passed in the late 1970s, it made sense: to assure that financial disclosures are correct, books and records supporting those disclosures also must be correct. But what constitutes “books and records” has gone far beyond accounting files to include a wide variety of documents including invoices, third-party contracts, meeting minutes and even general business correspondence.

Courts, apparently reluctant to curb regulatory power, treat books and records as if they were discovery, the pretrial fact-finding process, and fair game no matter how remote the relationship to financial reporting.

It should also be noted that SEC “books and records” violations should not be confused with Section 220 of the Delaware General Corporation Law “books and records” demands made by corporate shareholders, often as a precursor to an investor lawsuit. Section 220 demands are either typically not covered by a D&O policy or typically subject to a low sublimit of $250,000.

Blame threshold

The level of fault needed to violate section 13(b) borders on strict liability. Scienter (the intent or knowledge of wrongdoing) is not required; nor is there any materiality threshold. This means that any noncompliance, no matter how small, violates the law.

Indeed, companies are frequently subjected to the SEC's second-guessing that controls are adequate. These problems were on stark display in a BHP Billiton Ltd. enforcement action in 2015.

BHP instituted a promotional program that hosted customers, including representatives of state-owned enterprises, at the 2008 Olympics in Beijing. As part of that permissible program, BHP used internal application forms to invite these individuals.

The SEC did not allege any bribery occurred or was even contemplated, but found that the use of this form violated section 13(b) because it did not contain the necessary detail to ensure compliance with the Foreign Corrupt Practices Act.

Because the SEC didn't allege intent to violate the FCPA or say how this internal form affected BHP's accounts or financial statements, BHP was fined $25 million, in essence, for imperfect draftsmanship of an internal document that had no bearing on its financial reporting.

And BHP is only one example of the SEC using section 13(b) aggressively.

On average, approximately half the FCPA cases brought by the SEC since 2011 have found companies violated section 13(b), though no bribery or quid-pro-quo behavior was alleged or found.

Section 13(b) violations are not limited to FCPA matters. Because of the flexibility of section 13(b) and its near-strict liability nature, it's an important weapon in the SEC's arsenal. The SEC frequently asserts it when alleging accounting fraud, even when well-grounded accounting positions result in a books and records or internal controls-based enforcement action. For example, the SEC is investigating a Boeing Co. accounting position as potentially violating section 13(b) and has penalized other public companies for alleged accounting wrongs.

And the SEC is not alone in such actions. The U.S. Department of Justice recently appointed Hui Chen, its in-house compliance expert, to help its Fraud Section test the effectiveness of compliance programs and determine whether they are “paper programs” or enforceable.

Current coverage

Because books and records and internal controls violations are prosecuted by the SEC, policyholders generally believe that they are covered for such enforcement actions, but policy wording varies and often leaves out such claims. Many policies limit entity coverage for regulatory proceedings to only those actions also naming an individual.

While the SEC has recently emphasized holding officers and directors more accountable, such language can leave the entity uncovered until a specific individual is named, which often does not happen. Most insurers also restrict coverage for the entity to claims involving a purchase or sale of the company's securities.

In other words, if the alleged securities violation does not concern the buying or selling of the entity's own stock, there is no coverage. As demonstrated, section 13(b) violations can arise from circumstances far beyond a sale of securities.

Now more than ever, policyholders must understand the breadth of their D&O coverage, as enhancements to forgo coverage restrictions are not always achievable or may come with additional premium. But as insureds continually work with their advisers and brokers to design and perfect their insurance programs, they will gain a deeper understanding of their exposures and be in a better position to avoid unpleasant surprises when faced with a claim.

Rodger Laurite is senior vice president-unit manager at Lockton Financial Services. Contact him at 404-460-0770 or rlaurite@lockton.com.

Mark Weintraub is vice president-insurance and claims counsel at Lockton Financial Services. Contact him at 404-460-0772 or mweintraub@lockton.com.

Grady Kellogg is vice president-account executive at Lockton Financial Services. Contact him at 704-556-4143 or gkellogg@lockton.com.