The ACE Report is a periodic publication distributed to policyholders and other interested parties as a service by ACE. Its purpose is to address insurance concerns worldwide, as well as present timely information on current developments in liability issues surrounding directors and officers. The Editor of The ACE Report is Dan A. Bailey, a lawyer at Arter & Hadden in Columbus, Ohio, USA and a respected voice in the complex area of directors and officers liability.

Although prepared by professionals, this publication should not be utilized as a substitute for legal counseling in specific situations. Readers should not act upon the information contained herein without professional guidance.

Year 2000 D&O Exposures: The Noose Tightens
As explained in the July 1997 ACE Report, directors and officers face potentially catastrophic liability exposure if their company incurs significant losses as a result of the well-publicized Year 2000 ("Y2K") problem. The area of greatest liability concern for D&Os in this context is shareholder class action lawsuits alleging that the directors failed to make timely, accurate and complete disclosure of the company's Y2K readiness, risks and consequences. Recent action by the U.S. Securities and Exchange Commission ("SEC") raises that exposure to a significantly higher level of concern.

Despite past efforts by the SEC, Y2K disclosures by companies to their shareholders have been surprisingly inadequate. According to a recent survey conducted by a Year 2000 task force for the Division of Corporate Finance of the SEC, few companies have provided the quality of detailed disclosure that the SEC believes investors deserve and expect. In a dramatic effort to substantially enhance the frequency and quality of Y2K disclosures, the SEC on July 30, 1998 superseded its prior Y2K pronouncements and issued an Interpretive Statement which sets forth strict new guidelines regarding Y2K disclosures.

These guidelines reflect a shift in SEC efforts by affording to companies and their D&Os less discretion in determining whether and how to make Y2K disclosures. To emphasize the importance of these new guidelines, the Chairman of the SEC sent an unprecedented letter to executives at more than 9,000 publicly-held companies directing their attention to the new guidelines and requesting they focus on Y2K disclosures. To further emphasize the need for greater efforts in this area, the SEC also announced that it will temporarily suspend issuing new major rules and regulations between June 1, 1999 and March 31, 2000 so that companies can spend their resources on correcting Y2K issues instead of complying with new agency requirements.

The new Y2K disclosure guidelines place directors and officers at great risk if they fail to fully comply with the rather onerous and strict disclosure standards. Shareholders will undoubtedly cite these guidelines as establishing minimum standards of disclosure which, if not satisfied, can result in personal liability for those D&Os who participate in or are otherwise responsible for company disclosures. In light of the breadth of these new guidelines, virtually every company now has heightened Y2K disclosure obligations and therefore virtually all D&Os now have heightened Y2K securities law exposures.

The new guidelines primarily address two issues: (i) whether the company is obligated to make Y2K disclosures in their SEC filings, and (ii) what is required to be included within those Y2K disclosures. The SEC's views with respect to these issues are summarized below.

Need for Year 2000 Disclosure
The SEC believes that a company must provide Year 2000 disclosure if either of the following two circumstances exist: (i) the company's assessment of its Year 2000 issues is not complete, or (ii) management determines that the consequences of its Year 2000 issues would have a material effect on the company's business, results of operations, or financial condition, without taking into account the company's efforts to avoid those consequences. These criteria guarantee that virtually every company now has Y2K disclosure obligations.

With respect to the first criteria, a company's assessment of its Year 2000 issues is not complete (and therefore Y2K disclosure cannot stop) until the company, among other things, has taken "reasonable" steps to determine whether third parties with whom the company has material relationships are Year 2000 compliant. Generally, the relationship is material if there would be a material effect on the company's business, results of operation, or financial condition if the third party does not become Year 2000 compliant in a timely manner. The SEC specifically mentions the use of questionnaires in this process. The assessment should also consider the company's potential liability to third parties if the company's systems are not Year 2000 compliant, resulting in possible legal claims against the company.

With respect to the second criteria, a company must assume that it will not be Year 2000 compliant and weigh the likely results of that lack of preparedness. Similarly, a company should assume that material third parties will not be ready either, unless the third parties have delivered written assurances to the company that they expect to be Year 2000 compliant in time. The test for determining the need for disclosure is based upon the consequences if the company is not prepared, rather than the amount of money the company spent or plans to spend to address the issue.

Content of Year 2000 Disclosure
If Year 2000 disclosure is required, the SEC believes that the disclosure should be specific to each company and quantified to the extent practicable. The following four categories of information should be included in the disclosure.

1. The Company's State of Readiness. The disclosure should describe the company's Year 2000 issues in sufficient detail to allow investors to fully understand the challenges that the company faces. The description should be similar to that provided to a company's board of directors (i.e. non-technical plain English) and should answer the most important questions such as "will the company be ready?" and "how far along is the company?" This disclosure should address both information technology (such as computers) and non-information technology systems (such as microcontrollers imbedded in equipment). Also, the disclosure should describe where the company is in the process of becoming Year 2000 compliant (including an estimated timetable for completion) and a description of issues relating to third parties which have a material relationship to the company.
2. Cost to Address Year 2000 Issues. The company should disclose historical and estimated costs of remediation efforts if those costs are material. The disclosure should include costs directly related to fixing Year 2000 issues, including modifying software, hiring Y2K solution providers and the replacement costs of non-compliant systems. However, the disclosure need not include replacement costs if the company did not accelerate, due to Year 2000 issues, its planned replacement of systems.
3. Risks of the Company's Year 2000 Issues. The disclosure should include a reasonable description of the company's "most reasonably likely worst case Year 2000 scenarios." The likely effect on the company's results of operations, liquidity and financial condition should be particularly addressed. If a company does not know the answer, this uncertainty must also be disclosed, as well as the efforts made to analyze the uncertainty and how the company intends to handle the uncertainty.
4. Contingency Plans. Companies should describe how they are preparing to handle the most reasonably likely worst case scenarios, including a description of its contingency plans. The SEC recognizes that describing contingency plans may be particularly challenging, but that some disclosure efforts should be made. If a company has not yet established a contingency plan, disclosure of that fact should also be made, as well as whether the company intends to create one and the timetable for doing so.

In making Y2K disclosures, the SEC offered the following suggestions for companies to consider:

1. Disclose historical and estimated costs related to Year 2000 issues, even if disclosure of the dollar amounts is not required because these amounts are not material.
2. As of the end of each reporting period, disclose how much of the total estimated Year 2000 project costs have already been incurred.
3. Identify the source of funds for Year 2000 costs, including the percentage of the information technology budget used for remediation. This allows investors to determine whether Year 2000 funds will be deducted from the Company's income.
4. Explain if other information technology projects have been deferred due to the Year 2000 efforts, and the effects of this delay on financial condition and results of operations.
5. Describe the use of any independent verification and validation processes to assure the reliability of the company's risks and costs estimates. Use of independent verification may be particularly important in the testing phase.
6. Use a chart to provide Year 2000 disclosure. The chart may help investors track a company's progress over time, as it is updated, and make peer comparisons based on the same data. In addition, a chart can reduce lengthy Year 2000 disclosure that otherwise may overwhelm other disclosure.
7. Include a breakdown of the costs, such as disclosure of costs to repair software problems, and costs to replace problem systems and equipment.

The Interpretive Statement also contains the SEC's views regarding financial statement disclosures, disclosure requirements under other regulations, guidance for investment advisors and investment companies regarding Year 2000 disclosures, and guidance for municipal issuers regarding Year 2000 disclosure.

Although some of the disclosures contemplated by the SEC may appear unprecedented in their breadth and dangerous in their effect, D&Os can and should take some comfort in the statutory safe harbors which now exist for forward-looking statements. The Private Securities Litigation Reform Act of 1995 enacted two statutory safe harbors for forward-looking statements. The SEC, in its Interpretive Statement, acknowledges that almost all of the required disclosures concerning Year 2000 problems contain forward-looking statements and therefore potentially qualify for the statutory safe harbors. Therefore, D&Os should be diligent in their efforts to satisfy the statutory requirements for the safe harbor, including the issuance of "meaningful cautionary statements" to accompany the forward-looking statements. These meaningful cautionary statements should not be mere boilerplate language but should be specific to the particular company's Year 2000 issues.

In an open meeting sponsored by the SEC to discuss the Interpretive Statement, the SEC provided the following example of an unacceptable "boilerplate" Y2K disclosure which, in the view of the SEC, would not qualify for the safe harbor protection:

The Company is working to resolve the potential impact of the year 2000 on the ability of the Company's computerized information systems to accurately process information that may be date-sensitive. Any of the Company's programs that recognize a date using "00" as the year for 1900 rather than the year 2000 could result in errors or system failures. The Company utilizes a number of computer programs across its entire operation. The Company has not completed its assessment, but currently believes that costs of addressing this issue will not have a material adverse impact on the Company's financial position. However, if the Company and third parties upon which it relies are unable to address this issue in a timely manner, it could result in a material financial risk to the Company. In order to assure that this does not occur, the Company plans to devote all resources required to resolve any significant Year 2000 issues in a timely manner.

D&O Insurance Underwriting
Because D&O underwriters never contemplated the kind of one-time-only catastrophic exposure presented by Year 2000 problems, some form of underwriting response to this exposure is generally recognized as appropriate. This response may take one or more of the following three approaches.

First, underwriters can specifically exclude coverage for Year 2000-related loss. In today's D&O market, this is not a realistic option for the vast majority of business classes. Absent an exclusion, standard D&O insurance policies will likely respond to Y2K claims the same as they would respond to other types of similar claims, whether or not Y2K coverage is specifically included in the policy.

Second, underwriters can largely ignore the exposure now, pay out covered losses as incurred, and later seek to recoup those losses through indiscriminate price increases for all of their insureds.

Third, underwriters can seek to determine each company's relative exposure to Year 2000 liability and adjust the policy's terms, conditions and pricing to reflect that exposure.

The third of these three responses appears to be the most prudent and fair to all parties concerned, since it seeks to impose the cost of covered Year 2000 losses primarily upon those insureds who have the greatest exposure to such losses and rewards those insureds who have more effectively managed their Year 2000 problems. It is therefore in the best interests of the insureds, not just the insurer, for the insurer to obtain sufficient underwriting information about a company's Y2K situation to enable an informed analysis regarding the company's Y2K D&O risks.

^{1 SEC Release Nos. 33-7558; 34-40277; 17 C.F.R. 231, 241, 271, 276.}