The ACE Report is a periodic publication distributed to policyholders and other interested parties as a service by ACE. Its purpose is to address insurance concerns worldwide, as well as present timely information on current developments in liability issues surrounding directors and officers. The Editor of The ACE Report is Dan A. Bailey, a lawyer at Arter & Hadden in Columbus, Ohio, USA and a respected voice in the complex area of directors and officers liability.

Although prepared by professionals, this publication should not be utilized as a substitute for legal counseling in specific situations. Readers should not act upon the information contained herein without professional guidance.

YEAR 2000 PROBLEM: D&O ISSUES
By most accounts, the year 2000 computer problem ("Y2K") presents to corporations worldwide a staggering technological, financial and management challenge which many predict cannot be solved in the short time left before the turn of the century. The problem is relatively simple to describe yet apparently quite complex to correct. Until recently, and in an effort to conserve memory capacity, computers have been programmed to shorten all dates to the last two digits (e.g. "97" represents 1997). In the year 2000, many computers will read "00" as the year 1900 rather than 2000, thus causing most date-sensitive calculations to be incorrect.

This problem could affect a myriad of corporate events. In addition to jeopardizing critical data banks, upon which many corporations rely for their very existence, many other more mundane events could be impacted, such as time or date-sensitive security systems, sprinklers, elevators, time-lock vaults, etc.

Various experts estimate that the cost associated with correcting this problem could exceed $300 billion to $600 billion worldwide. The reason for such expense is not the technical difficulty of correcting the problem, but rather in identifying and then correcting the simple error in millions of lines of computer code. To identify where the problem exists, computers often must be taken off line, which presents its own management and financial challenges.

If the actual magnitude of expense associated with Y2K comes anywhere near the current estimates, litigation will undoubtedly accompany those enormous losses. The possible defendants in such litigation are many, including manufacturers and vendors of computer systems and software which contain the problem, consultants who purport to assist in fixing the problem, suppliers and vendors whose own problem causes loss to others, and organizations that certify that no problem exists. However, probably the primary target for the truly catastrophic liability claims will be directors and officers. The liability of other types of defendants will in many instances likely be limited due to contractual provisions, collectability issues and possible damage caps based on the amount of their contract or the value of their product or service. Given the predicted magnitude and high visibility associated with Y2K, D&Os of companies that incur surprising losses as a result of this problem appear to face a high likelihood of litigation.

A. D&O CLAIMS
The following summarizes some of the types of D&O claims that could arise out of the Y2K situation:

1. Mismanagement. D&Os could be sued for failing to identify, evaluate, respond or test solutions to the problem on a timely basis. These types of mismanagement claims would likely be alleged in shareholder derivative suits and potentially in suits by customers or vendors who are damaged because of the corporation's failure to properly manage its own Y2K problem.
2. Disclosure. D&Os may be sued for failing to disclose the existence, magnitude or effect of the problem or for inaccurate disclosures arising from the corporation's inability to accurately calculate financial information as a result of the problem. These disclosure claims will most likely be asserted in federal securities class action lawsuits following a material decline in the corporation's stock due to some ultimately corrective disclosure. Such disclosure claims may also be made by vendors or suppliers, who may allege that the corporation and its D&Os failed to fully, properly and timely disclose the problem and that the plaintiffs vendors and suppliers relied upon the false disclosures to their detriment.
3. ERISA Fiduciaries. Fiduciaries responsible for the records and administration of employee benefit and employee welfare plans may be sued to the extent the Y2K problem results in improper administration or funding of those benefit plans.
4. Copyright Infringement. In solving the problem, various software and technologies will be used, many of which purporting to be protected under copyright laws. Thus, owners of those copyrighted processes or systems may allege infringement against numerous unauthorized users.
5. Special Statutory Claims. Proposed legislation is reportedly pending in the United Kingdom requiring companies to develop a Y2K plan and requiring directors to disclose the details of that plan in their annual report. Under that proposal, directors are personally liable for failure to produce accurate reports. Several members of the U.S. Congress are reportedly working on some form of Y2K legislation in the U.S.

As a precursor to Y2K litigation in the future, the Delaware Chancery Court recently emphasized in a different context the important role directors serve in creating and maintaining effective corporate information systems. In In re Caremark International Derivative Litigation, 1996 WL 549894 (Del. Ch. Sept. 25, 1996), the court stated that it is an "elementary fact that relevant and timely information is an essential predicate for satisfaction of the board's supervising and monitoring role under Section 141 of the Delaware General Corporation Law." The court explained that the director duties include the obligation to assure themselves that information reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board to reach informed judgments concerning both the corporation's compliance with law and its business performance.

It is easy to envision in the Y2K context allegations that these director duties were breached if the problem has not been adequately anticipated and addressed, thereby leaving the corporation's information systems ineffective or defective.

B. D&O RESPONSES
D&Os should manage the Y2K situation like any other crisis. Corporations should assemble a diverse team of management, technical and financial representatives, designate clear lines of authority and responsibility concerning the investigation, solution and testing of the problem, and establish realistic time schedules.

In formulating this crisis management approach, qualified outside expert advice from several sources may be advisable. Because of the enormous potential magnitude and visibility of the problem, reliance by directors and senior officers upon not only internal information officers, but also qualified and independent experts could be helpful in establishing a "reliance" defense for the D&Os.

The following summarizes many of the more important aspects of that coordinated management response:

1. Determine if Problem Exists. The first step must obviously be a thorough audit of a corporation's computer systems to determine if and to what extent a Y2K problem will exist. This audit process should be well documented, thorough and independent of representations by manufacturers as to the effect of their software products. The audit should examine not only whether the computer system is Year 2000 compliant, but also whether the system is leap year compliant. Normally, the year 2000 would be a leap year, but there is an exception for years divisible by 100. However, an exception to the exception is that years divisible by 400 are leap years. On other words, the year 2000 will be a leap year. If computer systems recognize only the first exception and not the second, then a software crash may occur on February 29, 2000.
2. Identify Extent of Problem with Key Suppliers, Vendors and Customers. Corporations are at risk for Y2K problems not only with respect to their own computer systems, but also to the extent key suppliers, vendors, customers, etc. have a problem which results in business interruption or loss to the corporation. In some respects this is the most dangerous vulnerability of corporations since it is largely outside of their control and perhaps ability to evaluate. When possible, corporations should at a minimum seek from at least key suppliers and vendors Y2K compliance certifications.
3. Identify Alternative Solutions. To the extent problems are identified, alternative solutions and their respective costs, time schedules and testing verification should be identified and the most favorable (but not necessarily cheapest) alternative should be selected and promptly implemented. Because the cost for these solutions generally must be expensed rather than capitalized, appropriate budgetary and forecasting adjustments should also be made.
4. Contingency Plans. Contingency plans should be identified at the same time the selected solution is identified in the event that the selected solution fails or the necessary time schedule experiences slippage.
5. Investigate Claims against Others. The legal and financial ability to obtain reimbursement or compensation from others if loss is incurred should be investigated. For example, what warranties, contractual indemnities, waivers or releases exist with respect to computer goods or services purchased by the corporation? Will intervening events or changes in those goods or services create defenses which could be avoided? Are possible statute of limitations expiring which could be now tolled?
6. Identify Exposures to Third Parties. The corporation's responsibilities and potential liability exposures to customers or other third parties if the corporation's system fails should be evaluated. In addition, the process of fixing the Y2K problem may create exposures if, for example, the software licensing agreement contains a confidentiality provision which would be violated if a third party retained to fix the problem obtains access to the confidential software codes. To the extent such responsibilities or exposures may exist, are there actions which the corporation can now take to eliminate or mitigate those risks, such as full disclosure, waivers, disclaimers, or repudiation of indemnification agreements?
7. Evaluate Securities Disclosures. The materiality of the problem and its possible effects should be considered for purposes of determining if and when disclosure to investors should be made. Not only should the corporation consider its own likely cost to correct the problem, but also its risk of business interruption either as a result of its own Y2K problem or the Y2K problem of suppliers, vendors or other third parties. The corporate finance division of the SEC recently stated that "companies should review on an ongoing basis the need for disclosures concerning projected expenditures and uncertainties associated with Year 2000 consequences." If the costs of addressing the problem or the consequences of an incomplete or untimely resolution represent a "known material event," disclosure is required.
8. Implement Securities Loss Prevention. In order to avoid aggravating a securities claim which may otherwise be made, document retention programs should be implemented pursuant to which "smoking gun" memoranda or other documents are not created or retained. For example, documents expressing one's disagreement with management responses or evaluations should be discouraged and eliminated.
9. Monitor Responses by Competition. Responses by similar companies may be viewed by courts as creating a benchmark or standard of conduct for the corporation. Therefore, corporations should monitor the extent and type of responses being implemented by its competitors or other similarly situated companies. For example, a clearinghouse for Y2K information is available on the Internet (www.year2000.com).
10. Control Future Transactions. In addition to evaluating and fixing current computer systems, safeguards should be implemented to assure that future purchases and future interfacing with other systems will not recreate or "reinfect" the system with the Y2K problem.

C. INSURANCE
Directors and officers liability insurance will obviously become critically important for D&Os who are sued in connection with the Y2K problem. Some coverage issues to consider in that regard include:

1. Y2K Exclusions. Some insurance analysts predict that by the year 2000, D&O policies may include exclusions relating to this catastrophic exposure. In anticipation of such exclusions, D&Os could conceivably give notice of the Y2K circumstance to their current D&O insurer, thus attempting to lock in coverage under the current D&O insurance policy. Such an approach appears unwise in most circumstances for two reasons. First, D&O insurance policies today generally require considerable specificity in a "notice of circumstance" as to the wrongful act that could give rise to the potential claim and other details regarding the potential claim. It is questionable whether at this early date, a corporation could formulate an adequately comprehensive and accurate notice of circumstance under most D&O insurance policies. Second, D&O policies routinely contain a "prior notice" exclusion which eliminates coverage under the policy with respect to circumstances noticed under a prior policy. If a notice of circumstance is given under the current D&O policy, no coverage would likely exist under subsequent D&O policies with respect to that circumstance, whether or not the current notice in fact invoked coverage under the current policy. If the notice of circumstance under the current policy proved to be ineffective, the insureds would have created a gap in coverage with respect to claims arising out of the Y2K problem.
2. Insureds . At least some of the Y2K claims may be brought not only against directors and senior officers, but information systems personnel within the company. If senior information personnel are not technically "officers" of a company, the definition of "Insured Person" could be amended to include appropriate non-officer information personnel.
3. Warranty Statements. Although application warranty statements can create possible coverage defenses in any event, particular care should be taken when executing such statements prior to the year 2000 in light of the Y2K situation. Many application warranty statements request knowledge not only of wrongful acts, but also "facts or circumstances" which could give rise to a future claim covered under the proposed policy. The Y2K situation could easily be viewed as such a "fact or circumstance" and thus either its disclosure or non-disclosure could create a coverage defense.
4. ERISA Exclusion. Because ERISA fiduciaries also face Y2K-related exposures, extra care should be taken to assure that the ERISA exclusion in the D&O policy closely dove-tails with the ERISA fiduciary policy coverage. For example, if the D&O ERISA exclusion is a broad form exclusion ("based upon, arising out of") or if the exclusion applies to employee benefit plans generally rather than specific fiduciary obligations under ERISA, the exclusion may be broader than the fiduciary policy, thus creating a potential coverage gap with respect to a Y2K claim.