This article by Stuart L. Adams, Jr. appeared in the
Louisville Computer News
Y2K Up Close and Personal. Potential Personal Liability of Officers, Directors and Owners of Businesses Which Fail to Become Year 2000 Compliant in Time.
Just when you thought it was safe to read another computer publication without someone trying to scare the stuffing out of you over the Millennium Bug (Y2K) issue, here comes another lawyer trying to do just that. After all, even an article in the last issue of this publication seemed to make it appear that neither the hardware nor the software repercussions of this legal time bomb are something that cannot be easily detected and remedied in advance. Well, let me assert a counterpoint at several levels.
In over twenty years of providing legal counsel to small and start-up businesses, and after having studied my share of the avalanche of legal and business books, articles, studies, and websites devoted to the issue, Im confidant that there has never been such a huge wave of impending litigation heading toward the business community as is facing us now in the form of Year 2000 compliance.
THE ROOT OF THE PROBLEM
How can it be that a problem that really got off track in the 1950s and 60s is on a seemingly inevitable collision course with your personal financial statement? We know that in the early days of computers, when it was extremely expensive to save data (i.e. on punch cards, paper tape or low density magnetic tape) a relatively substantial amount of the cost of a project could be saved by using a two rather than four digit year format. Two digits became the standard and, although at least some programmers knew this would eventually be a problem, few had the foresight to know the life expectancy of software and hardware. Fewer still were the captains of industry who would pass up such a seemingly unnoticeable way to cut costs.
The Gartner Group, an information consulting group which is making a lot of news in this area, has estimated that somewhere between $300 and $600 billion (now thats a range!) will be spent worldwide reworking more than 250 billion lines of computer code, but approximately 50% of the companies with Y2K problems will not become compliant in time. Guess what, that estimate may not touch litigation costs.
The Giga Information Group, an information technology advisory firm, has estimated Y2K litigation costs may exceed $1 trillion. This, of course dwarfs the combination of asbestos and Superfund environmental litigation at $1 billion each per year.
SHOULD YOU WORRY?
Should you worry about the shareholders who are about to make an investment of their money in your business? Should you feel differently about that bank loan for your business expansion? Did it have a personal guarantee that you signed? By the way has the loan officer sent you a Y2K compliance questionnaire/certification yet concerning the details of your Y2K plan? If you are an officer or director, have you participated or, heaven forbid, signed off on a stock prospectus, financial statement or other public or regulatory document which makes statements or predictions inaccurately describing the Y2K consequences on your companys value or performance? Keep in mind that your companys performance is dependant not only on your own product or service, but on your ability, at opposite ends of the food chain, to get supplied on time and paid on time.
BOARD OF DIRECTOR LIABILITY
Publicly traded companies have their own set of issues. The Securities Exchange Act of 1934 makes it unlawful to sell any security in interstate commerce employing a "manipulative or deceptive device" which could include omitting any statement of material fact. I leave it to you to speculate whether this litigious age of million dollar awards for spilled McDonalds coffee which was too hot, might allow a stockholder, bank or insurance company to get an award against a company, officer or director for failing to fully disclose the full impact of Y2K noncompliance. While the SEC has its own civil and criminal remedies to pursue for securities law violations which could stem from Y2K company misstatements, individual shareholders may also have the right to pursue "private" actions which may not necessarily require proof of intent to deceive.
DIRECTOR STANDARD OF CARE
Even for closely held non-public companies, the laws of the state of incorporation (or state of litigation under "long arm" statutes) may require the directors to exercise such care as would a "reasonably prudent" person in a similar position. This may include either an implied or codified duty of reasonable inquiry and investigation to protect the value of the corporate stock value for the companys shareholders.
Let me ask you, are you not squarely in the danger zone if a company you own, or which you serve as officer or director, suffers a substantial loss of profits due, arguably, to Y2K related operational difficulties, resulting in stock devaluation, such that someone might file an individual or derivative shareholder suit, a negligence or fraud action, or an action under one or more of the state or federal securities laws. Certainly, with all the information being proliferated on the Millennium bomb by writers such as myself, it would be difficult for an officer or director to successfully maintain ignorance or insufficient warning of the nature or potential corporate consequences of the problem.
BUSINESS JUDGMENT RULE DEFENSE
Many states have adopted some variety of the Delaware "business judgment rule," which is designed to prevent courts from looking over the shoulder of corporate boards of directors, as to decisions which involve honest mistakes. Some states require a showing of gross negligence by directors or near abdication of their duties to impose liability. Other varieties of this rule require a showing of "due diligence" by the directors in exercising vigilance on behalf of the shareholders interests. Even a defense under the most director-oriented variety of the "business judgment rule" will likely require meaningful adoption and implementation of a Y2K assessment and correction plan.
SO YOU THINK YOU HAVE INSURANCE
Are you one of those people who thinks there must be an insurance policy somewhere that will protect you from any year 2000 fallout? Obviously you have an errors and omission (E&O) insurance policy which will insulate you from damages and legal defense costs for "computer malpractice." You may find, however, that insurance companies do not like to suck up huge "predictable" damage awards against their policy holders. For that reason, you may find at policy renewal time, which may come before the Millennium, that your insurer has imposed new restrictions and exclusions of coverage for potentially noncompliant customers.
Well surely your business interruption insurance will protect you from a catastrophe, such as shut down or long term stoppage of cash flow due to Y2K problems. Keep in mind, of course that this form of insurance was originally aimed at fire, floods, tornadoes and other such natural disasters. Typically the insurance company will include language in the policy attributing and limiting the basis of claim to an "act of God" or other "fortuitous event." These defined insurable events are typically unpredictable. Who can really now say we dont have reasonable warning of the potential problem. This will be high litigation area. Meanwhile, if the insurance company disputes your claim, do you think it will rush you a check to make payroll? If you do, Ive got a new invention Id like you to invest in.
LIGHT AT THE END OF THE TUNNEL?
You have probably heard that Congress and many states are working on legislation that will "cap" damages for Y2K noncompliance claims. Government, however, could be one of the hardest hit with the problem. There is still time, but can you count on government passing meaningful (and constitutional) legislation to limit their own access to damages. How high would the cap be? Will it hold up in your situation? There are just too many questions and not enough answers. The litigation costs (including both time and money) to find out the answer could be enough to break many companies.
Yes there are things you can do to reduce your exposure to these costs. The first thing is to take your head out of the sand, if that is where it has been on this issue for the last couple of years. Many consultants predict at least a 5% failure rate for Y2K fixes, which will not be realized until some time after the turn of the millennium. There is no time like the present to conduct a legal audit of your situation, in addition to the software and hardware audit and correction plan you have already initiated. Check on your warranty language to your customers and from your suppliers. Think about inserting language in your proposals and contracts to resolve disputes at less expense, such as mediation clauses. More on the "fixes" later. For now, start thoroughly documenting your efforts to assess the problem for your company so you can more effectively assess the remedies. You may need that documentation later.