The D&O Diary’s European travels continued earlier this week with a first-time ever visit to Albania, the rugged country on the Adriatic and Ionian coasts of the Balkan Peninsula, tucked between Montenegro and Greece. The country still retains many vestiges of its 20^th century communist era, but it is modernizing quickly, and it remains a topographically diverse, naturally beautiful country.

Albania is geographically small, only about the size of the U.S. state of Maryland. The country has a population of about 2.4 million people, with the largest number located in its capital, Tirana. For most of the 20^th century, Albania was one of Europe’s poorest countries, owing to its economic and political isolation, and infrastructure limitations. Since the 1991 collapse of the country’s communist regime, and particularly in the most recent years, the country has made great strides, particularly in infrastructure development and education. Many of the vestiges from the country’s earlier struggles remain, however.

The first stop on my Albania tour was to the country’s capital city of Tirana, located in the country’s center and surrounded by mountains. Tirana is a big, busy city, now bristling with a number of new, taller buildings in the city center. Some areas of the city –particularly in outlying areas — still retain a ramshackle feel from the the country’s 20^th century isolation, while the center city projects an air of aspirational dynamism that is palpable.

After my brief visit to Tirana, I was off to explore other areas of Albania. I went next to Vlorë (pronounced VLOR-uh), two hours south by car from Tirana and part of the coastal area of the country known as the “Albanian Riviera.” Vlorë, which has a population of just under 100,000, is at the northern end of Albania’s Ionian coast. The city was briefly the capital of Albania at the time the country first became independent in 1912.

Vlorë is great and by all rights I should have enjoyed a great visit there. Unfortunately something unexpected happened on the day of my first visit. A dog bit me. I had seen the group of about five or six dogs lounging on the beach on the outbound leg of my first seashore walk upon arrival. They paid no attention to me and I paid no attention to them. On my return, I noticed that the dogs were up and moving around, but again I paid no attention. Before I realized what was happening, one of the dogs had wheeled around behind me, and bit me on the leg. This was not a friendly nip. This was a forceful, vicious bite that was intended to do damage. My first instinct was to retaliate, but when I shouted and wheeled around to face the dog that attacked me, the other dogs suddenly perked up their ears and took three or four steps toward me. I realized that if I took even one more step, I would be dealing with six dogs, not just one dog. I backed away and headed to my hotel room and cleaned out my wound. (I always keep a stash in my backpack of those alcohol wipes that the airlines started to give out to passengers during the pandemic.) Enough time has passed that I think I can be sure that the bite wound won’t get infected, but the incident certainly affected my perception of Vlorë. Travel can be so much fun, but it can all go bad in a big hurry, too.

I know from my convesations with other Americans as I was planning to on this trip that there are three things I need to address about Albania as part of this travel post.

First, is Albania safe? Pretty much every single American to whom I mentioned that I was going to Albania asked me this questoin. (They were not asking about the dog problem in Vlorë; they were asking about crime.) I would say that Albania is as safe as any other European country. I certainly saw nothing (other than the stupid dogs) that gave me even the slightest concern. I think Albania’s vague reputation for crime reflects the fact that its prior communist regime was a corrupt mafia state. I have to say, at no point during my visit did I have even the slightest concern about my safety or security (at least as pertains to other humans).

Second, what about the currency? It is true that Albania is mostly a cash only country. Perhaps this is a vestige of the day when it was a corrupt mafia state, as a result of which there is little trust in the financial system, so cash is king. I also was told that the bias in favor of cash is reflection of tax aversion. The local currency in Albania is the lek. The current exchange rate is roughly 80 leke to the U.S. dollar. However, many shops and restaurants will take Euros. On each occasion when it was time for me to pay, I found myself wresting with a pocketfull of bills and coins. My main objective was to make sure I spent all of my leke, as they certainly were not going to be useful anywhere else. It has been a very long time since I have had to mess around with cash while traveling, and I have to say it is a huge pain.

Third, what about the language? It may come as no surprise to you that I do not know a single word of the Albanian language. As it turned out, my ignorance of the Albanian language was never a problem. Pretty much every one I interacted with spoke at least a little bit of English. In fact, most people started out addressing me in English. The young people in particular seem very comfortable interacting in English.

Overall, I had a great visit to Albania. I know I should not let the stupid dog bite color my perception, but I would be lying if I tried to pretend that it did not. To the extent I can put the dog bite out of my mind, I am able to say that otherwise I enjoyed my Albanian visit, and subject only to a warning about the dogs, I would recommend Albania as an interesting, different kind of place to visit.

Federal regulators are increasingly adopting a more crypto-friendly, and more formal approach to bank supervision, one that may have important implications for D&O liability.  Following the President’s August 2025 “Guaranteeing Fair Banking” Executive Order (EO), the Office of the Comptroller of Currency (OCC) issued bulletins in September 2025 to curb “debanking”.  This guidance forces banks to base service decisions on objective risk, rather than social or political motives. Guidance that is further reinforced by the February 26, 2026 Federal Register release and proposal to restrict banking officials from forcing banks to cut ties with clients engaging in controversial but lawful activities.

This shift comes at a pivotal moment for digital assets. As we recently discussed, the SEC has issued detailed guidance distinguishing between digital assets that are subject to the federal securities laws and those that are not, while also clarifying how and when assets may transition into securities status. Taken together, these developments suggest a broader regulatory effort to normalize the treatment of crypto-related activities within existing financial frameworks.

The End of “Reputation Risk”

Notable, an October 2025 Notice of Proposed Rulemaking by the Federal Deposit Insurance Company (FDIC) and OCC asserted that, for years, “reputation risk” has functioned as a catch-all concept within bank supervision. While often framed as a legitimate concern, i.e., the risk that negative public perception could harm a bank’s financial condition, it has also been criticized as inherently subjective and difficult to apply consistently.

The recent regulatory developments, immediately following the President’s EO, reflect a clear effort to eliminate that subjectivity. By directing examiners to focus on measurable risks, like credit, liquidity, operational, and legal risks, regulators appear ready to sideline instances of supervisory discretion and prevent informal pressure on banks to disengage from certain industries.  This may mean that banks may no longer rely on regulatory expectations tied to reputational concerns when deciding whether to serve customers in controversial sectors. Nor may regulators encourage or compel such decisions.

Crypto and Access to the Banking System

The implications for the digital asset sector could be immediate. As has been widely observed, one of the most persistent challenges facing crypto companies has been access to traditional banking services. Even where activities were lawful, financial institutions may decline relationships due to perceived regulatory scrutiny and reputational concerns.

The removal of “reputation risk” from the supervisory framework may ease those constraints. Banks that previously avoided crypto-related clients, whether exchanges, custodians, or stablecoin issuers, may now reassess those decisions in light of clearer regulatory expectations.

At the same time, this shift does not eliminate underlying risks. As we have also previously discussed, crypto-related businesses continue to face significant governance, fraud, and disclosure challenges. These underlying risks are amplified by escalating geopolitical threats, such as reports that Iran is actively using cryptocurrency to circumvent Western sanctions and finance operations during the current conflict with the United States.

Reframing Risk Oversight

There may also be broader D&O underwriting takeaways, aside from the impact to the cryptocurrency, from the federal government’s clear signal to stop institutional “debanking.” Reputational risk has often been treated as a core component of enterprise risk management. The federal government’s regulatory retreat from that concept, with respect to banking, may prompt boards of companies that are in the business of or invest in digital assets and other “morale hazards” to reconsider how such risks are categorized and monitored.

There may be D&O exposure risk, however, if boards fail to appropriately oversee emerging risks particularly in fast-moving areas such as digital assets.  Taking a more laze fare approach could result in shareholder scrutiny claims that a board breached its oversight obligations, even if those risks were not framed in traditional “reputational” terms.

Disclosure Challenges and Securities Litigation Risk

The divergence between regulatory policy and securities law obligations presents another area of potential D&O exposure. Public companies may disclose reputational risk as a material factor in their filings. The question now is whether those disclosures should evolve considering the regulatory shift of what could be considered “reputational harm.”

As our readers may recall, failure to sufficiently disclose material reputational risks may expose a company to potential securities litigation. This tension could become pronounced in the crypto sector and for companies that have created crypto treasures. Market volatility may heighten the importance of accurate and complete disclosure. Statements about regulatory compliance, banking relationships, and business continuity may all become focal points in subsequent litigation.

“Debanking” and Emerging Liability Theories

Furthermore, the effort to curb debanking could introduce new potential avenues of liability. Financial institutions that terminate customer relationships may now face increased scrutiny, particularly if those decisions cannot be tied to objective, documented risk factors.

Without the ability to point to regulatory pressure grounded in reputational concerns, banks may be more vulnerable to claims that account closures or service denials were arbitrary, discriminatory, or inconsistent with stated policies. These disputes could broaden governance and oversight issues.

From a D&O perspective, this may raise the prospect of being drawn into litigation involving customer selection, risk management practices, and internal decision-making processes.

Conclusion

Federal regulators’ retreat from “reputation risk” could reflects an effort to bring greater objectivity and consistency to bank supervision, while addressing concerns about debanking and access to financial services. At the same time, it coincides with a broader shift towards normalization of digital asset activities within the regulatory framework. For D&O underwriters, the implications could be more complex.

Reputational considerations remain highly relevant. Regulatory change does not eliminate exposure but could reshape it. And in this instance, the retreat from “reputation risk” may ultimately heighten the importance of how companies identify, manage, and disclose the risks that regulators are no longer explicitly naming.

Peloton Interactive, Inc. (Peloton) has faced well-publicized operational and reputational challenges over the past several years. The company’s trajectory, from pandemic-era growth darling to post-pandemic recalibration and product safety scrutiny, has resulted in securities litigation. As previously discussed on the D&O Diary, Peloton successfully defeated a COVID-19-related securities suit at the pleading stage. More recently, the company faced a second securities class action tied to alleged product defects in its flagship bike (Peloton SCA). In a March 31, 2026, decision, the United States District Court for the Eastern District of New York granted Peloton’s motion to dismiss, rejecting plaintiff shareholders’ attempt to convert operational challenges into actionable securities fraud.

This recent decision may provide a useful case study for D&O underwriters of how courts can approach event-driven securities litigation when plaintiffs rely on product issues to support disclosure-based claims.

Peloton SCA and Dismissal

The Peloton SCA, filed on June 9, 2023, asserted claims under Sections 10(b) and 20(a) of the Securities Exchange Act on behalf of investors who purchased Peloton securities between May 2022 and May 2023. The shareholder plaintiffs alleged that Peloton and certain of its senior executives made materially false and misleading statements regarding the company’s product safety practices, compliance efforts, and financial exposure to potential recalls. At the center of the complaint were alleged defects in the seat posts of Peloton’s exercise bikes, which plaintiffs claimed were prone to breaking or detaching during use, creating safety risks and exposing the company to a large-scale recall.

Shareholder plaintiffs cited to Peloton’s prior history with product safety issues, particularly its interactions with the U.S. Consumer Product Safety Commission in connection with its treadmill products. According to the complaint, Peloton had sought to reassure investors following those earlier issues by emphasizing its commitment to safety improvements, regulatory cooperation, and reduced exposure to recall-related costs.  Thus, shareholder plaintiffs alleged that these assurances were misleading because the company was simultaneously aware of ongoing defects in its bike seat posts and failed to disclose the extent of those issues or the likelihood of a future recall.

In support of these allegations, shareholder plaintiffs cited internal data and accounts from confidential witnesses indicating that Peloton tracked customer complaints and product quality issues throughout the class period. The Peloton SCA further alleges that Peloton engaged in internal efforts referred to as “Project Tinman” to address or conceal visible defects, including rust and corrosion affecting bike components. According to the complaint, these internal practices demonstrated that the company was aware of widespread product issues while continuing to present a more favorable picture to investors.

The Peloton SCA alleged that the company issued a corrective disclosure on May 11, 2023, when the CPSC announced a recall of approximately 2.2 million Peloton bikes due to seat post failures. Following the announcement, Peloton’s stock price purportedly declined by nearly 9 percent. Shareholder plaintiffs contended that this decline reflected the market’s reaction to the revelation of previously undisclosed product defects and financial exposure. The complaint further alleged that Peloton had understated its reserves for recall-related expenses and misled investors regarding the potential impact of such a recall on its business and subscription model.

In dismissing the Peloton SCA, the court concluded that the plaintiffs failed to adequately plead falsity, scienter, and loss causation. The court found that many of the challenged statements, such as general assertions regarding product quality, safety, and a “members-first” philosophy, constituted non-actionable puffery. The court also emphasized that Peloton had disclosed the risks of product defects and potential recalls in its public filings, including warnings that such issues could lead to regulatory scrutiny, reputational harm, and litigation.

These disclosures, the court found, undermined the shareholder plaintiffs’ claim that investors had been misled. The court further determined that the plaintiffs failed to adequately establish scienter, as the complaint did not sufficiently connect internal awareness of product issues to an intent to deceive investors. Finally, the court held that the plaintiffs had not adequately pleaded loss causation, as the stock price decline following the recall announcement did not establish that prior statements were false when made, as opposed to reflecting the materialization of disclosed risks.

Discussion

The recent dismissal of the Peloton SCA may provide important takeaways for D&O underwriters, particularly when viewed alongside the March 30, 2023, dismissal of the previous COVID-19-related securities litigation. In both cases, plaintiffs attempted to convert adverse business developments, first, declining demand following the pandemic, and second, product defects and a recall, into claims of securities fraud. In both instances, the courts rejected those efforts, reinforcing a consistent judicial approach that distinguishes between business risk and disclosure liability.

In both the COVID-19 case and the product defect case, Peloton’s public filings included cautionary language addressing the very risks that later materialized. In the earlier case, disclosures regarding demand volatility and changing consumer behavior during and after the pandemic were central to the court’s dismissal. Similarly, in the present case, Peloton’s warnings regarding product defects, manufacturing issues, and potential recalls played a critical role in undermining the plaintiffs’ claims. For D&O underwriters, Peloton’s successful defense may highlight how the method of disclosing certain risks associated with various sectors, like consumer products, can withstand judicial scrutiny.

Another key takeaway from this recent Peloton SCA dismissal is the high bar plaintiffs must meet to plead scienter, particularly in cases involving complex operational issues. Shareholder plaintiffs relied on internal data, confidential witnesses, and circumstantial evidence to argue that the company knew more than it disclosed. However, the court required a more direct connection between that internal awareness and the specific public statements at issue. For D&O insurers, this dynamic may reinforce the viability of early dismissal as a defense strategy, even in cases involving extensive internal allegations.

Finally, when viewed together, the Peloton securities dismissals may demonstrate that, under the Private Securities Litigation Reform Act (PSLRA), well-disclosed risks and disciplined corporate communications may provide a strong defense at the motion to dismiss stage. Consumer product companies at some point may face operational challenges, whether from changing market conditions or product-related issues. However, the extent of D&O exposure stemming therefrom may hinge on disclosure detail.

The D&O Diary’s European assignment continued last week with a long weekend visit to Montenegro. Montenegro is a small country with rugged mountains and an interesting history, tucked along the Adriatic coast on the Balkan peninsula. It was my first time in the country, and I wasn’t sure what to expect. What I discovered was a pleasant surprise. It turns out, Montenegro is an absolute gem.

Montenegro has only been a standalone country since it completed its 2006 split from the former federation of Serbia and Montenegro. Its name in the Montenegrin language is Crna Gora (pronounced “TSUR-nah GOR-ah”), meaning “Black Mountain.” Montenegro acquired its Italianate name in the 15th century when the Venetian Republic controlled the Adriatic coast. The country is geographically small – it is only about the size of the U.S. state of Connecticut. Its population of about 630,000 is roughly equivalent to that of Detroit.

My first stop in Montenegro was the country’s capital city, Podgorica (pronounced “Pod-GOR-eets-uh”), a city of only about 150,000. The city has over the years had a variety of different names (including, most recently, from 1946 until 1992, as “Titograd”). It is set in a basin in a ring of mountains. The Romans established the city at the juncture of two rivers, the larger Morača river and smaller Ribnica. The city itself is mostly flat, making it pleasantly walkable.

The name “Podgorica” means “under the hill or mountain.” There actually is a hill — the “Gorica,” on the northeast side of the city — and it is now a thickly wooded park. Early on my first full day in the city, I walked through the park and to the top of the hill.

The next stop in my visit to Montenegro was the historic walled city of Kotor, a UNESCO World Heritage Site set deep within the Bay of Kotor, at the foot of dramatic limestone mountains, along the country’s Adriatic coast.

On Saturday, I took a boat excursion from the main waterfront in Kotor, through the Bay of Kotor, and out into the Adriatic. The entire experience was just terrific. I think I took about a million pictures, but I can only reproduce a small sample here.

For anyone planning a trip to Kotor any time soon, I do have a hotel recommendation. The name of the hotel is Boutique Hotel Astoria. It is one of only a few hotels inside the old city walls and the only one on the sea wall side (and therefore with views of the Bay, at least for the rooms on the floors above the top of the city walls). I had an absolutely lovely room with a balcony and with views of the Bay. Also, friendly, helpful staff, and really nice breakfasts.

All too soon, I had to leave Kotor and Montenegro for other destinations. The one thing I know for sure is that if I had it to do over again, I would have programmed a lot more time in Montenegro, and especially in Kotor. What an absolutely fantastic place.

Amid signs of a renewed uptick in SPAC activity, courts continue to grapple with D&O insurance coverage issues arising out of older de-SPAC transactions. In a March 30, 2026,  decision involving the de-SPAC of View Operating Corporation (View), the Delaware Superior Court held, in part, that View’s D&O policy “public offering” exclusion did not apply to preclude coverage for claims arising out of a de‑SPAC transaction and that additional payment conditions could not be imposed unless expressly stated in the policy.

My thanks to Geoffrey Fehling of the Hunton Andrews Kurth law firm, who wrote about the court’s decision in his early April 2026 post on LinkedIn.

Background

The underlying facts follow a now-familiar de-SPAC trajectory. A private operating entity View, Inc. (“Old View”) entered into a merger with a special purpose acquisition company CF Finance Acquisition Corp. II (“CFII”), a blank-check company sponsored by Cantor Fitzgerald & Co. (SPAC),  becoming a wholly owned subsidiary of the publicly traded parent. Following the transaction, the combined enterprise, View, faced a series of adverse developments, including an audit committee investigation, an SEC investigation, a securities class action, derivative litigation, and an SEC enforcement action against an officer tied to alleged misstatements during the transaction.

View then sought coverage under its D&O program for defense and settlement costs arising from these proceedings. While most insurers participated, one carrier denied coverage, relying primarily on a “public offering” exclusion and separately arguing that it had no payment obligation until defense costs were actually paid.

The insurance coverage dispute that followed centered on the interpretation of the “public offering” exclusion, which barred claims “arising out of any public offering of equity securities of the Company,” and the reimbursement insuring agreement. The insurer contended that the de-SPAC transaction functioned as a public offering of View’s securities, even if structured through the SPAC parent.

The Court’s Ruling

The Delaware Superior Court rejected the insurer’s coverage position and granted summary judgment in favor of View on the core issues, emphasizing that policy language must be applied as written and exclusions construed narrowly under Delaware law. The court held that the “public offering” exclusion applies only where there is an offering of the insured entity’s own equity securities. Because the transaction involved shares issued by the SPAC parent, not View, the exclusion did not apply.

The court also rejected the insurer’s attempt to rely on a “substance over form” theory, finding that this approach improperly collapsed the legal distinction between parent and subsidiary entities and expanded the exclusion beyond its plain terms. To the extent any ambiguity existed, under Delaware Law, it was required to be resolved in favor of coverage. The court further declined to consider extrinsic materials such as SEC guidance, reinforcing that unambiguous policy language controls.

Finally, the court rejected the insurer’s argument that payment obligations were triggered only after defense costs were actually paid, holding that “pay on behalf of” language requires payment once liability is incurred. Notably, the court also allowed View’s bad faith claim to proceed, finding the insurer’s positions insufficiently “colorable,” particularly given the lack of supporting authority and the shifting nature of its arguments.

Discussion

This Delaware Superior Court decision may reinforce the strict, narrow approach that Delaware courts often take toward interpreting insurance exclusions. Even in complex de-SPAC transactions, insurers bear a heavy burden to prove that an exclusion applies explicitly. For D&O underwriters, the takeaway appears straightforward: if an exclusion is expected to apply to a particular risk, it must say so clearly.  Delaware courts hearing insurance coverage disputes involving de‑SPACs may not accept insurer arguments that rely on expanding or recharacterizing exclusionary provisions.

The ruling also highlights the continuing tension between form and substance in the SPAC context. While de-SPAC transactions may be described as functional equivalents of IPOs, the Delaware Superior Court declined to adopt that framing for purposes of policy interpretation. Instead, it adhered to corporate formalities and legal distinctions, which proved dispositive in the coverage analysis. For D&O underwriters, this underscores that how a transaction is legally structured, not how it is economically characterized, will drive coverage outcomes, reinforcing the need to underwrite based on legal form and deal mechanics.

Thus, this case may highlight a gap between traditional D&O policy language and modern transaction structures. Generic “public offering” exclusions in legacy forms may be inadequate and potentially vulnerable to challenge when applied to de-SPAC transactions. From a D&O underwriting standpoint, standard exclusions may need to be revisited with consideration of whether more tailored language addressing SPAC mergers, reverse recapitalizations, or similar structures is necessary to accurately capture intended risk allocation.

From a D&O exposure perspective, the Delaware court’s ruling may also have significant implications for the timing of defense cost advancement. By confirming that “pay on behalf of” language is triggered upon the incurrence of liability rather than actual payment, the court endorsed a policyholder-friendly interpretation that accelerates insurer payment obligations. Underwriters and claims professionals may recognize that this interpretation can materially impact anticipated loss arising from de-SPAC transactions.

The View coverage decision further reinforces that carriers may be required to advance defense costs promptly once liability attaches, rather than waiting for insureds to exhaust their own capital. Equally significant was the Delaware court’s willingness to allow View’s bad faith claim to proceed, notwithstanding the insurer’s assertion of a reasonable coverage position. For D&O insurers, this may signal that, under Delaware law, purportedly aggressive or unsupported coverage positions, particularly those lacking clear policy grounding or consistent rationale, could result in extra-contractual exposure.

Finally, even as SPAC formation activity ebbs and flows, the pipeline of litigation arising from prior de-SPAC transactions remains substantial. As these matters continue to generate coverage disputes, decisions like the one involving View and its insurer, may shape both underwriting practices and policy wording going forward.

The following guest post examines the resolution of class certification motions in securities class action lawsuits during 2025; considers the parties’ economic arguments in support of or in opposition to class certification; and analyzes the courts evaluation of those arguments. The article is written by Andrew Roper, Mame Maloney, Brendan Rudolph, and Ravi Sinha, Principals at The Brattle Group, and Aidan Kutner, an Associate at The Brattle Group. We would like to thank the authors for allowing us to publish their article as a guest post on our site. Here is the authors’ article.

****************************

Disclaimer: Contributing author Andrew Roper provided expert testimony in one of the matters discussed, Daniel Borteanu, et al. v. Nikola Corporation, et al. (D. Ariz. 2025). This article is descriptive in nature and does not advocate for any party’s position in that or any other case. 

A valuable opportunity arises whenever defendants challenge class certification in a federal securities class action and a district court issues an order granting or denying class certification, in whole or in part, outside the context of a settlement agreement. These challenges – and the courts’ responses – provide a window into how parties present economic arguments in support of or in opposition to class certification, and how courts evaluate those arguments.

A recent report by economists from The Brattle Group (the “Brattle Report”) provides a systematic review of class certification rulings in 2025, examining the 18 federal district court orders decided outside the context of settlement (the “2025 Class Certification Orders”). The report additionally discusses defendants’ petitions to appeal these orders under Rule 23(f) in eight of the 18 cases, as well as defendants’ appeals in four other matters in which federal appellate courts issued orders in 2025. These decisions reflect how district courts evaluated defendants’ challenges to Rule 23(b)(3) in granting or denying (in whole or in part) plaintiffs’ proposed classes of investors.[ii] The sample of cases captures the views of a broad set of participants spanning multiple geographies, courts, law firms, and experts.

The analysis identifies the arguments underlying defendants’ challenges to predominance under Rule 23(b)(3) and the ways in which courts evaluated these arguments. In doing so, it provides a unique vantage point to understand 2025 jurisprudence on class certification in securities litigation. The report does not take a position on the strengths or weaknesses of any particular cases, nor does it attempt to analyze the legal or economic merits of any rulings; rather, it provides a descriptive account.

From this vantage point, the report documents how multiple defendants challenged predominance for reliance and damages using similar arguments. Multiple defendants challenged the applicability of the fraud-on-the-market presumption of reliance by attempting to rebut the three prerequisites of the theory itself: the truth is not on the market, the market is efficient, and the fraud had a price impact. Multiple defendants also argued that plaintiffs failed to specify how they could measure the inflation caused by the alleged fraud. 

The report further examines how different district courts evaluated these recurring arguments. Four themes emerge from the analysis, reflecting both the types of arguments defendants are advancing and the varying ways courts respond to them. Across these themes, defendants’ challenges asked courts to evaluate case-specific public information to determine whether classwide methods of proof could be applied:

• Theme #1: Some district courts engaged with defendants’ truth-on-the-market arguments, while other courts deferred adjudication to the merits.
• Theme #2: District courts did not deny or limit class certification on the basis of challenges to market efficiency, even when defendants put forward an affirmative argument that markets were inefficient.
• Theme #3: District courts examined price impact, but the only arguments that prevailed were those following the mismatch framework set out in Goldman Sachs Grp., Inc. v. Ark. Tchr. Ret. Sys. (“Goldman ATRS”).[iii]
• Theme #4: District courts consistently held that the out-of-pocket formula could be used, finding that challenges regarding how inflation would be estimated were either unconvincing or could be resolved at trial. Importantly, 2025 also saw appellate court orders that may affect district courts’ examinations of damages going forward.

In the remainder of this article, we first provide an overview of the orders analyzed and the outcomes of these orders. We then elaborate on each of the four themes outlined above. Finally, we provide concluding thoughts and a look ahead, predicting that some of the issues challenged by defendants but deferred by district courts may resurface in the merits phase.

Across these four themes, defendants raised challenges that ultimately bear on plaintiffs’ ability to measure harm as alleged. Some of these challenges were evaluated directly by district courts, while others were deferred to the merits, either explicitly or implicitly. The Sixth Circuit’s appellate ruling in In re FirstEnergy Corp. Securities Litigation (“FirstEnergy”),[iv] which overturned class certification and remanded the district court to perform a rigorous analysis of damages as required under Comcast Corp. v. Behrend (“Comcast”),[v] demonstrates at least one circuit’s preference for addressing more of these challenges at the class certification stage. Challenges that do not ultimately lead courts to impose a barrier to class certification may resurface in the merits phase and/or affect the settlement posture.

Class Certification Outcomes in 2025

In 2025, there were 18 class certification orders issued by federal district courts in which the court either granted or denied (in whole or in part) plaintiffs’ proposed classes of investors.[vi]

Figure 1 below summarizes the judicial outcomes of these 2025 class certification orders: In 12 of 18 cases, federal district courts granted certification in full. [vii] In the remaining six of 18 cases, certification was granted in part and denied in part. These partial denials of certification occurred across three different federal district circuits: the Second, Fourth, and Fifth.

In all six of these cases, defendants argued that plaintiffs had failed to satisfy Rule 23(b)(3)’s predominance requirement with respect to reliance. The courts agreed in part and limited the certified class on this basis.[viii] In three of these cases, defendants further argued that plaintiffs failed to satisfy Rule 23(b)(3)’s predominance requirement with respect to damages, but the courts rejected these challenges.

Figure 1: Judicial Outcomes of the 2025 Class Certification Orders

In the six cases in which the courts denied certification in part, the outcomes were as follows:

• Truth-on-the-Market. The district courts in In re The Boeing Company Securities Litigation (“Boeing”)[ix] and In re National Instruments Corporation Securities Litigation (“National Instruments”)[x] granted certification to a shorter class periodthan was proposed because predominance could not be satisfied for reliance because the truth was on the market.
• Price Impact Rebuttal. The district courts in Plaut v. The Goldman Sachs Group, Inc. et al. (“Goldman 1MDB”),[xi]  City of Warwick Retirement System v. Concho Resources Inc. et al. (“Concho”),[xii] and Boeing denied certification in part because defendants rebutted price impact for some, but not all, of the alleged material misrepresentations. In these matters, the district courts excluded certain alleged material misrepresentations, ruling that the fraud-on-the-market theory did not apply to those statements.
• Affiliated Ute Challenge. The district court in In re DiDi Global Inc. Securities Litigation (“DiDi”)[xiii] denied certification in part, ruling that plaintiffs were not entitled to the presumption of reliance under Affiliated Ute under Section 10(b) for a subset of allegations (but holding that Affiliated Ute could still be applied for other allegations).
• Conflict Between Subclasses. The district court inChahal v. Credit Suisse Group AG et al. (“Credit Suisse XIV”)[xiv] denied certification to one of two proposed subclasses, ruling that there was a “fundamental conflict” between “the classes’ theories of liability.”

Theme #1: Truth-on-the-Market Challenges

In five of the 2025 class certification orders (Credit Suisse XIV, Boeing, DiDi, Natera, and Nikola), defendants challenged the applicability of the fraud-on-the-market theory in matters where publicly available information had corrected (or revealed) some or all of the allegedly misrepresented (or omitted) material facts. Defendants’ truth-on-the-market challenges examined the first prerequisite of the fraud-on-the-market theory: that the truth is not on the market.

In these challenges, some defendants argued that the proposed class period should be shortened after the truth was on the market. Other defendants made further arguments that price impact could be rebutted because the truth was on the market.

Different courts expressed different preferences for adjudicating truth-on-the-market challenges raised by defendants. In two cases (Boeing and Nikola), the district court engaged with the information that the defendants argued was available to investors, and in Boeing, the district court limited the class period on this basis. In the other three instances, district courts stated that these economic arguments could not be evaluated at the class certification stage, because similar analyses may also be examined in the merits stage as part of the materiality inquiry. Figure 2 below summarizes the Brattle Report’s findings.

Figure 2 summary of defendants’ Truth-on-the-Market challenges and district court responses

Note: Orange shading indicates cases in which the district court agreed (in part) with defendants’ truth-on-the-market challenges and limited the certified class on that basis.

Theme #2: Market Efficiency Challenges

In six of the 2025 class certification orders (Credit Suisse ADS, Credit Suisse AT1, Waste Management, Boeing, Cassava, and Nikola), defendants challenged whether plaintiffs had demonstrated market efficiency. These challenges to market efficiency examined the second prerequisite of the fraud-on-the-market theory: public information is rapidly and fully reflected in the price through market efficiency.

Specifically, across four matters involving debt, notes, or options, defendants challenged the analyses put forward by plaintiffs to establish market efficiency. In these instances, defendants raised similar methodological challenges. Separately, in two instances involving common stock (Cassava Sciences and Nikola), defendants went further by arguing that the case facts indicated that the market was inefficient.

No district court in the 2025 class certification orders denied or limited class certification on the basis that plaintiffs failed to establish market efficiency. However, in Cassava Sciences, the court of appeals for the Fifth Circuit granted the defendants’ petition for permission to appeal based, in part, on the district court’s opinion on market efficiency. Figure 3 below summarizes the Brattle Report’s findings.

Figure 3: summary of defendants’ challenges to market efficiency and district court responses

Theme #3: Price Impact Challenges

In 11 of the 18 2025 class certification orders, defendants argued they had rebutted price impact for some or all of the alleged material misrepresentations. These rebuttals of price impact follow Halliburton II’s invitation to explore the third prerequisite of the fraud-on-the-market theory: the alleged material misrepresentation impacted the price.[xvi]

In some cases, defendants argued that there was an informational mismatch between the alleged material misrepresentations and the alleged corrective disclosures that ruled out price impact following Goldman ATRS. In some cases, defendants described how their testifying experts performed economic analyses purportedly rebutting price impact.

In three matters (Goldman 1MDB, Boeing, and Concho), district courts denied certification in part on the basis that defendants had successfully rebutted price impact. In these instances, the district courts denied certification because of an information mismatch following Goldman ATRS. While district courts engaged with the other types of economic analyses presented, they were either unpersuaded by the arguments or determined that the argument should be held over for trial. Figure 4 below summarizes the Brattle Report’s findings.

In addition, the Third Circuit (in Hall v. Johnson & Johnson et al.) and Ninth Circuit (in Jaeger v. Zillow Group Inc. et al.) affirmed district court orders granting certification, which had been appealed by defendants on the basis of price impact. In Oklahoma Firefighters Pension and Retirement System v. Biogen Inc. et al., the First Circuit denied appealability of a similar price impact challenge.[xvii]

Figure 4: summary of defendants’ challenges to price impact and district courts’ responses

Note: Orange shading indicates cases in which the district court agreed (in part) with defendants’ challenges to price impact and limited the certified class on that basis.

Theme #4: Damages Challenges

In 13 of the 18 2025 class certification orders, defendants challenged whether plaintiffs had successfully established that damages are calculable on a classwide basis, as required for predominance under Rule 23(b)(3). In most of these challenges, defendants questioned whether plaintiffs had specified how they intended to measure inflation to calculate damages using the out-of-pocket formula. However, in none of these 13 matters did the district courts deny or limit class certification on the basis of those criticisms. Figure 5 summarizes the Brattle Report’s findings.

Importantly, in contrast to these district court decisions, a Sixth Circuit court of appeals order in In re FirstEnergy Corp. Securities Litigation (“FirstEnergy”)[xviii] overturned class certification and remanded the district court to perform a rigorous analysis of damages as required under Comcast Corp. v. Behrend (“Comcast”).[xix] Further, the Fourth Circuit (in Boeing) and Fifth Circuit (in Cassava Sciences) both granted review to consider the sufficiency of plaintiffs’ showing of damages under Comcast. However, a similar challenge was denied review in the Ninth Circuit (in Wells Fargo).

Figure 5: summary of defendants’ challenges to damages and district courts’ responses

Concluding Thoughts and Looking Ahead

The Brattle Report documents how multiple defendants in securities class actions argued that case-specific facts – publicly available to both defendants and plaintiffs without discovery – undermined the applicability of the fraud-on-the-market theory by showing that its required predicates are not satisfied. The report also describes how multiple defendants contended that case-specific facts and circumstances suggest that inflation cannot be reliably estimated across the class period, as required by the out-of-pocket formula for damages proposed by plaintiffs.

Each of these challenges asked a district court to evaluate the case-specific fact pattern of public disclosures and additional sources of public information to determine the applicability of the fraud-on-the-market theory or out-of-pocket damages formula at the time of class certification.

Overall, our analysis of jurisprudence related to the 2025 class certification orders indicates that district courts have taken differing approaches to whether such challenges can be fully evaluated at class certification. In some instances, courts evaluated the case-specific fact patterns and reached a determination. In others, courts stated that they were precluded from evaluating these case-specific fact patterns. In at least one case (DiDi), the court determined that adjudication of the issue should be reserved for the merits, even if the argument was persuasive at class certification.

Ultimately, these challenges bear on plaintiffs’ ability to measure harm as alleged. Under the fraud-on-the-market theory, the alleged harm is caused by the price impact of the alleged misrepresentations. By examining the total mix of information, defendants seek to rebut the presumption of price impact, which in turn affects whether inflation can be measured as an input to the out-of-pocket formula.

Accordingly, district courts may increasingly be required to engage with these arguments at the class certification stage – particularly in light of the Sixth Circuit’s decision in FirstEnergy, which reminded courts of their potential obligations under Comcast, as well as the Fourth and Fifth Circuits’ orders granting review of these issues in Boeing and Cassava Sciences.

Looking ahead, the extent to which courts engage with these arguments at the class certification stage – rather than deferring them to the merits – may shape both litigation strategy and the practical viability of classwide proof in securities cases.

A more detailed analysis of these findings is available in the full Brattle Report, which can be found on Brattle’s website here.

Andrew Roper, Mame Maloney, Brendan Rudolph, and Ravi Sinha are all Principals, and Aidan Kutner is an Associate, at The Brattle Group. Dr. Roper and Mr. Sinha are Co-Leaders of the firm’s Securities Class Actions practice, and Mr. Rudolph is the Co-Leader of the Private Equity, Venture Capital & Hedge Funds practice.

[ii] In these matters, plaintiffs proposed damage classes for investors who purchased or acquired publicly traded stock, debt, notes, or options for alleged violations under Section 10(b) of the Exchange Act of 1934.

[iii] Goldman Sachs Grp., Inc. v. Ark. Tchr. Ret. Sys., 594 US 113, 123 (2021) (explaining that price impact inference “starts to break down when there is a mismatch between the contents of the misrepresentation and the corrective disclosure.”); Ark. Tchr. Ret. Sys. v. Goldman Sachs Grp., Inc., 77 F.4th 74, 80 (2d Cir. 2023) (“the back-end price drop—what happens when the truth is finally disclosed—operates as an indirect proxy for the front-end inflation, or the amount that the misrepresentation fraudulently propped up the stock price.”).

[iv] In re FirstEnergy Corp. Securities Litigation, 149 F.4th 587 (6th Cir. 2025).

[v] Comcast Corp. v. Behrend, 569 U.S. 27 (2013).

[vi] In these matters, plaintiffs petitioned damage classes for investors who purchased or acquired publicly traded stock, debt, notes, or options for alleged violations under Section 10(b) of the Exchange Act of 1934.

[vii] Leone v. ASP Isotopes Inc., et al., No. 1:24-cv-9253-CM (S.D.N.Y., December 4, 2025) (“ASP Isotopes”); Darshan v. CleanSpark, Inc., et al., No. 1:21-cv-00511-LAP (S.D.N.Y., September 24, 2025) (“CleanSpark”); In re Credit Suisse Securities Class Actions, No. 1:23-cv-5874-CM-SLC (S.D.N.Y., July 7, 2025) (“Credit Suisse ADS”); Core Capital Partners, Ltd. v. Credit Suisse Group AG et al., No. 1:23-cv-9287-CM (S.D.N.Y., November 13, 2025) (“Credit Suisse AT1”); San Antonio Fire and Police Pension Fund, et al., v. Dentsply Sirona Inc., et al., No. 22-cv-06339-AS (S.D.N.Y., July 10, 2025) (“Dentsply Sirona”); In re Waste Management Securities Litigation, No. 1:22-cv-04838-LGS (S.D.N.Y., March 31, 2025) (“Waste Management”); In re Cassava Sciences Inc. Securities Litigation, No. 1:21-cv-00751-DAE (W.D. Tex., August 12, 2025) (“Cassava Sciences”); Schneider v. Natera, Inc., et al., No. 1:22-cv-00398-DAE (W.D. Tex., March 21, 2025) (“Natera”); Crain v. Upstart Holdings, Inc. et al., No. 2:22-cv-02935-ALM-EPD, (S.D. Ohio March 27, 2025) (“Upstart”); Borteanu v. Nikola Corporation et al., No. 2:20-cv-01797-SPL (D. Ariz. January 6, 2025) (“Nikola”); SEB Investment Management AB et al. v. Wells Fargo & Company et al., No. 3:22-cv-03811-TLT (N.D. Cal. April 25, 2025) (“Wells Fargo”); McLeod v. Innovage Holding Corp. et al., No. 1:21-cv-02770-WJM-SBP (D. Colo. January 8, 2025) (“Innovage”).

[viii] In one of these six cases – Credit Suisse XIV – defendants challenged predominance for reliance as well as adequacy of the lead plaintiffs. Credit Suisse XIV 2023 Opposition Motion pp. 15, 21. The court in this matter denied class certification in part on the basis of adequacy.

[ix] In re The Boeing Company Securities Litigation, No. 1:24-cv-151-LMB-LRV (E.D. Va., March 7, 2025).

[x] In re National Instruments Corporation Securities Litigation, No. 1:23-cv-10488-DLC (S.D.N.Y., September 19, 2025).

[xi] Plaut v. The Goldman Sachs Group, Inc. et al., No. 1:18-cv-12084-VSB-KHP, (S.D.N.Y., September 4, 2025).

[xii] City of Warwick Retirement System v. Concho Resources Inc. et al., No. 4:21-cv-02473, (S.D. Tex. April 7, 2025).

[xiii] In re DiDi Global Inc. Securities Litigation, No. 1:21-cv-05807-LAK-VF (S.D.N.Y., August 13, 2025).

[xiv] Chahal v. Credit Suisse Group AG et al., No. 1:18-cv-02268-AT-SN (S.D.N.Y., February 11, 2025).

[xv]  The district court also stated that while the plaintiffs’ expert analysis may not have been perfect, it could still be challenged at trial. Nikola Order p. 21. (“Furthermore, Defendants’ continued attempts to couch their disagreements with the findings of [plaintiffs’ expert] event study as methodological criticisms are unavailing for the purposes of their Motion to Exclude his proposed opinions and testimony. … Plaintiffs also adequately address each of Defendants’ claimed “fatal flaws” in Dr. Nye’s study. As to Dr. Nye’s selection of event dates, Plaintiffs note that the events were defined “ex ante . . . as the Company’s quarterly and year-end earnings announcements,” which is a methodology “supported by the literature” and regularly employed by experts. (Doc. 200 at 10). Here, as in other cases, the Court agrees that “[w]hile Dr. Nye’s study may not be perfect, it is not unreliable. Defendants may challenge Dr. Nye’s conclusions in the appropriate forum, that is, at trial.”

[xvi] Halliburton Co. v. Erica P. John Fund, Inc., 573 US 258 (2014) (“Halliburton II”).

[xvii] Hall v. Johnson & Johnson et al., No. 3:18-cv-01833-ZNQ-TJB (3d Cir., October 15, 2025) (“Johnson & Johnson”); Jaeger v. Zillow Group Inc et al., No. 2:21-cv-01551-TSZ (9th Cir., September 26, 2025) (“Zillow”).

[xviii] In re FirstEnergy Corp. Securities Litigation (6^th Cir. August 13, 2025).

[xix] Comcast Corp. v. Behrend, No. 11-864, March 27, 2013.

A new study highlighted on the Harvard Law School Forum on Corporate Governance, and posted by Subodh Mishra, Global Head of Communications at ISS STOXX, on Tuesday, April 14, 2026, quantifies how cyber incidents can have sustained and measurable negative impacts on shareholder value. The report, based on research conducted by ISS STOXX and ISS-Corporate (the study), analyzed cyber incidents among companies in the Russell 3000 over a multi-year period. Its findings are stark: companies experiencing significant cyber incidents underperform the broader market by approximately 5% on average over a three-year time period. 

As D&O Diary readers are aware, cybersecurity issues can be a source of D&O liability.  The findings in this recent study pile on with findings that cybersecurity failures may also result in share underperformance for a broad period.  The following discusses the findings of this most recent study, reasons for a longer tail and D&O liability and litigation implications. 

The ISS STOX and ISS-Corporate Study’s Findings

The study levered cyber incident data sources, which included self and required state and federal reporting, and compared share price performance across the Russell 3000 index from 2022 through 2024. The analysis looks at the share price impact of 176 unique events, measured from the date the incident was first reported by the impacted firm.  The study also used the adjusted closing price for all trading days during calendar years 2022, 2023, and 2024, considering the impact of share splits and reverse share splits over that period.

Notably, the study found a significant and sustained impact on share price for Russell 3000 index companies that experienced a significant cyber event.  And share price underperformance was not quickly reversed. Instead, affected companies continue to lag the market for extended periods, often exceeding a year, suggesting that cyber incidents trigger longer-term concerns among investors about governance, operational resilience, and future earnings capacity.  Importantly, the Financing and Banking and Health Care sectors accounted for more than half of the incidents reported during the time-period of the study.

This recent ISS STOXX and ISS-Corporate study findings align with broader observations about the growing frequency and systemic nature of cyber risks. Prior research has shown that cyber incidents affect a significant portion of public companies, with hundreds of reported incidents across the Russell 3000 in recent years, often involving third-party vulnerabilities and supply chain exposures. 

Discussion

While the ISS STOXX and ISS-Corporate study highlight the long tail share price value impact stemming from cyber incidents may expose underlying weaknesses, there may be many reasons why that happens. An incident may indicate failure in internal controls, risk management frameworks, and board oversight, leading investors to reassess not just the specific event but the company’s overall governance quality.

In addition, cybersecurity events can give rise to follow-on consequences including regulatory scrutiny, litigation, customer attrition, and remediation costs, many of which continue to unfold over time. A significant breach also may indicate that management failed to adequately prioritize cybersecurity investment or failed to disclose known vulnerabilities. In that sense, the market reaction may reflect not just the incident itself, but a reassessment of management credibility and disclosure practices.

From a D&O perspective, the demonstrated sustained stock price decline could provide a clearer causation narrative for securities plaintiffs. Plaintiffs’ lawyers have faced challenges in tying cyber incidents to measurable investor harm, particularly where stock price declines were short-lived. The study’s findings, showing prolonged underperformance, may help plaintiffs argue that cyber-related misstatements or omissions caused enduring shareholder losses, strengthening both pleading-stage allegations and damages theories.

The study may further reinforce the theory that cyber incidents could become event-driven securities claims, resulting from an operational failure. Thus, empirical evidence of sustained share value impairment may support shareholder causation arguments. The study findings could also be used in derivative litigation alleging oversight failures. If cyber incidents are shown to have long-term financial consequences, plaintiffs may be more likely to frame these events as failures of board-level risk oversight, invoking theories akin to Caremark claims.

Companies will continue to face pressure to provide robust and accurate disclosures regarding cybersecurity risks and incidents. If cyber incidents are now framed as causing prolonged financial impact to share price, regulators and investors alike may expect more detailed disclosure about both the incident itself and the company’s remediation efforts. At the same time, companies may have to navigate the challenge of a timely disclosure and submitting incomplete information in the immediate aftermath of a breach. The risk, as highlighted by the study’s findings, is that inadequate or overly optimistic disclosures may later be challenged considering sustained stock price underperformance.

From a governance standpoint, the study reinforces that cybersecurity is no longer a purely technical issue but a board-level priority.  Thus, for D&O insurers and underwriters, the study’s conclusions are particularly relevant. The evidence of sustained shareholder value impact may translate into increased frequency and severity of securities claims arising out of cyber incidents. Underwriters may respond by more closely scrutinizing insureds’ cybersecurity governance frameworks, incident response protocols, and disclosure controls.

Finally, the study highlights the importance of evaluating aggregation risk, particularly where cyber incidents affect multiple companies through shared vendors or third-party providers. As prior research has shown, a significant percentage of cyber incidents originate from third-party relationships, suggesting the potential for correlated D&O exposure.

Conclusion

The study and distillation by Harvard Law School Forum on Corporate Governance provides compelling empirical support for what has increasingly become apparent: cyber incidents are not isolated operational events but enterprise-level crises with lasting financial consequences. The finding that affected companies underperform the market for extended periods underscores the growing importance of cybersecurity as a core governance and disclosure issue.

For boards, the study’s findings support robust cyber risk oversight, proactive, and well-documented at the executive and board level. For D&O insurers, the study could signal a continuing evolution of cyber risk into a material driver of securities and derivative litigation exposure. As the study underscores a cyber incident’s significant impact on longtail shareholder value erosion.

On April 10, 2026, International Business Machines Corporation (IBM) became the first company to settle with the Trump Administration to resolve allegations that it violated the False Claims Acts (FCA) by implementing diversity, equity, and inclusion (DEI) as part of its hiring practices.  As we have discussed in prior posts, this Administration has clearly signaled that it would use the FCA as part of its an anti-DEI campaign and that, as of late 2025, the DOJ had already launched investigations of DEI consideration in hiring or promotion at major U.S. companies.  

IBM’s $17 million settlement with the DOJ may just be in the first of several currently pending FCA DOJ cases to resolve.  The following will discuss the settlement agreement and potential D&O exposure for companies that may be or become targets of FCA anti-DEI enforcement actions.

The IBM Settlement

The settlement agreement with IBM is the first secured under the DOJ’s Civil Rights Fraud Initiative launched in May 2025.  The agreement resolves allegations against IBM that it violated the False Claims Act in connection with its compliance certifications as a federal contractor. IBM, a New York–based corporation providing products and services to the federal government, was purportedly required to comply with anti-discrimination provisions incorporated into its federal contracts, including requirements derived from Title VII and the Federal Acquisition Regulation. 

The government alleged that IBM knowingly submitted false claims and made false statements by certifying compliance with these requirements while maintaining certain DEI-related employment practices. Specifically, the DOJ contended that IBM engaged in practices that took race, sex, or other protected characteristics into account in employment decisions, including compensation adjustments tied to demographic targets, hiring and promotion practices involving “diverse slate” requirements, and the use of demographic goals in business unit decision-making. 

The DOJ had alleged that IBM offered certain training, mentoring, and professional opportunities that were limited based on protected characteristics, thereby raising concerns under federal anti-discrimination requirements applicable to government contractors.  Without admitting liability, IBM agreed to pay approximately $17 million to resolve the matter, including a portion designated as restitution. The agreement also reflects IBM’s cooperation with the government’s investigation, including early disclosure of relevant facts and remedial measures such as modifying or terminating certain programs at issue. 

Discussion

IBM’s agreement to settle the allegations against it could represent a significant development in the emerging use of the FCA as a vehicle for challenging corporate DEI practices. The Administration’s willingness to frame DEI-related conduct as a basis for FCA liability, and to pursue enforcement on that basis, may now result in meaningful financial exposure for federal contractors whose DEI practices are alleged to be noncompliant with anti-discrimination obligations embedded in federal contracts. In that respect, the settlement not only resolves a single enforcement action but also provides a template for how the government may pursue similar claims going forward. It also may encourage other companies facing pending FCA investigations in this area to consider early resolution, particularly where certification-based theories of liability are in play.

From a D&O exposure perspective, the implications are also potentially significant. As we noted in our discussion of the Administration’s use of the FCA in the anti-DEI context, enforcement actions of this type rarely exist in isolation. Rather, they often serve as a predicate for follow-on civil litigation. To the extent companies publicly disclose DEI initiatives, describe them in SEC filings, or represent compliance with applicable legal requirements, an FCA enforcement action could form the basis for securities class action lawsuits or shareholder derivative claims alleging that the company and its executives misrepresented or failed to adequately oversee these practices.

Perhaps recent developments in ESG-related securities litigation provide a useful analogue. D&O Diary readers may recall the securities suit against Target, in which shareholder plaintiffs demonstrated a willingness to challenge corporate statements and strategies relating to ESG initiatives, particularly where those initiatives become the subject of public or political controversy. In that case, the court’s decision to allow the claims to survive a motion to dismiss suggests that courts may be receptive, at least at the pleading stage, to allegations that companies misled investors about the risks associated with their ESG-related decisions. There may be parallels to DEI-related FCA enforcement. Just as ESG disclosures have been scrutinized for alleged misstatements or omissions, DEI-related disclosures—particularly those tied to compliance representations, could become fertile ground for securities litigation following an enforcement action.

In addition, the IBM settlement may underscore the growing importance of compliance oversight at the board and senior management level. Directors and officers of companies with significant federal contracting exposure may now need to ensure that DEI programs are not only aligned with corporate values and strategic objectives, but also carefully vetted for compliance with applicable legal standards. The risk here is not simply that a program may draw regulatory scrutiny, but that it may be alleged to be inconsistent with certifications made to the federal government, thereby triggering FCA exposure. In this current environment, boards may face increased scrutiny regarding their oversight of compliance functions, potentially giving rise to Caremark-style derivative claims alleging a failure of oversight in the event of an enforcement action.

The IBM settlement also raises important questions about insurance coverage. FCA-related exposures often present complex coverage issues under D&O policies, particularly with respect to whether amounts characterized as restitution or disgorgement are insurable, and whether conduct exclusions may be implicated. Moreover, where an FCA resolution is followed by parallel securities or derivative litigation, questions may arise regarding the allocation of defense costs and the extent to which different towers of insurance respond to overlapping claims. These issues are likely to become increasingly salient if DEI-related FCA enforcement actions become more common.

Along with D&O coverage and exposure considerations, the IBM settlement also raises potential employment practices liability (EPL) implications. The underlying allegations center on employment-related decisions, including hiring, promotion, compensation, and access to professional opportunities. To the extent that DEI-related practices are challenged as discriminatory, companies may face parallel or follow-on claims from employees or applicants alleging disparate treatment or disparate impact under federal and state anti-discrimination laws. Moreover, even absent direct employee litigation, the factual allegations developed in an FCA investigation could provide a roadmap for private plaintiffs’ firms. This dynamic creates the potential for overlapping D&O and EPL exposures, particularly where senior management is alleged to have directed or approved the challenged practices.

Finally, the settlement raises the question whether this represents an isolated enforcement action or the beginning of a broader trend. Given the DOJ’s stated enforcement priorities, the establishment of the Civil Rights Fraud Initiative, and the Administration’s prior signaling that DEI practices would be a focus of FCA scrutiny, it seems likely that this will not be the last such case. Companies with federal contracts, and particularly those with well-developed or highly visible DEI initiatives, may face increasing scrutiny as the government continues to test the boundaries of this enforcement theory. At the same time, the interplay between regulatory enforcement and private litigation, as illustrated by the ESG cases, suggests that the ultimate D&O exposure may extend well beyond the initial government action.

The D&O Diary is on assignment this week in Europe, with the first stop in the German city of Frankfurt. Frankfurt is the premier financial hub of continental Europe, serving as the seat of the European Central Bank and the heart of the German banking industry. I always enjoy visiting Frankfurt, but there was something about this visit in particular that made me reflect on how much my views about Germany have changed over the years — and how much I enjoy visiting Germany — as discussed below.

My primary reason for traveling to Frankfurt was to participate once again as a panelist in the DRRT law firm’s annual Global Loss Recovery Conference. I have participated in this event several times before; it is one of my favorite events, for this simple reason that no one learns more than I do. As has been the case in prior years, I participated in the event’s opening session, in which DRRT’s Managing Partner Alexander Reus and I discussed the current hot topics in the world of global corporate and securities litigation. I would like to thank Alexander and his colleagues for inviting me to participate in this event again, which I should add is first class in every way. I am both grateful and honored to be invited to participate in this event.

The conference day turned out to be an absolutely gorgeous spring day. So, as soon as the day’s events were over, I went out to enjoy the day, the city, and the sunshine. I took the U-Bahn just a few stops to the south side of the River Main, to the Sachsenhausen district, where I knew, from prior experience, that there are places that would be pleasant to visit on a sunny April afternoon.

This is the point at which I need to share how much my views about Germany have changed since I first began visiting the country several decades ago. Sitting at the sidewalk cafe in the April afternoon sunshine made me contemplative, I guess. I confess, with embarrassment, that before my first visit to the country, I had a negative impression of Germany. However, from my very first visit, I learned that my impression was totally wrong.

On my first visit to Germany nearly forty years ago, I travelled to Frankfurt. I arrived on the overnight flight, and after checking into my hotel, I went to a café, bleary-eyed and jet-lagged. The waitress who greeted me and took my order was beautiful. Her face looked to me like a field of wildflowers in bright spring sunshine. Her face shone. It gave me joy. You know this is true because forty years later I am still testifying to how she looked to me.

But it isn’t just her beauty that stays with me. It was her voice. And, more to the point, it was her language. Yes. I am talking about the German language. I confess that I once laughed at the stupid “joke” that was current at the time: that a gentleman speaks English to his wife, French to his mistress, and German to his horse. Ha, ha, very funny. Only, when this beautiful women spoke in her language to me, it was the music of the angels. It was birds singing in the first light of dawn. It was a revelation. Everything I thought I knew about the language, and indeed, as it has turned out over the course of many years, about the country, was wrong. Just wrong.

Since that time I have been to Germany many times. I have been to many Germany cities, including Hamburg, Munich, Berlin, Cologne, Düsseldorf, even Freiburg (and many other German cities as well). Here’s the thing I suspect a lot of Americans don’t know — Germany is actually a really great place to visit. Starting with that first meeting with the beautiful women I encountered so many years ago, I have found the German people welcoming and friendly. The country is full of beautful places to visit and interesting things to see. Also, good beer.

Just an aside. It strikes me now in reflecting upon encountering the beautiful German woman so many years ago that she is now in her sixties. I am not getting any younger either. The days go slowly but the years go fast.

My visit to Frankfurt was short. I was soon off to visit other places. I am always glad to have an excuse to visit Frankfurt. It is just one of those places I enjoy visiting.

In February, I noted an emerging securities litigation trend involving pump-and-dump schemes characterized by thin public float, retail investor participation, and the amplifying effects of social media. Three subsequent pump-and-dump securities filings in February and March 2026, along with a recent federal court ruling involving social media platform liability, provide further evidence that these risks may be accelerating. Taken together, these developments have important implications for D&O liability exposure and for underwriters evaluating risks associated with low-float issuers and companies whose securities trading activity may be influenced by online promotional activity.

Most Recent Pump-And-Dump Cases

Ostin Technology Complaint

On February 16, 2026, a securities class action was filed in the Southern District of New York against Ostin Technology Group Co., Ltd. and certain of its executives (Ostin Technology Complaint). 

The Ostin Technology Complaint alleges what it describes as a “brazen and sophisticated” pump-and-dump scheme that artificially inflated the company’s stock price by more than 1,100% over a roughly two-month period. The alleged scheme centered on a coordinated effort by insiders and co-conspirators to manipulate both the supply of shares and investor demand.

According to shareholder plaintiffs, insiders structured offerings that placed shares into the hands of affiliated parties at steep discounts or no cost, while a parallel social media campaign, featuring impersonated financial advisors, WhatsApp coordination, and even AI-generated deepfake content, created artificial demand.  Allegedly, the stock price rose from under $1 to over $9 before collapsing in a single day, erasing approximately $950 million in market capitalization. 

ChowChow Cloud Complaint

On March 13, 2026, another securities class action alleging a pump-and-dump scheme was filed against ChowChow Cloud International Holdings Limited (ChowChow Cloud Complaint). The ChowChow Cloud Complaint similarly alleges that the company’s stock price surged following its IPO due to a coordinated promotional campaign involving impersonators posing as financial advisors and disseminating misleading investment claims through online platforms. 

The shareholder plaintiffs allege that the scheme unraveled on December 10, 2025, when the stock dropped approximately 84% in a single trading day after volatility-driven trading halts. The ChowChow Cloud Complaint alleges that the company failed to disclose that its stock price was being artificially influenced by fraudulent promotional activity, exposing investors to undisclosed risks. 

The Concorde International Complaint

On March 19, 2026, another pump-and-dump securities class action was filed in the Southern District of New York against Concorde International Group, Ltd. (Concorde) and related defendants (the Concorde Complaint).  The complaint alleges that after the company’s April 2025 IPO, and dramatic post-IPO run-up, the company’s share price collapsed in July 2025. According to the shareholder plaintiffs, Concorde’s stock price surged from its $4.00 IPO price to as high as $31.06, despite no corresponding fundamental developments, before falling approximately 80% in a single day. 

Like the Ostin Technology and ChowChow Cloud Complaints, the shareholder plaintiffs allege that the price increase was driven by a coordinated social media-based promotional scheme. Impersonators posing as legitimate financial advisors allegedly used online forums, chat groups, and targeted advertisements to induce retail investors to purchase the stock. The Concorde Complaint also details how investors were funneled through social media advertisements into WhatsApp groups where they were encouraged to concentrate investments in the stock with promises of significant returns.

The Concorde Complaint also alleges that Concorde had an extremely low public float, less than 3%, combined with concentrated insider control. Shareholder plaintiffs assert that this structure made the stock especially susceptible to manipulation, a risk that was not disclosed to investors.

Social Media Liability Moves Forward

On March 24, 2026, a federal court in the Northern District of California issued a ruling in a proposed class action against Meta Platforms Inc (Meta), allowing certain claims relating to Meta’s alleged participation in pump-and-dump schemes to proceed. The court held that plaintiffs plausibly alleged that investors were targeted through advertisements on Facebook and Instagram and then directed into WhatsApp groups where they were encouraged to purchase shares of a penny stock. In addition, the court found that Meta may have materially contributed to the fraudulent advertisements through its ad tools, including AI-driven features.  As a result, the litigation and plaintiffs’ claims for aiding and abetting fraud and negligence survived Meta’s motion to dismiss the suit. 

Of note, on March 25, 2026, a judge presiding over another Northern District of California case against Meta over ads on its platforms from scammers impersonating financial professionals to run pump-and-dump investment schemes dismissed that complaint, with leave for plaintiffs to amend.

Discussion

Taken together, the Ostin Technology, ChowChow Cloud, and Concorde Complaints indicate that pump-and-dump schemes may have become a securities claim trend. While each of these cases involve similar allegations of structural vulnerability and external manipulation, another notable feature in many of the recently filed pump-and-dump securities cases is the central role of social media and digital communication platforms in driving investor demand.

The allegations include use of coordinated campaigns involving impersonated financial professionals, private messaging groups, and increasingly sophisticated tools such as AI-generated content and targeted advertisements. The Concorde Complaint, in particular, illustrates how these schemes operate in practice, describing how investors were funneled from social media advertisements into WhatsApp groups and encouraged to concentrate investments based on fabricated credibility and guarantees of returns. 

The March 24, Meta decision allowing allegations of aiding and abetting fraud and negligence may signal that liability could extend to entities whose technology facilitates or amplifies the underlying misconduct. While the ultimate outcome of that particular case remains to be seen, the decision highlights the possibility that future pump-and-dump litigation could involve a broader range of defendants and potential D&O exposure for social media platforms.

The increasing number of pump-and-dump securities cases may also underscore plaintiff shareholders’ use of disclosure-based liability theories. In the recently filed complaints, a central allegation is that the issuer failed to disclose that its stock price was being driven by artificial or manipulative forces, or that its structure made it particularly vulnerable to such manipulation. These types of allegations could raise questions about the scope of an issuer’s disclosure obligations, particularly with respect to risks arising from third-party conduct involving social media and artificial intelligence.

In addition, the Concorde Complaint names auditors and underwriters as defendants, which may signal a new focus by plaintiffs on targeting purported gatekeepers in these cases. The allegations that these parties failed to identify or respond to red flags associated with low-float offerings and suspicious trading activity could have significant implications for how these participants are evaluated in future offerings. For D&O insurers, this raises additional considerations of the potential for expanded exposure across multiple insured parties.

Finally, the increasing role of social media in driving trading activity means that underwriters may need to consider not only traditional financial and governance factors, but also how a company’s stock is likely to be promoted, discussed, and traded in a digitally connected marketplace. Combined with the emerging willingness of courts to entertain claims against social media platforms, these developments suggest that pump-and-dump litigation will remain a significant and expanding area of concern for D&O insurers and market participants alike.