We've all heard of investor lawsuits. Investors sue companies because they believe that the company has engaged in conduct that reduces the value of their investment. Sometimes these cases are dressed in other garb (justice, equity, you name it) for marketing purposes, but the bottom line is always money.
If a company makes a false claim, and this claim is later discovered to be false, investors have the right to sue the company for damage. These suits are sometimes brought in tandem with suits from regulators whose remit is to protect investors. Some of the biggest settlements to date resulting from discovered false claims were made by GlaxoSmithKline ($3 billion) and Pfizer ($2.3 billion). Despite their size, these settlements did not destroy either company.
Company executive and Board members are responsible for the well running of the company. If they act recklessly, in a way that diminishes a company's value, investors have the right to sue for redress.
Of course, recklessness is difficult to prove. Running a company is complex and many factors affect decision making. It's difficult for investors to prove that executive behavior was unreasonable under any circumstance.
This bar is extraordinarily high in fast-moving industries where something "unreasonable" yesterday seems perfectly "reasonable" today. The issuance of tokens is a great example. Who would have thought that issuing tokens was reasonable after the class-action lawsuit against Tezos? Within two years sentiment changed 180º and issuing a token became not just accepted but expected from companies in the crypto industry.
Incidentally, investors sued the Tezos Foundation by making a rather unusual claim: that the tokens they bought were not registered as securities.
A security sold to investors must be registered with the regulator in the purchaser's jurisdiction. If a regulator discovers that securities were sold without being registered they can sue the company on behalf of the investors they are required to protect.
Sometimes, though, regulators aren't aware of these sales until unhappy investors point them out. If regulators agree, investors can claim that the "oversight" was a breach of fiduciary duty (a fancy term for reckless behavior that causes loss of shareholder value). This is a rare occurrence, except in the crypto industry where the very definition of a security token is unknown in most jurisdiction. Company executive may sell token that they believe are utility tokens (the equivalent of the tickets or tokens you might buy your kids for fun fair rides) but that regulators believe are securities. Were the executives who sold these tokens reckless?
Since the definition or perception of "reasonable behavior" is open to interpretation there is no way to eliminate investor risk.
The best way to minimize this risk is to scrupulously follow every possible rule, and documenting the justification for every decision. This is time-consuming and therefore costly. A company that focuses solely avoiding investor risk isn't going to make it, especially in a competitive industry.
As every trader knows, returns tend to be correlated to risk. Tesla isn't successful because it avoided risk. It is successful (so far) because it has taken enormous risks. Needless to say, Tesla is constantly being sued by unhappy investors.
Managing investor risk ultimately depends on an accurate assessment of the likelihood that unhappy investors will use a particular attack vector if they come to regret their investment. Crypto companies are unlikely to be sued for making false claims about their products. They are far more likely to be attacked for issues related to their token.