Compliance Readiness - General Counsel's Expanded Role

Editor: As examiners in the WorldCom bankruptcy proceedings, you and Michael Missal of K&LNG had an opportunity to observe how the breakdown of the legal function of that company contributed to its demise. What lessons did WorldCom teach with respect to the organization and reporting relationships of the legal function?

Thornburgh: The issues identified during our investigation of WorldCom provide important lessons for any chief legal officer ("CLO"). I would say six of the more significant ones are the following:

1. 'Manage" a dominant CEO. The examiner's reports noted that CEO Bernard Ebbers was a domineering force at WorldCom. In addition to setting the company's course, he also controlled the board's agenda, discussions, and decisions. Although it is often difficult for a CLO to "manage" a dominant CEO, if the CLO believes that the CEO is not acting in the shareholders' best interests, then the CLO must register his or her objections. They should first be raised with the CEO. If that is unsuccessful, the CLO should bring the matter to the board.

2. Keep the board of directors fully informed. In a number of WorldCom transactions we looked at, we found that the board was not fully informed of all relevant facts. At the very least, the CLO must determine whether the board has the information it needs to fulfill its fiduciary duties.

3. Supervise your law department. WorldCom grew through a series of acquisitions, and so did its legal department. The resulting department was geographically dispersed and lacked a unifying culture. Lines of authority within the department were not always clear. At least one lawyer reported directly to Ebbers, not to the CLO. The result was that the CLO was not always aware of what all of the lawyers were doing and it was difficult to supervise the law department. In large companies, it is not uncommon for the law department to be large and geographically dispersed. No matter how far-flung the lawyers are, however, the CLO must establish an organizational structure that meets the supervisory obligations. either directly or indirectly.

4. Designate a senior lawyer to track significant matters. A CLO best serves the client only if he or she is adequately informed of matters that have a high degree of economic or reputational risk to a company. A CLO cannot be deeply involved in all important matters, but he or she should delegate such responsibilities either to a senior lawyer within the department or to outside counsel. The CLO should stay informed of any developments related to these matters and advise management as appropriate.

5. Monitor the activities of other corporate governance gatekeepers. Obviously the CLO cannot be responsible for every department and function within a company. The CLO or his or her designee should, however, survey the various corporate governance gatekeepers to ensure that they have both the mandate and ability necessary to fulfill these important responsibilities. One of the most important of these is the internal audit function.

6. Promote a culture of compliance. The CLO must promote a culture of compliance. The company should institute a policy of zero (or very little) tolerance for the transgression of corporate governance policies and impose stiff sanctions on violators. Managers should regularly remind employees that complying with applicable laws and regulations is mandatory. The company should offer continuing education on regulatory developments and encourage senior management to express support for compliance.

Editor: What role are General Counsel required to play in assuring compliance with Sarbanes-Oxley and the ethical rules?

Thornburgh: There may have been a time when a General Counsel could regard his or her role in a large corporation or other organization as a narrow one involving answering questions about the law and rendering advice about how the organization should comply with it. That day is gone forever. The new legal, regulatory, and compliance environment, ushered in by the corporate and accounting scandals with which we are all familiar, has necessarily expanded the role of the General Counsel and the corporate legal department which must now manage the company's business and reputational risks as well as managing the traditional range of legal responsibilities.

Corporations recognize this and have taken appropriate actions. It should come as no surprise that Pfizer just appointed its General Counsel, Jeff Kindler, as CEO or that Chuck Prince, also trained as a lawyer, announced when he became CEO of Citibank, that he expected to spend 50% of his time during his first year as CEO on compliance issues. The role of the General Counsel and the in-house legal department is becoming ever more central to core business functions as the enterprise-threatening challenges facing companies increasingly turn on legal and compliance issues.

A parallel trend is the increasing complexity and specialized nature of the businesses that in-house counsel advise. All lawyers are, to some extent, generalists with a few sub-specialties developed from the areas of practice in which they have been involved. Few General Counsel, no matter how experienced and sophisticated, have a deep or broad understanding of the intricacies of all accounting standards or the nuances of the tax treatment in every business unit of a large company. As companies become increasingly global, compliance with cross-border and foreign law issues only add to the compliance burdens of in-house counsel.

Editor: Should opportunities be provided for the CLO to interface with the directors at board meetings or otherwise so that the lines of communication between CLO and the directors are constantly kept open?

Thornburgh: I cannot imagine a General Counsel being able to function effectively unless he or she has direct access and frequent and open communication with the board of directors. This necessarily involves attendance at meetings of the board. In my experience, companies and boards eagerly welcome the involvement of legal counsel. The corporate governance reforms of recent years have increased the responsibilities of board members, especially independent directors, as well as increasing their exposure to potential liability. CLOs serve as advisors to the board to ensure directors are informed about their duties and that the best interests of the company and its shareholders are being met. These responsibilities cannot be met unless the CLO has forged an appropriate working relationship with the board. Regular attendance at board meetings and appropriate board committees is essential to this process.

Editor: Should the CLO meet on a regular basis with the Audit Committee and the independent directors without other members of management being present?

Thornburgh: It is likely that one or more issues on the agenda of an Audit Committee will have a legal dimension. Because many Audit Committee functions involve the Committee's duty to ensure that the company has appropriate processes in place to give Committee members confidence that they are receiving adequate and accurate information, the CLO's advisory input is appropriate. Apart from these broad concerns, one specific example of an issue that frequently comes before Audit Committees is the establishment of reserves for contingent litigation liabilities. This is a judgment that involves a mix of legal analysis, strategic considerations, and advice on Financial Accounting Standards from the company's outside auditors. Any Audit Committee member will want to have company counsel present for the discussion leading to action by the Committee on an issue like this.

Additionally, there are periodic meetings of independent board directors outside the presence of management. These meetings give the independent directors an opportunity for candid discussion of management performance, the adequacy of information management is furnishing the board, and other concerns. To the extent these concerns involve legal questions, CLOs are frequently invited to attend such meetings to answer questions or give presentations on particular issues. This highlights the complexity of the role of the CLO in corporate governance. The CLO's client is the company owned by its shareholders. He or she is part of management but advises the board.

If conflicts arise between the board and management, the CLO may have to advise the board to retain independent counsel to act on behalf of the board, the Audit Committee, or the independent directors.

Editor: What should the CLO do if actions are taken by management that circumvent requirements for board review or approval?

Thornburgh: This takes the issues we just discussed from the general to the specific. A CLO who believes that man-agement is acting in contravention of the board must bring the matter to the board's attention. A lawyer in this situa-tion can take guidance with respect to his or her legal position from the "up-the-ladder" reporting requirements of Rule 205 of the SEC Rules of Conduct. Rule 205 was promulgated in response to Section 307 of Sarbanes-Oxley and became effective three years ago, in August 2003. Rule 205 applies to both outside counsel and in-house lawyers appearing and practicing before the SEC, and to "evidence of a material violation," but it is instructive beyond those limitations. The Rule provides that the lawyer making the report is obligated to follow up to ensure that a reasonable and timely response occurs. However, if the attorney does not believe an appropriate response has occurred within a reasonable time, he or she is required to report the information, and the inadequacy of the response, "up the ladder" to the Audit Committee, the independent directors, or the full board.

The SEC's issuance of Rule 205 was preceded by widespread comment and it has generated concern about how to balance its requirements with the attorney-client privilege, the attorney's obligation to maintain client confidences, and well-established rules of professional conduct and ethics. While these concerns work toward some satisfactory resolution, CLOs can rely on Rule 205 as support for the necessity of resolving conflicts between management and the board in favor of disclosure to the board - con-sistent with the fact that the CLO's client is the company and its shareholders, not management.

Editor: A common characteristic of option backdating, special purpose corporations and violations of the Foreign Corrupt Practices Act is that significant accounting and/or tax issues may be involved. How should CLOs handle such issues?

Thornburgh: Although many of these risk areas can involve significant and complex accounting or tax issues, most can be boiled down to their essential requirements. Once the key provisions of the law are understood and illustrated with some recent examples of abuses, the CLO can then take appropriate steps to minimize the company's exposure. For example, with respect to the FCPA, the CLO can insure that steps are taken to look out for the "red flags" which have been identified by the U.S. Department of Justice as potentially providing notice of corrupt conduct. Examples include: unusual financial arrangements; a pattern of corruption in the country in which the company is doing business; a refusal to provide FCPA compliance certifications; abnormally large commis-sions; lack of transparency in expenses and accounting records; an agent's repu-tation for unethical business practices; whether any transactions have been recorded as cash; unnecessary third par-ties or multiple intermediaries perform-ing similar functions; requests for payments to a third party rather than the intermediary; and requests for reim-bursements that are poorly documented.

Editor: Do requirements by prosecu-tors that a corporation waive the attorney-client privilege or that the corporation refrain from indemnify-ing employees undermine the ability of the CLO to uncover compliance issues? What can the CLO do when confronted with such a request? Is any solution to these issues likely?

Thornburgh: There is no neat and tidy solution to these issues that one can point to today. But there are some recent and important guideposts that are showing the way forward.Judge Kaplan's recent decision in United States v. Stein, WL 1735260 (S.D.N.Y. June 26, 2006), the KPMG tax shelter prosecution, has indicated that there are constitutional limits to the pressure the Justice Department can impose on companies in the name of applying the Thompson Memorandum's criteria for demonstrating cooperation that can earn a company a favorable decision in connection with an investigation.

Last March, the Subcommittee on Crime, Terrorism & Homeland Security of the House Committee on the Judiciary held hearings on the threats to the attorney-client privilege posed by current governmental policies and practices. I testified at the hearing about the importance of the privilege and how unduly aggressive applications of the Thompson Memorandum by some pros-ecutors is at odds with the important values underlying the privilege. I included in my testimony the results of a survey of in-house and outside counsel, involving responses from over 1,400 lawyers, which showed that nearly 75% of both groups believe that a "culture of waiver" has developed in which governmental agencies expect companies under inves-tigation to broadly waive attorney-client and work product protections.

Finally, this issue has been taken up vigorously by the organized bar. Just last May, my K&LNG colleague, outgoing ABA President Michael Greco, wrote to Attorney General Gonzales to call for specific revisions to the Thompson Memorandum, its predecessor the Holder Memorandum, and its Civil Division counterpart at the DOJ, the McCallum Memorandum. Adoption of recommendations along these lines would substantially reduce the risk of government-coerced waiver.

So there is hard work ahead but the issue has been joined, at both the executive and legislative branch level. We just have to keep focused on the issue because the protection of the privilege is too important for us not to act.

Published September 1, 2006.