Regulatory & Compliance

Corporate Counsel's Guide To Compliance

Editor: Please describe your background.

Reddick: I co-head Akin Gump’s national corporate practice and am located in its Los Angeles office. I advise clients with respect to the discharge of their fiduciary duties and best practices in corporate governance. The transactional side of my practice is essentially M&A and corporate finance.

Editor: Why do large companies with legal and compliance departments continue to be targeted by federal and state prosecutors for compliance failures?

Reddick: My personal view is that they are not being targeted so much because of size, but rather due to the complexity and scope of their operations, their geographic reach and the fact that many of them are in very highly regulated industries – such as health care, banking, pharmaceuticals and financial services.

Editor: What steps can be taken by companies to reduce their exposure to compliance failures?

Reddick: The best protection starts with a clear articulation of the risk profile of the company. Managers should have a clear and consistent understanding of the firm’s risk philosophy – the amount of risk a company is willing to accept in pursuit of its business goals. Managers at each level should have an obligation to identify, assess and manage risks and then communicate them upstream. This is particularly important in companies that have distant subsidiaries or foreign operations.

Editor: Do corporate directors have a responsibility to oversee their company’s compliance programs? What do these oversight responsibilities entail?

Reddick: The corporation can be held responsible for the actions of its management and other employees. Since the board is charged with overseeing those managers and employees on behalf of the corporation, the board needs to have functioning oversight and compliance systems in place. There are a number of specific laws that impact the discharge of those duties:

The Federal Sentencing Guidelines impose large penalties on corporations for violation of federal criminal laws, but those penalties can be significantly reduced if corporations have appropriate oversight and compliance programs in place.

Under Delaware law, the directors have a duty of oversight that requires them to implement and oversee the operation of reasonable information reporting systems and controls.

And for public corporations, the board must consider the additional compliance requirements of the Securities and Exchange Commission and the rules of the stock exchanges on which its shares are listed. The Sarbanes-Oxley Act requires public companies to periodically assess the effectiveness of their internal controls and financial reporting, maintain disclosure controls and procedures and provide for direct audit committee oversight of their independent auditors.

When you put that package together, you have a broad legal environment requiring and encouraging boards to be active in discharging their oversight obligations.

Editor: Are directors exposed to litigation based on the theory that the directors did not exercise due care in assuring themselves that their company had adequate compliance programs?

Reddick: Yes. The Delaware courts have addressed the duty of oversight in both the Caremark and the AmSouth Bancorporation cases. In Caremark, the plaintiffs alleged the directors breached their duty of oversight when certain employees violated the federal law prohibiting payment to induce Medicare or Medicaid referrals. In AmSouth, the plaintiff alleged the directors breached their duty of oversight because the corporation failed to comply with the Bank Secrecy Act.

In both of those cases, the court said directors need to assure themselves in good faith that the corporation has reporting systems in place that are reasonably designed to provide timely and accurate information to the board. The Delaware courts have recently looked at this issue again in connection with several cases involving U.S. corporations that are owned or managed by foreign-based companies.

In the last few years, there have been several instances where there have been allegations that foreign-based companies have not complied with U.S. internal controls and financial reporting requirements. In certain of those instances, it came to light that the directors of those corporations were not providing adequate oversight, and U.S. shareholders brought suit. Under the facts presented, the Delaware courts refused to dismiss the cases and allowed them to proceed.

Editor: Are there other theories on which director liability is based?

Reddick: Liability potentially arises in other common scenarios, all of which can be tracked back to the duty of loyalty or the duty of care. Liability may be based on the failure of directors to institute meaningful internal controls and accounting or other compliance systems. Once it is ascertained that adequate controls are not in place, directors may be found liable if they do not make a good faith effort to correct the deficiency. Liability can also be found for allowing the company to continue to disseminate false and misleading information about the adequacy of its controls. Lastly, there is director liability based on failure to cause the company to investigate allegations of wrongdoing once they were brought to the attention of the board.

Summing up, the potential for directors’ liability runs the gamut from potential liability for failure to put controls in place in the first instance, failure to improve controls once deficiencies are bought to the board’s attention, and failure to investigate once red flags arise or complaints are made.

Editor: Does the business judgment rule protect directors from liability?

Reddick: Generally, the presumptions of the business judgment rule will apply. Several courts have commented that the Caremark case sets a very high standard before liability will be found. Delaware courts are generally reluctant to impose liability on directors simply because of a bad result and the hindsight that comes with looking back and realizing that something else should or could have been done to prevent the harm. Instead, courts will generally look for sustained or systemic failure of the board to exercise its oversight duty. Nevertheless, recent cases asserting Caremark claims against the absentee directors of foreign-based companies have made it clear that where a court has determined that egregious misconduct has occurred, it will not apply the business judgment rule. This is an issue that is currently being litigated in a couple of different forums across the U.S.

The FDIC has been particularly aggressive in asserting that the business judgment rule does not apply, relying on several theories – one theory being that, while the business judgment rule may apply in a shareholder lawsuit, it does not apply in the context where the plaintiff is a receiver in a bank failure. The FDIC has also asserted in several cases that, while the business judgment rule may be applicable for directors, it is not applicable in suits brought against officers. So, while the directors may have a defense in the business judgment rule, the CEO or the president may not. Those issues have not yet been finally decided.

Editor: What are some of the ways a board can show that it made a “good faith” effort to oversee management’s compliance efforts?

Reddick: The board or the applicable committee should receive and monitor periodic reports from management that assure that it is implementing a strong reporting system and a set of controls to assure compliance. If credible claims of compliance failures are made by third-party stakeholders or employees, or if no such claims are made but there are simply red flags in the data, it is important that these be immediately and thoroughly investigated. These actions will be evidence that the board is acting in a prudent and appropriate fashion.

Editor: To what extent can D&O insurance protect directors against liability?

Reddick: D&O insurance is available. However, there are some strong “buts” that come along with that. First of all, some insurance companies can be very aggressive in reviewing and rejecting these claims. Potential defenses are found in the notice provisions in some policies and the insured-versus-insured exception, where insurance is not available if the directors are suing one another or the company is suing a director. And if the underlying conduct is found to involve gross negligence or willful misconduct, coverage may not be available.

Editor: Would board membership of general counsel be desirable to assure that the board takes seriously its obligations to review the company’s compliance programs and its compliance record? Should he or she be from the same or another company?

Reddick: Historically there has been skepticism about lawyers being on the board of directors. They are often thought of as being too “legalistic” rather than pragmatic business partners with business savvy. However, I recently saw a statistic that indicated that over 40 percent of public companies now have at least one lawyer on their board. I think the reason for that is the perception that lawyers know a lot about compliance, regulatory, governance, and litigation issues. Having that skill set on the board and the right individual can benefit the operation of the board.

But, in the case of a public company, it is best if that general counsel is from another company. Both the potential for conflicts and the views of the institutional shareholders services on the issue of members of management on the board and the limitations of their membership on certain committees all argue in favor of selecting among qualified individuals who are not employees of the company.

Editor: What can corporate counsel do to effectively guide their directors in carrying out their responsibilities and reducing their liability for compliance failures?

Reddick: First and foremost, general counsel can use their review and input into the agenda and the calendar for the board and its committees to ensure that the calendar includes a periodic review of compliance issues. Second, they can cover with directors the scope of their fiduciary duties. Third, he or she can proactively bring to the attention of the board “red flags” among board materials that warrant their scrutiny and attention.

Published .