Board of directors and management responsibilities

• Author: Robert W. Tarun
• Pages: 67-88

CHAPTER 4

Board of Directors and

Management Responsibilities

I. BOARD OF DIRECTORS RESPONSIBILITIES

A board of directors has a duty of care to the company that requires it to be

informed of developments in the company’s business and of possible liabilities.

Certain categories of Securities and Exchange Commission investigations (includ-

ing those raising issues of improper payments, false books and records, and cir-

cumvention of internal controls) may require directors to inform themselves of the

underlying facts. This is especially true where senior management is alleged to have

personally engaged in improper conduct.1 A responsible multinational board of

directors must today focus on anti-bribery risks, issues, policies, and compliance.

II. IN RE CAREMARK INTERNATIONAL INC. DERIVATIVE

LITIGATION, ITS PROGENY, AND DIRECTOR

CORPORATE GOVERNANCE RESPONSIBILITIES

In 1996 the Delaware Chancery Court in In re Caremark International Inc. Derivative Liti-

gation issued a landmark opinion holding that the failure of a board of directors to

ensure that its company has adequate corporate compliance information and report-

ing systems in place could “render a director liable for losses caused by noncompliance

with the applicable standards.”2 The Caremark decision clearly struck fear in directors

as it warned that, in the wake of misconduct, they could be held personally liable for

corporate control system failures. Since this seminal corporate governance decision

over a decade ago, three other Delaware cases have come down to address fiduciary

duty. In 2010 the Delaware Chancery Court addressed directors’ duties in an FCPA or

foreign bribery allegation context in In re the Dow Chemical Company Derivative Litigation.3

A. In re Caremark International Inc. Derivative Litigation

In holding that directors may be personally liable for failing to ensure that adequate

corporate compliance information and reporting systems are in place, the Delaware

Chancery Court stated that elements of an adequate compliance program include:

(1) the appointment of the company’s Chief Financial Officer as “Compliance Officer”;

(2) a periodically updated code of business conduct for employees;

(3) an ongoing ethics and compliance training program for employees;

67

68 CHAPTER 4

(4) an internal audit system designed to ensure compliance with ethics and compliance

policies; and

(5) the formation of a board audit and ethics committee that is regularly advised of

the company’s “efforts to assure compliance with the law.”

Additional steps approved by the court included:

(1) establishment of a board committee to meet at least quarterly to monitor

compliance and to report to the full board on compliance issues;

(2) appointment of compliance officers at each of the company’s business units to

report regularly to the board committee on compliance issues;

(3) consideration by the full board of the impact of significant changes in applicable

legal and regulatory standards on the company’s business and compliance

responsibilities; and

(4) modification of the company policies and procedures that led to the likelihood of

violations.

This guidance led many companies to adopt these measures.

In Caremark, Chancellor Allen discussed the need for companies to have adequate

corporate compliance programs in order to avoid potential liability for directors.

Commenting on the 1991 enactment of the Organization Sentencing guidelines,

he emphasized: “Any rational person attempting in good faith to meet an organiza-

tional governance responsibility would be bound to take into account this develop-

ment and the enhanced penalties and the opportunities for reduced sanctions that

it offers.”4 The court also noted that “[t]he Guidelines offer powerful incentives

for corporations today to have in place compliance programs to detect violations

of law, promptly to report violations to appropriate public officials when discov-

ered, and to take prompt, voluntary remedial efforts.”5 A company’s compliance

program should be “reasonably designed to provide to senior management and to

the board itself timely, accurate information sufficient to allow management and

the board, each within its scope, to reach informed judgments concerning both the

corporation’s compliance with the law and its business performance.”6

The Caremark decision concluded that “a director’s obligation includes a duty

to attempt in good faith to assure that a corporate information and reporting sys-

tem, which the board concludes is adequate, exists, and that the failure to do so

under some circumstances may, in theory at least, render a director liable for losses

caused by noncompliance with applicable legal standards.”7 Two major Delaware

cases would come over seven years later to revisit Caremark and give directors com-

fort that they would not simply be held liable whenever substantial losses occurred

at companies for which they had director oversight roles.

B. Stone v. Ritter8

In 2006, the Delaware Chancery Court reviewed a derivative complaint against pres-

ent and former directors of AmSouth Bancorporation (AmSouth) arising out of the

failure of bank employees to file Suspicious Activity Reports (SARs) as required by

the Bank Secrecy Act (BSA) and various anti-money laundering (AML) regulations.