Whenever I read about the latest enforcement action – whether it is FCPA, export controls and sanctions, health care fraud, off-label marketing, or False Claims Act – my first question is always what role, if any, did the board of directors’ play in the compliance failure?

The buck starts and stops with the board of directors.  Compliance meltdowns do not occur unless the board is complicit by action or inaction.  If a board fails to exercise its duty of oversight, it is likely that officers and employees will violate corporate policies and potentially federal and state law.  If tone-at-the-top means anything, the “top” has to be the board of directors.

The recent BizJet FCPA enforcement action was striking because of the direct involvement of the board and senior managers in paying bribes to foreign officials.  According to the government’s filings in the case, the scheme involved three senior executives: A (responsible for operations and finances); B (oversight of new customer development); C (finances).

Early in the conspiracy, senior executives A and B met with the BizJet board of directors and briefed the board that the key decision makers for their business were directors of maintenance or chief pilots, and that these individuals were demanding payment of y $30,000 to $40,000 as “commissions” and that BizJet would pay “referral fees in order to gain market share.”  The government’s information details a number of activities committed by the senior executives and others after informing the board of their plans.

The overriding question is did the board sanction the bribe payments?  At the worst, the board knew about the potential bribery scheme and appeared to do nothing to stop the plan from being carried out.  The facts outline a classic corporate governance failure.

While we do not have access to all the facts, board members may be co-conspirators by approving and authorizing the criminal scheme to go forward.  The board members only defense may be that they did not understand that the “commissions” or “referral fees” were illegal bribes.  Whatever the case may be, this is a striking example of a corporate governance failure and underscores a primary responsibility of the board – to exercise oversight and monitor corporate activities.

A director owes a corporation the duty of care. The duty of care generally describes the level of attention required of a director in all matters related to the corporation. The duty of care is perhaps more accurately described as a “duty to be informed.”

A director has the responsibility to be informed about an issue before making a business decision relating to the issue.  A director will fulfill the duty of care if, prior to making a decision, he or she considers all material information reasonably available to him or her.   To fulfill the duty of care, the directors of a corporation have to follow deliberate procedures and consult with appropriate committees, officers, or employees of the corporation or other outside experts in making corporate decisions. 

In general, under the “business judgment rule,” if a board of directors properly exercises its duties, its members will be protected from liability for their actions on the board. In effect, there is a presumption that, in making a business decision, the directors acted on an informed basis, in good faith and in the honest belief that the action was taken in the best interest of the corporation. This presumption can be overcome with a showing that the board acted with gross negligence.

The duty of care sets out minimum requirements.  A board member can do and should do more than the minimum requirements.  If corporate governance is ever going to improve, board members can no longer serve in cushy positions with little responsibility for oversight.  A new corporate governance model is needed.  So long as the enforcement agencies continue aggressive enforcement policies, corporate boards will come under greater scrutiny – and rightfully so.