A decade ago in the Caremark case, the Delaware Chancery court accorded directors the protection of the business judgment rule in the discharge of their compliance responsibilities. Directors were able to avoid liability because the company had implemented a compliance program, which included an information and reporting system that assured the board that appropriate information would come to its attention in a timely manner so that it could satisfy its compliance responsibility.
The Delaware Supreme Court recently affirmed the Caremark decision in the Stone case. The Stone case held that director liability must be based on either (i) “utter failure” to implement any reporting or information system or controls, or (ii) “conscious failure” to monitor or oversee the compliance system or controls thus disabling directors from being informed of risks or problems requiring their attention. In short, liability requires a showing that directors knew they were not discharging their fiduciary obligations.
The Stone decision is good news for directors coming at a time of enhanced scrutiny of their conduct. In a recent survey of director liability conducted by Thomson Financial and Directorship Magazine, 38.5% of directors surveyed indicated that they either have been sued or have been put at risk for suit in their role as a board member. In response to this epidemic of litigation, boards are exploring various risk management practices to reduce the incidence of both lawsuits and liability. The following are some “best practices” that should be adopted to mitigate director exposure to suit and liability.
Ten Rules to Minimize Director Liability
The following blueprint should be looked upon as enhancements to a company’s compliance and ethics program, because it is in the context of having an “effective” compliance program that courts will apply the protections of the business judgment rule.
1. Directors’ role should be oversight, not management. In performing oversight, directors should exercise diligence in seeking information essential to understanding the risks to the business. If necessary, directors should seek views outside of management (e.g., employees and shareholders).
2. Directors should oversee management’s assessment and handling of strategic, financial, operational, and compliance risks.
3. Directors should be periodically briefed by management on the compliance threats to the organization and the corrective steps being taken to address those risks. For example, money laundering and data protection are major compliance threats.
4. Directors should respond expeditiously to complaints involving accounting and accounting controls received directly through the Audit Committee complaint process.
5. Directors should instruct management to ensure that strong whistleblower protections are in place to protect from retaliation employees who lawfully report compliance violations.
6. Directors should instruct management to ensure that a records management policy is in place that covers paper and electronically stored records.
7. Directors should have detailed knowledge of the profiles of the senior management team, and be particularly attuned to the “tone at the top” set by senior management.
8. Directors should ensure that fellow directors are well-qualified persons of integrity, and engage in periodic self-assessment and evaluation.
9. Directors should engage in prudent minute-taking practices to document the fulfillment of fiduciary duties. Minutes should include (i) subjects discussed (summarize important themes), (ii) process used to reach decision (note recusals and abstentions), (iii) time devoted to discussion (reflect any debate), (iv) information, documents and presentations considered and relied upon, and (v) action taken.
10. Finally, directors should bring in outside experts periodically to train them on their compliance fiduciary duties and ways to mitigate liability.
If directors implement these steps, they are likely to gain the protections of the business judgment rule as recently affirmed by the Delaware Supreme Court. The bottom line is directors must show a renewed vigilance and inject a new candor in monitoring the activities of their companies.