This is the second post in this series of blogs on corporate compliance issues for governing boards. We will continue to discuss fiduciary duties, this time concentrating on some special areas of concern for board members under their fiduciary duties. Future posts in this series will expand on fiduciary duties, federal sentencing guidelines and best practices.
Some Special Areas of Concern for Board Members under Their Fiduciary Duties
A board member should be particularly concerned that the organization has established and implemented programs designed to address the following:
- Managing Risks of the Enterprise
Non-ERISA Plan Assets
Managing risks of the enterprise is a developing area of law for both the board and its management. The duties for managing risks for fiduciaries of employee benefit plans subject to ERISA with respect to plan assets are different than those for board members and officers with respect to other assets.
With respect to assets other than those that are part of an employee benefit plan subject to the Employee Retirement Income Security Act of 1974, as amended (ERISA), the duties of boards and officers are their corporate law duties of care and loyalty (i.e., to act with the care that an ordinarily prudent person in a like position would use under similar circumstances and in a manner believed to be in the best interests of the organization; or, with respect to board members, not opposed to the best interests of the organization). A developing area of the duty of care is a duty to minimize the risk of large losses to the extent that an ordinarily prudent person in a like position would do so under similar circumstances for the best interests of the organization.
Because boards are not expected to manage assets, their duty with respect to management of risks is one of oversight. Boards, or an appropriate committee of the board under its direction, should periodically review with appropriate officers and, in some cases, the internal and external auditor:
- The systems of internal financial control and the monitoring of their adequacy;
- The systems for protecting the organization’s assets, including the adequacy of insurance as well as protecting intellectual property and safeguarding confidential corporate information; and
- The systems for assuring that transactions are executed in accordance with management's general or specific authorization.
The NYSE and NASDAQ have delegated this duty of oversight to the audit committee or, if it does not do so, all of the independent board members. The Sarbanes-Oxley Act (SOX) requires management of public reporting companies, with the participation of their CEOs and CFOs, to annually evaluate the portion of these systems related to financial reporting as part of management’s report on internal controls over financial reporting.
ERISA Plan Assets
The duties are greater with respect to assets of an employee benefit plan subject to ERISA, a fiduciary of the plan is to act solely in the interest of the participants and beneficiaries and—
- For the exclusive purpose of providing benefits to participants and their beneficiaries and defraying reasonable expenses of administering the plan;
- With the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims;
- By diversifying the investments of the plan so as to minimize the risk of large losses, unless under the circumstances it is clearly prudent not to do so; and
- In accordance with the documents and instruments governing the plan insofar as such documents and instruments are consistent with ERISA.
A fiduciary’s duties are different from the corporate law duty of care and loyalty in several significant ways. The duty of care is also greater in that a fiduciary is to act with the care that a prudent man acting in a like capacity and familiar with such matters would use, which is a higher standard than the care that an ordinarily prudent person in a like position would use. More significantly, the duty of loyalty is not to the organization, but is “solely” for the interests of the participants and beneficiaries for the “exclusive” purpose of providing benefits and defraying reasonable expenses of administering the plan. Most significantly, a fiduciary has an express duty to diversity the investments of the plan so as to minimize the risk of large losses, unless under the circumstances it is clearly prudent not to do so.
A person is a fiduciary if he or she:
- Exercises any discretionary authority or discretionary control respecting management of such plan or
- Exercises any authority or control respecting management or disposition of its assets
- Renders investment advice for a fee or other compensation, direct or indirect, with respect to any moneys or other property of such plan, or has any authority or responsibility to do so, or
- Has any discretionary authority or discretionary responsibility in the administration of such plan
Boards are fiduciaries if they have or exercise the authority or control of a fiduciary described above. Department of Labor regulations provide that a board or committee of the board is a fiduciary responsible for the selection and retention of plan fiduciaries, such as the trustee or plan administrator. Boards and officers should confirm whether or not they are named fiduciaries of any ERISA employee benefit plan. A named fiduciary has both statutory as well as contractual responsibilities and, accordingly, corresponding liabilities. Although a named fiduciary has a right of reliance on others, that right of reliance is only on others who are also named fiduciaries and only to the extent the plan documents permit such delegation of authority or responsibility.
- Quality of Disclosure
Do the organization's disclosure documents (quarterly and annual reports to shareholders, proxy statements, prospectuses, press releases, web pages and other key communications to shareholders and the investing public) fairly present material information? A board member's primary responsibility in the disclosure process is to be satisfied that corporate procedures are reasonably designed to produce accurate and appropriate public disclosures. Management has the primary responsibility for implementing these processes, subject to board members' oversight and periodic review of the steps taken by management.
- Compliance with Law
Does the organization have appropriate policies designed to result in compliance with applicable laws and regulations? Does the board receive reasonable assurances that employees of the organization are informed of corporate policies directed at compliance with applicable laws, including antidiscrimination and employment laws; environmental and health and safety laws; antitrust laws; and securities laws, particularly those prohibiting insider trading?
The organization should have appropriate procedures for monitoring compliance with such laws throughout the organization. All persons involved in the compliance process should have direct access to the general counsel or other compliance officer so that sensitive compliance situations may be raised for prompt consideration. Board members do not administer legal compliance programs, but should review their functioning periodically and endeavor to be reasonably satisfied that appropriate programs are in place.
Most large, publicly owned organizations have adopted codes of business conduct expressing principles of business ethics, legal compliance and other matters relating to business conduct. Subjects commonly addressed by such codes are legal compliance (antitrust laws and policies, Foreign Corrupt Practices Act of 1977 and insider trading, to name a few), conflicts of interest, corporate opportunities, gifts from business associates, misuse of confidential information and political contributions.
A program of legal compliance that is well-conceived and properly implemented can significantly reduce the incidence of violations of laws and corporate policy. It may also reduce or eliminate civil lawsuits, penalties or prosecution against the organization for those violations of law that occur in spite of such a program. Since the enactment of the United States Sentencing Commission's sentencing guidelines, organizations have been given further reason to review and reassess their compliance policies and procedures. These guidelines greatly increase the penalties for businesses found guilty of criminal violations, but provide significant fine reductions for convicted organizations that maintain appropriate programs to prevent and detect violations of law.
- Approval of Commitments
Is there a functioning and effective system in place for approval of commitments of the organization's financial and commercial resources?
Although board approval of all or even most corporate commitments is not necessary, the board should be satisfied that a reasonable approval system exists and should have a clear understanding with management, which may be embodied in a formal policy, as to which major commitments require board approval.
- Adequacy of Internal Controls
Does the organization maintain appropriate systems of internal financial control, and is there a functioning and appropriate system for monitoring their adequacy? Periodic review of the functioning of these systems is appropriate.
Protection of Assets
Does the board receive periodic reports describing the organization's program for the protection of its assets? In addition to insurance arrangements, such a program should include procedures for protecting intellectual property and safeguarding confidential corporate information.
- Counseling of Board members
Does the organization provide board members competent legal advice regarding the organization's affairs and the conduct of its board members? In addition to the organization's general counsel or regular outside counsel, there may be occasions when an additional outside legal advisor should be specially retained by the board or a committee in connection with a particular matter.
If, after a thorough discussion, a board member disagrees with any significant action proposed to be taken by the board, the board member may vote against the proposal and request that the dissent be recorded in the meeting's minutes. Except in unusual circumstances, taking such a position should not cause a board member to consider resigning. However, if a board member believes that information being disclosed by the organization is inadequate, incomplete or incorrect, or that management is not dealing with the board members, the shareholders or the public in good faith, the board member should first encourage that corrective action be taken. If that request is not satisfied or the problem continues, the board member should encourage the board to replace management and, if such a change does not occur, the board member should resign.