Liability

Liability of undertakings

What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?

Members of governing bodies and senior management have several responsibilities regarding risk and compliance. First, governing board members have responsibility for compliance programme oversight. This means that board members must ensure that the compliance programme is effective, that it is designed to mitigate compliance risks, and that it has sufficient resources to prevent, detect and respond to potential misconduct. Second, board members must hold senior management and those responsible for the compliance programme accountable to implement the programme. Board members also must establish a ‘tone at the top’ that demonstrates to employees and external parties that the organisation expects all who are associated with it to act properly and in accordance with applicable laws and regulations as well as organisation policies.

With regard to senior management, the expectation is similar to that of members of the governing body. Senior management should ensure that the compliance programme has the resources and capabilities to implement a programme that prevents, detects and responds to potential misconduct. Senior management also has an obligation to demonstrate support for compliance through ‘tone at the top.’ This requires management to show by verbal communication and their actions that they require all employees to act in a compliant way and that misconduct will not be tolerated. This tone can be demonstrated through written and verbal communication to employees by email, in other written communication, through presentations at meetings, and through one-on-one interactions where employees are encouraged to only conduct business ethically and in accordance with applicable laws and organisation policies.

Do undertakings face civil liability for risk and compliance management deficiencies?

Those organisations that engage in misconduct involving compliance obligations under law face potential civil liability, which could include fines, disgorgement of gains, restitution and debarment from participating in government programmes. Liability occurs from a violation of applicable law or regulation, as opposed to a violation of a compliance programme requirement. For example, civil liability could occur if an organisation fails to obtain a required permit, but civil liability would not occur if an organisation’s employee failed to follow a policy requiring a permit to be obtained.

In addition, organisations may face the risk of civil liability from private litigants who may claim that the organisation failed to fulfil its obligation to manage risk through a compliance programme, resulting in loss of value to an investor who would not have experienced a loss if the programme had been managed effectively. These private legal actions may result in added defence costs as well as judgments or settlements, depending on the facts of the underlying matter.

Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?

Administrative or regulatory action may result in being debarred from conducting business with government entities, restrictions or suspension of a licence, or fines associated with the underlying conduct. The nature of the action that could be taken is a function of the requirements of the underlying administrative provisions or regulations that specify the consequences of the violation. In instances where an organisation has settled an enforcement action, compliance obligations may be required to be undertaken as part of the settlement agreements. Failure to meet those settlement obligations relating to compliance may result in fines or penalties. For example, an organisation may have committed as part of a settlement to conduct annual training on compliance topics. Failure to complete that training obligation may result in administrative or regulatory action, including fines or penalties.

Do undertakings face criminal liability for risk and compliance management deficiencies?

Criminal liability may occur for violations of applicable law. This liability may occur, for example, if the conduct violates a law such as the FCPA, which prohibits the payment of bribes to non-US government officials to obtain an improper advantage. Payment of the bribe would result in criminal liability for the bribe payer. Organisations that face criminal liability, however, do so based on the underlying law, rather than the failure to maintain an effective compliance programme.

Liability of governing bodies and senior management

Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?

Those who participate in the underlying misconduct run the risk of civil liability. Generally, however, without the active involvement of governing body members or management in the misconduct, the risk of personal liability is low. Liability could occur, however, if private litigants establish that management failed in its oversight duties in a securities law action, or if as part of a government-negotiated settlement, management makes representations about the compliance programme that are later determined to be incorrect.

Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?

In general, members do not face the risk of administrative or regulatory consequences for compliance programme management issues. Risk could occur, however, if members participate in the underlying misconduct or undertake specific obligations regarding compliance as part of a government settlement and fail to fulfil those obligations.

Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?

If members of governing bodies and senior management participate in the underlying criminal misconduct, there may be liability. Without active involvement in the criminal misconduct, the risk of criminal liability to board members and senior management is low for failing to implement compliance programme obligations.