The final case on the Board’s expanding obligations regarding compliance oversight is Boeing, which was decided earlier this year. This action is yet more from the continuing fallout of the Boeing MAX 737 disaster. As Mike Volkov has noted “The Boeing 737 MAX scandal is a troublesome and disturbing case where corporate board oversight and responsibility was lacking. The implications of the board’s failure resulted in the killing of innocent passengers and the grounding of Boeing’s 737 MAX. Add to that a $2.5 billion settlement, a criminal case against a Chief Technical Pilot, and continuing safety and technical problems, and you have recipe for continuing disaster at Boeing.”
In this case, shareholders sued Boeing’s board, seeking to recover costs and economic losses associated with the crash of two 737 MAX jetliners. The allegations were that the directors failed to monitor aircraft safety before the crashes and then failed to respond to known safety risks after the first crash. The lawsuit seeks to hold the directors liable for the resulting loss of “billions of dollars in value.”
Here there were not allegations that the Board did not take compliance seriously or did not provide oversight of compliance but that the Board did not react swiftly and forcefully enough when the first MAX 737 crash occurred. The decision from the Court (the Court of Chancery not the Delaware Supreme Court) framed the question before it as follows, “The narrow question before this Court today is whether Boeing’s stockholders have alleged that a majority of the Company’s directors face a substantial likelihood of liability for Boeing’s losses. This may be based on the directors’ complete failure to establish a reporting system for airplane safety, or on their turning a blind eye to a red flag representing airplane safety problems.”
The Court noted that from 2011 until August 2019, the Board had five standing Committees to monitor and oversee specific aspects of the Company’s business: (1) Audit, (2) Finance, (3) Compensation, (4) Special Programs, and (5) Governance, Organization and Nominating. The Audit Committee was Boeing’s primary arbiter for risk and compliance. Specifically, it “evaluat[ed] overall risk assessment and risk management practices”; “perform[ed a] central oversight role with respect to financial statement, disclosure, and compliance risks”; and “receiv[ed] regular reports from [Boeing’s] Senior Vice President, Office of Internal Governance and Administration with respect to compliance with our ethics and risk management policies.” The Court went on to delineate a list of areas the Audit Committee covered, specifically including robust oversight over compliance.
However what the Boeing Board did not do was “implement or prioritize safety oversight at the highest level of the corporate pyramid. None of Boeing’s Board committees were specifically tasked with overseeing airplane safety, and every committee charter was silent as to airplane safety. The Board recognized as much: former director John H. Briggs, who retired in 2011, observed that the “board doesn’t have any tools to oversee” safety.” [emphasis supplied] The Court rather ominously then said “This stood in contrast to many other companies in the aviation space whose business relies on the safety and flightworthiness of airplanes.”
The Court went into a detailed discussion about what the Board did and more importantly did not do after the first MAX 737 crash (Lion Air crash). The Board did not initiate contact with management, did not do initiate any type of independent investigation or apparent do anything more than ‘Shirk Responsibility’. That final phrase comes from a section title from the Court’s opinion and reads “The Board Continues To Shirk Safety Oversight”. [bold in original opinion] (Recovering trial lawyer insight-when a court writes something like that as a section heading, it is very ‘not good’ for the defendant). The Court was equally critical about the Board’s response after the second MAX 737 crash (the Ethiopian Airlines crash). Finally the Court found “The Board publicly lied about if and how it monitored the 737 MAX’s safety.” It really does not get any worse than that for a Board.
The Court’s opinion found that under Marchand, a Board must assess the risk profile of the company and manage the most critical risks all the way up to the Board level. At Blue Bell Ice Cream, it was food safety. At Boeing it is airline safety. At the Boeing Board, there was “no committee charged with direct responsibility to monitor airplane safety. While the Audit Committee was charged with “risk oversight,” safety does not appear in its charter. Rather, its oversight function was primarily geared toward monitoring Boeing’s financial risks.” This lack provided the basis for a Caremark claim as further refined by Marchand, et al.
Moreover, there was no Board monitoring system in place for safety. There was no mechanism to get whistleblower complaints about safety to the Board. Finally there was no independent evaluation by the Board on safety, “when safety was mentioned to the Board, it did not press for further information, but rather passively accepted management’s assurances and opinions.”
Some commentators see this as a decision based upon a new category of risk called “corporate trauma”. Herlihy and Savitt said, “The harsh decision reflects the court’s obligation to accept all the plaintiffs’ allegations as true in considering defendants’ motion to dismiss. Indeed, the court reaffirmed that failure-of-oversight claims remain “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” But the ruling nevertheless reconfirms the courts’ increasing willingness to subject directors to suit for corporate trauma.” Mike Volkov was more succinct noting, “At bottom, the Chancery Court is raising the stakes on board member accountability.”
The Hughes Court further delineated a Board’s obligations under Caremark. It cannot simply have the trappings of oversight, it must do the serious work required and have evidence of that work (Document, Document, and Document). Marchand required Boards to manage the risks their organizations face. Clovis Oncology requires ongoing monitoring by the Board. Hughes stands for the proposition that have the structures, policies and procedures in place is not enough. The Board must fully engage in oversight of a compliance program. The decision in Boeing is yet a further expansion of Caremark, once again through Marchand. It stands for the proposition that a company must assess its risks and then manage those risks right up through the Board level.
Day: October 21, 2021
In this episode, we look at what went into the making of a BIS administrative settlement with VTA Telecom Corporation, due to EAR violations.
Bob Mascola is a global legal and compliance executive and educator. He is Senior Director of the Program on Corporate Ethics and Compliance at Fordham University School of Law, as well as Senior Counsel at Compliance Systems Legal Group. He joins Vince Walden to discuss compliance from an academic perspective.
Fordham University’s program on Corporate Ethics and Compliance is a 30 credit Master’s degree program full of students from different professional backgrounds. Most of the students are working professionals, so they bring real-life experience and insights to enrich classroom discussions. The curriculum is designed to meet the needs of each student, regardless of how diverse their specialties are.
The program is helpful in equipping students to add value to the organizations that they’re with. In addition to acquiring knowledge about different regulatory frameworks, it teaches skills like legal research, risk assessment, technology training, communications memo writing, and how to conduct investigations.
Being familiar enough with data to work with it is essential for future success in compliance. The DOJ and other enforcement authorities are raising their expectations of companies regarding the use of data analytics. If you want to show that you are leading industry expectations, you’ve got to be the best in data analytics.
Resources
Bob Mascola on LinkedIn | Twitter
EU Whistleblower Update
In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. In this episode we take up a recent decision from Luxembourg which would seem antithetical to good whistleblower practices. We also consider the upcoming EU Whistleblower Directive go live date of December 17. Some of the questions we consider include:
- What are the facts of the enforcement actions?
- When should company harm outweigh public good from whistleblowers?
- What lessons can companies learn from this matter in conjunction with the EU whistleblower directive?
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.