In today’s edition of Daily Compliance News:
Author: admin
The next case on the Board’s obligations regarding compliance oversight is Hughes v. Hu. In this case, the plaintiffs’ claimed that the director defendants consciously failed to establish a system of oversight for financial statements and related-party transactions, “choosing instead to rely blindly on management while devoting patently inadequate time to the necessary tasks.” According to the plaintiffs’ assertions the defendants “breached their fiduciary duties by willfully failing to maintain an adequate system of oversight, disclosure controls and procedures, and internal controls over financial reporting.” Additionally, “The board of a Delaware corporation has a fiduciary obligation to adopt internal information and reporting systems that are ‘reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance’.”
The audit committee failed to meet often as required and when they met, the meetings were short and failed to devote adequate time and attention to the issues, especially in light of the known internal control issues. In addition, the audit committee frequently acted through written consent as opposed to addressing issues during in-person meetings. The outside auditor failed to report on key issues and when it did so, the audit committee failed to respond or follow up.
The court noted, “directors face a substantial threat of liability under Caremark if “(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” For both potential sources, “a showing of bad faith conduct . . . is essential to establish director oversight liability.” A plaintiff establishes bad faith by “showing that the directors knew that they were not discharging their fiduciary obligations. Generally where a claim of directorial liability for corporate loss is predicated upon ignorance of liability creating activities within the corporation . . . only a sustained or systemic failure of the board to exercise oversight . . . will establish the lack of good faith that is a necessary condition to liability.” [citations omitted]
Moreover, “a director may be held liable if she acts in bad faith in the sense that she made no good faith effort to ensure that the company had in place any ‘system of controls.’” Significantly directors must “design context- and industry-specific approaches tailored to their companies’ businesses and resources.” Caremark also mandates “a bottom-line requirement that is important: the board must make a good faith effort—i.e., try—to put in place a reasonable board-level system of monitoring and reporting.” Finally, a Caremark claim can be stated by alleging that “an audit committee that met only sporadically and devoted patently inadequate time to its work, or that the audit committee had clear notice of serious accounting irregularities and simply chose to ignore them or, even worse, to encourage their continuation.”
What the court found was that the Company’s Audit Committee met sporadically, devoted inadequate time to its work, “had clear notice of irregularities, and consciously turned a blind eye to their continuation. As detailed in the Factual Background, the Company suffered from pervasive problems with its internal controls, which the Company acknowledged in March 2014 and pledged to correct. Yet after making that commitment, the Audit Committee continued to meet only when prompted by the requirements of the federal securities laws. When it did meet, its meetings were short and regularly overlooked important issues.”
For example, in May 2014, the Audit Committee convened for the first time after disclosing two months earlier that its “disclosure controls and procedures were not effective as of December 31, 2013, due to a material weakness.” The meeting lasted just forty-five minutes. During that time, the Audit Committee purportedly reviewed new agreements governing the Company’s related-party transactions with Kandi USA. Neither the agreements nor the review procedures were produced in response to the plaintiff’s demand for books and records, supporting a reasonable inference that they either did not exist or did not impose meaningful restrictions on the Company’s insiders. Three weeks later, the Audit Committee purportedly reviewed and approved a new policy that management had prepared governing related-party transactions. The Company also did not produce this policy in response to the plaintiff’s demand for books and records, supporting a reasonable inference that it too either did not exist or did not impose meaningful restrictions on the Company’s insiders.
After 2014, the Audit Committee did not meet again for almost an entire year. The committee next convened in March 2015, “spurred by the need to review the Company’s financial results for purposes of the 2014 10-K. The meeting lasted only fifty minutes. During this time, the Audit Committee ostensibly discussed the financial results and purportedly approved a new policy that management had prepared to govern related-party transactions involving the Joint Venture. It is reasonable to infer that the policy did not place meaningful restrictions on management and that the Audit Committee failed to establish its own monitoring system for related-party transactions. It is also reasonable to infer that during this fifty-minute meeting, the Audit Committee could not have fulfilled its responsibilities under the Audit Committee Charter for purposes of nearly a year’s worth of transactions.” The Audit Committee again did not meet for almost an entire year, not meeting until March 2016, again spurred by the need to review the Company’s financial results for purposes of the 2015 10-K. This meeting lasted just thirty minutes.
These chronic deficiencies support a reasonable inference that the Company’s Board of Directors, acting through its Audit Committee, failed to provide meaningful oversight over the Company’s financial statements and system of financial controls. Despite identifying Yu and Lewin as Audit Committee Financial Experts in 2015, the Company later disclosed in the 2016 10-K that it lacked personnel with sufficient expertise on US GAAP and SEC disclosure requirements for equity investments and related-party transactions. The directors charged with implementing a system to oversee the Company’s financial reporting thus lacked the expertise necessary to do so all along. Instead, the Audit Committee deferred to management, which dictated the policies and procedures for reviewing related-party transactions and hired and fired the Company’s auditor, even though management’s actions suggested that it was either incapable of accurately reporting on related-party transactions or actively evading board-level oversight.
The defendants alleged that the Company had the trappings of oversight, “including an Audit Committee, a Chief Financial Officer, an internal audit department, a code of ethics, and an independent auditor.” A plaintiff cannot meet its Caremark burden by pleading that board-level monitoring systems existed but that they should have been more effective. The Court found the plaintiffs’ allegations supported inferences that the Board members did not make a good faith effort to do their jobs. The Court stated, “The Audit Committee only met when spurred by the requirements of the federal securities laws. Their abbreviated meetings suggest that they devoted patently inadequate time to their work. Their pattern of behavior indicates that they followed management blindly, even after management had demonstrated an inability to report accurately.”
An Audit Committee can rely in good faith upon reports by management and other experts. In doing its job, the members of an Audit Committee will necessarily rely on management. But Caremark envisions some degree of board-level monitoring system, not blind deference to and complete dependence on management. The board is obligated to establish information and reporting systems that “allow management and the board, each within its own scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”
Finally, the Board never established its own reasonable system of monitoring and reporting, choosing instead to rely entirely on management. There were no Board meeting minutes to support the company’s rebuttals. As the Court noted, “The absence of those documents is telling because “[i]t is more reasonable to infer that exculpatory documents would be provided than to believe the opposite: that such documents existed and yet were inexplicably withheld.”” The documents that the Company produced indicated that the Audit Committee never met for longer than one hour and typically only once per year. Each time they purported to cover multiple agenda items that included a review of the Company’s financial performance in addition to reviewing its related-party transactions. On at least two occasions, they missed important issues that they then had to address through action by written consent. Clearly, the Board was not fulfilling its oversight duties.
The Hughes Court further delineated a Board’s obligations under Caremark. It cannot simply have the trappings of oversight, it must do the serious work required and have evidence of that work (Document, Document, and Document). Marchand required Boards to manage the risks their organizations face. Clovis Oncology requires ongoing monitoring by the Board. Hughes stands for the proposition that have the structures, policies and procedures in place is not enough. The Board must fully engage in oversight of a compliance program.
UK’s Office of Financial Sanctions Implementation published counter-terrorism legislation guidance to NGOs and those in the financial sector. Tune in as the Kitchen highlights the main ingredients.
The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is John Melican, former CCO at AMEX Travel and now Managing Director at Exiger.
Melican moved into the CCO chairs at AMEX travel. He said a key lesson was that being a CCO was leading through orchestration not simply execution. A key was working with others in the business unit to educate them on how compliance changes were made but why they benefited AMEX Travel. He discussed some of his top challenges that he faced and how he and his compliance team overcame them through collaboration.
Resources
John Melican LinkedIn Profile
Exiger
Categories
What is BFJ?
Humor writer Gregg Greenberg has such distaste or disdain for Billy Joel’s music that he can remember the lyrics to. “When I was growing up in Hicksville, they kept making us sing his songs in the chorus in elementary school and junior high school. They would play it at the mall. You just could not escape Billy Joel.”
In his book F*cking Argentina and 10 More Tales of Exasperation, Greenberg writes his sentiments in an autobiographical fashion.
The short story tells of a guy who’s in love with this girl, but she has this one terrible character trait — she loves Billy Joel’s music! She sings it in the shower, watches his videos, and even wants her boyfriend to a BJ concert. And such is the deal-breaker for the guy who hates Billy Joel that much! What happens next for them? #It’sNotYouIt’sBFJ
ABOUT THE BOOK
F*cking Argentina and 10 More Tales of Exasperation by Gregg Greenberg is a compilation of short stories that dive into the American phenomenon of being in a near-perpetual state of aggravation. Greenberg’s anthology brings together eleven original pieces of work, each with their own slice of independent and distinct plot lines but all converging on the universal theme of exasperation. They run the whole gamut of scenarios, from the titular story “F*cking Argentina” wherein the country is once again in bankruptcy and a polite game of tug o’ war plays out on a porch, to “A Journeyman Tennis Player’s Prayer” with a low ranking U.S. Open contender begging God for a comparable opponent. Both stories end with the superlative f-word, which showcases at some point in other stories, and a guaranteed chuckle from their readers. Buy the book here: http://fckingargentina.com/.
———————————————————————-
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.
This week’s guest is Lindsay Sweeney, Senior Manager of Communications at K2 Integrity, a risk, compliance, investigations, and monitoring firm. She graduated with degrees in journalism and history and was convinced that her career would be in either of those industries. However, she started working in a small shop whose clients were mostly associated with fintech; she would eventually join K2 Integrity. She joins Tom Fox to discuss how you can use social media and communications to drive home internal messages and get your message and brand out to your clients, customers, and the compliance community.
At K2
Within her first six months at K2 Integrity, the company expanded their presence in the media with a major financial crimes practice and merged with a financial integrity network in DC. From there, they kicked off a rebrand, which was both challenging and easier to do remotely due to the pandemic. She tells Tom, “It wasn’t just a matter of changing our name in certain places,” she shares. “It was a matter of resetting how we think about ourselves and how we talk about ourselves, not just to clients, but also how we position ourselves internally.”
Surprise!
Tom asks Lindsay what the biggest surprises she’s had were like. “I don’t know if [it was] a big surprise or more like little surprises along the way, but I’ve come to realize one as a communicator there is no such thing as overcommunication,” she responds. “Keeping people in the loop is not just beneficial for making sure that everyone knows where the steps are along the way, but you’re going to get a different perspective from someone… that’s going to change the way you do things… maybe you’ll find a new way to do something that you wouldn’t have previously thought of.”
The Evolution of Content Marketing
Lindsay believes that personalization and targeted information in content marketing is going to become bigger; it was already in the works, but the pandemic has accelerated the process. Additionally, there will be increased focus on bite-sized content to accommodate the attention span of people at home.
Resources
Lindsay Sweeney on LinkedIn
When the Delaware Supreme Court says of a Board of Directors collectively signed a company’s Annual Statement “with hands on their ears to muffle the alarms” you can rest assured the Board was seriously negligent in fulfilling its Caremark obligations. The Court’s decision in Clovis Oncology (Clovis or ‘the company’) laid out what a plaintiff must prove to create liability for a Board under the Caremark Doctrine. Not only must a Board have oversight of a corporate compliance function it must also provide oversight of that function.
The facts are so egregious on the monitoring requirement, the entire opinion could have been the basis for the original Caremark Doctrine. As the opinion stated the Board “breached their fiduciary duties by failing to oversee the Roci clinical trial and then allowing the Company to mislead the market regarding the drug’s efficacy. These breaches, it is alleged, caused Roci to sustain corporate trauma in the form of a sudden and significant depression in market capitalization.”
Clovis had no products and no sales but only the hope of the creation, marketing and sale of a new cancer drug, Roci. Clovis “relied solely on investor capital for all operations.” The potential success for Clovis “rested largely on one of its three developmental drugs, Roci, a cancer drug designed to treat a previously- untreatable type of lung cancer. Because of the estimated $3 billion annual market for drugs of its type, Clovis expected Roci to generate large profits if Clovis could secure FDA approval for the drug and shepherd it to market.” To get Roci to market, the company had to first perform clinical trials and then submit those findings to the Food and Drug Administration (FDA).
To perform the clinical trials, Clovis used a standard, well-known drug testing protocol called RECIST. A key component of the RECIST protocol was differentiating on the reporting on confirmed results v. non-confirmed results. During the trial, Clovis deviated from the RECIST protocol by improperly calculating the efficacy measurement based on both confirmed and unconfirmed results without differentiating between the two. As a result, Clovis published inflated performance results, and included this information in raising capital in the private and public securities markets of over $500 million. Clovis also failed to properly disclose the drug’s side effects. Worse yet, Clovis made these same misrepresentations in its initial presentations to the FDA.
After its initial presentation to the FDA, the FDA requested additional information on the test results. It appears at that point the Board was made aware of significantly different results from the confirmed v. the non-confirmed categories. The stock dropped some 80% in a few days, wiping out over $1 billion in capitalization. The fallout of Clovis actions led the FDA to suspend its review of Rico, effectively ending the company’s efforts.
As noted, the Court found that the Board had made certain there was an overall compliance program. However, Caremark has a second prong which requires a Board to “monitor” its compliance program. The Court stated, “To state a claim under this prong, Plaintiffs must well-plead that a “red flag” of non- compliance waived before the Board Defendants but they chose to ignore it. In this regard, the court must remain mindful that “red flags are only useful when they are either waived in one’s face or displayed so that they are visible to the careful observer. But, as Marchand makes clear, the careful observer is one whose gaze is fixed on the company’s mission critical regulatory issues.” For the Clovis Board, the compliance oversight should have been over Roci’s trials, clinical trial protocols and related FDA regulations governing that study.
The RECIST clinical trials protocol was “the crucible in which Roci’s safety and efficacy were to be tested. Roci was Clovis’ mission critical product. And the Board knew, upon completion of the TIGER-X trial, the FDA would consider only confirmed responses when determining whether to approve Roci’s NDA per the agency’s own regulations.” Moreover, the Clovis “Board was comprised of experts and the RECIST criteria are well-known in the pharmaceutical industry. Moreover, given the degree to which Clovis relied upon it when raising capital, it is reasonable to infer the Board would have understood the concept and would have appreciated the distinction between confirmed and unconfirmed responses. The inference of Board knowledge is further enhanced by the fact the Board knew that even after FDA approval, physicians (i.e., future prescribers) would evaluate Roci based on its” clinical trials.
Mike Volkov has stated of the Clovis decision, “The Clovis Court explained that “‘Delaware Courts are more inclined to find Caremark oversight liability at the board level when the company operates in the midst of obligations imposed upon it by positive law yet fails to monitor existing compliance systems, such that a violation of law, and resulting liability, occurs.’” The Clovis Court noted that when externally imposed regulations govern a company’s mission critical operations, the board must exercise a good faith effort to implement an oversight system, which “entails a sensitivity to ‘compliance issues[s] intrinsically critical’ to the company.”
The Clovis decision is another steppingstone in the creation of duties for a Board regarding compliance. Like the Board at Blue Bell Ice Cream, the Clovis Oncology Board had but one compliance obligation. At Blue Bell Ice Cream, it was food Safety. At Clovis Oncology it was compliance around the clinical trials and reporting results of its signature product, the drug Roci. While Blue Bell Ice Cream management did not even report its food safety results to the Board, senior management at Clovis made material misrepresentations to the Board about the results of the clinal trial based upon the melding of unconfirmed results with confirmed results. This case then stands for the proposition that a Board must do more than simply accept what management says about compliance, it must monitor compliance. Here the Clovis management made material misrepresentations to the Board about the results of the clinal trial based upon the melding of unconfirmed results with confirmed results.
The Kitchen reviews the recent DOJ’s espionage charges against a husband-wife team, accused of violating the Atomic Energy Act.