Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 1

There is a reason that lawyer truisms are just that: because they are based in fact. One of those truisms is that bad facts make bad laws. I saw that in the first year I started practicing law in  case in Texas which forever changed the definition of gross negligence: Burke Royalty. In that case, a company allowed a rough neck to burn to death while hanging on a chain off an oil rig. The company, Burke Royalty claimed they had subcontracted their safety function to another company. The Texas Supreme Court decreed that safety was a non-delegable duty and failure to provide a safe workplace could form the basis of claim for gross negligence.

We now see this same truism playing out in the Chancery Court of Delaware in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst and the creation of an absolute toxic atmosphere of sexual harassment at the very highest levels of the organization. It included the now disgraced former Chief Executive Officer (CEO) Steven Easterbrook but he was dismissed from this litigation.

I will not go into the sordid facts of this matter as they are well-known from other litigation. Suffice it to say that Fairhurst and Easterbrook engaged in multiple instances of sexual harassment and inappropriate behavior with other McDonald’s employees and such conduct was not only well-known within the organization but also known by the McDonald’s Board. But this case dealt not Easterbrook or the Board but with Fairhurst. As you might guess from his corporate title, Fairhurst had a human resources role which he apparently took as license to get drunk at company events and grope, fondle and generally harass as many women as possible. It appears that the rest of McDonald’s senior management and Board stood by while he engaged in all of this.

Fairhurst’s attitude towards sexual harassment seemed to have permeated the entire corporate culture at McDonald’s. One employee class action lawsuit by employees claimed that 75% of all female employees had been sexually harassed while working at the company. Another allegation said that “over 70% of those who reported sexual harassment they witnessed or experienced faced some form of retaliation, with 42% reporting loss of income as a result.” A class action lawsuit by employees of McDonald’s franchisees claimed that “almost two-thirds of restaurant employees worked at locations that did not provide any sexual harassment training.”

As I started out this post, bad facts make bad law.

What the Court of Chancery found was there has long been a duty of oversight in Delaware law, not only for Board’s since at least the 1960s but for officers as well. On the Board side of the equation, there is of course the Caremark  decision from 1996 but which established an affirmative duty of Board oversight, with its progeny up to this day. However in 1963, the Delaware Supreme Court established a Board duty when red flags are brought to its attention in the case of Graham v. Allis-Chalmers Manufacturing Co., which held that directors have an obligation to respond if information reached them, but created no affirmative duty to set up an information system to learn about issues within the company. A limited duty of oversight arose only if the directors had already learned enough to suspect that there were issues that needed overseeing. Caremark created that affirmative duty.  

Taking a deep dive into the legalese, in this case the court noted, “Using more functional terminology, that species of claim can be called an “Information-Systems Claim” or an “Information- Systems Theory.” A plaintiff typically pleads a prong-two Caremark claim by alleging that the board’s information systems generated red flags indicating wrongdoing and that the directors failed to respond. From a functional perspective, the second type of claim can be called a “Red-Flags Claim” or a “Red-Flags Theory.”

But Board’s do not govern in a vacuum. They depend on senior management. Here the court said, “Indeed, from that perspective, the Caremark oversight role “is more suited to corporate officers who are responsible for managing the day-to-day affairs of the corporate enterprise.” This “first reason for recognizing oversight duties for directors—the seriousness with which the law takes the role—thus applies equally to officers.”

Indeed, “relevant and timely information is an essential predicate for satisfaction of the board’s supervisory and monitoring role under Section 141.” Finally, “board’s need for information leads ineluctably to an imperative for officers to generate and provide that information: Whereas a corporate board meets periodically—roughly six to ten times a year—senior officer engagement with the corporation is continuous. From a practical perspective, a board’s ability to effectively monitor is contingent upon adequate information flow, usually from senior officers functioning in a non-directorial capacity.”

Join me tomorrow where I take a dive into the Court’s legal reasoning.

Categories
31 Days to More Effective Compliance Programs

Day 5 – The Board and Operationalizing Compliance

The most significant development for Boards and compliance continues to come from the Delaware courts, which have been expanding the civil law obligations of Boards through a series of court decisions involving the expansion of the Caremark Doctrine for the past several years. These developments began with the Marchand (Blue Bell Ice Cream) decision which required Boards to manage the risks their organizations face. Next was Clovis Oncology which required ongoing monitoring by the Board. Finally, the Boeing case stands for the continuing proposition that a Board cannot simply have the trappings of oversight, it must do the serious work required and have evidence of that work (Document, Document, and Document).


The decision in Boeing is yet a further expansion of the Caremark Doctrine, once again beginning with MarchandBoeing also states that a company must assess its risks and then manage them right up through the Board level. Finally, a Board must be aggressive in their approach and not passively take in what management has presented to them.
The DOJ has also made clear its thoughts on the role of the Board of Directors. The role of the Board is different than that of senior management. The 2020 Update and DOJ Antitrust Division’s 2019 Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations were even more explicit in announcing their expectation for robust Board oversight of a corporate compliance function.

Name any of the most recent corporate scandals; Wells Fargo, Theranos, Volkswagen, Boeing, FTX, etc., and there was no compliance expertise on the Board. It is now enshrined as a best practice for companies to have a seasoned compliance professional on the Board. I would also add that the DOJ may soon expect a Compliance Committee separate from the Audit Committee.
The DOJ continually speaks about the need for companies to operationalize their compliance programs. Businesses must work to integrate compliance into the DNA of their organization. Having a Board member with specific compliance expertise or heading a Compliance Committee can provide a level of oversight and commitment to achieving this goal. The DOJ enshrined this requirement in the FCPA Corporate Enforcement Policy. This means that when your company is evaluated by the DOJ, under the factors set out in the 2020 Update and FCPA Corporate Enforcement Policy, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board-level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

This means that every Board of Directors needs a true compliance expert. Almost every Board has a former Chief Financial Officer, former head of Internal Audit, or persons with a similar background. Often, these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training, and SME that can help all companies with their financial reporting and other finance-based issues. So why is there no such SME at the Board level from the compliance profession?

Three key takeaways:

1. The 2020 Update required active Board of Director engagement and oversight around compliance.
2. Board communication on compliance is two-way, both inbound and outbound.
3. The Delaware courts have been expanding Board’s roles through the expansion of the Caremark Doctrine.

Categories
FCPA Compliance Report

The EC Gang on the Monaco Doctrine

In this special 5 part podcast series, I am deeply diving into the Monaco Memo and analyzing it from various angles. In this episode of the FCPA Compliance Report, we have the Award-Winning Everything Compliance quartet of Jonathan Marks, Jonathan Armstrong, Karen Woody, and Tom Fox on the Monaco Memo.

1. Tom Fox looks at the Monaco Memo through the monitorship language and answers a listener’s questions about compliance programs under the Monaco Memo.

2. Karen Woody reviews the Monaco Memo, the self-disclosure angle, and investigatory considerations and ponders the role of defense counsel going forward.

3. Jonathan Marks also looks at investigatory issues under the Monaco Memo, the role of the Board of Directors, and the role of the forensic auditor under the Monaco Memo.

4. Jonathan Armstrong’s self-disclosure from a UK angle joins Karen Woody in questioning how defense counsel should move forward.

Resources

Tom 5-Part blog post series in the FCPA Compliance and Ethics Blog

1.     A Jolt for Compliance

2.     Timely Self-Disclosure

3.     Corporate Compliance Programs

4.     Monitors

5.     The Heat is On

Monaco Memo

Categories
Blog

A Caremark Retrospective: Part III – Lessons for Today

Over this short blog post series I have been exploring the original Caremark and Stone v. Ritter decisions from the Delaware Supreme Court. The former decision was released in 1996 and the latter, some ten years later in 2006. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the original Caremark decision. In Part 1, we reviewed the underlying facts of the Caremark decision and in Part II, we considered the court holdings and rationales in Caremark and Stone v. Ritter. Today, I want to review what those decisions mean for today’s Board of Directors, Chief Compliance Officer (CCO) and compliance professional.

Bribery, Fraud and Corruption

One of the things that struck me about both decisions was how timely the underlying facts were. In Caremark, a 1996 decision with the corruption going back into the 1980s, the case involved a company which provided patient care and managed care services and a substantial part of the revenues generated by the company was derived through third party payments, insurers, and Medicare and Medicaid reimbursement programs. Medicare and Medicaid payments were governed under the Anti-Referral Payments Law (“ARPL”) which prohibited health care providers (HCPs) from paying any form of remuneration (i.e., kickbacks) to physicians to induce them to refer Medicare or Medicaid patients to Caremark products or services.

To get around this prescription, Caremark entered various contracts for services (e.g., consultation agreements and research grants) with physicians at least some of whom prescribed or recommended services or products that Caremark provided to Medicare recipients and other patients. Moreover, Caremark had a decentralized governance and operational structure which allowed wide latitude to the business units to enter into such agreements without corporate or any centralized compliance or legal oversight. The results were about what you would expect.

In Stone v. Ritter, the AmSouth bank was induced to open a custodial account for two investment advisers who induced some 40 investors into a fraudulent investment, involving the construction of medical clinics overseas, by misrepresenting the nature and the risk of that investment. The bank provided custodial accounts for the investors and to distribute monthly interest payments to each account upon receipt of a check from the investment advisors. The scheme went on for about two years before the sapped investors stopped getting paid and began to contact the bank.

Federal bank examiners examined AmSouth’s compliance with its reporting and other obligations under the Bank Secrecy Act (BSA). AmSouth “entered into a Deferred Prosecution Agreement (“DPA”) in which AmSouth agreed: first, to the filing by USAO of a one-count Information in the United States District Court for the Southern District of Mississippi, charging AmSouth with failing to file SARs; and second, to pay a $40 million fine. In conjunction with the DPA, the USAO issued a “Statement of Facts,” which noted that although in 2000 “at least one” AmSouth employee suspected that Hamric was involved in a possibly illegal scheme, AmSouth failed to file SARs in a timely manner.” From my reading of these facts, it appears that there was ample evidence an illegal scheme was ongoing, and a Suspicious Activity Report (SAR) should have been filed. As with the underlying facts of Caremark, the underlying facts of Stone v. Ritter are still the basis for enforcement actions today.

Caremark – The Evolution of Board Duties

To create the modern Caremark Doctrine the Delaware Supreme Court had to overcome prior existing Delaware law regarding the board’s obligations. That decision from 1963, is known as  Allis-Chalmers, addressed the question of potential liability of board members for losses experienced by the corporation as a result of the corporation having violated US antitrust laws. There was no claim in that case that the directors knew about the behavior of subordinate employees of the corporation that had resulted in the liability.

Rather,  the claim asserted was that the directors ought to have known of it and if they had known they would have been under a duty to bring the corporation into compliance with the law and save the corporation from the loss. In Allis-Chalmers the Court found “absent cause for suspicion there is no duty upon the directors to install and operate a corporate system of espionage to ferret out wrongdoing which they have no reason to suspect exists.” As there were no grounds for suspicion in by the board, the directors were blamelessly unaware of the conduct leading to the corporate liability.

The Court found that the obligations for a board had evolved significantly from 1963, most notably in three areas. First, in the area of corporate takeovers, the court viewed “the seriousness with which the corporation law views the role of the corporate board.” The second area was the recognition as an “essential predicate for satisfaction of the board’s supervisory and monitoring role under Section 141 of the Delaware General Corporation Law.” The third and final change was the 1992 US Sentencing Guides and the “potential impact of the federal organizational sentencing guidelines on any business organization. Any rational person attempting in good faith to meet an organizational governance responsibility would be bound to take into account this development and the enhanced penalties and the opportunities for reduced sanctions that it offers.”

To effectuate this change, the court stated “I am of the view that a director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.” Moreover, “it is important that the board exercise a good faith judgment that the corporation’s information and reporting system is in concept and design adequate to assure the board that appropriate information will come to its attention in a timely manner as a matter of ordinary operations, so that it may satisfy its responsibility.”

Conclusion

It is this final language which forms the basis of the modern Caremark Doctrine. There has been expansion of the Doctrine from this basic language over the past 25 years. Hopefully every board is aware of their obligations and are actually meeting them. However, every CCO and compliance professional needs to make the board aware of its Caremark obligations and then educate them on how to fulfill those obligations.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Mudge and Whistleblower Allegations Against Twitter

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we explore the recently publicly released whistleblower allegations by Peiter Zatko, AKA “Mudge,” made against his former employer Twitter. Highlights include:

  • The allegations made by Mudge.
  • What possible enforcement actions and legal ramifications could develop?
  • What does this mean for the Twitter/Elon Musk litigation?
  • Where was the Board, and who was the Board?
  • Is there more to come?

Resources

Matt in Radical Compliance

Categories
Blog

A Caremark Retrospective: Part II – Holdings and Rationale

Today, I continue my exploration of two of the most significant cases regarding Boards of Directors and corporate compliance; the Caremark and Stone v. Ritter decisions. The former decision was released in 1996 and the latter, some ten years later in 2006. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the original Caremark decision. Yesterday, in Part 1, we reviewed the underlying facts of the Caremark decision. Today, in Part II, we consider the holdings and the legal reasoning. Perhaps the most interesting thing about both cases is that even though the Court in Caremark delineated the doctrine and in Stone v. Ritter confirmed it, both Courts ruled against the moving parties and for the defendant corporate Boards.

Caremark

In Caremark, the Court began by noting that director liability for a breach of the duty to exercise appropriate attention can come up in two distinct contexts. In the first, liability can occur from a board decision that results “in a loss because that decision was ill advised or “negligent””. In the second, board liability for a loss “may be said to arise from an unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss.”

However, any decision is tempered by the following, what “may not widely be understood by courts or commentators who are not often required to face such questions, is that compliance with a director’s duty of care can never appropriately be judicially determined by reference to the content of the board decision that leads to a corporate loss, apart from consideration of the good faith or rationality of the process employed.” In other words, if there is a process or protocol in place a board cannot be said to have violated its duty, even with “degrees of wrong extending through “stupid” to “egregious” or “irrational”.” To do so would abrogate the Business Judgment Rule.

The Caremark court went so far as to cite Learned Hand for the following, “They are the general advisors of the business and if they faithfully give such ability as they have to their charge, it would not be lawful to hold them liable. Must a director guarantee that his judgment is good? Can a shareholder call him to account for deficiencies that their votes assured him did not disqualify him for his office? While he may not have been the Cromwell for that Civil War, Andrews did not engage to play any such role.”

However, there is a second type of liability which boards can run afoul of under Caremark, and it is the one which seems to the liability under which most boards are found wanting in successful Caremark claims. It is when “director liability for inattention is theoretically possible entail  circumstances in which a loss eventuates not from a decision but, from unconsidered inaction.” This was a departure from prior Delaware case law which said that a board did not have to look for wrongdoing but only had to investigate if informed about it. That was from an old 1963 decision and the Court relied on the 1992 US Sentencing Guidelines to note how such views were no longer accepted. Board obligations had changed by 1996 with the following, “obligation to be reasonably informed concerning the corporation, without assuring themselves that information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”

Stone v. Ritter

This case involved money laundering and a bank’s failure to report suspicious activity which led to an employee running a Ponzi scheme. The bank in question was fined over $40 million. Once again, the plaintiffs were not successful in their claims. The Stone v. Ritter court approved the Caremark Doctrine and went on to further specify thatCaremark required a “lack of good faith as a “necessary condition to liability”.” It is because the Court was not focusing simply on the results but in the board’s overall conduct “of the fundamental duty of loyalty.” It follows that because a showing of bad faith conduct, “is essential to establish director oversight liability, the fiduciary duty violated by that conduct is the duty of loyalty.”

Interestingly, the Court added what it termed as “two additional doctrinal consequences.” First, although good faith is a “part of a “triad” of fiduciary duties that includes the duties of care and loyalty, the obligation to act in good faith does not establish an independent fiduciary duty that stands on the same footing as the duties of care and loyalty.” Violations of the duties of care and loyalty may result in direct liability, whereas a failure to act in good faith may do so, but it would only result in indirect liability. The second consequence is that the “duty of loyalty is not limited to cases involving a financial or other cognizable fiduciary conflict of interest. It also encompasses cases where the fiduciary fails to act in good faith. As the Court of Chancery aptly put it in Guttman, “[a] director cannot act loyally towards the corporation unless she acts in the good faith belief that her actions are in the corporation’s best interest.””

The Stone v. Ritter court ended by further refining the Caremark Doctrine to define the necessary conditions for director liability under Caremark. They are:

  1. Directors utterly failed to implement any reporting or information system or controls;
  2. If they have implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.

In either situation, imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith.

As usual, once I get started, I often cannot stop so in my next blog post (or two) I will consider how this has evolved.

Categories
Blog

A Caremark Retrospective: Part I – Background

It is often instructive to look back at old cases which have become so well known for a doctrine that the underlying facts are often forgotten. I did so recently in reading the original Caremark and Stone v. Ritterdecisions. The former decision was released in 1996 and the latter, some ten years later in 2006. They both made interesting reading and the underlying facts could well be drawn from the headlines of anti-corruption and anti-money laundering (AML) enforcement actions today. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the originalCaremark decision. Today, in Part 1, we review the underlying facts of the Caremark decision and in Part II, the legal reasoning.

Underlying Facts

In Caremark, the decision involved a company which provided patient care and managed care services and a substantial part of the revenues generated by the company was derived through third party payments, insurers, and Medicare and Medicaid reimbursement programs. Medicare and Medicaid payments were governed under the Anti-Referral Payments Law (“ARPL”) which prohibited health care providers (HCPs) from paying any form of remuneration (i.e., kickbacks) to physicians to induce them to refer Medicare or Medicaid patients to Caremark products or services.

To try and get around this prescription, Caremark entered various contracts for services (e.g., consultation agreements and research grants) with physicians at least some of whom prescribed or recommended services or products that Caremark provided to Medicare recipients and other patients. Moreover, Caremark had a decentralized governance and operational structure which allowed wide latitude to the business units to enter into such agreements without corporate or any centralized compliance or legal oversight. The results were about what you would expect.

Multiple federal investigations found that from the mid-1980s until the early 1990s, Caremark paid out millions to doctors in forms disguised to evade ARPL liability. Caremark claimed that its payments for consultation, teaching, research grants and other similar evasions did not violate the law. Further, it relied on an audit by Price Waterhouse (PwC) which concluded that there were no material weaknesses in Caremark’s control structure.

In 1993, Caremark formally changed its compliance manual to prohibit such payments, announced this change internally and put on training for this new set of policies. However, there were no attendant controls, monitoring or follow up noted. Indeed, it is not clear if much if anything changed at Caremark, given the decentralized nature of its business model.

Criminal and Civil Charges

In August 1994, Caremark was hit with a 47-page indictment alleging criminal violations of ARPL, specifically including making payments to induce physicians to refer patients to Caremark services and products. The indictment alleged that payments were “in the guise of research grants and others were consulting agreements.” Moreover, the Indictment went on to allege that such payments were made where no consulting services or research performed. (Very 2022 FCPA-ish) One doctor was alleged to have direct payments from Caremark for staff and offices expenses. Multiple shareholder suits were filed against the Board in Delaware and another federal Indictment was handled in Ohio. In addition to the claims in Ohio, new allegations of over billing and inappropriate referral payments made in Georgia and “reported that federal investigators were expanding their inquiry to look at Caremark’s referral practices in Michigan as well as allegations of fraudulent billing of insurers.” Rather amazingly, the company management, when reporting the Indictment to the Board of Directors, maintained the company had done nothing wrong.

Settlements

Of course, the Caremark senior management was not correct, and Caremark was required to pay millions to resolve enforcement actions. An agreement, with the Department of Justice (DOJ), Office of Inspector General (OIG), US Veterans Administration, US Federal Employee Health Benefits Program, federal Civilian Health and Medical Program of the Uniformed Services, and related state agencies in all fifty states and the District of Columbia required a Caremark subsidiary to enter a guilty plea to two counts of mail fraud, and required Caremark to pay $29 million in criminal fines, $129.9 million relating to civil claims concerning payment practices, $3.5 million for alleged violations of the Controlled Substances Act, and $2 million, in the form of a donation, to a grant program set up by the Ryan White Comprehensive AIDS Resources Emergency Act. Caremark also agreed to enter into a compliance agreement with the Department of Health and Human Services (HHS).

In addition to all these entities, Caremark was also sued by several private insurance company payors (“Private Payors”), who alleged that Caremark was liable for damages to them for allegedly improper business practices related to those at issue in the OIG investigation. As a result of negotiations with the Private Payors the Caremark Board of Directors approved a $98.5 million settlement agreement with the Private Payors in 1996.

In addition to the financial penalties, Caremark finally agreed to institute a full compliance program. It created the position of Chief Compliance Officer (CCO) and created a Board level Compliance and Ethics Committee who, with the assistance of outside counsel, was tasked with reviewing existing contracts and advanced approval of any new contract forms.

Join us for our next piece where we consider the court holdings and rationales in Caremark and Stone v. Ritter.

Categories
Daily Compliance News

August 24, 2022 the 1MDB Verdict Upheld Edition

In today’s edition of Daily Compliance News:

  • Najib’s verdict was upheld in Malaysia. (Reuters)
  • Ex Twitter Security Chief files whistleblower suit. (WSJ)
  • McDonald’s shakes up BOD. (NYT)
  • Musk’s Twitter bot claims thin air? (BBC)
Categories
FCPA Compliance Report

Ty Francis on Assessing Corporate Culture: A Practical Guide to Improving Board Oversight

In this episode of the FCPA Compliance Report, I am joined by Ty Francis, Chief Advisory Officer at LRN. We dive deeply into a recently released LNR/Tapestry Networks Report on Assessing Corporate Culture: A Practical Guide to Improving Board Oversight. Some of the highlights include:

  1. The genesis of this report.
  2. How does the Report serve as a roadmap to a clearer picture of the company’s ethical culture?
  3. How can the Report help determine how to improve culture throughout the enterprise?
  4. Who should a Board collaborate with, and how?
  5. How does the work LRN conducts help organizations foster more effective collaborative cultures?
  6. How do you prioritize culture on the board agenda?
  7. What is the challenge to the board’s culture?
  8. How does a Board measure and monitor?
  9. How does a Board articulate the desired culture?
  10.  How can a Board establish clear communication?

Resources

Ty Francis on LinkedIn

LRN

Assessing Corporate Culture: A Practical Guide to Improving Board Oversight

Tapestry Networks

Categories
Blog

Death of dos Santos and Leadership at the Top

José Eduardo dos Santos, who served nearly four decades as Angola’s president, died on Friday in Spain where he had been living in self-imposed exile. According to his New York Times (NYT) obituary, “he was widely accused of corruption and nepotism, and the economic boom he presided over benefited mainly his family and a coterie of advisers.” If the name sounds familiar it may be due to his flamboyant daughter Isabel dos Santos who has been “accused of plundering institutions including Sonangol, the state petroleum company, to create a business empire with stakes in diamond exports, the dominant cellphone company, banks and the country’s biggest cement maker. In 2020, she was charged with embezzlement, money laundering and other financial crimes. She denied the charges, saying she was the victim of a witch hunt. She has been living mostly in Dubai, seeking to avoid arrest. Mr. dos Santos’s son José was found guilty of financial transgressions and sentenced to five years in prison.” In other words, it all started at the top.
The death of Santos is a good reminder of why substantive and deep dive due diligence needs to go into the background check on every business leader and C-Suite Executive. Candice Tal, founder and President of Infortal Worldwide, has long been telling us for this need for many years. Now a new article from the Harvard Business Review (HBR) by Aiyesha Dey, entitled “When Hiring CEOs, Focus on Character”, bears Tal’s warnings out with research. The author has “studied the ways in which the lifestyle behaviors of CEOs—in particular, materialism and a propensity for rule breaking—may spell trouble for a company.”  Her conclusion bears out why Tal has been saying all along, “Firms led by CEOs with even minor traffic tickets or excessive spending habits are disproportionately prone to fraud, insider trading, and other risky business activities.” Dey concludes by noting “that boards should pay attention to executives’ off-the-job behavior.”
Dey’s research centers on straight-forward questions: “Instead of focusing on systems and controls, should we be looking more closely at the people leading these companies?” Her conclusion is that taking a deeper dive into the background of those who become the C-Suite leaders at an organization bears more scrutiny as they can be “early warning signs” of trouble to come. That sounds like exactly what Boards would want to consider when reviewing potential C-Suite candidates. (I hope they will call Candice Tal to perform the actual due diligence recommended by Dey.)
The first area explored by Dey was in rule breaking, as “criminology researchers have found that people who flout even minor rules are subtly communicating that they don’t believe restrictions apply to them.” Indeed, Dey found that “18% of CEOs had been cited for infractions ranging from minor traffic offenses to driving under the influence, disturbing the peace, drug crimes, reckless behavior, domestic violence, and sexual assault.” Dey took this information a step further by asking, “Is fraudulent reporting more likely at a company if its CEO has a criminal record? Is the CEO (or CFO) more likely to be personally implicated in the fraud if he or she has a criminal record? Not surprisingly, the answer to both questions was yes… we found that if the CEO had a criminal infraction, the firm was more than twice as likely to be involved in fraud, and the CEO was seven times more likely to be personally named as a perpetrator.” Somewhat amazingly, even minor legal infractions such as traffic tickets were significant.
Dey then considered the effect of controls, such as insider trading blackout periods as a deterrence. Dey found “they had little effect on executives who committed serious crimes. Seemingly, then, governance structures and formal control systems are unlikely to rein in the worst actors. That’s discouraging news for boards and regulators that wish to curb opportunistic insider trading and limit other undesirable behavior.”
An area of Dey’s research, which was surprisingly insightful, was around “materialism.” Dey looked at it from the perspective of “the zealous pursuit of wealth and luxury regardless of the cost to others.” She and her teamed picked three criteria for review. (1) Ownership of a private home valued at twice as much as the median in the area; (2) Ownership of a car worth more than $75,000; and (3) Ownership of a boat more than 25 feet in length. “In our sample of CEOs, 58% had one or more of those markers and qualified as materialistic; we classified the remaining 42% as frugal.”
What Dey found “was a gradual weakening of the control environment in firms led by executives whose personal spending was excessive. Specifically, we observed more use of equity-based incentives (which can encourage managers to mislead capital markets by inflating reported performance), more appointments of materialistic CFOs, less intensive monitoring by the board, and a greater probability of a weakness in internal controls.”
In the financial sector, Dey “found that those with materialistic CEOs had relatively lax systems for risk management and thus faced more threat of significant negative performance than banks led by frugal CEOs.” Even more troubling for the compliance function, Dey “found that materialistic CEOs also contributed to a deterioration in corporate culture that led employees to more aggressively exploit insider-trading opportunities during the 2007–2009 financial crisis. Another correlation was in “corporate social responsibility (CSR) performance,” where Dey “found that firms with materialistic leaders received lower scores from CSR ratings agencies than did firms with frugal leaders. Our finding aligns with other scholarship showing that materialistic people display a lack of concern for the well-being of others and the environment.”
I asked Candice Tal what companies can do to investigate these issues. Tal stated, “Behavioral issues can be picked up during in-depth reference interviews by trained investigators, and can also be detected through patterns observed with type and frequency of civil lawsuits, such as sexual harassment, class action lawsuits, fraud and breach of contract matters. Themes around egregious behavioral issues can also be found when conducting deep web investigations on executives. This goes far beyond Google searches incorporating OSINT Open Source Intelligence. Tal notes that patterns and themes in behavioral traits should never be ignored. Executive due diligence backgrounds should be conducted by corporations on new executive hires and new board members.  Executives will be in the highest positions of trust, a simple background check will not reveal these types of issues, however, effective due diligence investigations enable this information to be discovered thus protecting the board and shareholders from unnecessary risk exposure.”
All this information should be digested by corporate compliance functions and Boards of Directors. Even in the Foreign Corrupt Practices Act (FCPA) world, nearly every major corporate scandal starts with a lax attitude at the top of the organization. Indeed, it is such CEOs who inevitably cry about ‘rogue employees” and not what their organizations stand for. But the myth of the rogue employees is just that, a myth, and it really all does start at the top. Boards need to take note.