Tag: BOD

Categories
Compliance Into the Weeds

Compliance into the Weeds: Mudge and Whistleblower Allegations Against Twitter

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. In this episode, we explore the recently publicly released whistleblower allegations by Peiter Zatko, AKA “Mudge,” made against his former employer Twitter. Highlights include:

  • The allegations made by Mudge.
  • What possible enforcement actions and legal ramifications could develop?
  • What does this mean for the Twitter/Elon Musk litigation?
  • Where was the Board, and who was the Board?
  • Is there more to come?

Resources

Matt in Radical Compliance

Categories
Blog

A Caremark Retrospective: Part II – Holdings and Rationale

Today, I continue my exploration of two of the most significant cases regarding Boards of Directors and corporate compliance; the Caremark and Stone v. Ritter decisions. The former decision was released in 1996 and the latter, some ten years later in 2006. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the original Caremark decision. Yesterday, in Part 1, we reviewed the underlying facts of the Caremark decision. Today, in Part II, we consider the holdings and the legal reasoning. Perhaps the most interesting thing about both cases is that even though the Court in Caremark delineated the doctrine and in Stone v. Ritter confirmed it, both Courts ruled against the moving parties and for the defendant corporate Boards.

Caremark

In Caremark, the Court began by noting that director liability for a breach of the duty to exercise appropriate attention can come up in two distinct contexts. In the first, liability can occur from a board decision that results “in a loss because that decision was ill advised or “negligent””. In the second, board liability for a loss “may be said to arise from an unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss.”

However, any decision is tempered by the following, what “may not widely be understood by courts or commentators who are not often required to face such questions, is that compliance with a director’s duty of care can never appropriately be judicially determined by reference to the content of the board decision that leads to a corporate loss, apart from consideration of the good faith or rationality of the process employed.” In other words, if there is a process or protocol in place a board cannot be said to have violated its duty, even with “degrees of wrong extending through “stupid” to “egregious” or “irrational”.” To do so would abrogate the Business Judgment Rule.

The Caremark court went so far as to cite Learned Hand for the following, “They are the general advisors of the business and if they faithfully give such ability as they have to their charge, it would not be lawful to hold them liable. Must a director guarantee that his judgment is good? Can a shareholder call him to account for deficiencies that their votes assured him did not disqualify him for his office? While he may not have been the Cromwell for that Civil War, Andrews did not engage to play any such role.”

However, there is a second type of liability which boards can run afoul of under Caremark, and it is the one which seems to the liability under which most boards are found wanting in successful Caremark claims. It is when “director liability for inattention is theoretically possible entail  circumstances in which a loss eventuates not from a decision but, from unconsidered inaction.” This was a departure from prior Delaware case law which said that a board did not have to look for wrongdoing but only had to investigate if informed about it. That was from an old 1963 decision and the Court relied on the 1992 US Sentencing Guidelines to note how such views were no longer accepted. Board obligations had changed by 1996 with the following, “obligation to be reasonably informed concerning the corporation, without assuring themselves that information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”

Stone v. Ritter

This case involved money laundering and a bank’s failure to report suspicious activity which led to an employee running a Ponzi scheme. The bank in question was fined over $40 million. Once again, the plaintiffs were not successful in their claims. The Stone v. Ritter court approved the Caremark Doctrine and went on to further specify thatCaremark required a “lack of good faith as a “necessary condition to liability”.” It is because the Court was not focusing simply on the results but in the board’s overall conduct “of the fundamental duty of loyalty.” It follows that because a showing of bad faith conduct, “is essential to establish director oversight liability, the fiduciary duty violated by that conduct is the duty of loyalty.”

Interestingly, the Court added what it termed as “two additional doctrinal consequences.” First, although good faith is a “part of a “triad” of fiduciary duties that includes the duties of care and loyalty, the obligation to act in good faith does not establish an independent fiduciary duty that stands on the same footing as the duties of care and loyalty.” Violations of the duties of care and loyalty may result in direct liability, whereas a failure to act in good faith may do so, but it would only result in indirect liability. The second consequence is that the “duty of loyalty is not limited to cases involving a financial or other cognizable fiduciary conflict of interest. It also encompasses cases where the fiduciary fails to act in good faith. As the Court of Chancery aptly put it in Guttman, “[a] director cannot act loyally towards the corporation unless she acts in the good faith belief that her actions are in the corporation’s best interest.””

The Stone v. Ritter court ended by further refining the Caremark Doctrine to define the necessary conditions for director liability under Caremark. They are:

  1. Directors utterly failed to implement any reporting or information system or controls;
  2. If they have implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.

In either situation, imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith.

As usual, once I get started, I often cannot stop so in my next blog post (or two) I will consider how this has evolved.

Categories
Blog

A Caremark Retrospective: Part I – Background

It is often instructive to look back at old cases which have become so well known for a doctrine that the underlying facts are often forgotten. I did so recently in reading the original Caremark and Stone v. Ritterdecisions. The former decision was released in 1996 and the latter, some ten years later in 2006. They both made interesting reading and the underlying facts could well be drawn from the headlines of anti-corruption and anti-money laundering (AML) enforcement actions today. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the originalCaremark decision. Today, in Part 1, we review the underlying facts of the Caremark decision and in Part II, the legal reasoning.

Underlying Facts

In Caremark, the decision involved a company which provided patient care and managed care services and a substantial part of the revenues generated by the company was derived through third party payments, insurers, and Medicare and Medicaid reimbursement programs. Medicare and Medicaid payments were governed under the Anti-Referral Payments Law (“ARPL”) which prohibited health care providers (HCPs) from paying any form of remuneration (i.e., kickbacks) to physicians to induce them to refer Medicare or Medicaid patients to Caremark products or services.

To try and get around this prescription, Caremark entered various contracts for services (e.g., consultation agreements and research grants) with physicians at least some of whom prescribed or recommended services or products that Caremark provided to Medicare recipients and other patients. Moreover, Caremark had a decentralized governance and operational structure which allowed wide latitude to the business units to enter into such agreements without corporate or any centralized compliance or legal oversight. The results were about what you would expect.

Multiple federal investigations found that from the mid-1980s until the early 1990s, Caremark paid out millions to doctors in forms disguised to evade ARPL liability. Caremark claimed that its payments for consultation, teaching, research grants and other similar evasions did not violate the law. Further, it relied on an audit by Price Waterhouse (PwC) which concluded that there were no material weaknesses in Caremark’s control structure.

In 1993, Caremark formally changed its compliance manual to prohibit such payments, announced this change internally and put on training for this new set of policies. However, there were no attendant controls, monitoring or follow up noted. Indeed, it is not clear if much if anything changed at Caremark, given the decentralized nature of its business model.

Criminal and Civil Charges

In August 1994, Caremark was hit with a 47-page indictment alleging criminal violations of ARPL, specifically including making payments to induce physicians to refer patients to Caremark services and products. The indictment alleged that payments were “in the guise of research grants and others were consulting agreements.” Moreover, the Indictment went on to allege that such payments were made where no consulting services or research performed. (Very 2022 FCPA-ish) One doctor was alleged to have direct payments from Caremark for staff and offices expenses. Multiple shareholder suits were filed against the Board in Delaware and another federal Indictment was handled in Ohio. In addition to the claims in Ohio, new allegations of over billing and inappropriate referral payments made in Georgia and “reported that federal investigators were expanding their inquiry to look at Caremark’s referral practices in Michigan as well as allegations of fraudulent billing of insurers.” Rather amazingly, the company management, when reporting the Indictment to the Board of Directors, maintained the company had done nothing wrong.

Settlements

Of course, the Caremark senior management was not correct, and Caremark was required to pay millions to resolve enforcement actions. An agreement, with the Department of Justice (DOJ), Office of Inspector General (OIG), US Veterans Administration, US Federal Employee Health Benefits Program, federal Civilian Health and Medical Program of the Uniformed Services, and related state agencies in all fifty states and the District of Columbia required a Caremark subsidiary to enter a guilty plea to two counts of mail fraud, and required Caremark to pay $29 million in criminal fines, $129.9 million relating to civil claims concerning payment practices, $3.5 million for alleged violations of the Controlled Substances Act, and $2 million, in the form of a donation, to a grant program set up by the Ryan White Comprehensive AIDS Resources Emergency Act. Caremark also agreed to enter into a compliance agreement with the Department of Health and Human Services (HHS).

In addition to all these entities, Caremark was also sued by several private insurance company payors (“Private Payors”), who alleged that Caremark was liable for damages to them for allegedly improper business practices related to those at issue in the OIG investigation. As a result of negotiations with the Private Payors the Caremark Board of Directors approved a $98.5 million settlement agreement with the Private Payors in 1996.

In addition to the financial penalties, Caremark finally agreed to institute a full compliance program. It created the position of Chief Compliance Officer (CCO) and created a Board level Compliance and Ethics Committee who, with the assistance of outside counsel, was tasked with reviewing existing contracts and advanced approval of any new contract forms.

Join us for our next piece where we consider the court holdings and rationales in Caremark and Stone v. Ritter.

Categories
Daily Compliance News

August 24, 2022 the 1MDB Verdict Upheld Edition

In today’s edition of Daily Compliance News:

  • Najib’s verdict was upheld in Malaysia. (Reuters)
  • Ex Twitter Security Chief files whistleblower suit. (WSJ)
  • McDonald’s shakes up BOD. (NYT)
  • Musk’s Twitter bot claims thin air? (BBC)
Categories
FCPA Compliance Report

Ty Francis on Assessing Corporate Culture: A Practical Guide to Improving Board Oversight

In this episode of the FCPA Compliance Report, I am joined by Ty Francis, Chief Advisory Officer at LRN. We dive deeply into a recently released LNR/Tapestry Networks Report on Assessing Corporate Culture: A Practical Guide to Improving Board Oversight. Some of the highlights include:

  1. The genesis of this report.
  2. How does the Report serve as a roadmap to a clearer picture of the company’s ethical culture?
  3. How can the Report help determine how to improve culture throughout the enterprise?
  4. Who should a Board collaborate with, and how?
  5. How does the work LRN conducts help organizations foster more effective collaborative cultures?
  6. How do you prioritize culture on the board agenda?
  7. What is the challenge to the board’s culture?
  8. How does a Board measure and monitor?
  9. How does a Board articulate the desired culture?
  10.  How can a Board establish clear communication?

Resources

Ty Francis on LinkedIn

LRN

Assessing Corporate Culture: A Practical Guide to Improving Board Oversight

Tapestry Networks

Categories
Blog

Death of dos Santos and Leadership at the Top

José Eduardo dos Santos, who served nearly four decades as Angola’s president, died on Friday in Spain where he had been living in self-imposed exile. According to his New York Times (NYT) obituary, “he was widely accused of corruption and nepotism, and the economic boom he presided over benefited mainly his family and a coterie of advisers.” If the name sounds familiar it may be due to his flamboyant daughter Isabel dos Santos who has been “accused of plundering institutions including Sonangol, the state petroleum company, to create a business empire with stakes in diamond exports, the dominant cellphone company, banks and the country’s biggest cement maker. In 2020, she was charged with embezzlement, money laundering and other financial crimes. She denied the charges, saying she was the victim of a witch hunt. She has been living mostly in Dubai, seeking to avoid arrest. Mr. dos Santos’s son José was found guilty of financial transgressions and sentenced to five years in prison.” In other words, it all started at the top.
The death of Santos is a good reminder of why substantive and deep dive due diligence needs to go into the background check on every business leader and C-Suite Executive. Candice Tal, founder and President of Infortal Worldwide, has long been telling us for this need for many years. Now a new article from the Harvard Business Review (HBR) by Aiyesha Dey, entitled “When Hiring CEOs, Focus on Character”, bears Tal’s warnings out with research. The author has “studied the ways in which the lifestyle behaviors of CEOs—in particular, materialism and a propensity for rule breaking—may spell trouble for a company.”  Her conclusion bears out why Tal has been saying all along, “Firms led by CEOs with even minor traffic tickets or excessive spending habits are disproportionately prone to fraud, insider trading, and other risky business activities.” Dey concludes by noting “that boards should pay attention to executives’ off-the-job behavior.”
Dey’s research centers on straight-forward questions: “Instead of focusing on systems and controls, should we be looking more closely at the people leading these companies?” Her conclusion is that taking a deeper dive into the background of those who become the C-Suite leaders at an organization bears more scrutiny as they can be “early warning signs” of trouble to come. That sounds like exactly what Boards would want to consider when reviewing potential C-Suite candidates. (I hope they will call Candice Tal to perform the actual due diligence recommended by Dey.)
The first area explored by Dey was in rule breaking, as “criminology researchers have found that people who flout even minor rules are subtly communicating that they don’t believe restrictions apply to them.” Indeed, Dey found that “18% of CEOs had been cited for infractions ranging from minor traffic offenses to driving under the influence, disturbing the peace, drug crimes, reckless behavior, domestic violence, and sexual assault.” Dey took this information a step further by asking, “Is fraudulent reporting more likely at a company if its CEO has a criminal record? Is the CEO (or CFO) more likely to be personally implicated in the fraud if he or she has a criminal record? Not surprisingly, the answer to both questions was yes… we found that if the CEO had a criminal infraction, the firm was more than twice as likely to be involved in fraud, and the CEO was seven times more likely to be personally named as a perpetrator.” Somewhat amazingly, even minor legal infractions such as traffic tickets were significant.
Dey then considered the effect of controls, such as insider trading blackout periods as a deterrence. Dey found “they had little effect on executives who committed serious crimes. Seemingly, then, governance structures and formal control systems are unlikely to rein in the worst actors. That’s discouraging news for boards and regulators that wish to curb opportunistic insider trading and limit other undesirable behavior.”
An area of Dey’s research, which was surprisingly insightful, was around “materialism.” Dey looked at it from the perspective of “the zealous pursuit of wealth and luxury regardless of the cost to others.” She and her teamed picked three criteria for review. (1) Ownership of a private home valued at twice as much as the median in the area; (2) Ownership of a car worth more than $75,000; and (3) Ownership of a boat more than 25 feet in length. “In our sample of CEOs, 58% had one or more of those markers and qualified as materialistic; we classified the remaining 42% as frugal.”
What Dey found “was a gradual weakening of the control environment in firms led by executives whose personal spending was excessive. Specifically, we observed more use of equity-based incentives (which can encourage managers to mislead capital markets by inflating reported performance), more appointments of materialistic CFOs, less intensive monitoring by the board, and a greater probability of a weakness in internal controls.”
In the financial sector, Dey “found that those with materialistic CEOs had relatively lax systems for risk management and thus faced more threat of significant negative performance than banks led by frugal CEOs.” Even more troubling for the compliance function, Dey “found that materialistic CEOs also contributed to a deterioration in corporate culture that led employees to more aggressively exploit insider-trading opportunities during the 2007–2009 financial crisis. Another correlation was in “corporate social responsibility (CSR) performance,” where Dey “found that firms with materialistic leaders received lower scores from CSR ratings agencies than did firms with frugal leaders. Our finding aligns with other scholarship showing that materialistic people display a lack of concern for the well-being of others and the environment.”
I asked Candice Tal what companies can do to investigate these issues. Tal stated, “Behavioral issues can be picked up during in-depth reference interviews by trained investigators, and can also be detected through patterns observed with type and frequency of civil lawsuits, such as sexual harassment, class action lawsuits, fraud and breach of contract matters. Themes around egregious behavioral issues can also be found when conducting deep web investigations on executives. This goes far beyond Google searches incorporating OSINT Open Source Intelligence. Tal notes that patterns and themes in behavioral traits should never be ignored. Executive due diligence backgrounds should be conducted by corporations on new executive hires and new board members.  Executives will be in the highest positions of trust, a simple background check will not reveal these types of issues, however, effective due diligence investigations enable this information to be discovered thus protecting the board and shareholders from unnecessary risk exposure.”
All this information should be digested by corporate compliance functions and Boards of Directors. Even in the Foreign Corrupt Practices Act (FCPA) world, nearly every major corporate scandal starts with a lax attitude at the top of the organization. Indeed, it is such CEOs who inevitably cry about ‘rogue employees” and not what their organizations stand for. But the myth of the rogue employees is just that, a myth, and it really all does start at the top. Boards need to take note.

Categories
The Woody Report

Caremark Claims, Part 1

Welcome to The Woody Report, where Washington & Lee School of Law Associate Professor Karen Woody and host Tom Fox discuss issues on white-collar crime, compliance issues, international corruption, securities and accounting fraud, and internal corporate investigations. From current events to topical issues to academic research and thought leadership, Karen Woody helps lead the discussion of these issues on the new and exciting podcast. Today Tom and Karen are an exploration of the Board of Directors’ role in a compliance program through an exploration of the Caremark decision, some of its progeny and then the modern era of Caremark litigation, which began with Marchand, the Bluebell Ice Cream case.

Resources

Karen Woody on LinkedIn

Karen Woody at Washington & Lee, School of Law

Categories
Compliance Week Conference Podcast

Karen Woody on Board Evolution on the Role of Compliance


In this episode of the Compliance Week 2022 Preview Podcasts series, Karen will discuss some of my presentation at Compliance Week 2022 “Board Evolution”. Some of the issues she will discuss in this podcast and her presentation are:

  • Delve into the evolution of the Caremark doctrine requiring Boards to oversee compliance and explore where the courts and regulators are headed
  • Discuss best practices in managing up to the board, including reporting
  • Examine how to best educate boards and engage them in effective oversight, and what compliance’s role is in that

In this first full compliance conference in over 2 years, I hope you can join me at Compliance Week 2022. This year’s event will be May 16-18 at the JW Marriott in Washington DC. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 17th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. and many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners and gain insights into the agency’s areas of enforcement and walk away with guidance on how to remain compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency and more.
  • Bring actionable takeaways back to your program from various session types including ESG, Human Trafficking, Board obligations and many others for you to listen, learn and share.
  • The goal of Compliance Week is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount off the registration price. Enter discount code discount code TFLAW $200 OFF.

Categories
This Week in FCPA

Episode 297 – the Ng Convicted edition


As the NY Mets have the best record in baseball and we prepare for the celebrations of Easter and Passover, Tom and Jay are back to look at some of the week’s top compliance and ethics stories in the Ng Convicted edition.
Stories

    1. Roger Ng was convicted. Tom in the FCPA Compliance and Ethics Blog.
    2. Lessons from DOJ’s first cyber fraud settlement? Annie Hudgins in the FCPA Blog.
    3. Depression as corporate materiality issue. Dick Cassin in the FCPA Blog
    4. Should CCOs be required to certify compliance programs? Mike Volkov in Corruption Crime and Compliance.
    5. CEO fined by SEC for impeding whistleblower. Aaron Nicodemus in Compliance Week. (sub req’d) Matt Kelly in Radical Compliance.
    6. How much BOD oversight of compliance is enough? Jeff Kaplan in Conflict of Interest Blog
    7. Compliance in recessionary times. Jim DeLoach in CCI.
    8. Water and corruption. Rick Messick in GAB.
    9. Why should an organization disclose diversity information? Antinuke Adrian in Harvard Law School Forum on Corporate Governance.  
    10. Data governance best practices. Eray Eliaçik in Data Economy

Podcasts and More

  1. Tom visits with Matt Galvin and Dan Kahn over a 2-part podcast series. In Part 1, they talk about dealing with the DOJ during an FCPA investigation and thereafter. 
  2. Into Star Trek, then join Tom and John Champion, who is on a 15-year mission to do a podcast on every episode of Star Trek, television, movie, and animated show on the podcast MissionLogPodcast.com. In Part 1, from TOS up to the start of TNG. In Part 2, from TNG to today. 
  3. This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world. 
  4. Why should you attend Compliance Week 2022? Find out on this episode of From the Editor’s Desk. Listeners get a $200 discount to CW 2022 with the code Fox200. More here
  5. Join Tom and Jay at ECI Impact 2022. Listeners to this podcast can save 20% off registration
    by entering discount code: TOM20 at checkout.
  6. Welcome back, Sam Rubenfeld.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Compliance Into the Weeds

Musk Pulls U-Turn on Twitter Board

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take on the strange comings and goings of Elon Musk and his participation on the Twitter Board of Directors. Highlights include:

·      When and how did Musk become Twitter’s largest shareholder?

·      Why was he asked to come on to the Board?

·      SEC filing requirement issues?

·      What role did the various stakeholder groups, including employees, have in Musk turning down the Twitter Board seat?

·      What are the compliance and governance issues to be learned?