Categories
The Woody Report

Caremark Claims, Part 1

Welcome to The Woody Report, where Washington & Lee School of Law Associate Professor Karen Woody and host Tom Fox discuss issues on white-collar crime, compliance issues, international corruption, securities and accounting fraud, and internal corporate investigations. From current events to topical issues to academic research and thought leadership, Karen Woody helps lead the discussion of these issues on the new and exciting podcast. Today Tom and Karen are an exploration of the Board of Directors’ role in a compliance program through an exploration of the Caremark decision, some of its progeny and then the modern era of Caremark litigation, which began with Marchand, the Bluebell Ice Cream case.

Resources

Karen Woody on LinkedIn

Karen Woody at Washington & Lee, School of Law

Categories
Compliance Week Conference Podcast

Karen Woody on Board Evolution on the Role of Compliance


In this episode of the Compliance Week 2022 Preview Podcasts series, Karen will discuss some of my presentation at Compliance Week 2022 “Board Evolution”. Some of the issues she will discuss in this podcast and her presentation are:

  • Delve into the evolution of the Caremark doctrine requiring Boards to oversee compliance and explore where the courts and regulators are headed
  • Discuss best practices in managing up to the board, including reporting
  • Examine how to best educate boards and engage them in effective oversight, and what compliance’s role is in that

In this first full compliance conference in over 2 years, I hope you can join me at Compliance Week 2022. This year’s event will be May 16-18 at the JW Marriott in Washington DC. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 17th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. and many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners and gain insights into the agency’s areas of enforcement and walk away with guidance on how to remain compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency and more.
  • Bring actionable takeaways back to your program from various session types including ESG, Human Trafficking, Board obligations and many others for you to listen, learn and share.
  • The goal of Compliance Week is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount off the registration price. Enter discount code discount code TFLAW $200 OFF.

Categories
This Week in FCPA

Episode 297 – the Ng Convicted edition


As the NY Mets have the best record in baseball and we prepare for the celebrations of Easter and Passover, Tom and Jay are back to look at some of the week’s top compliance and ethics stories in the Ng Convicted edition.
Stories

    1. Roger Ng was convicted. Tom in the FCPA Compliance and Ethics Blog.
    2. Lessons from DOJ’s first cyber fraud settlement? Annie Hudgins in the FCPA Blog.
    3. Depression as corporate materiality issue. Dick Cassin in the FCPA Blog
    4. Should CCOs be required to certify compliance programs? Mike Volkov in Corruption Crime and Compliance.
    5. CEO fined by SEC for impeding whistleblower. Aaron Nicodemus in Compliance Week. (sub req’d) Matt Kelly in Radical Compliance.
    6. How much BOD oversight of compliance is enough? Jeff Kaplan in Conflict of Interest Blog
    7. Compliance in recessionary times. Jim DeLoach in CCI.
    8. Water and corruption. Rick Messick in GAB.
    9. Why should an organization disclose diversity information? Antinuke Adrian in Harvard Law School Forum on Corporate Governance.  
    10. Data governance best practices. Eray Eliaçik in Data Economy

Podcasts and More

  1. Tom visits with Matt Galvin and Dan Kahn over a 2-part podcast series. In Part 1, they talk about dealing with the DOJ during an FCPA investigation and thereafter. 
  2. Into Star Trek, then join Tom and John Champion, who is on a 15-year mission to do a podcast on every episode of Star Trek, television, movie, and animated show on the podcast MissionLogPodcast.com. In Part 1, from TOS up to the start of TNG. In Part 2, from TNG to today. 
  3. This month on the Compliance Life, I visit with Susan Divers, Director of Thought Leadership at LRN. In Part 1, academic life and early professional career. In Part 2, she moves to the corporate world. 
  4. Why should you attend Compliance Week 2022? Find out on this episode of From the Editor’s Desk. Listeners get a $200 discount to CW 2022 with the code Fox200. More here
  5. Join Tom and Jay at ECI Impact 2022. Listeners to this podcast can save 20% off registration
    by entering discount code: TOM20 at checkout.
  6. Welcome back, Sam Rubenfeld.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Compliance Into the Weeds

Musk Pulls U-Turn on Twitter Board

Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take on the strange comings and goings of Elon Musk and his participation on the Twitter Board of Directors. Highlights include:

·      When and how did Musk become Twitter’s largest shareholder?

·      Why was he asked to come on to the Board?

·      SEC filing requirement issues?

·      What role did the various stakeholder groups, including employees, have in Musk turning down the Twitter Board seat?

·      What are the compliance and governance issues to be learned?

Categories
This Week in FCPA

Episode 284 – The Holmes Found Guilty Edition


Jay returns from a lengthy holiday assignment to join Tom to look at some of the week’s top compliance and ethics stories this week in the Holmes Found Guilty edition.
Stories

  1. Elizabeth Holmes was found guilty. The Verdict (WSJ), What does it mean for Silicon Valley? (NYT), What about the victims? (Bloomberg), Will Holmes serve any time? (Fortune)
  2. 2022 to be a critical year in ESG reportingMike Munro and Guido Van Druen in a CCI.
  3. Top D&O stories from 2021. Kevin LaCroix in D&O Diary
  4. Airbnb spanked over Cuba. Mengqi Sun in WSJ Risk & Compliance Journal.   
  5. MorganStanley fined $60MM over a data breach? Aaron Nicodemus in Compliance Week (sub req’d).
  6. China’s new ABC guidelines. Andrew Reeves and Rongxin Huang in the FCPA Blog.  
  7. The ‘G’ in ESG. Lawrence Heim in PracticalESG.
  8. Key areas for BOD oversight in 2022. Holly Gregory in Harvard Law School Forum on Corporate Governance
  9. Audrey Harris joins AMI.
  10. Broadcat sold. Broadcat Press Release.

Podcasts 

  1. Want some fun? Join Tom and One Stone Creative co-founder Megan Dougherty to explore the full MCU. In their most recent posting, check out Episode 3, Iron Man.  
  2. In January on The Compliance Life, I visited Valerie Charles, a partner at StoneTurn. Val has one of the most interesting journeys in compliance. In Part 1, she discusses her academic background and early professional career. 
  3. The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Classroom Insider. Karen interviews some of her students to tell insider trading history in this unique pod. Check out Episode 1, where they discuss the history of insider trading. In  Episode 2, the disclosure or abstain rule. Episode 3 will take up narrowing the scope of the disclose or abstain rule. 
  4. Mikhail Reider-Gordon returns in Lies, Spies & Corporate Crimes: The Wirecard Saga, with Season 2, Episode 2 The Vagabond Rapping At Your Door.
  5. Check out 31 Days to a More Effective Compliance Program returns, which runs from January 1 to January 31. Available on the Compliance Podcast NetworkMegaphoneiTunes, and other top podcast platforms. 

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.  

Categories
This Week in FCPA

Episode 279 – the Happy Hanukkah Edition

Hanukkah comes early this year. As the Rosen household begins its annual celebration, Tom and Jay are back to look at some of the week’s top compliance and ethics stories this week in the Happy Hanukkah edition. 

Stories

1.     Preparing for dawn raid in the era of hybrid work? Andrew Reeves and Annie Birch in FCPA Blog.
2.     When you fight corruption, it fights back. Rick Messick in GAB.
3.     Why does Walmart want to keep an exec quiet about its compliance program? Dick Cassin explores in the FCPA Blog.
4.     Board effectiveness survey.  Paul DiNicola and Leah Malone in the Harvard Law School Forum on Corporate Governance.
5.     New OECD ABC suggestions. Nicola Bonucci and Nat Edmonds in the FCPA Blog.
6.     Graybeards and Youngbloods working together. Carrie Root in CCI.
7.     Trust in companies ‘shockingly’ low? Lawrence Heim in PracticalESG.
8.     Are senior level compliance positions becoming harder to find and fill? Matt Kelly explores in Radical Compliance.
9.     Role of PwC in Tesla/JPMorgan dispute. Francine McKenna explores in The Dig (sub req’d).
10.  How will tech change the work landscape in 2022? Check out this pod with Mrs. Monitor (AKA Rebecca Rosen) on Freshbrewed Tech. 

Podcasts and Events

11.  How can you show ROI from your internal investment in compliance? Nick and Gio Gallo join Tom Fox in the most unusual pod series, Mining the Gold in Compliance. Part 1 – ROI on Compliance. Purchase Decisions. Part 2 – Extending Compliance Value Across an Organization. Part 3 – Compliance and ESG Investments. Part 4 – Finance and Investing Models for Compliance. Part 5 – Investment Strategies for the Compliance Professional.
12.  Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 11, a birthday party battle through text messages.
13.  In November on The Compliance Life, I visited with Wendy Badger, CCO at Tennant. In Part 1, she detailed her academic career and early professional life. In Part 2, changing ladders to advance your career. In Part 3, Wendy moved into the CCO Chair. In Part 4, Wendy talked about having courage in your career choices and compliance into the future. Next week, we begin the December series with Matt Silverman, Director of Trade Compliance at VIAVI.
14.  The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Once Upon a Trading Law: The History of Insider Trading. In this most unique pod, Karen interviews some of her student to tell the history of insider trading. Check out Episode 1, which looks at the beginnings of insider trading.
15.  Join Tom, Mike Volkov, Carrie Penman, Dr. Pat Harned and Skip Lowney (an all-star panel if there ever was one) for the ECI webinar on the intersection of compliance and E&C programs. Wednesday, December 15, from 2-3:30 ET. Registration and information here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 3: Hughes v. Hu

The next case on the Board’s obligations regarding compliance oversight is Hughes v. Hu. In this case, the plaintiffs’ claimed that the director defendants consciously failed to establish a system of oversight for financial statements and related-party transactions, “choosing instead to rely blindly on management while devoting patently inadequate time to the necessary tasks.” According to the plaintiffs’ assertions the defendants “breached their fiduciary duties by willfully failing to maintain an adequate system of oversight, disclosure controls and procedures, and internal controls over financial reporting.” Additionally, “The board of a Delaware corporation has a fiduciary obligation to adopt internal information and reporting systems that are ‘reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance’.”
The audit committee failed to meet often as required and when they met, the meetings were short and failed to devote adequate time and attention to the issues, especially in light of the known internal control issues. In addition, the audit committee frequently acted through written consent as opposed to addressing issues during in-person meetings. The outside auditor failed to report on key issues and when it did so, the audit committee failed to respond or follow up.
The court noted, “directors face a substantial threat of liability under Caremark if “(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” For both potential sources, “a showing of bad faith conduct . . . is essential to establish director oversight liability.” A plaintiff establishes bad faith by “showing that the directors knew that they were not discharging their fiduciary obligations. Generally where a claim of directorial liability for corporate loss is predicated upon ignorance of liability creating activities within the corporation . . . only a sustained or systemic failure of the board to exercise oversight . . . will establish the lack of good faith that is a necessary condition to liability.” [citations omitted]
Moreover, “a director may be held liable if she acts in bad faith in the sense that she made no good faith effort to ensure that the company had in place any ‘system of controls.’” Significantly directors must “design context- and industry-specific approaches tailored to their companies’ businesses and resources.” Caremark also mandates “a bottom-line requirement that is important: the board must make a good faith effort—i.e., try—to put in place a reasonable board-level system of monitoring and reporting.” Finally, a Caremark claim can be stated by alleging that “an audit committee that met only sporadically and devoted patently inadequate time to its work, or that the audit committee had clear notice of serious accounting irregularities and simply chose to ignore them or, even worse, to encourage their continuation.”
What the court found was that the Company’s Audit Committee met sporadically, devoted inadequate time to its work, “had clear notice of irregularities, and consciously turned a blind eye to their continuation. As detailed in the Factual Background, the Company suffered from pervasive problems with its internal controls, which the Company acknowledged in March 2014 and pledged to correct. Yet after making that commitment, the Audit Committee continued to meet only when prompted by the requirements of the federal securities laws. When it did meet, its meetings were short and regularly overlooked important issues.”
For example, in May 2014, the Audit Committee convened for the first time after disclosing two months earlier that its “disclosure controls and procedures were not effective as of December 31, 2013, due to a material weakness.” The meeting lasted just forty-five minutes. During that time, the Audit Committee purportedly reviewed new agreements governing the Company’s related-party transactions with Kandi USA. Neither the agreements nor the review procedures were produced in response to the plaintiff’s demand for books and records, supporting a reasonable inference that they either did not exist or did not impose meaningful restrictions on the Company’s insiders. Three weeks later, the Audit Committee purportedly reviewed and approved a new policy that management had prepared governing related-party transactions. The Company also did not produce this policy in response to the plaintiff’s demand for books and records, supporting a reasonable inference that it too either did not exist or did not impose meaningful restrictions on the Company’s insiders.
After 2014, the Audit Committee did not meet again for almost an entire year. The committee next convened in March 2015, “spurred by the need to review the Company’s financial results for purposes of the 2014 10-K. The meeting lasted only fifty minutes. During this time, the Audit Committee ostensibly discussed the financial results and purportedly approved a new policy that management had prepared to govern related-party transactions involving the Joint Venture. It is reasonable to infer that the policy did not place meaningful restrictions on management and that the Audit Committee failed to establish its own monitoring system for related-party transactions. It is also reasonable to infer that during this fifty-minute meeting, the Audit Committee could not have fulfilled its responsibilities under the Audit Committee Charter for purposes of nearly a year’s worth of transactions.” The Audit Committee again did not meet for almost an entire year, not meeting until March 2016, again spurred by the need to review the Company’s financial results for purposes of the 2015 10-K. This meeting lasted just thirty minutes.
These chronic deficiencies support a reasonable inference that the Company’s Board of Directors, acting through its Audit Committee, failed to provide meaningful oversight over the Company’s financial statements and system of financial controls. Despite identifying Yu and Lewin as Audit Committee Financial Experts in 2015, the Company later disclosed in the 2016 10-K that it lacked personnel with sufficient expertise on US GAAP and SEC disclosure requirements for equity investments and related-party transactions. The directors charged with implementing a system to oversee the Company’s financial reporting thus lacked the expertise necessary to do so all along. Instead, the Audit Committee deferred to management, which dictated the policies and procedures for reviewing related-party transactions and hired and fired the Company’s auditor, even though management’s actions suggested that it was either incapable of accurately reporting on related-party transactions or actively evading board-level oversight.
The defendants alleged that the Company had the trappings of oversight, “including an Audit Committee, a Chief Financial Officer, an internal audit department, a code of ethics, and an independent auditor.” A plaintiff cannot meet its Caremark burden by pleading that board-level monitoring systems existed but that they should have been more effective. The Court found the plaintiffs’ allegations supported inferences that the Board members did not make a good faith effort to do their jobs. The Court stated, “The Audit Committee only met when spurred by the requirements of the federal securities laws. Their abbreviated meetings suggest that they devoted patently inadequate time to their work. Their pattern of behavior indicates that they followed management blindly, even after management had demonstrated an inability to report accurately.”
An Audit Committee can rely in good faith upon reports by management and other experts. In doing its job, the members of an Audit Committee will necessarily rely on management. But Caremark envisions some degree of board-level monitoring system, not blind deference to and complete dependence on management. The board is obligated to establish information and reporting systems that “allow management and the board, each within its own scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”
Finally, the Board never established its own reasonable system of monitoring and reporting, choosing instead to rely entirely on management. There were no Board meeting minutes to support the company’s rebuttals. As the Court noted, “The absence of those documents is telling because “[i]t is more reasonable to infer that exculpatory documents would be provided than to believe the opposite: that such documents existed and yet were inexplicably withheld.”” The documents that the Company produced indicated that the Audit Committee never met for longer than one hour and typically only once per year. Each time they purported to cover multiple agenda items that included a review of the Company’s financial performance in addition to reviewing its related-party transactions. On at least two occasions, they missed important issues that they then had to address through action by written consent. Clearly, the Board was not fulfilling its oversight duties.
The Hughes Court further delineated a Board’s obligations under Caremark. It cannot simply have the trappings of oversight, it must do the serious work required and have evidence of that work (Document, Document, and Document). Marchand required Boards to manage the risks their organizations face. Clovis Oncology requires ongoing monitoring by the Board. Hughes stands for the proposition that have the structures, policies and procedures in place is not enough. The Board must fully engage in oversight of a compliance program.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 2: Clovis Oncology

When the Delaware Supreme Court says of a Board of Directors collectively signed a company’s Annual Statement “with hands on their ears to muffle the alarms” you can rest assured the Board was seriously negligent in fulfilling its Caremark obligations. The Court’s decision in Clovis Oncology (Clovis or ‘the company’) laid out what a plaintiff must prove to create liability for a Board under the Caremark Doctrine. Not only must a Board have oversight of a corporate compliance function it must also provide oversight of that function.
The facts are so egregious on the monitoring requirement, the entire opinion could have been the basis for the original Caremark Doctrine. As the opinion stated the Board “breached their fiduciary duties by failing to oversee the Roci clinical trial and then allowing the Company to mislead the market regarding the drug’s efficacy. These breaches, it is alleged, caused Roci to sustain corporate trauma in the form of a sudden and significant depression in market capitalization.”
Clovis had no products and no sales but only the hope of the creation, marketing and sale of a new cancer drug, Roci. Clovis “relied solely on investor capital for all operations.” The potential success for Clovis “rested largely on one of its three developmental drugs, Roci, a cancer drug designed to treat a previously- untreatable type of lung cancer. Because of the estimated $3 billion annual market for drugs of its type, Clovis expected Roci to generate large profits if Clovis could secure FDA approval for the drug and shepherd it to market.” To get Roci to market, the company had to first perform clinical trials and then submit those findings to the Food and Drug Administration (FDA).
To perform the clinical trials, Clovis used a standard, well-known drug testing protocol called RECIST. A key component of the RECIST protocol was differentiating on the reporting on confirmed results v. non-confirmed results. During the trial, Clovis deviated from the RECIST protocol by improperly calculating the efficacy measurement based on both confirmed and unconfirmed results without differentiating between the two.  As a result, Clovis published inflated performance results, and included this information in raising capital in the private and public securities markets of over $500 million. Clovis also failed to properly disclose the drug’s side effects. Worse yet, Clovis made these same misrepresentations in its initial presentations to the FDA.
After its initial presentation to the FDA, the FDA requested additional information on the test results. It appears at that point the Board was made aware of significantly different results from the confirmed v. the non-confirmed categories. The stock dropped some 80% in a few days, wiping out over $1 billion in capitalization. The fallout of Clovis actions led the FDA to suspend its review of Rico, effectively ending the company’s efforts.
As noted, the Court found that the Board had made certain there was an overall compliance program. However, Caremark has a second prong which requires a Board to “monitor” its compliance program. The Court stated, “To state a claim under this prong, Plaintiffs must well-plead that a “red flag” of non- compliance waived before the Board Defendants but they chose to ignore it. In this regard, the court must remain mindful that “red flags are only useful when they are either waived in one’s face or displayed so that they are visible to the careful observer.  But, as Marchand makes clear, the careful observer is one whose gaze is fixed on the company’s mission critical regulatory issues.” For the Clovis Board, the compliance oversight should have been over Roci’s trials, clinical trial protocols and related FDA regulations governing that study.
The RECIST clinical trials protocol was “the crucible in which Roci’s safety and efficacy were to be tested. Roci was Clovis’ mission critical product. And the Board knew, upon completion of the TIGER-X trial, the FDA would consider only confirmed responses when determining whether to approve Roci’s NDA per the agency’s own regulations.” Moreover, the Clovis “Board was comprised of experts and the RECIST criteria are well-known in the pharmaceutical industry. Moreover, given the degree to which Clovis relied upon it when raising capital, it is reasonable to infer the Board would have understood the concept and would have appreciated the distinction between confirmed and unconfirmed responses. The inference of Board knowledge is further enhanced by the fact the Board knew that even after FDA approval, physicians (i.e., future prescribers) would evaluate Roci based on its” clinical trials.
Mike Volkov has stated of the Clovis decision, “The Clovis Court explained that “‘Delaware Courts are more inclined to find Caremark oversight liability at the board level when the company operates in the midst of obligations imposed upon it by positive law yet fails to monitor existing compliance systems, such that a violation of law, and resulting liability, occurs.’” The Clovis Court noted that when externally imposed regulations govern a company’s mission critical operations, the board must exercise a good faith effort to implement an oversight system, which “entails a sensitivity to ‘compliance issues[s] intrinsically critical’ to the company.”
The Clovis decision is another steppingstone in the creation of duties for a Board regarding compliance. Like the Board at Blue Bell Ice Cream, the Clovis Oncology Board had but one compliance obligation. At Blue Bell Ice Cream, it was food Safety. At Clovis Oncology it was compliance around the clinical trials and reporting results of its signature product, the drug Roci. While Blue Bell Ice Cream management did not even report its food safety results to the Board, senior management at Clovis made material misrepresentations to the Board about the results of the clinal trial based upon the melding of unconfirmed results with confirmed results. This case then stands for the proposition that a Board must do more than simply accept what management says about compliance, it must monitor compliance. Here the Clovis management made material misrepresentations to the Board about the results of the clinal trial based upon the melding of unconfirmed results with confirmed results.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 1: Blue Bell

The role of the Board of Directors has always been a key part of any best practices compliance program. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have consistently said that a Board’s role is active oversight of compliance. Over the past few years, the civil side of this obligation has become much more prominent, led by developments in case law under the Caremark doctrine, as modified by Stone v. Ritter by the Delaware Supreme Court. In response to demands for greater accountability and corporate accountability, the Delaware courts have been cutting back the Caremark standard and rejecting motions to dismiss filed by defendants. Recent cases are continuing down this path and raising the expectations for Board members exercising their duty of loyalty and duty of care. This week I will be exploring this expanded set of legal obligations laid down by the Delaware Supreme Court.
Mike Volkov has stated, “At the core of board member protection from liability is the well-known Caremark doctrine that requires corporate boards to make a good faith effort to implement a system for compliance program monitoring and reporting. For years, Delaware courts easily rebuffed shareholder derivative suits challenging board members’ performance after a corporate scandal occurred. The Caremark standard was reinforced in Stone v. Ritter, where the court stated director oversight liability requires a showing of either “the directors utterly failed to implement any reporting or information system or controls” or the directors, “having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”
Under Caremark and Stone v. Ritter, a director must make a good faith effort to oversee the company’s operations. Failing to make that good faith effort breaches the duty of loyalty and can expose a director to liability. But it is more than simply not doing your job as a Board, it is doing so in bad faith. The Court states, “In other words, for a plaintiff to prevail on a Caremark claim, the plaintiff must show that a fiduciary acted in bad faith—“the state of mind traditionally used to define the mindset of a disloyal director.” Bad faith is established, under Caremark, when “the directors [completely] fail[] to implement any reporting or information system or controls[,] or … having implemented such a system or controls, consciously fail[ ] to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” In short, to satisfy their duty of loyalty, directors must make a good faith effort to implement an oversight system and then monitor it.”
This change began in a case Marchand v. Barnhill and it involved that Texas institution, Blue Bell Ice Cream, the top ice cream manufacturer in the US. In this decision, the Court found that the Blue Bell Board completely abrogated its duty around the single largest safety issues it faced – food safety. That abrogation allowed a listeria outbreak, “causing the company to recall all of its products, shut down production at all of its plants, and lay off over a third of its workforce. Blue Bell’s failure to contain listeria’s spread in its manufacturing plants caused listeria to be present in its products and had sad consequences. Three people died as a result of the listeria outbreak. Less consequentially, but nonetheless important for this litigation, stockholders also suffered losses because, after the operational shutdown, Blue Bell suffered a liquidity crisis that forced it to accept a dilutive private equity investment.”
The job of every Board member is to represent the shareholders, not the incumbent Chief Executive Officer (CEO) and Chairman of the Board. To do so, the Board must oversee the risk management function of the organization. Blue Bell was and to this day is a single-product food company and that food is ice cream. This sole source of income would mandate that the highest risk the company might face is around food. But as the underlying compliant noted, “despite the critical nature of food safety for Blue Bell’s continued success, the complaint alleges that management turned a blind eye to red and yellow flags that were waved in front of it by regulators and its own tests, and the board—by failing to implement any system to monitor the company’s food safety compliance programs—was unaware of any problems until it was too late.”
The plaintiffs reviewed the Board records and made the following allegations:

  • there was no Board committee that addressed food safety;
  • there was no regular process or protocols that required management to keep the Board apprised of food safety compliance practices, risks, or reports which existed;
  • there was no schedule for the Board to consider on a regular basis, such as quarterly or biannually, any key food safety risks which existed;
  • during a key period leading up to the deaths of three customers, management received reports that contained what could be considered red, or at least yellow, flags, and the Board minutes of the relevant period revealed no evidence that these were disclosed to the Board;
  • the Board was given certain favorable information about food safety by management, but was not given important reports that presented a much different picture; and
  • the Board meetings are devoid of any suggestion that there was any regular discussion of food safety issues.

The Board’s response to these allegations is instrumental in understanding how Board’s viewed their obligations regarding oversight of compliance. The Court stated, “the directors largely point out that by law Blue Bell had to meet FDA and state regulatory requirements for food safety, and that the company had in place certain manuals for employees regarding safety practices and commissioned audits from time to time. In the same vein, the directors emphasize that the government regularly inspected Blue Bell’s facilities, and Blue Bell management got the results.”
The Delaware Supreme Court made short shrift of this argument, stating “fact that Blue Bell nominally complied with FDA regulations does not imply that the board implemented a system to monitor food safety at the board level. Indeed, these types of routine regulatory requirements, although important, are not typically directed at the board. At best, Blue Bell’s compliance with these requirements shows only that management was following, in a nominal way, certain standard requirements of state and federal law. It does not rationally suggest that the board implemented a reporting system to monitor food safety or Blue Bell’s operational performance.”
The Board’s next defense was even more inane and was so preposterous, the Delaware Supreme Court labeled it as “telling.” It was that because the Board had received information on the company’s operational issues and performed oversight on operational issues, it had fulfilled its Caremark obligations. This is basically the same argument that every paper-pushing argument for compliance program. We have something on paper, so we have complied is the clarion call of such practitioners. The Delaware Supreme Court also saw through the flimsiness of this argument stating, “if that were the case, then Caremark would be a chimera.” [emphasis in original] This is because operational issues are always discussed at the Board level. Finally, Caremark requires “that a board make a good faith effort to put in place a reasonable system of monitoring and reporting about the corporation’s central compliance risks. In Blue Bell’s case, food safety was essential and mission critical.”
It has long been axiomatic that bad facts can lead to large changes in how courts interpret the law. The Blue Bell case had facts that the Court all but said the Board engaged in bad faith regarding its compliance obligations. The change was only the beginning.

Categories
31 Days to More Effective Compliance Programs

Areas of Board inquiry into compliance


A white paper by Deloitte & Touche LLP, entitled “Risk Intelligence Governance – A Practical Guide for Boards”, laid out six general principles to help guide Boards in the area of risk governance. These six areas can be summarized as follows:

  • Define the Board’s role. There must be a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities.
  • Foster a culture of risk management. All stakeholders should understand the risks involved and manage such risks accordingly.
  • Incorporate risk management directly into a strategy. Oversee the design and implementation of risk evaluation and analysis.
  • Help define the company’s appetite for risk. All stakeholders need to understand the company’s appetite or lack thereof for risk.
  • How to execute the risk management process. Maintain an approach that is continually monitored and has continuing accountability.
  • How to benchmark and evaluate the process. Systems need to be installed which allow for evaluation and modifying the risk management process as more information becomes available or facts or assumptions change.

All of these factors can be easily adapted to compliance and ethics risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue.
Three key takeaways:

  1. The Board’s role is to keep really bad things from happening to a company.
  2. There are six general areas the point can inquire into and lead from.
  3. A Board should have direct access to information on the company’s compliance program.