Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Top stories include:
If you are a Chief Compliance Officer (CCO), you have likely spent countless hours parsing language in policies, contracts, and regulations. Words matter, especially when those words define responsibility, liability, and protection. Few words in the D&O insurance world carry as much significance or ambiguity as officer.
In a recent D&O Diary guest post, John Orr, D&O Liability Product Leader for Willis FINEX North America, tackled a deceptively simple question: Who qualifies as an “officer” under a directors and officers (D&O) insurance policy? His analysis extends beyond an insurance issue. As organizations evolve, titles proliferate, and regulatory exposure expands, the boundaries of who counts as an “officer” and thus who bears personal risk are blurring.
In today’s compliance landscape, the CCO cannot afford to let that ambiguity go unexamined. Because, as Orr notes, “titles no longer define exposure; functions do.” And that statement carries profound implications for how we manage risk, structure accountability, and design compliance frameworks in the era of AI, ESG, and cybersecurity. It also puts CCOs directly in the line of fire for shareholder litigation based upon a Caremark claim, which was expanded to include officers in the In re McDonald’s Corporation Stockholder Derivative Litigation case.
Today, explore five key lessons compliance officers should take away from this discussion.
1. The Old Definition No Longer Fits the New Enterprise
For decades, D&O insurance policies defined “officer” narrowly: those “duly elected or appointed” under corporate bylaws, which typically included the CEO, CFO, COO, and General Counsel. That made sense when corporate structures were simple and hierarchies clear.
But those days are gone. Modern organizations are matrixed, decentralized, and global. Entire risk domains, such as cybersecurity, compliance, sustainability, and AI governance, now have leaders whose decisions can expose the company to significant regulatory, reputational, or legal peril. Orr points out that after the SEC charged the CISO of SolarWinds in 2023, companies began asking a new question: Is my CISO actually covered under our D&O policy?
That question should not just keep risk managers up at night. It should jolt every compliance leader. Because if your peers in cybersecurity, privacy, or ESG can face personal liability for organizational failures, and if their roles fall outside traditional definitions of “officer,” then your compliance architecture is incomplete.
2. Titles Cannot Shield You from Risk, and They Should Not Define Protection.
Orr rightly criticizes what he calls the “legacy efforts at deliberate ambiguity” in defining who counts as an officer. Historically, this ambiguity offered flexibility to insurers and policyholders. But now it provides uncertainty; if your coverage depends on whether someone’s title happens to include “officer,” you are one reorganization away from being uninsured.
For compliance professionals, this echoes a familiar theme: form versus substance. Regulators, from the DOJ to the SEC, are increasingly looking beyond the organizational chart to assess who truly exercises authority and control. The same principle should apply internally when defining who merits D&O coverage or corporate indemnification in civil litigation.
If a CISO, Chief People Officer, or Head of AI Governance makes risk-laden decisions equivalent in impact to those of a CFO, should they not receive equivalent protection? Orr argues for a shift from title-based to function-based definitions, a position entirely consistent with modern compliance thinking. Accountability should flow from influence, not nomenclature.
3. Endorsements Are Band-Aids, Not Blueprints
As ambiguity around “officer” status has grown, companies have sought quick fixes, such as endorsements listing specific titles or individuals to be covered under D&O policies. Orr concedes that while these endorsements “address the need,” they are not scalable or sustainable. Compliance officers should recognize the analogy to policy exceptions and one-off approvals. Every time you bolt on an endorsement, you introduce friction, inconsistency, and the potential for oversight. It’s a reactive, not proactive, form of risk management.
Endorsements also fail the foresight test. They require organizations to predict which roles might become legally exposed next year, a nearly impossible task in a fast-evolving regulatory landscape. Who foresaw five years ago that ESG directors or AI governance leads would be in the crosshairs of regulators? For compliance, the takeaway is clear: tactical fixes can’t substitute for structural reform. Instead of adding endorsements to patch the definition, align the policy’s logic with the company’s real-world indemnification practices, a concept Orr calls using indemnification as the “North Star.”
4. Indemnification Is the True Test of Officer Status
Orr’s most compelling insight is his proposed “indemnification-based” solution. Under this model, anyone whom the company indemnifies or would have indemnified but for insolvency or other barriers qualifies as an officer under the D&O policy.
This approach elegantly ties together governance, insurance, and compliance. It shifts the focus from job titles to actual corporate behavior: if your organization considers someone important enough to indemnify for their decisions, they are important enough to insure. It also harmonizes coverage with reality, reducing uncertainty during a claim and ensuring consistency across corporate structures.
From a compliance standpoint, this is a governance revolution. It aligns with what the DOJ has repeatedly emphasized in its most recent Evaluation of Corporate Compliance Programs (2024 Ed.): policies must reflect “the actual day-to-day functioning” of the organization, not theoretical constructs. Indemnification as a coverage anchor reflects the compliance principle that responsibility should align with decision-making authority. If someone makes risk-bearing decisions, your compliance and D&O frameworks should converge to support and monitor that role.
5. Modern Risk Requires Modern Coverage and Modern Collaboration
The concluding insight from Orr’s piece should resonate deeply with every compliance officer: “This is not about expanding coverage. It’s about modernizing coverage to address the way companies operate today.”
That statement could serve as the mission of compliance itself. As emerging technologies and global expectations reshape the corporate landscape, the boundaries of responsibility shift daily. AI, ESG reporting, data ethics, and cybersecurity aren’t just technical or operational concerns; instead, they are compliance risks with individual accountability attached.
If your D&O policy does not reflect those realities, neither does your compliance program. The modern CCO must therefore work closely with risk management, finance, and HR to ensure alignment between the forms of protection (insurance, indemnification) and the functions of oversight (compliance, ethics, governance). The article also hints at an opportunity for insurers: innovation. Just as compliance leaders must find new ways to embed ethical decision-making, insurers must design products that reflect the fluid nature of modern corporate risk. Both fields, compliance and D&O, are being asked the same fundamental question: Are you structured for yesterday’s risks or tomorrow’s realities?
What It Means for the Chief Compliance Officer
For the CCO, this discussion is not simply an academic exercise. The question “Who is an officer? ” is really a question about who bears the moral and legal weight of corporate decision-making. As compliance matures into a strategic function, the CCO’s role increasingly resembles that of the “modern officer,” as Orr describes it: not just a gatekeeper, but a guardian of integrity, transparency, and accountability.
Here’s what that means in practice:
Ultimately, the compliance function exists to ensure that individuals are accountable for their actions and protected for acting in good faith. That dual mandate, accountability and protection, lies at the heart of Orr’s argument and at the soul of every effective compliance program.
Compliance is not about saying no; it is about creating the conditions where doing the right thing is easy. In this context, that means ensuring your organization’s structure, policies, and insurance mechanisms make ethical leadership a safe and supported choice. The term “officer” may seem like a semantic detail, but as John Orr reminds us, it reflects how corporations define responsibility in an era of constant change. For compliance professionals, the challenge and the opportunity are to make sure that the mirror reflects reality.
For decades, Delaware courts famously described Caremark claims alleging breaches of the duty of oversight as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” Yet recent legal developments have shown that while Caremark claims remain challenging, they are no longer insurmountable. Cases like Marchand v. Barnhill) and the Boeing 737 Max shareholder derivative lawsuit have demonstrated that boards of directors are not immune from liability when they fail to fulfill their oversight responsibilities.
As we head into 2025, compliance professionals must stay attuned to the evolving dynamics of oversight duty claims. Today, we consider the current state of Caremark litigation, the implications of recent case law, and emerging areas such as cybersecurity, ESG, and AI that could generate oversight liability in the future.
A Historical Shift: From Rare Wins to Increased Viability
Historically, Caremark claims were long shots for plaintiffs. Courts typically set an extremely high bar, requiring claimants to demonstrate that directors acted in bad faith by consciously ignoring red flags or failing to implement compliance systems. However, recent decisions have opened the door for such claims, particularly in cases involving egregious governance failures.
The Boeing case was one of the most striking examples of a Caremark claim. It involved the two Boeing 737 Max plane crashes, which were catastrophic crashes tied to governance and oversight failures. The case survived a motion to dismiss and eventually settled for $237.5 million, funded entirely by D&O insurance. Next was Walmart’s Opioid case, which was also resolved in 2024. In this matter, Walmart’s Board of Directors faced a shareholder derivative claim, alleging breaches of the duty of oversight about the opioid crisis. The case settled for $123 million, showing that courts will entertain Caremark claims when systemic failures result in significant harm. These high-profile cases have emboldened plaintiffs and raised alarms in Delaware courts, leading to a noticeable backlash in recent decisions.
A Backlash Emerges: Delaware Courts Reassert a High Bar
The Delaware Chancery Court, which has long been a guardian of corporate governance law, has recently pushed back against what it views as an overextension of Caremark claims. Since 2023, we have seen three notable cases that highlight this skepticism. The first was the Segway case from 2023. In this decision, the Court dismissed claims against the board, emphasizing that liability requires a “red line” of bad faith—an extremely high standard that most claims fail to meet.
Next was the Walgreens Boots Alliance matter from 2024. In this decision, the Court criticized the “proliferation” of oversight lawsuits, warning that every time a company experiences an adverse event, reflexive filings could do more harm than good. Finally, there was the Centene matter, also from 2024: In Bricklayers Pension Fund v. Brinkley, Vice Chancellor Morgan Zurn dismissed oversight claims, finding no evidence that the board consciously disregarded compliance risks. Zurn underscored that “a bad outcome, without more, does not equate to bad faith.” These decisions signal a clear message from Delaware courts: that Caremark claims must meet an exacting standard and that not every adverse outcome shows a breach of oversight duties.
The Federal Courts Enter the Fray
While Delaware courts tighten their standards, federal courts applying Delaware law have shown a greater willingness to let Caremark claims proceed. Two notable cases from 2024 illustrated this trend. The first was a piece of the long-running Wells Fargo litigation for various actions. In this matter, a federal district court in California allowed claims against Wells Fargo’s board to move forward, citing allegations that directors failed to address discriminatory lending practices. Similarly, a federal court in Illinois sustained claims against Abbott Labs’ Board of Directors for failing to oversee the safety of its infant formula products.
These rulings suggest federal courts may be more receptive to Caremark claims, particularly in cases involving systemic misconduct or significant public harm. While these cases do not have precedential value in Delaware, they can be seen as a roadmap for successful Caremark claims outside the jurisdiction of these two district courts.
The Compliance Implications of Recent Trends
What do all these decisions mean for compliance professionals? In the ever-evolving landscape of oversight liability, the compliance professional has challenges and opportunities. Compliance professionals should proactively identify and address these risks at the board level. There are five areas compliance professionals should focus on.
A Call to Action for Compliance Professionals
The shifting dynamics of Caremark claims underscore the critical role compliance professionals play in supporting board oversight. To strengthen your organization’s oversight framework:
While recent Delaware decisions have reaffirmed the difficulty prevailing in Caremark cases, high-profile settlements and federal court rulings indicate that oversight liability remains a growing risk. Compliance professionals must stay vigilant, ensuring their boards are well-equipped to meet their oversight responsibilities.
By focusing on proactive risk management, thorough documentation, and emerging risks like cybersecurity and AI, compliance teams can help their organizations navigate the complex oversight landscape. The stakes are high, but so are the opportunities to build stronger, more resilient governance frameworks.
As Kevin LaCroix has noted, “The bottom line is that notwithstanding recent Delaware Chancery Court skepticism toward a breach of the duty of oversight claims, there is life for these kinds of suits, at least in some cases—including in cases filed outside of the Delaware state courts.”
Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.
Today, we begin considering Board obligations around compliance.
For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.
Check out the full 3-book series, The Compliance Kids, on Amazon.com.
Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.
Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.
Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.
Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.
Under the Caremark Doctrine, the Board of Directors has clear duties not to put their head in the sand and engage in conscious indifference.
Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.
In this episode, we have the quartet of Matt Kelly, Jonathan Marks, and Karen Moore; with host Tom Fox wearing a double hat as a commentator as well. We take up Root Cause Analysis, DEI questions in the Boeing monitorship, failures at TD Bank and a possible Caremark claim.
1. Matt Kelly takes a look into the commercial strategies which led to the compliance failures at TD Banks. He rants about the Boston’s National Women’s Soccer League team (now deleted) advertising campaign announcing the new team with the tagline ‘too many balls’.
2. Jonathan Marks explains the differences in a Root Cause Analysis and investigations. He shouts out the WNBA and the person who solved the Golden Owl puzzle.
3. Karen Moore takes a deep dive into the district court’s request for more information on the impact of DEI on the Boeing monitorship. She rants about non-civility in the Supermarkets of America’s Parking Lots.
4. Tom Fox takes a look at the potential Caremark claim against TD Bank for both Directors and Officers failures in their duties. He shouts out to GOP dominated Texas Legislature for subpoenaing Robert Roberson for an appearance before the House, one day before his scheduled execution and the Texas Supreme Court for staying his execution until he could appear.
The members of the Everything Compliance are:
The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.
Additional Resources:
1. Jonathan Marks on Root Cause Analysis on LinkedIn.
2. Matt Kelly on TD Bank’s Enforcement Action on Radical Compliance.
3. Tom Fox on the potential Caremark claims in the TD Bank case on the Compliance Podcast Network blog.
Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week.
Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.
Connect with Tom
Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. We have a plethora of topics for this episode, including the DOJ Whistleblower Incentive Program, a look at Solar Winds, a new Caremark decision, an effective internal audit and the new AI law in the EU, which we slice and dice from a variety of perspectives.
We have the full quintet of Matt Kelly, Jonathan Armstrong, Karen Woody, Jonathan Marks, and our newest panelist, Karen Moore, all hosted by Tom Fox.
1. Jonathan Armstrong takes a look at the new EU Low regarding AI. He shouts out to Sir Andy Murray for a great career and life.
2. Matt Kelly asks multiple questions about the form of the guilty plea and what it may mean for compliance professionals going forward. He rants about Wyoming Senator Cynthia Lummis and her legislation for a Strategic Bitcoin Reserve.
3. Karen Moore considers the Centene case, which denied a Caremark claim. She rants about German TV only showing German competitors in their Olympic coverage and she shouts out to the perseverance of Ukrainians, where students attending class at the Kyiv School of Economics will stop class during an air raid and start class again when the All Clear is given.
4. Tom Fox shouts out to Simone Biles and the beauty, power, and grace of women’s gymnastics at the Olympics, going back to Olga Korbut.
5. Karen Woody takes a deep dive into the district court’s recent dismissal of the SEC complaint against SolarWinds. She shouts out to President Biden for bringing hostages home from Russia and a job well done.
6. Jonathan Marks reviews what makes internal controls effective.
The members of Everything Compliance are:
The host, producer, rantor (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.
Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we have a very special group of guest panelists and one special guest host—some of the great women in compliance.
In this special episode, Everything Compliance is by Kristy Grant-Hart, and the guest panelists include Karen Woody, Karen Moore, Lisa Fine, and Hemma Lomax.
1. Karen Woody takes a deep dive into the current evolution of Caremark in Delaware. She raves about her alma mater, UVA, making the college baseball World Series and about this special GWIC-inspired edition of Everything Compliance.
2. Host Kristy Grant-Hart shouts out to Rachel Rodgers, author of We Should All Be Millionaires, and her call to action for women to lead more in politics, business, and entrepreneurship.
3. Karen Moore explores whether Boeing will be prosecuted under its current DPA. She sends sympathies to the family of John Barnett, the Boeing whistleblower who died.
4. Lisa Fine takes a deep dive into the recent acquittal of Mike Lynch in his criminal case for the sale of Autonomy to HP. In her Raves and Rants segment, she has two raves. First to all the Dads out there, Happy Father’s Day! Her second is Compliance Week, retiring EIC Kyle Brasseur for his tenure at Compliance Week.
5. Hemma Lomax goes into a deep rant about compliance training. She raves about Everything Compliance for its first Great Women podcast and Jiminy Cricket, whose signature phrase is “Let your conscience be your guide.”
The members of this special episode of Everything Compliance are:
• Karen Woody is one of the top academic experts on the SEC. She is also the co-host of the award-winning podcast, The Woody Report.
• Karen Moore is an Adjunct Law professor at the Fordham School of Law.
• Lisa Fine is a co-host of the award-winning Great Women in Compliance.
• Hemma Lomax is a co-host of the award-winning Great Women in Compliance.
The host of this special episode of Everything Compliance is Kristy Grant-Hart, founder of Spark Compliance and co-host of the award-winning podcast 2 Gurus Talk Compliance.
Welcome to the Great Women in Compliance podcast on the Compliance Podcast Network, sponsored by Corporate Compliance Insights.
In today’s episode, we have a special episode which is cross-posted with Everything Compliance, which we call Ladies Night: Exploring Compliance in All-Female Podcast Takeover.
In this special Ladies Night edition of the Everything Compliance Podcast, guest host Christy Grant Hart is joined by notable women in compliance as guest panelists, Karen Woody, Karen Moore, Lisa Fine, and Hema Lomax, for an in-depth discussion.
Topics covered include the complexities of Caremark duties and its recent interpretations, Boeing’s ongoing compliance issues, the implications of the Mike Lynch acquittal on due diligence, and ways to enhance the effectiveness of compliance training. The episode wraps up with each guest sharing their raves, offering insights and reflections on the state of compliance today.
You can join the LinkedIn podcast community.
Join the Great Women in Compliance podcast community here.
