Tag: compliance

Categories
Coffee and Regs

CCOs & ESG – Preparing Now for What’s Next

CCOs & ESG – Preparing Now for What’s Next

In this episode, CSS’s team of CCOs Matt Calabro and Victoria Olson discuss how CCOs can prepare now for what’s to come with ESG – from policies and procedures to marketing materials and disclosures.
 

About Our Guest Speakers:


Matt Calabro is an experienced Chief Compliance Officer, having served as CCO for registered mutual funds, investment advisers and a family of UCITS funds. Before joining CSS, Matt was Deputy CCO at Delaware Investments, where he led the daily activities of the firm’s compliance department covering advisory, fund and distribution activity. Under his leadership, Delaware implemented specific improvements in its guideline compliance, advertising review and Code of Ethics programs. Prior to Delaware, Matt spent 20 years in Raymond James’ investment advisory business, where he led mutual fund operations. While there, Matt implemented and upgraded controls, processes and technology and also served as the first full-time CCO to the mutual funds following the adoption of the Compliance Rule. Matt leverages his compliance and operations experience in the investment management industry to assist advisers and investment companies in advancing the effectiveness of their compliance programs.
 

Victoria Olson has been a compliance consultant for several years, most recently with Alaric Compliance Services. She is a Certified Regulatory and Compliance Professional (CRCP issued by FINRA Institute at Wharton), and a Chartered Life Underwriter. She also completed the Certified Anti-Money Laundering specialist (CAMS) course. Victoria previously served as the Chief Compliance Officer to an SEC-registered investment adviser and has extensive experiencing working with RIAs. Prior to consulting, Victoria was Chief Compliance Officer and AML Compliance Officer at Forethought Financial, Director of Compliance at Prudential Financial, and a Senior Compliance Officer at The Phoenix Companies. Victoria formerly served as Chair of the FINRA District 11 Committee and successfully completed the FINRA Series 4, 6, 7, 24 and 66 Examinations.
 
Categories
FCPA Compliance Report

Mike DeBernardis on Q3 Compliance and Enforcement Highlights


In this Episode of the FCPA Compliance Report, I have thrilled to have back fan favorite Mike DeBernardis, partner at Hughes Hubbard. Mike is back for our quarterly FCPA and compliance review and in this episode, we look at highlights from Q3 2021. Highlights of this podcast include:

  1. FCPA Enforcement Actions-WPP and Credit Suisse. What are the key lessons learned?
  2. What does it mean to extend at DPA?
  3. Pandora Papers-how do you think this will drive the move for greater transparency around trusts and other opaque corporate forms?
  4. SEC

a.       Increased enforcement and admissions of liability in settlement docs.
b.       ESG Reporting requirements-what does this mean for corps
c.       Increased scrutiny for both crypto and SPACs
5. National Security Directive coming out in December.
6.HughesHubbard annual FCPA alert

Resources

Mike DeBernardis on Hughes Hubbard website.

 
 

Categories
Blog

Monaco Speech: Part 5 – What Does It All Mean?

This week I have been writing about the speech Deputy Attorney General (DAG) Lisa O. Monaco gave as a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to end with what it all might mean for the compliance professional. First note the emphasis on culture. Monaco’s remarks were, “Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.” This means that the DOJ will be assessing the entirety of corporate culture. As a compliance practitioner how do you demonstrate culture? Or to phrase the question using the Tom Fox mantra, how did you Document, Document, and Document your culture? Culture obviously starts at the top, but it must imbue and be embedded into an organization.
Equally important is compliance. Here Monaco said, “Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.” Note the significance of “company can fulfill its fiduciary duty to shareholders”.
This is a clear tip of the hat to Caremark and other legal requirements for a compliance program based upon civil statutes. This is not the DOJ saying we will punish a company for simply not having a compliance program. Yet make no mistake that if a company does not have a compliance program, not only will there be a very large chance of regulatory violation such as under the FCPA; if your organization does not have a compliance program, it will not receive credit when the penalty phase comes around. Monaco is pointing out as clearly as she can do so the potential legal costs not only from civil shareholder lawsuits but also from regulatory fines and penalties.
Another area which is new to the compliance function will be the DOJ’s review of all corporate malfeasance when assessing a company’s culture, commitment to compliance and possible fines and penalties. Here Monaco stated, “Today, the department is making clear that all prior misconduct needs to be evaluated when it comes to decisions about the proper resolution with a company, whether or not that misconduct is similar to the conduct at issue in a particular investigation. That record of misconduct speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.”
Typically, compliance dealt with anti-corruption compliance, trade compliance, anti-trust compliance and perhaps others. However now a CCO must be apprised of all corporate misconduct as it will be reviewed by the DOJ. For any multi-national organization, that alone will be daunting as how many compliance professionals have visibility into tax, Equal Employment Opportunity Commission (EEOC) claims, labor relations issues or the myriad of other legal issues that every corporate faces every day, literally across the globe? Yet Monaco said that prosecutors would look at just that, stating “A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant.” This is literally a sea change.
Finally, what might be the changes in how corporations are assessed under the FCPA Corporate Enforcement Policy, enacted by prior DAG Rod Rosenstein? Will there continue to be a presumption of declination if you (1) self-disclose; (2) extensively remediate; (3) thoroughly cooperate; and (4) disgorge any ill-gotten gains? If there is no presumption, will there be robust self-disclosure? There is nothing illegal about failing to self-disclose but if a whistleblower then steps forward or the DOJ then opens an investigation based upon other sources and it determines a violation has occurred the opportunity for a declination may well be out the window. Moreover, if there is no self-disclosure and the issue reappears or the remediation is not successful, the company now appears to have actual knowledge of a violation, once again potentially increasing the penalty.
As I wrote yesterday, there are many open questions from these changes. One thing is clear to me, the CCO role and job of the compliance function just got much more challenging.

Categories
Blog

Monaco Speech: Part 4 – Some Questions

Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up some questions that came up for me based upon her remarks. As compliance practitioners know, the first DAG in the Trump Administration announced a major change in FCPA enforcement in November 2017. It was called it the FCPA Corporate Enforcement Policy and it was incorporated into the United States Attorneys’ Manual. Although it was incorporated into the Manual, it was essentially a rejection of the Yates Memo and incorporating the FCPA Pilot Program from 2016 into a more formal structure.
The FCPA Corporate Enforcement Policy set a presumption of a declination for a company that met four requirements. One, voluntary self-disclosure, including disclosure of all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved in or responsible for the misconduct at issue. Two, timely and appropriate remediation. Third, full cooperation with the DOJ in the investigation. Fourth, no aggravating circumstances which could include “involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.”
My first series of questions relate to the Rosenstein policy. What is now required for a ‘presumption of a declination”? Will a company have to self-disclose not simply those individuals substantially involved or all employees, no matter how high or low in the employee chain? Must those disclosures be at the time of self-disclosure or as facts are developed in an investigation? Recall the Yates Memo mandated that if a company wanted any credit it had to disclose all employees involved in the misconduct. [So much so that the word ‘any’ was in bold, italics and underscored.] Will the DOJ revert back to that standard?
What of Deferred and Non-Deferred Prosecution Agreements (DPAs and NPAs)? Has the DOJ heard the criticism of these settlement mechanisms over the years? Matt Kelly and I catalogued them in the second Compliance into the Weeds podcast on Monaco’s speech. Or has the DOJ decided that there is some type of material defect in these tools which makes any settlement with a DPA or NPA simply ‘a cost of doing business’? Monaco raised these issues in the context of FCPA recidivist or those companies which have a broader history of corporate recalcitrant in complying with laws in general; i.e., tax, environmental, employment and every other law a corporation must deal with both in the US and internationally. Even though her remarks were directed to recidivists and other bad corporate actors, it would not be too far a stretch to see if the DOJ reconsidered such penalties for all those companies which find themselves in a FCPA imbroglio.
What might some changes look like? A couple of recent examples come from areas outside the FCPA context. Last week, the Federal Trade Commission (FTC) issued a new directive that any company which has one anti-competition violation under its belt will have to return to the FTC for pre-approval of any acquisition. That can be quite a business slow down if you are in a dynamic industry or profession. The other example comes from the world of US banking where the Federal Reserve put a growth cap on Wells Fargo for its behaviors. Once again something like that can be a very large business inhibitor.
The DOJ return to more robust monitorships could be another mechanism. While the monitors now usually concern themselves with the terms of the settlement agreement and whether the company under the settlement agreement is fulfilling its terms; the monitor could take a more active role in an organization, such as review any high-risk transaction or transaction but a certain dollar value. Such an intrusive monitorship would greatly slow down business in any organization. Yet FCPA recidivists do not seem to have gotten the message not to violate the FCPA. Indeed, even some under DPAs and NPAs are not fulfilling their agreed upon obligations. All of these factors could lead to some very different forms of settlement resolutions.
What about Monaco’s remarks around evaluation of all corporate conduct, not simply anti-bribery compliance? Her remarks bear citing in full on this point:
Going forward, prosecutors can and should consider the full range of prior misconduct, not just a narrower subset of similar misconduct — for instance, only the past FCPA investigations in an FCPA case, or only the tax offenses in a Tax Division matter. A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant. 
Most compliance professionals work very diligently to create a culture around anti-corruption compliance. However now there must be compliance with a much broader set of laws; both in the US and internationally. How many compliance officers even know about these other areas? Further, if there is one resource in the organization who does keep track of such matters, it is usually in the legal department, who are loathe to share that information, even within an organization. How will a compliance professional be aware and then work to ensure compliance in these other areas?
As I said in the introduction, there are lots of open questions. Tomorrow I will sum up what it all may well mean for the compliance professional.

Categories
Coffee and Regs

Cybersecurity Training, Talent and Diversity

Cybersecurity Training, Talent and Diversity

In this episode, Founder and CEO at CyberVista, Simone Petrella and CSS’s Director of Cyber IT Services, E.J. Yerzak discuss the importance of cybersecurity training, education, how to recruit talent and diversity in cyber and why compliance and cybersecurity are synonymous.
 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

Simone Petrella is CEO and Co-Founder of CyberVista. Previously, Simone was a Senior Associate at Booz Allen Hamilton where she helped build the firm’s cybersecurity practice in the commercial sector focusing on the creation of cyber fusion centers and the integration of cyber threat intelligence, security operations, and cyber defense operations into effective cyber security operations. For a decade she led the firm’s all source cyber threat intelligence business in the national security and Defense sectors, where she built out a threat capability and team with in depth subject matter expertise in all aspects of cyber threat intelligence, including intelligence support to both defensive and offensive operations. Her areas of specialty included predictive cyber intelligence based on an understanding of the threat adversary and developing service offerings to integrate intelligence into exercises to provide realistic cyber scenarios. Simone received her J.D. with honors from Catholic University’s Columbus School of Law and graduated from Georgetown University with a B.A. in Government and a M.A. in International Law and Policy. She is a member of Women in International Security and is admitted to the New York Bar. A native of New Jersey, she has resided in Washington D.C. since 2000.
 
Categories
This Week in FCPA

Episode 275 – the Happy Halloween edition


As we head to Halloween, Tom and Jay reflect on some of the top compliance and ethics stories on the Happy Halloween edition.

 Stories

1.     More on Credit Suisse and Tuna bonds.  Mike Volkov in Corruption Crime and Compliance. Tom in the FCPA Compliance and Ethics Blog. Tom and Matt Kelly in Compliance into the Weeds.
2.     What is FARA. Jamie Rosenberg starts a 2-part series in Grand Jury Target.
3.     Digital innovation and continuous improvement. Jim Deloach in CCI.
4.     Banks and FinTech.  Davis Polk lawyers in Compliance and Enforcement Blog.
5.     What will happen to exec clawbacks? Aaron Nicodemus in Compliance Week. (sub req’d)
6.     SARs and appalling inaction. Martin Kenney in the FCPA Blog.
7.     Board readiness for shareholder activism. Paul DeNicola in Harvard Law School Forum on Corporate Governance.
8.     Scrutiny of the Arts and Antiquities market. Linklaters client alert.
9.     Hiding evidence from regulations costs KPMG in UK. Risk and Compliance Platform Europe.
10.  The SEC on auditor independence. Matt Kelly in Radical Compliance.

 Podcasts and Events

11.  Compliance Week 2022 opens for registration. Sign up here.
12.  Ethisphere’s World Most Ethical Company awards for 2022 are open for submission. For more information on the Application Process, click here.
13.  Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 7, a Malodor on the Subway.
14.  This month on The Compliance Month, I visit with John Melican, Managing Director at Exiger on his journey to and from the CCO chair. In Episode 1, college and early professional career at NY County DA’s Office. In Episode 2, Melican moved into the corporate world and into compliance. In Episode 3, John moves into the CCO chair. In Episode 4, John talks about what he learned and how he uses that knowledge.
15.  How does a Compliance Bible become a best-seller? Check out Tom’s appearance on the C-Suite Network’s Best Seller TV to find out.  Purchase The Compliance Handbook, 2nd edition here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Great Women in Compliance

Halloween Horror Stories


Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
As a nod to Halloween Lisa and Mary host a joint episode after Fall break which contains Compliance horror stories – we couldn’t accommodate all of the poor practice ghosting stories in the hiring process – please step it up the integrity hiring teams!  The idea for this episode came about right at the beginning of the year when Mary was in conversation with GWIC and friend of the podcast Diana Trevley.  Diana suggested a horror story episode to mark Halloween and have a laugh about the disasters experienced by GWIC.
We’re very grateful to the numerous entries that we received and also offer heartfelt support to those going through horror stories that don’t have a humorous aspect.  Keep holding on.
Hear about compliance initiatives that were turned on their head, conflicts of interest come to life and life’s annoying moments in this episode.
The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.

Categories
Coffee and Regs

An ESG Fireside Chat with KPMG’s Kay Swinburne

An ESG Fireside Chat with KPMG’s Kay Swinburne

In this episode, Vice Chair of Financial Services at KPMG UK, and former parliamentarian, Dr. Kay Swinburne and CSS’s Chief Product Officer Ronan Brennan discuss the latest on ESG, level 2 SFDR and what investment managers need to be thinking about to prepare for 2022 implementation.
 

About Our Guest Speakers:


Dr. Kay Swinburne is Vice Chair of Financial Services KPMG UK, and previously served as Vice Chair of the European Parliament’s influential Economics and Monetary Affairs Committee, playing a pivotal role in shaping EU and global financial services legislation, including setting up the EU supervisory bodies (ESAs, SSM, SRM), capital markets union (EMIR, MiFID II, Prospectus, CCP Recovery & Resolution), and the broader banking union files. Prior to Kay’s career as an MEP, Kay worked in investment banking. Kay brings a unique insight to policy ‘behind the scenes’ and the reality of Brexit in the aftermath of 31 January 2020.
 

 

 
Ronan Brennan is the Chief Product Officer at Compliance Solutions Strategies (CSS). In his role, he has direct responsibility for the strategic evolution of the global suite of CSS products and regulatory content. Managing product in CSS involves ensuring the product suite is ready to support both the current and future compliance management and regulatory reporting needs of investment management and advisory firms globally. Ronan participates as a speaker in many industry events each year, in addition to publishing a company blog and development of thought leadership materials. Ronan has 26 years of experience in the technology sector, 21 of which have been spent in the investment data management and regulatory reporting space.
 
Categories
This Week in FCPA

Episode 274 – the Headed to the World Series edition


Either the Astros or Red Sox are headed to the World Series. Flashing lights in Fenway? What will the baseball gods decree? Tom and Jay reflect as they are back to review some of the top compliance and ethics stories on the Headed to the WS edition.
 Stories

  1. Credit Suisse and Tuna boats equals nearly $500 MM in fines. Harry Cassin in the FCPA Blog. Matt Kelly in Radical Compliance. Jaclyn Jaeger in Compliance Week (sub req’d)
  2. CCOs as problem solvers. Mike Volkov in Corruption Crime and Compliance.
  3. Testing compliance. Brandon Garrett in Compliance and Enforcement.
  4. 3rd party risk management and SOC 2. Eva Pittas in CCI.
  5. Activision promises compliance upgrades. Should we believe them? Jaclyn Jaeger in Compliance Week. (sub req’d)
  6. Is ESG reporting risky? Mike Munro explores in the FCPA Blog.
  7. Facebook fined for changing CCOs without reporting to the CMA. CMA Press Release.
  8. The intersection of compliance and IT. Kyle Martin in Risk and Compliance Matters.
  9. What does the oldest COI tell us about professional misconduct? Jeff Kaplan in the COI Blog.
  10. Contesting the narrative of compliance failures. Robert Barrington in GAB.

 Podcasts and Events

  1. Compliance Week is going ‘Inside the Mind of the CCO’. Participate in the survey here.
  2. Ethisphere’s World Most Ethical Company awards for 2022 are open for submission. For more information on the Application Process, click here.
  3. Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 6, Billy Joel and exasperation.
  4. This month on The Compliance Month, I visit with John Melican, Managing Director at Exiger on his journey to and from the CCO chair. In Episode 1, college and early professional career at NY County DA’s Office. In Episode 2, Melican moved into the corporate world and into compliance. In Episode 3, John moves into the CCO chair.
  5. Why is the Texas Hill Country one of the most special places on earth? Check out the newest edition to the CPN, as Tom Fox celebrates the people, places and things of the Hill County. In Episode 1, he visits with Camp Stewart for Boys matriarch, Kathy Ragsdale.
  6. How does a Compliance Bible become a best-seller? Check out Tom’s appearance on the C-Suite Network’s Best Seller TV to find out. Purchase The Compliance Handbook, 2nd edition here.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 4: Boeing

The final case on the Board’s expanding obligations regarding compliance oversight is Boeing, which was decided earlier this year. This action is yet more from the continuing fallout of the Boeing MAX 737 disaster. As Mike Volkov has noted “The Boeing 737 MAX scandal is a troublesome and disturbing case where corporate board oversight and responsibility was lacking.  The implications of the board’s failure resulted in the killing of innocent passengers and the grounding of Boeing’s 737 MAX.  Add to that a $2.5 billion settlement, a criminal case against a Chief Technical Pilot, and continuing safety and technical problems, and you have recipe for continuing disaster at Boeing.”
In this case, shareholders sued Boeing’s board, seeking to recover costs and economic losses associated with the crash of two 737 MAX jetliners. The allegations were that the directors failed to monitor aircraft safety before the crashes and then failed to respond to known safety risks after the first crash. The lawsuit seeks to hold the directors liable for the resulting loss of “billions of dollars in value.”
Here there were not allegations that the Board did not take compliance seriously or did not provide oversight of compliance but that the Board did not react swiftly and forcefully enough when the first MAX 737 crash occurred. The decision from the Court (the Court of Chancery not the Delaware Supreme Court) framed the question before it as follows, “The narrow question before this Court today is whether Boeing’s stockholders have alleged that a majority of the Company’s directors face a substantial likelihood of liability for Boeing’s losses. This may be based on the directors’ complete failure to establish a reporting system for airplane safety, or on their turning a blind eye to a red flag representing airplane safety problems.”
The Court noted that from 2011 until August 2019, the Board had five standing Committees to monitor and oversee specific aspects of the Company’s business: (1) Audit, (2) Finance, (3) Compensation, (4) Special Programs, and (5) Governance, Organization and Nominating. The Audit Committee was Boeing’s primary arbiter for risk and compliance. Specifically, it “evaluat[ed] overall risk assessment and risk management practices”; “perform[ed a] central oversight role with respect to financial statement, disclosure, and compliance risks”; and “receiv[ed] regular reports from [Boeing’s] Senior Vice President, Office of Internal Governance and Administration with respect to compliance with our ethics and risk management policies.” The Court went on to delineate a list of areas the Audit Committee covered, specifically including robust oversight over compliance.
However what the Boeing Board did not do was “implement or prioritize safety oversight at the highest level of the corporate pyramid. None of Boeing’s Board committees were specifically tasked with overseeing airplane safety, and every committee charter was silent as to airplane safety. The Board recognized as much: former director John H. Briggs, who retired in 2011, observed that the “board doesn’t have any tools to oversee” safety.” [emphasis supplied] The Court rather ominously then said “This stood in contrast to many other companies in the aviation space whose business relies on the safety and flightworthiness of airplanes.”
The Court went into a detailed discussion about what the Board did and more importantly did not do after the first MAX 737 crash (Lion Air crash). The Board did not initiate contact with management, did not do initiate any type of independent investigation or apparent do anything more than ‘Shirk Responsibility’. That final phrase comes from a section title from the Court’s opinion and reads “The Board Continues To Shirk Safety Oversight”.  [bold in original opinion] (Recovering trial lawyer insight-when a court writes something like that as a section heading, it is very ‘not good’ for the defendant). The Court was equally critical about the Board’s response after the second MAX 737 crash (the Ethiopian Airlines crash). Finally the Court found “The Board publicly lied about if and how it monitored the 737 MAX’s safety.” It really does not get any worse than that for a Board.
The Court’s opinion found that under Marchand, a Board must assess the risk profile of the company and manage the most critical risks all the way up to the Board level. At Blue Bell Ice Cream, it was food safety. At Boeing it is airline safety. At the Boeing Board, there was “no committee charged with direct responsibility to monitor airplane safety. While the Audit Committee was charged with “risk oversight,” safety does not appear in its charter. Rather, its oversight function was primarily geared toward monitoring Boeing’s financial risks.” This lack provided the basis for a Caremark claim as further refined by Marchand, et al.
Moreover, there was no Board monitoring system in place for safety. There was no mechanism to get whistleblower complaints about safety to the Board. Finally there was no independent evaluation by the Board on safety, “when safety was mentioned to the Board, it did not press for further information, but rather passively accepted management’s assurances and opinions.”
Some commentators see this as a decision based upon a new category of risk called “corporate trauma”. Herlihy and Savitt said, “The harsh decision reflects the court’s obligation to accept all the plaintiffs’ allegations as true in considering defendants’ motion to dismiss. Indeed, the court reaffirmed that failure-of-oversight claims remain “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” But the ruling nevertheless reconfirms the courts’ increasing willingness to subject directors to suit for corporate trauma.” Mike Volkov was more succinct noting, “At bottom, the Chancery Court is raising the stakes on board member accountability.”
The Hughes Court further delineated a Board’s obligations under Caremark. It cannot simply have the trappings of oversight, it must do the serious work required and have evidence of that work (Document, Document, and Document). Marchand required Boards to manage the risks their organizations face. Clovis Oncology requires ongoing monitoring by the Board. Hughes stands for the proposition that have the structures, policies and procedures in place is not enough. The Board must fully engage in oversight of a compliance program. The decision in Boeing is yet a further expansion of Caremark, once again through Marchand. It stands for the proposition that a company must assess its risks and then manage those risks right up through the Board level.