Tag: Governance

Director Liability And Protection. Developments, Strategies, Trends.

by Pepper Hamilton LLP

Directors and officers are exposed to potential liability from suits by the company, shareholders, and debt holders, among others. There are, however, a number of protections available to protect the assets of directors and officers.

Published in the December 2017 issue of INSIGHTS (Volume 31, Number 12). INSIGHTS is published monthly by Wolters Kluwer, 76 Ninth Avenue, New York, NY 10011. For article reprints, contact Wrights Media at 1.877.652.5295. Reprinted here with permission.

Being a corporate director or officer can be risky business, especially for those involved with public companies. Directors and officers (Ds&Os) are exposed to lawsuits by the company, corporate successors, shareholders, debt holders, employees, bankruptcy trustees and governments. The building blocks of asset protection for Ds&Os are outlined in this article, as well as basic securities and fiduciary liability principles, updates on relevant government enforcement policies under the Trump Administration, and implications for D&O liability insurance coverage.

As discussed here, private securities claims and derivative suits against public company directors and officers are on a powerful upswing, with an unprecedented number of new lawsuits filed in 2017. Meanwhile, under the Trump administration, there are signs of a possible easing of government enforcement actions as the Department of Justice and SEC review prior policies governing corporate cooperation credit and the pursuit of individuals responsible for corporate wrongdoing. In these changing and challenging times, it is important for directors, officers and companies to review their corporate articles, bylaws, contracts and insurance to assure that corporate commitments and policies for protecting Ds&Os fit the needs of the company for balance sheet protection, flexibility and the exercise of discretion, and also satisfy the needs of Ds&Os for reliable and adequate sources of indemnity and advancement.

Asset Protection Overview

Lawsuits and demands against Ds&Os often materialize as claims for alleged violations of securities laws or breaches of fiduciary duties owed to the company or its stockholders. Directors and officers have several potential layers of protection for out-of-pocket expenses and losses, including legal costs, settlements and even judgments.

Statutory Corporate Indemnity and Advancement

State corporations laws permit or require companies to indemnify directors, officers, and employees who are forced to incur costs to defend or protect themselves in lawsuits or proceedings involving their work. Delaware and California law require indemnification of directors and officers who succeed in defending themselves—in Delaware “on the merits or otherwise” and in California “on the merits.”1

Delaware and California law also permit (but do not require) indemnification for defense costs, judgments, fines and settlements incurred by directors, officers and employees who acted “in good faith and in a manner reasonably believed to be in and or not opposed to the best interests of the corporation” or, in a criminal matter, “had no reasonable cause to believe the conduct was unlawful.”2

These are known as the “minimum standards of conduct” for permissive corporate indemnification. A corporation is not legally permitted to indemnify an individual for expenses resulting from conduct that fails to meet these standards. Nor may a corporation indemnify an individual for a judgment of monetary liability to the corporation itself.

Rather than face a potential non-indemnifiable liability, cases against Ds&Os generally settle, if they are not dismissed on pre-trial motions. Corporate laws permit a corporation to advance legal expenses prior to any final determination of whether an individual met the minimum standards of conduct for indemnification. In Delaware and California, corporations may advance defense costs if the individual promises to repay the money if he or she is later found not to have met the minimum standards of conduct for indemnification.3

In order to attract high quality Ds&Os to serve, many companies commit to indemnification and advancement of their Ds&Os in the articles of incorporation or bylaws “to the greatest extent permitted by law.” This language effectively makes permissive indemnification and advancement mandatory.

Contractual Indemnity and Advancement

Directors and officers can strengthen their rights to corporate indemnity and advancement by requiring, as a condition of employment, that the company enter into a private contract stating the terms of its obligation to indemnify and advance.4 Then, if later changes in the articles, bylaws, ownership, key decision-makers or policies are disadvantageous to a director or officer, the company is bound by its contractual agreements to them. These private agreements usually contain presumptions, burdens of proof, timetables and other terms that favor individuals and generally continue in force after the employment relationship or directorship ends.

Exculpation

Many states also permit companies to limit the personal liability of directors (but not of officers) to the corporation and its stockholders with an “exculpation” provision in the articles of incorporation. These provisions excuse directors from personal monetary liability to the company and its shareholders for breach of the fiduciary duty of care. Corporate laws do not permit exculpation, however, for breach of the fiduciary duty of loyalty, bad faith, intentional misconduct, knowing violations of law, transactions resulting in an improper personal benefit, or improper payment of corporate dividends.5

Third-Party Insurance

The final layer of asset protection is D&O liability insurance purchased by the company to protect corporate assets and provide coverage for Ds&Os when the company cannot or will not indemnify them. D&O liability insurance is designed to pay losses (including legal fees) for defending against allegations of “wrongful acts,” such as violations of securities laws or breaches of fiduciary duty, that result in damages to the company, its stockholders or investors.

Most D&O liability policies contain multiple products in a single policy. A traditional “ABC” policy covers personal asset protection and corporate balance sheet protection. Side A covers directors and officers when the corporation cannot or will not indemnify them—such as when it is insolvent, chooses to withhold indemnity, or concludes that an individual failed to meet the minimum standards of conduct. Side B reimburses the corporation for indemnification paid to directors and officers. Side C covers the corporation when it is named in a securities action. Finally, excess Side A DIC (difference in conditions) coverage is dedicated coverage for directors and officers that is not “shared” with the corporation. Side A DIC provides coverage in excess of a tower of primary and excess policies and, among other attributes, “drops down” to replace an underlying insurer if it becomes insolvent.

Although D&O policies provide coverage for claims alleging “wrongful acts,” they exclude coverage for willful or intentional misconduct, which is uninsurable as a matter of law and public policy. That said, insurance can provide coverage for conduct that would not be indemnifiable by the corporation, such as non-exculpable failure of oversight or forms of “bad faith” that do not rise to the level of intentional misconduct. Corporate laws generally allow companies to buy D&O insurance for nonindemnifiable claims.6

Liability Standards—Securities Laws

Corporate directors and officers have potential exposure under both state and federal laws for securities law violations, which commonly are based on allegedly misleading disclosures to investors or illegal sales of securities. Liability for securities violations ranges from mere negligence to intentional wrongdoing. Federal law preempts state law in securities fraud class actions.7

Section 10(b) of the Securities Exchange Act of 1934 (Exchange Act) is the work horse most often invoked against directors and officers in private securities litigation. Federal courts have exclusive jurisdiction over Section 10(b) cases, and most federal circuit courts have concluded that “recklessness” satisfies the mental state required to prove liability—although the U.S. Supreme Court has never determined whether “reckless” conduct is sufficient.8

Federal securities fraud class action filings hit a record pace in 2017, with the most new case filings since enactment of the Private Securities Litigation Reform Act of 1995 (PSLRA). The PSLRA set up legal hurdles and protections for companies, directors and officers, designed to weed out meritless claims at the pleading stage, often filed on little more than accusations of prior disclosure fraud when disappointing news results in a stock price decline.9

Sections 11 and 12 of the Securities Act of 1933 (Securities Act) are invoked against Ds&Os less frequently than Section 10(b) because they apply in narrower circumstances.10 Section 11 is designed to redress material misstatements in a registration statement, and most often invoked following a public offering, when stockholders can trace their purchases to a particular registration statement. Section 12 is designed to redress the illegal sale of unregistered securities and material misstatements in prospectuses and other offering materials. Ds&Os can defend themselves against misrepresentation claims under Sections 11 and 12 by demonstrating their due diligence and that they “had no reasonable ground to believe and did not believe” that the challenged statements were untrue when made.11

In 2017, the United States Supreme Court took up an important issue in Cyan Inc. v. Beaver County Employees Retirement Fund,12 about whether state courts have jurisdiction over claims filed under the Securities Act. From the mid-1990’s until recently, plaintiffs brought Section 11 and Section 12 claims in federal court, where many of the PSLRA’s protections operate through the federal rules of civil procedure.13 However, federal courts in California parted company with other jurisdictions by holding that state courts retain jurisdiction over 1933 Act claims. If the Supreme Court agrees, then public companies—especially new companies following an IPO—will face the prospect of securities class actions in state courts that lack familiarity with the federal securities laws and are not obliged to enforce some of the procedural protections contemplated by the PSLRA—thus, increasing D&O liability risk.

Liability Standards—State Fiduciary Duties

The liability of directors and officers for breach of fiduciary duties owed to the corporation or its stockholders is governed by state law—usually the state of incorporation.14 In Delaware, gross negligence violates the fiduciary duty of care.15 In California, directors and officers are held to a standard of ordinary negligence, except that directors, unlike officers, have no liability if they act in good faith and in reasonable reliance on others.16

Duty of Care: The Business Judgment Rule

The first line of defense in a breach of fiduciary duty case is the business judgment rule (BJR). By statute or common law, depending on the state, the BJR immunizes directors for decisions made in good faith and on an informed business basis, even if those decisions result in losses to the company or its stockholders. In Delaware, it is unsettled whether the BJR protects both directors and officers; in California, it protects only directors.17

Many states, including Delaware and California, recognize a presumption that disinterested directors acted in good faith and on an informed basis, and put the burden on plaintiffs to rebut the presumption that the BJR applies to a given board decision.

Where the BJR applies, courts are expected to defer to a board’s decision about managing corporate affairs.18 Even if a board’s business judgment is “substantively wrong, or degrees of wrong extending through ‘stupid’ to ‘egregious’ or ‘irrational,’ ” no court should second-guess it and no director should have liability for it as long as “the process employed was either rational or employed in a good faith effort to advance corporate interests.”19

Business judgments that result in waste of corporate assets, however, are not recognized as valid and could expose directors to personal liability. However, “waste” is a transaction “so one-sided that no business person of ordinary, sound judgment could conclude that the corporation has received adequate consideration.”20

Duty of Loyalty and Good Faith

Directors are not entitled to corporate indemnification—nor exculpated from personal liability—for breaches of the duty of loyalty or bad faith. “Bad faith” and the absence of good faith are “two sides of the same coin.”21 Bad faith in its “most extreme form” involves “the conscious doing of a wrong because of [a] dishonest purpose,” or “intentionally fail[ing] to act in the face of a known duty to act, demonstrating a conscious disregard for [his or her] duties.”22 In order to win a money judgment against directors, plaintiffs must allege and prove a non-exculpable breach of the duty of loyalty or bad faith. Accordingly, plaintiffs often allege that directors “consciously disregarded” a duty to intervene in events that are harmful to the company or its stockholders, or that they approved or engaged in transactions for self-interested reasons, knowing that their actions were not in the best interests of the company or its stockholders.

A transaction is self-interested when a director stands on both sides of it or is influenced by someone whose interests are across the table from the corporation’s interests. It is important to note that Ds&Os engage in business transactions with their companies not infrequently. These transactions are not inherently wrongful. Rather, the transaction will be subject to heightened judicial scrutiny, and the burden rests on the self-interested director to prove that the transaction was “entirely fair” to the corporation.23 This heightened scrutiny and burden expose the director to the risk of a finding that the director obtained a personal benefit that he or she knew was opposed to the best interests of the corporation or its shareholders—i.e., non-exculpable, non-indemnifiable conduct.

Liability for Failure of Oversight Under Caremark

Directors also face non-exculpable, non-indemnifiable liability exposure for a failure of corporate oversight that amounts to breach of loyalty. Under the Delaware Court of Chancery’s Caremark decision, directors face liability for breach of loyalty when “a loss eventuates not from a [business] decision but, from unconsidered inaction.”24 Directors may be liable if they knew or should have known that violations of law were occurring within the corporation and yet failed to take steps to prevent or remedy the situation. Directors must assure themselves that “information and reporting systems” exist that are reasonably designed to provide timely and accurate information sufficient to allow them to make informed judgments “concerning both the corporation’s compliance with law and its business performance.”25 “[A] sustained or systematic failure of the board to exercise oversight—such as an utter failure to attempt to assure a reasonable information and reporting system exists—will establish the lack of good faith that is a necessary condition to liability.”26

Because liability under Caremark is based on bad faith amounting to breach of the duty of loyalty, the company cannot indemnify a culpable director or officer. This narrows the potential source of indemnity to D&O insurance. A company may indemnify and advance legal fees and settlement costs, however, before a final determination of liability—which naturally tends to drive failure of oversight cases to settlement.

Government Investigations Focusing on Individual Wrongdoing

The federal titans of securities law enforcement—the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC)—have policies that encourage aggressive pursuit of individuals, both as sources of information and targets of enforcement action. These policies have negative implications for D&O defense.

The DOJ Policy

In a September 2015 memorandum by then-Deputy Attorney General Sally Yates, the DOJ announced a policy to more aggressively pursue individuals.27 This announcement followed an uptick in the number of individuals charged under the Foreign Corrupt Practices Act (FCPA) and the False Claims Act. Statements out of the DOJ under the new administration have raised some uncertainty about whether the policy will continue in full force.

The Yates Memo gave federal prosecutors and investigators guidance on “key steps” to strengthen pursuit of individuals for corporate misconduct. In order to gain “any” credit for cooperation, companies must turn over “all relevant facts” relating to conduct of individuals responsible for corporate misconduct. Both civil and criminal enforcement attorneys are to focus on individuals at the inception of an investigation and share information with each other. Enforcement attorneys may not agree to a settlement that protects individuals or resolves a corporate case without a clear plan to resolve individual cases. Finally, civil attorneys must consider actions for monetary recovery against culpable individuals regardless of ability to pay.

While the impact of the Yates Memo is still playing out, some commentators have noted a counterintuitive drop in FCPA enforcement actions against individuals.28 In a speech at New York University Law School in October 2017, Deputy Attorney General Rosenstein stated that while the Yates Memo is “under review” and subject to change, the policy of focusing on individual accountability for corporation wrongdoing will continue under the current administration.29 On the other hand, in a November 17, 2017 press release, Attorney General Sessions may have been alluding to the Yates Memo in declaring an end to the DOJ “practice” of blurring regulations and “guidance,” stating that the DOJ “will proactively work to rescind existing guidance documents that go too far.”30

The Yates Memo policies of targeting individuals responsible for corporate wrongdoing presents challenges to the protective use of corporate indemnity and third-party insurance. The criteria for obtaining cooperation credit pit companies against directors and officers in positions of oversight. Those potentially in harm’s way will want separate legal counsel early in any internal or government investigation, for which they will look to the company for immediate advancement. Third-party insurance may not be available to defray the cost because coverage generally is triggered by a claim for money and often provides only limited coverage, if any, to cover an investigation.

This dynamic increases the importance of careful consideration of potential conflicts that may require separate counsel for various corporate actors, which can spiral into a full-employment-act for lawyers unless carefully managed. At the same time, companies seeking to curry favor with the government may wish to maximize flexibility to refuse advancement to individuals perceived by the DOJ as potential wrongdoers. Of course, there may be legal limitations on a corporation’s ability to refuse advancement.

The impact of the DOJ’s cooperation program tends to make government investigations more complex, extend over a longer period of time, and foster more tension between and among Ds&Os who are under scrutiny and boards of directors or committees that are leading internal investigations. If an investigation leads to self-reporting of a violation of law, or an enforcement action based on, for example, information provided by a whistleblower, it may take longer for companies to settle while individual culpability remains under consideration. To assess the adequacy of D&O defense and protection, companies should reevaluate their indemnification and advancement bylaws, as well as insurance coverage, retention limits, excess coverage, policy language and exclusions, and Side A coverage for individuals.

SEC Policy

The SEC’s policies of pursuing individuals responsible for corporate securities violations have been endorsed under the Trump administration and raise many of the same challenges discussed above. A more recent SEC policy of requiring companies and individuals to admit wrongdoing in some cases as a condition of settlement further negatively impacts the D&O safety nets of indemnity and insurance.

Pursuit of individuals. SEC initiatives launched in 2010 and 2011 encourage individuals to cooperate and report corporate wrongdoing. The 2010 “Enforcement Cooperation Initiative” offers deferred prosecution agreements and non-prosecution agreements in exchange for cooperation,31 while the 2011 Whistleblower Program, implemented pursuant to the Dodd Frank Wall Street Reform and Consumer Protection Act, provides life-changing bounty awards for tips leading to successful enforcement actions, including against compliance officers and other gatekeepers.32

These programs operate in tandem with the SEC’s longstanding policy of encouraging corporate cooperation with SEC enforcement through self-reporting, self-remediation, and punishing and turning over individuals responsible for corporate wrongdoing. The 2001 Seaboard Guidelines, published in an SEC report of investigation, articulate the framework by which the SEC evaluates corporate cooperation, including factors considered in determining whether, and to what extent, the SEC will grant leniency for cooperating.33

These programs appear to be here to stay under the Trump administration, although details may be tweaked. The Whistleblower Program has continued to generate large rewards. An October 2017 SEC report announced that the total awards under the program have reached $162 million to 47 whistleblowers.34 A co-director of the SEC’s Division of Enforcement recently confirmed that the Seaboard Guidelines also will remain in effect, while acknowledging that the SEC should be more specific about the exact benefits of cooperation and provide greater transparency about why cooperation credit is granted or denied.35

Admissions of wrongdoing. In June 2013, then-SEC Chair Mary Jo White announced a shift in policy to seek more admissions of wrongdoing in settlements—a departure from the SEC’s longstanding practice of permitting settling parties to “neither admit nor deny” wrongdoing. According to a March 2015 article in The New York Times, the SEC had generated admissions of culpability in at least 18 different cases involving 19 companies and 10 individuals. In 2017, however, a co-director of the SEC Enforcement Division stated that, while the SEC supports having companies and individuals that admit wrongdoing to other agencies make similar admissions to the SEC, the “harder piece” is deciding whether to continue a policy of departing from the SEC’s “neither admit nor deny” practice.

The SEC’s policies of pursuing individual wrongdoers and seeking corporate cooperation raise the same issues discussed above regarding the DOJ policies of targeting individuals—i.e., more requests for separate counsel, advancement and indemnification, longer investigations, heightened tension between internal investigators and the subjects of investigation, and greater importance of Side A D&O insurance coverage.

Further, an admission of wrongdoing in an SEC settlement limits the ability of a settling director or officer to access corporate indemnity if the admission is deemed to establish non-indemnifiable conduct. Insurance may not be available to fill the gap because coverage for SEC investigations (as opposed to money damages claims) often is not covered or is limited, and there is no coverage for intentional wrongdoing. Ds&Os who admit liability also risk inability to access corporate or insurance funds for defense in parallel or follow on securities litigation, derivative suits and criminal proceedings.

Corporate D&O Litigation

M&A Lawsuits

Until 2016, whenever a public company was sold, the selling company’s board invariably found itself on the receiving end of a class action lawsuit for breach of fiduciary duty to the selling stockholders. So-called “merger objection” lawsuits typically were filed by stockholders of the selling company claiming that the directors and officers breached their fiduciary duties in negotiating the merger price and terms, agreeing to a price that was too low, and approving deficient proxy disclosures. As of the end of 2014, a leading research firm reported that more than 90 percent of merger and acquisition (M&A) transactions above $100 million had ended up in litigation since 2009.36

Historically, most M&A cases were resolved by settlement before the merger closed based on the defendants’ agreement to make additional disclosures or minor adjustments in the deal terms, along with a negotiated fee to the plaintiff ’s attorneys, in exchange for a broad release of D&O liability. Those settlements, until recently, were routinely approved.37 In these early settlements, directors never face a real prospect of out-of-pocket liability exposure.

Recently, however, more M&A cases are being litigated as traditional class actions for money damages after the merger closes.38 This trend has serious liability implications for directors. In order to obtain a judgment for money damages, plaintiffs must prove non-exculpable conduct. This requires proof of self-dealing, bad faith or breach of the duty of loyalty—all of which expose directors to out-of-pocket, non-indemnifiable loss, leaving directors to rely on Side A insurance to fill a potential corporate indemnity gap. It is often unclear exactly what degree of wrongful conduct, however, may be insured.

Two factors are driving the trend toward post-closing merger class actions. First, the Delaware Court of Chancery has taken a stand against broad releases in exchange for “a peppercorn and a fee,” refusing to approve pre-closing nonmonetary settlements. In January 2016, the Court of Chancery embraced the mounting criticism of these settlements and rejected a disclosure-only settlement in In re Trulia Inc. Securities Litigation.39Trulia echoed the analysis in Acevedo v. Aerofl ex Holding Corp., where the Court of Chancery harshly criticized “disclosure-only” settlements stating that they “do not provide any identifiable much less quantifiable benefit to stockholders” and that “ubiquitous merger litigation is simply a deadweight loss.”40 The Court in Aeroflex gave the plaintiffs three choices: (1) declare the claims moot based on the enhanced disclosures and seek attorneys’ fees; (2) propose a settlement limiting release of the directors to Delaware fiduciary duty claims; or (3) litigate the case.41 None of those choices would provide the defendants with broad releases from personal liability.

Second, the trend toward post-closing merger class action cases is fueled by the high potential dollar recovery. Plaintiffs now are filing many of these cases in federal court (to avoid Delaware).42 Although the cases are subject to a high dismissal rate, the rewards of surviving a motion to dismiss are potentially considerable. But again, in order to win a judgment against corporate directors, plaintiffs must establish non-exculpable liability—such as breach of loyalty—which is not indemnifiable by the company. Individual defendants, who usually have parted ways with the company under new ownership, are highly motivated to encourage a class-wide settlement with insurance dollars rather than face risk of personal liability at trial, even on weak or patently unmeritorious claims.

Derivative Suits

Derivative suits against corporate officers and directors historically have presented a low risk of liability for Ds&Os and low returns for plaintiff’s firms. Generally, cases are filed in the wake of securities class actions and settled for minor prophylactic measures, such as corporate governance improvements, and a relatively small fee award. Recently, however, derivative suits have gained traction after high-profile cases resulted in large settlements, including $275 million for Activision Blizzard (2014), $139 million for News Corp. (2013), $137.5 million for Freeport-McMoRan (2015), and $62.5 million for Bank of America Merrill Lynch (2012), among others.43

Stockholders seeking to sue on behalf of a company must establish their standing to assert the company’s claims, which normally are controlled by the board. Stockholders must first make a demand on the board to bring the desired action, or else establish that demand would be futile because a majority of the directors are too conflicted to exercise valid business judgment on a demand.44 In response to a demand, the board must investigate and make a business decision about whether it is in the best interest of the company to take the action demanded. If the demand is refused, courts should defer to the board’s business judgment and dismiss the case without considering the underlying merits of the claims.45

While the odds that plaintiffs will get past the pleading stage in a derivative suit are low, the potential payoff is high, as the settlements cited above suggest. As in the merger litigation context, plaintiffs must prove that defendant directors engaged in nonexculpable wrongdoing (bad faith, breach of loyalty), which generally cannot be indemnified by the company. Further, companies cannot indemnify directors and officers for a judgment of monetary liability in favor of the company, regardless of the theory. Thus, defendants face theoretical out-of-pocket liability in derivative suits. The primary defense strategy is to obtain dismissal based on plaintiffs’ lack of standing, regardless of the underlying merits of the claim. All equal, a settlement funded by D&O insurance is preferable to trial.

Plaintiffs have gained leverage in derivative suits based on recent Delaware decisions that allow more expansive pre-suit stockholder access to “books and records,” enabling plaintiffs to investigate D&O wrongdoing and file better complaints.46 Delaware courts have long encouraged stockholders to use Section 220 of the Delaware General Corporate Law to obtain nonpublic books and records before bringing derivative actions.47 To obtain corporate records, a would-be stockholder plaintiff need only show a “credible basis from which fiduciary misconduct could be inferred.”48

In 2014, the Delaware Supreme Court upheld a Court of Chancery decision enforcing a “books and records” demand by Wal-Mart stockholders to investigate an ongoing Wal-Mart internal investigation of alleged FCPA violations in Mexico. The court required Wal-Mart to comply with demands to search back-up tapes and to produce lower-level officer documents that were never seen by the board and certain privileged attorney-client communications.49 With such extensive information, plaintiffs in theory are better able to craft derivative complaints that stand a chance of survival at the pleading stage.

Coverage and Indemnity Implications

D&O coverage typically is triggered by a demand for money—not by a demand for corporate “books and records” or a demand that a board of directors investigate and bring suit on behalf of a company. Yet, these demands are serious precursors to derivative litigation against D&O defendants. Some D&O policies provide limited coverage to defray corporate costs of the board’s investigation in response to a demand. But this is only part of the cost. Individual Ds&Os who are questioned in the board investigation may seek separate counsel and request corporate advancement and indemnification. If the derivative suit were to result in a judgment in favor of the company, the culpable Ds&Os could not look to the company to defray the cost, and would need to call upon Side A insurance coverage.

Conclusion

If you are a director or officer of a public company, or considering a board position with a public company, it is a good idea to invest in a legal checkup on the company’s indemnification and advancement articles, bylaws, policies and agreements, and a review of its D&O liability coverage.

Endnotes

1 Del. Gen. Corp. Law § 145(c) (emphasis added); Cal. Corp. Code § 317(d) (emphasis added); Cal. Lab. Code § 2802 (mandating indemnification of employees for expenses incurred in the discharge of lawful duties).

2 Del. Gen. Corp. Law §§ 145(a) and (b); Cal. Corp. Code § 317(b).

3 Del. Gen. Corp. Law § 145(e); Cal. Corp. Code § 317(f).

4 Del. Gen. Corp. Law § 145(f); Cal. Corp. Code §§ 317(g) and (i).

5 Del. Gen. Corp. Law § 102(b)(7); Cal. Corp. Code § 204.

6 Del. Gen. Corp. Law § 145(g); Cal. Corp. Code 317(i).

7 The 1995 Private Securities Litigation Reform Act preempted state securities laws in class actions alleging securities fraud. 15 U.S.C. § 78u-4.

8 Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308 (2007).

9 Cornerstone Research, Securities Class Action Filings, 2017 Midyear Assessment, available at https://www.cornerstone.com.

10 Section 11, 15 U.S.C. § 77k; Section 12, 15 U.S.C. § 77l.

11 Section 11(b)(1); 15 U.S.C. § 77k(b)(1); Section 12(a)(2), 15 U.S.C. § 77l(a)(2).

12 Cyan, Inc. v. Beaver County Employees Retirement Fund, Case No. 15-1439.

13 The Securities Litigation Uniform Standards Act of 1998, Pub. L. No. 105-353, 112 Stat. 3227, was designed to preempt state jurisdiction over securities fraud class actions, and was widely understood to apply to claims under the Securities Act of 1933, superseding federal law conferring concurrent state and federal jurisdiction. Compare 15 U.S.C. § 77v with 15 U.S.C. §77(p) (SLUSA).

14 Under the “internal affairs doctrine,” the law of the state of incorporation governs the rights and duties among corporate constituencies. Edgar v. MITE Corp., 457 U.S. 624, 645 (1982). By statute, California law regulates director conduct and other internal affairs of companies that merely do business in the state. Cal. Corp. Code § 2115.

15 Gantler v. Stevens, 965 A.2d 695, 708-09 (Del. 2009).

16 Cal. Corp. Code § 309 (the standard of care is ordinary negligence – action “with such care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances.”). Directors, however, are immune from liability if they act in good faith and in reasonable reliance on others, which is tantamount to a gross negligence standard. Katz v. Chevron Corp., 22 Cal. App. 4th 1352, 1366 (1994).

17 FDIC v. Perry, No. CV 11-5561 ODW (MRWx) (C.D. Cal. Dec. 13, 2011); Gaillard v. Naomasa Co., 208 Cal. App.3d 1250, 1264 (1989).

18 Cal. Corp. Code § 309; Lee v. Insurance Exch., 50 Cal. App. 4th 694 (1996); Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984).

19 In re Caremark Int’l Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996) (emphasis in original).

20 In re Walt Disney Co. Deriv. Litig., 906 A.2d 27, 74 (Del. 2006); see also In re Walt Disney Co. Derivative Litigation, 907 A.2d 693, 749 (Del. Ch. 2005) (“waste is very rarely found in Delaware courts … . committing waste is an act of bad faith”).

21 In re Dole Food Co. Stockholder Litig., 2015 Del. Ch. LEXIS 223, at *129 (Aug. 27, 2015).

22 Id. at *129-30 (quoting McGowan v. Ferro, 859 A.2d 1012, 1036 (Del. Ch. 2004)).

23 See Guth v. Loft, 5 A.2d 503, 510 (Del. Ch. 1939).

24 In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967-968 (Del. Ch. 1996); see also Stone v. Ritter, 911 A.2d 362, 365 (Del. 2006) (confirming that “Caremark articulates the necessary conditions for assessing director oversight liability”).

25 Caremark, 698 A.2d at 970.

26 Id. at 971.

27 Sally Quillian Yates, Individual Accountability for Corporate Wrongdoing, Dep’t of Justice, available at http://www.justice.gov/dag/file/769036/download.

28 Sharon Oded, “Yates Memo – Time for Reassessment?,” Compliance and Enforcement, available at https://wp.nyu.edu/compliance_enforcement/2017/04/20/yates-memo-time-for-reassessment/#_edn4.

29 Kevin LaCroix, “Deputy AG Emphasizes Continued Individual Accountability for Corporate Misconduct,” D&O Diary blog, October 31, 2017 available at https://www.dandodiary.com/2017/10/articles/director-andofficer-liability/deputy-ag-emphasizes-continuedindividual-accountability-corporate-misconduct/.

30 Attorney General Jeff Sessions Ends the Department’s Practice of Regulation by Guidance, press release (Nov. 17, 2017), available at https://www.justice.gov.

31 SEC Spotlight, “Enforcement Cooperation Program,” available at https://www.sec.gov/spotlight/enforcementcooperation-initiative.shtml.

32 The SEC’s website announces huge awards. https://www.sec.gov/spotlight/whistleblower-awards. See https://www.sec.gov/spotlight/dodd-frank/whistleblower.shtml (background of the Whistleblower program).

33 Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, https://www.sec.gov/litigation/investreport/34-4969.htm.

34 SEC Press Release, October 12, 2017, available at https://www.sec.gov/news/press-release/2017-195.

35 Andrew Ramonas, “SEC Should Clarify Path to Cooperation Perks in Cases: Official,” Bloomberg BNA, Oct. 26, 2017, available at https://www.bna.com/sec-clarify-path-n73014471401/.

36 Cornerstone Research, Shareholder Litigation Involving Acquisitions of Public Companies, Review of 2014 M&A Litigation, at 1, available at https://www.cornerstone.com [“2014 M&A Litigation”].

37 Acevedo v. Aeroflex Holding Corp., C.A. No. 7930-VCL, transcript of settlement hearing at 63-65, July 8, 2015 (Laster, V.C.) (quoting Solomon v. Pathé Communications Corp., 1995 Del. Ch. LEXIS 46, C.A. No. 12,563 (Del. Ch. Apr. 21, 1995) (Allen, C.)).

38 2014 M&A Litigation, supra note 37, at 1.

39 In re Truvia Inc. Sec. Lit., 129 A.3d 884 (2016).

40 Acevedo v. Aeroflex Holding Corp., No. 7930-CVL, at 63-65 (transcript of settlement hearing).

41 Id. at 74-76.

42 Cornerstone Research, Securities Class Action Filings, 2016 Year in Review, at 11-12, available at https://www.cornerstone.com.

43 See Kevin LaCroix, Largest Derivative Lawsuit Settlements, D&O Diary blog, Dec. 5, 2014, available at http://www.dandodiary.com/2014/12/articles/shareholdersderivative-litigation/largest-derivative-lawsuitsettlements.

44 See Aronson v. Lewis, 473 A.2d 805, 818 (Del. 1984) (holding that a stockholder may pursue a derivative suit in the absence of a pre-suit demand on the corporation’s board of directors only if the stockholder’s complaint contains allegations of fact sufficient to create a reasonable doubt (1) that the directors are disinterested and independent or (2) that the challenged transaction was otherwise the product of valid business judgment).

45 See, e.g., Cuker v. Mikalauskas, 692 A.2d 1042, 1045 (Pa. 1997) (the BJR permits the board of directors of a Pennsylvania corporation to reject a demand or terminate a derivative suit brought by the corporation’s stockholders); Zapata Corp. v. Maldonado, 430 A.2d 779, 788 (Del. 1981) (describing standard and proceedings in Delaware for dismissal of derivative claims based on the business judgment of an independent committee).

46 For example, the court in King v. VeriFone Holdings, Inc., 12 A.3d 1140 (Del. 2011), enforced an inspection demand under Delaware General Corporate Law section 220 in order to enable stockholders to take discovery and file a better derivative complaint after the first was dismissed for failure to plead that a pre-suit demand on the board would have been futile.

47 VeriFone Holdings, 12 A.3d at 1150 n.64 (citing cases).

48 Polygon Global Opportunities Master Fund v. W. Corp., 2006 Del. Ch. LEXIS 179 (Oct. 12, 2006).

49 Walmart v. IBEW, No. 13-614 (Del. July 23, 2014).

BOARD OVERSIGHT OF CORPORATION COMPLIANCE PROGRAMS: RECENT DOJ GUIDANCE AND WHAT TO DO NOW

BOARD OVERSIGHT OF CORPORATION COMPLIANCE PROGRAMS: RECENT DOJ GUIDANCE AND WHAT TO DO NOW
By Holly J. Gregory* and Rebecca Grapsas*

Boards should consider assessing the effectiveness of their compliance programs now in light of the DOJ’s recent guidance on evaluating compliance programs — whether or not the company currently has any compliance issues.

Each company should, at a minimum, have a basic effective compliance program in place. A program that exists “on paper” but is not effective is not sufficient. As well as making good business sense for a range of reasons, having an effective compliance program can influence a federal prosecutor’s decision on whether to charge a company for the bad acts of its employees or officers and the extent to which the company may receive credit for cooperation in a settlement. Having an effective compliance program can also help mitigate penalties if corporate wrongdoing is found

Oversight of a company’s “tone at the top” and its compliance program designed to establish and maintain that tone and detect problems is an important board responsibility.As fiduciaries, directors are required to assess the company’s compliance program in light of the legal and regulatory compliance framework and ensure that the company has appropriate compliance-related reporting and information systems and internal controls in place. It is a business judgment for the board to determine what compliance program best suits the company’s needs and the level of compliance risk it is willing to take.

Each company should, at a minimum, have a basic effective compliance program in place. A program that exists “on paper” but is not effective is not sufficient As well as making good business sense for a range of reasons, having an effective compliance program can influence a federal prosecutor’s decision on whether to charge a company for the bad acts of its employees or of cers and the extent to which the company may receive credit for cooperation in a settlement. Having an effective compliance program can also help mitigate penalties if corporate wrongdoing is found

The standard for effectiveness in compliance program design is set forth in Chapter 8 of the United States Federal Sentencing Guidelines, which provides that a company must:

Establish standards and procedures to prevent and detect criminal conduct

Ensure board oversight of the compliance program

Appoint a high-level individual (such as a chief compliance of cer) who has overall responsibility for the compliance program

Exercise due diligence to exclude unethical individuals from positions of authority

Communicate information about the compliance program to employees and directors

Monitor the compliance program’s effectiveness

Promote and consistently enforce the compliance program

Respond to violations and make necessary modi cations to the compliance program (US Sentencing Commission Guidelines Manual §§ 8B21(b), 8C25(f))

The Principles of Federal Prosecution of Business Organizations in the US Attorneys’ Manual provide that prosecutors should consider specific factors (known as the “Filip Factors”) in conducting corporate investigations, determining whether to bring charges and negotiating plea or other agreements. These factors include “the existence and effectiveness of the corporation’s pre-existing compliance program” and the corporation’s remedial efforts “to implement an effective corporate compliance program or to improve an existing one.” The Department of Justice (DOJ) emphasizes that critical factors in evaluating a compliance program are “whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives” US Attorneys’ Manual § 9-28.300, General Principle; § 9-28.800, Comment (2015)

In February 2017, the Fraud Section of the DOJ issued a resource entitled Evaluation of Corporate Compliance Programs. The document provides more speci c examples of how federal prosecutors will evaluate a company’s compliance program in the process of

The DOJ’s recent guidance for evaluating corporate compliance programs is also discussed in the most recent issue of Sidley’s Anti-Corruption Quarterly.

investigating and resolving an enforcement matter. The document emphasizes that “the Fraud Section does not use any rigid formula to assess the effectiveness of corporate compliance programs.” The document is the latest communication forming part of the Fraud Section’s Compliance Initiative, which began with the Fraud Section’s hiring of Hui Chen as full-time compliance counsel in November 2015.

The document contains probing questions regarding the following eleven “sample” topics:

1. Analysis and remediation of underlying misconduct (including root cause analysis and prior indications)

2. Senior and middle management (including conduct at the top, shared commitment and oversight)

3. Autonomy and resources (including compliance function stature, experience, quali cations, empowerment, funding and outsourcing)

4. Policies and procedures (including design, applicability, gatekeepers, accessibility, operational integration, controls and vendor management)

5. Risk assessment (including methodology, information gathering and analysis, and manifested risks)

6. Training and communications (including form, content and effectiveness, communications about misconduct and availability of guidance)

7. Confidential reporting and investigation (including reporting mechanism effectiveness, investigation scope and response to investigations)

8. Incentives and disciplinary measures (including accountability, process and consistency)

9. Continuous improvement, periodic testing and review (including internal audit, control testing, interviews and evolving updates)

10. Third-party management (including risk-based and integrated processes, controls, relationship management and misconduct consequences)

11. Mergers and acquisitions (including due diligence process, integration in the M&A process and process connecting due diligence to implementation)

The questions are designed to look behind a company’s compliance program “on paper” and evaluate how the program has been implemented, updated and enforced in practice. Although some of the questions focus on the effectiveness of a company’s compliance program in the context of specific misconduct (for example, what caused the misconduct, whether there were prior indications of the misconduct and which controls failed), many of the questions focus on the compliance program more broadly, including, for example, whether compliance personnel report directly to the board, what methodology the company uses to identify, analyze and address the risks it faces, and how the company incentivizes compliance and ethical behavior.

Compliance program assessment is a key element of the board’s oversight of compliance programs. Boards should conduct such assessments periodically to identify areas for improvement in light of the company’s evolving risks and regulatory preferences with respect to compliance structures and practices. Periodic assessment of the compliance program, in a process overseen by the board or a board committee, helps ensure that the program continues to be “ for the purpose” by identifying areas for improvement, while also creating evidence of the company’s commitment to compliance for use in any future regulatory enforcement actions. Assessments should be risk-based to re ect the company’s changing risk environment and to help ensure that limited compliance resources are prioritized to focus on the most signi cant risks.

The assessment criteria should be based on the elements of an effective compliance program as described in DOJ guidance discussed above, including specific guidance from
regulators regarding the company’s industry. The assessment criteria should also reflect trends in settlement agreements, developing notions of recommended practices (both generally and within the company’s specific industry), and the practices of peer companies, to the extent that benchmarking data is available.

In conducting its assessment, the board should evaluate the following and consider how it would answer the specific questions set forth in the DOJ’s recent guidance:

■ The board’s level of oversight including availability of compliance expertise, private sessions with compliance personnel and information

■ Reporting lines and related structures

■ Experience, qualifications and performance of the chief compliance officer and compliance function

■ Compliance function responsibilities, budget and budget allocation (including employees, outside advisors and other resources), staff turnover rate and outsourcing

■ Written corporate policies and procedures regarding ethics and compliance (including legal and regulatory risks), and the process for designing, reviewing and evaluating the effectiveness of policies and procedures

■ Internal controls to reduce the likelihood of improper conduct and compliance violations

■ Ongoing monitoring, control testing and auditing processes to assess the effectiveness of the program and any improper conduct

■ Role of compliance in strategic and operational decisions

■ Key compliance risks, risk assessment processes and risk mitigation

■ Senior management conduct and commitment to compliance, and how the company monitors this

■ Communication efforts by the board, CEO, other senior executives, and middle management regarding expectations and tone

■ Education and training regarding compliance generally and the company’s program, policies and procedures at all levels

■ Understanding of corporate commitment to compliance at all levels

■ Awareness and use of mechanisms to seek guidance and/or to report possible compliance
violations, and fear of retaliation

■ Specific problems that have arisen, why they arose and how they were identified and resolved

■ Investigation protocols and experiences

■ Performance incentives, accountability, disciplinary measures and enforcement

■ Remediation and efforts to apply lessons learned

The DOJ’s recent guidance should help boards determine the assessment process that is appropriate for the company, evaluate whether the company’s program continues to be effective and t for purpose, and consider appropriate modi cations to the program.

Sidley Perspectives | JUNE 2017 • 4

*Holly J. Gregory is a partner in Sidley’s New York of ce and a co-leader of the rm’s global Corporate Governance and Executive Compensation practice. Rebecca Grapsas is counsel in Sidley’s Corporate Governance and Executive Compensation practice who works from both the rm’s New York and Sydney of ces. The views expressed in this article are those of the authors and do not necessarily re ect the views of the rm.