Even without an allegation of improper trading, misuse ofconfidential information imposes costs on companies, including significant harmto reputation, reduced share price and investor confidence, interference withcorporate transactions, and the expense of executive time required to deal withattendant civil and regulatory litigation. For example, the recent firings of two senior executives of DowChemical—one of whom was also a board member—highlight the challenges directorsface with respect to confidential information. The two executives allegedly discussed and encouraged the potential saleof the company with an investment firm without the board’s approval. Reciprocalsuits and an informal Securities and Exchange Commission inquiry followedpublic disclosure of the incident. 

These cases underscore how difficult it is for companies tokeep secrets secret.  Many recent insidertrading cases involved employees providing confidential information to familymembers.  Some involved seniorexecutives.  Worse yet, compliance officersthemselves have been  perpetrators ofinsider trading schemes. 

When an employee acts illegally or improperly, the actionsof the firm will often be subject to regulatory scrutiny. To determine whethera company bears culpability, federal regulators will consider the adequacy ofthe corporation’s pre-existing compliance program, as well as any remedialactions it has taken, including implementation of an effective complianceprogram or the improvement of an existing one. Regulators will evaluate whethera compliance program is adequately designed and whether management is enforcingthe program or tacitly encouraging misconduct. Failure to take basicprecautions against the misuse of confidential information may be deemedevidence of reckless disregard and could result in corporate liability. At theextreme, the Federal Sentencing Guidelines give credit for the existence of aneffective compliance and ethics program if it was in place at the time of theoffense.

An effective compliance program can play a significant rolein minimizing corporate liability. Some important principles apply:

• Compliancerules and procedures should be in writing and disseminated widely.

• Tomaximize comprehension of compliance rules, employees should attend periodictraining programs and submit written acknowledgements of receipt andunderstanding.

• Complianceprograms should require the dissemination of confidential information on aneed-to-know basis and the use of code names for important matters.

• Employeeswith access to confidential information should be subject to formal tradingrestrictions.  These could include, forexample, closed or blackout periods during which employees cannot trade thecompany’s securities, preclearance of all trades by a compliance officer, andestablishment of Rule 10b5-1 plans.

• Periodiccompliance audits should be conducted. 

In addition, an effective compliance program depends inlarge part on enforcement by competent and ethical compliance officers.  Directors and senior officers should closelyscrutinize candidates for these positions and conduct background checks priorto their appointment. Effective compliance begins with the “tone at the top.”

In today’s regulatory environment, a strong complianceprogram serves many purposes.  While aboard cannot always protect against bad actors, it can take steps to reducefinancial and reputational harm to the company when misdeeds inevitablyoccur.  This limits the potential costsof an employee’s greed, which are very real for the company, its directors, andits shareholders.

And lastly, a reporting process that provides investors with thenecessary insights into auditor change would reinforce that the sacredcovenant between the audit committee and the auditor is protected andworking on their behalf.

A properly structured and implemented D&O insurance and corporate indemnification program serves the same purpose as the business judgment rule but in some ways more broadly.

As the Delaware Supreme Court has noted, “the business judgment rule exists to protect and promote the full and free exercise of the managerial power granted to Delaware directors.”¹ The rule is justified “as being necessary to protect ‘directors and officers from the risks inherent in hindsight reviews of their business judgment’ and [to] avoid ‘the risk of stifling innovation and venturesome business activity.’”² As a corporate governance mechanism, the business judgment rule promotes decision- making in a manner that optimizes high returns to shareholders. Typically, risk and return are directly proportional. The business judgment rule frees directors to choose risky projects— the ones most likely to yield high returns—without fear that their choice will lead to personal liability.

So, too, a properly structured D&O insurance and corporate indemnification program frees directors and officers to do their jobs without significant risk of personal liability. In some ways, such a program provides broader protection to corporate decision-makers. Unlike the business judgment rule, D&O insurance and corporate indemnification insulates directors and officers not only from duty of care litigation, but also some of the more nettlesome aspects of duty of loyalty litigation, securities fraud litigation, and Securities and Exchange Commission (SEC) and Department of Justice (DOJ) investigations.

What to protect against

The key to properly structuring a D&O insurance and corporate indemnification program is recognizing the activities that pose the greatest threat of liability to directors and officers. There are four: (1) securities fraud class action lawsuits, (2) derivative actions for breaches of a director’s or officer’s duty of care or loyalty to the corporation, (3) SEC investigations, and (4) DOJ investigations and indictments.

Securities Fraud Class Actions
Typically, securities fraud class actions pose the greatest potential danger of monetary liability to directors and officers.

These cases are generally brought by a sophisticated plaintiff’s bar (see cover story this issue, “Risky Business“) and many follow a similar pattern. A company learns of mistakes or misrepresentations in its financial disclosures to investors and announces that it intends to restate those financial disclosures. The company’s stock price drops significantly as a result of the announcement. Shortly after, numerous lawsuits are filed against the company and its directors and officers by investors represented by major plaintiff securities class action law firms.

Derivative Actions Shareholders can bring derivative actions— those actions brought on behalf of the corporation—against directors and officers whom shareholders allege to have breached their fiduciary duties to the corporation.

There are a number of procedural and substantive hurdles involved in bringing such lawsuits, but they appear to be on the rise, particularly given the recent stock option backdating cases.

Derivative actions pose the greatest danger to directors and officers who have engaged in any type of self-dealing behavior— that is, behavior contravening their duty of loyalty to the corporation. Stock-option backdating potentially falls within this category.

It is much more difficult for shareholders of most corporations to bring a claim for breach of a director’s duty of care. Most corporations have a certificate of incorporation that absolves or exculpates directors for monetary liability for all but the most egregious breaches of the duty of care.

SEC and DOJ Investigations Another potential source of liability for directors and officers is the defense cost that they incur in responding to investigations by the SEC and DOJ.

The Enforcement Division of the SEC has broad powers to investigate potential violations of the securities laws both formally and informally. In responding to both informal requests for information or formal subpoenas, which follow the entry of a formal order of investigation, companies and their directors and officers may incur substantial attorney fees, consultant fees, and document management fees.

The SEC also can seek civil penalties against directors and officers, including monetary penalties, and these penalties are unlikely to be reimbursed by insurance or indemnification. The SEC typically conditions any settlement of a penalty proceeding on the director or officer not seeking indemnification, and insurance policies typically exclude coverage for fines and penalties.

Violations of the securities laws can be a criminal offense. The SEC, however, does not have the ability to bring criminal charges. These charges are investigated and prosecuted by the DOJ and United States Attorneys’ Offices. The SEC can suggest that those entities conduct a criminal investigation. As with investigations by the SEC, companies and their directors and officers may incur substantial attorney fees, consultant fees, and document management fees in responding to DOJ investigations and prosecutions.

Keeping Perspective

Indesigning a corporate indemnification and D&O insurance program, it also isimportant to keep liability risk in perspective. Companies can and do protecttheir directors and officers from liability. Outside directors are particularlywell-situated to avoid liability, assuming appropriate corporateindemnification and D&O insurance is in place.

After exhaustive research, leading securities-law experts have only been able to identify 13 instances in which outside directors of public companies have made personal payments in connection with securities fraud and derivative litigation in the past 25 years.

With appropriate corporate indemnification and D&O insurance, the greatest risk to directors is not personal liability but risk to their time and reputation.

One reason why it is rare that outside directors make personal payments in securities and derivative litigation is that directors and officers are protected by a safety net.

First, directors and officers enjoy the broad protection of the business judgment rule, a presumption that they have fulfilled their fiduciary duties in the absence of a showing of self-dealing or bad faith on their part.

Second, many states allow corporations to include in the corporate certificate of incorporation an “exculpation provision” specifying that directors cannot be held monetarily liable for their actions as directors in the absence of self-dealing or bad faith, a term that the leading corporate law jurisdiction defines very narrowly, equating it with a conscious disregard of a directors’ duty.

Third, with few exceptions, a corporation may agree to indemnify its directors and officers against most liabilities. The key exceptions in most states are (1) settlements and judgments in derivative actions (but not attorney’s fees); (2) actions that directors or officers undertake with a view that they are illegal; and (3) actions undertaken in “bad faith” or which constitute self-dealing.

Finally, D&O insurance exists to protect directors and officers against whatever insurable liabilities cross the hurdles of the first three protections.

In considering director and officer protection, many corporations focus principally on D&O insurance. Indeed, D&O insurance should be reviewed, but that is not the optimum place to start. The more important source of director protection usually is contained in the corporate indemnification arrangement. Unless the corporation becomes insolvent, it is likely that directors and officers will only need to call on the corporate indemnification. In that situation, the corporation can then call upon the D&O insurance, but it is not a matter of concern to the personal assets of the directors and officers.

Late last year, we entered a new world of corporate indemnification with the distribution of the so-called “McNulty Memo”—named after U.S. Deputy Attorney General Paul McNulty—and similar but less formal pronouncements by the SEC. Before the McNulty Memo, the DOJ had at least been perceived on a number of occasions as pressuring companies to refuse to indemnify directors and officers who were the subject of DOJ investigations or indictments. Earlier DOJ pronouncements had stated that advancement of attorney fees could be viewed as a failure to cooperate with the government and thus make the corporation ineligible for lighter penalties if wrongdoing was uncovered. The McNulty Memo, which lays out the DOJ’s strategy in pursuing white-collar crime, now makes clear that a corporation’s adherence to its contractual indemnification arrangements will not be viewed as a lack of cooperation by the DOJ.

The new DOJ position highlights a pressing need to re-examine indemnification provisions to ensure that the corporation is appropriately protecting its directors. If the corporation is contractually bound to indemnify directors as well as to advance defense costs, then these contractual relationships will be respected by the government. Alternatively, corporations that retain significant discretion in whether to indemnify directors and officers may not fare as well. If indemnification and advancement is discretionary, the corporation may be pressured by the government not to indemnify and, further, if the corporation chooses to indemnify, this may be viewed as a lack of cooperation.

There is a natural reluctance on the part of a number of boards to reduce their discretion in determining whether to indemnify and to advance attorney fees. Many boards do not want to be seen as advancing funds to persons they consider potential wrongdoers. Many boards are rightly concerned that without discretion on whether to advance defense fees, the corporation may be forced to pay out-of-control legal bills. These are legitimate concerns, but keep in mind that the more discretion a board gives itself in deciding whether to advance attorney fees, the more risk the board will face if it decides to advance attorney fees during an ongoing investigation.

Fortunately, there are numerous enhancements that can be made to many corporations’ indemnification arrangements with directors and officers.

D&O insurance has developed with the other lines of defenses in mind, particularly corporate indemnification. Broadly speaking, D&O insurance provides three types of coverage: (1) coverage for directors and officers when the corporation cannot indemnify them (Side-A or non-indemnified coverage; (2) coverage for the corporation when it does indemnify its directors and officers (Side-B or corporate reimbursement coverage); and (3) coverage for the corporation for liabilities the corporation itself incurs in defending and settling securities litigation against the corporation (Side-C or entity coverage). While the second and third coverages often require the policyholder to pay a retention (similar to a deductible) before the insurance company’s duties arise, the first coverage, Side-A , does not.

In structuring a D&O insurance program, it is important to keep the following six considerations foremost in mind: (1) bankruptcy protection, (2) avoiding rescission, (3) the fraud exclusion, (4) Side-A difference- in-conditions coverage, (5) separate coverage for outside directors, and (6) the negotiation process.

Bankruptcy protection
For public company directors, the most threatening situation—at least as far as their personal assets are concerned—is when their company files for bankruptcy and can no longer indemnify them.

The D&O policy should do three things. First, because the company may not be able to indemnify its directors and officers in bankruptcy, the policy should not require the directors and officers to pay a retention before their coverage applies.

Second, one of the most likely types of claims against former directors and officers of a currently insolvent company is a claim by the bankruptcy trustee for breaches of fiduciary duties by the directors and officers leading to the company’s insolvency. Bankruptcy trustees pursue these claims in hopes of obtaining the insurance policy proceeds for the company’s creditors. Unfortunately, some insurers have contended that a bankruptcy trustee stands in the shoes of the company. Thus claims by the bankruptcy trustee are barred by the “insured vs. insured” exclusion—an exclusion designed to bar coverage for collusive suits, but which often serves to bar any suit by the company or one director or officer against another director or officer. Insurers have been largely unsuccessful in barring such coverage. Nevertheless, discretion being the better part of valor, ideally the D&O policy should contain an exception to the “insured vs. insured” exclusion for bankruptcy trustee claims. In short, the exclusion should specify that it does not apply to bankruptcy trustee claims.

Finally, a D&O policy should contain what is known as an “order-of-payments” provision—a clause that may ensure that a D&O policy is not held to be an asset of the bankruptcy estate of the directors’ and officers’ former (or current) company.

Numerous courts have addressed the issue of whether a bankruptcy estate may tie up the proceeds of a D&O policy and prevent it from being used by the company’s directors and officers with the hope that it will be used to satisfy creditor claims. Some have held that the policy is an asset of the bankruptcy estate; others have held that it is not.

An order-of-payments provision specifies that the directors and officers have first claim to the policy proceeds and, only if something remains after their liabilities are satisfied, can the company have access to the policy. In bankruptcy theory, this specification prevents the bankruptcy court from sequestering the policy proceeds or, at least if it does sequester the proceeds, it has to give the directors and officers access to them for their defense expenses.

Severability
D&O insurance is purchased to protect against securities fraud lawsuits. Securities fraud lawsuits typically ensue when a company restates its financials— the same financials that the company may have attached to its insurance policy application. When a company announces that it is going to restate its financials, its D&O insurer may announce its intent to rescind coverage—or in insurance parlance, seek a declaration that the policy is void ab initio. This is perhaps the most unwelcome news the company’s directors and officers can get.

To avoid this scenario, a D&O policy should include “full severability,” a provision that specifies that the wrongdoing and representations of one director or officer will not be imputed to another. Beware, however, as some unfortunate companies have learned retrospectively, there are many different flavors of severability and what one insurer calls “full severability” might turn out to be a glass half empty.

The Fraud Exclusion
The most peculiar feature of D&O policies is that they invariably contain a fraud exclusion. Perhaps nothing has so shaped securities fraud litigation as the presence of a fraud exclusion in D&O policies and, in particular, what is called a “final adjudication” fraud exclusion. As a matter of fact, insurers cannot broadly exclude fraud from coverage altogether in these policies as nobody would buy such a product.

Historically, insurers narrowly crafted fraud exclusions for those policies that purported to exclude coverage only if there were a final adjudication that fraud was indeed committed in the underlying securities fraud litigation. In other words, if the securities fraud case were to settle, the exclusion would not apply.

This “final adjudication” exclusion pressures both plaintiffs and defendants in securities fraud cases to settle or risk a D&O Catch-22. If the plaintiffs do not settle, they may actually prove fraud at trial and thus destroy their most likely source of recovery— the D&O insurance policy. If the defendants insist on going to trial, they may find themselves on the short end of a large judgment without any insurance to cover the judgment.

Some insurers seek to require their policyholders to accept less favorable fraud exclusions that could conceivably allow the insurer to deny coverage in a securities fraud case by proving fraud in an insurance coverage lawsuit. This type of exclusion should be avoided and, in the current board-friendly insurance market, can be avoided.

Side-A Difference-in-Conditions Policies
In structuring a D&O program, it is prudent to consider the benefits of another type of D&O policy called a Side-A Difference-in-Conditions (”Side-A DIC”) policy. Side-A DIC policies provide additional coverage limits in addition to the company’s existing D&O policies, but also fill potential gaps in the coverage of those underlying D&O policies in the following situations: If an underlying insurer attempts to rescind coverage, the underlying policy is held to be a bankruptcy asset, the insurer becomes insolvent, or the company wrongfully refuses to indemnify and directors are required to satisfy a retention or deductible before the underlying insurance applies.

The first two of these benefits may not be necessary if the D&O policies are properly negotiated, but the last two benefits are unique features of Side-A DIC policies that directors and officers are unlikely to obtain outside of a Side-A DIC policy. In addition, Side-A DIC policies have the additional benefit of being dedicated to the use of just the directors and officers. The company has no coverage under this type of policy. Thus, its liability will not deplete the limits of coverage available to the directors and officers.

Coverage for Outside Directors Only
Another issue to consider in structuring a D&O insurance program is whether the corporation should set aside a portion of the D&O program for the benefit of the outside directors alone. Doing so is not without some risk at least optically; insiders and officers may balk at the outsiders obtaining additional protection for their own singular advantage. The benefit is that the strategy of setting aside a portion solely for the outside directors may make those directors immune from the personal liability payments witnessed in the WorldCom case.

In that case, the outside directors may have been motivated to make personal asset payments not out of any concern that they likely would be held liable (it is difficult to hold outside directors liable) but out of concern that the D&O coverage would be consumed by the defense costs and liabilities of management. Thus, setting aside a portion of the company’s D&O program solely for the outside directors or giving them first priority in a portion of the D&O program could enable them to withstand the pressure to make personal payments.

Negotiation Considerations
Often, D&O insurance is purchased with little real competitive bidding and little involvement of outside counsel in the negotiation and review process. Also, many companies negotiate the terms of coverage almost as an afterthought and at the end of the process when much of their negotiation leverage has dissipated. Some boards automatically renew the previous year’s policy terms with diligence applied primarily to the gross amount of coverage and cost.

D&O insurance should be treated like any other vitally important contract. Start competitive bidding at least two quarters before renewal of the D&O policy. The most successful situations in terms of price and coverage terms are those in which the client has serious competitors vying for their business months before renewal. Insurers are more than willing to compete vigorously when faced with an alert and informed client, and are prepared to negotiate on price and broaden coverage to win or retain client business.

Timothy W. Burns is an attorney in the Insurance Recovery Practice Group at Heller Ehrman in Madison, Wisc. 

Smith v. Van Gorkom, 488 A.2d 858, 872 (Del. 1985). ² Stephen M. Bainbridge, The Business Judgment Rule as Abstention Doctrine, UCLA, School of Law, Law and Econ. Research Paper 03-18 (July 29, 2003), at 29.

Boards should make sure that general counsel works smoothly with information technology executives, says Michael Walsh, president and chief executive officer of the legal markets division of LexisNexis, a division of Reed Elsevier. In the event of a legal action against the company, emails and documents should be easily accessed. Walsh spoke to Directorship about how boards can facilitate the process:

LexisNexis used to be known as a document search service, but you have morphed into something rather different, right?

We’re in the litigation services business. We’ll go in and work with corporations and law firms to identify document retention standards and policies. We conduct training programs and audits for them. When it comes to implementing those policies, we’ll help with some pieces of that. We’ll do electronic discovery, for example. If you need somebody to come in, gather up all your data, put in an electronic database and make it searchable, we offer that.

What exactly is electronic discovery?

Let’s say Company A sues Company B. Company B then has a very short period of time to produce potentially millions of documents that are relevant to the case. Historically, that process was done manually. In fact, when I came out of college I worked as a paralegal. There would be enormous rooms filled with documents. An assignment for someone like myself was, “Go through all these documents and find the ones that contain the word ‘fuel.’”

Now, all those documents are uploaded electronically. They’re either scanned in or they come on electronic media like hard drives or disks. We gather up all that data for a customer and upload it into databases. We then provide electronic tools that allow attorneys to quickly search through all the documents and categorize them into which ones you have to hand over to opposing counsel, which ones you can keep privileged, which ones are not relevant. It allows you to respond much faster. But more importantly, it allows you to quickly hone in on whether you have a smoking gun or not.

Are you seeing a lot of demand?

This business has just exploded. We acquired a business in 2003 called Applied Discovery, and they were a pioneer in this field. Now we’re expanding our range of services to make things more efficient. We’re taking the documents and we’re hosting them. They sit in repositories and databases. As companies get sued and re-sued, they need to tap into the same documents. We also integrate a lot of our applications and tools with these documents, so not only can lawyers identify one of them and pull it up, they can also see whether there is any legal authority that relates to one of those documents. They can house the documents in an evidentiary management database that they use to conduct their trial. We’re creating this interconnected web of information that is linking all the original-source research materials with company information.

Overall, do companies do a good job of keeping records for legal purposes?

We recently did a survey of corporate counsels and asked them, “Do you feel that you have good control over your document retention policies?” Only 50 percent of respondents signaled that they had a good comfort level. So this is an area of huge concern.

Are there common standards for what companies should retain and for how long?

The standards vary by industry. The rules, regulations and environments are different for Microsoft than for Goldman Sachs. They’re different in a regulated industry, because there are industry-related specific rules that tell you what you can do and cannot do with your documents. What we do is go in and help a company understand what its issues are and then help them formulate the right policies. How long do you have to keep your documents? How do you map out your IT systems to understand where your problem areas might be? What should your policies and procedures be in the event that you are sued?

How do best-practice companies manage their documents? Are CEOs and boards involved, or just counsels?

It’s got to be led by the corporate counsel. It starts with a very clear set of document retention policies, what you’re going to keep, where, and when you’re going to dispose of it. Getting the right practices in place isn’t something that happens in the general counsel’s office alone. It requires engagement and buy-in from the entire IT department. But that’s difficult. This is one of the top issues that keeps corporate counsel awake at night.

Should directors be asking about document retention policy?

You’ve got lawyers on boards, and most are acutely aware of this. This issue is going to radically intensify. We’ve had this explosion of information, and it’s compounding on itself. Your volume of discoverable data is expanding at a rapid rate. Forrester tracks the volume of discoverable data that is actually managed by law firms. The hosting business for this is going to grow from a few hundred million dollars today to about $5 billion in 10 years. If companies don’t get their arms around this, they are going to have an absolute mess on their hands. I think boards increasingly understand that.

What should boards be asking, then?

They should ask, No. 1, do we have appropriate policies in place? No. 2, do we have an effective implementation plan? No. 3, do we have the right audit procedures in place? And No. 4, have we mapped out our organization? Do we understand where our data is? Do we understand where our risks are? These issues are going to intensify. There are too many high-profile cases that hinged on the ability to find the smoking-gun email or document.

Is it an audit committee concern, or is the full board involved in these issues?

Both. From a board point of view, it’s about asking the executives to demonstrate that they have effective policies and procedures in place in the event that they face multiple lawsuits involving multiple data sets. From the audit committee point of view, it’s going to be something they look at on a regular basis. Today, it doesn’t surface anywhere near the level of intensity of financial integrity issues. We’ve got so much focus in that area, and rightly so. But your risks of something going haywire in litigation are extraordinary.

Are your services cost-effective?

We believe that since 2003, our e-discovery services have saved our customers about half a billion dollars in man-hours. For the same reason that our legal research products, launched in 1973, ratcheted up the productivity of your typical lawyer, everything we’re doing in the litigation space is doing the same thing.

Lawyers in general are not the leading adopters of technology. They focus on legal issues and want someone else to think about technology. But firms that are able to be cutting-edge in technology are able to use that as a major differentiator in their relationships with corporate counsel. And corporate counsel is increasingly being judged on the ability to manage outside legal costs.

So general counsel now has to have greater technology savvy than in the past?

Absolutely. A career path 20 or 30 years ago for a general counsel was all about your knowledge of the law and your relationships inside the company. I think now general counsels increasingly are like general managers. It’s all about building really significant capabilities.

The key fiduciary duties that directors and officers owe are the duty of care and the duty of loyalty. The first requires corporate directors to properly inform themselves of material information concerning the corporation and its transactions. The second embodies both the director’s duty to protect the interests of the corporation and the obligation to refrain from conduct that would injure the corporation or its stockholders.

While these duties may appear to overlap, the legal distinction between them is significant. Delaware law permits corporations to indemnify fiduciaries from personal liability for breaches of the fiduciary duty of care. However, corporations are explicitly not permitted to indemnify or absolve fiduciaries for breaches of the duty of loyalty. Thus, directors found to have been disloyal to the corporation can be held personally liable.

There are a number of subsidiary duties, such as the duty of candor, the duty to be informed and the duty of oversight. Among these, the duty of oversight has rarely been asserted as a basis for liability. But a recent Delaware Supreme Court decision has brought new attention to this duty and has changed its nature in a way that should be of considerable interest to directors.

A 1996 opinion of the Delaware Court of Chancery, In re Caremark, provided what has been widely regarded as the court’s most influential discussion of directorial oversight liability. The case was brought as a shareholder derivative action seeking to impose personal liability on members of the board of Caremark International, a provider of health care and managed-care services.

The company came under investigation for violation of federal laws prohibiting kickback payments to health care providers in exchange for referrals of Medicare and Medicaid patients. Caremark was indicted on numerous counts and ultimately paid civil and criminal fines and reimbursements totaling about $250 million. No director was indicted, but shareholder plaintiffs alleged that the directors breached their duty to monitor and supervise corporate operations.

The court said that meeting the fiduciary obligation of boards required “assuring themselves that information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporations’ compliance with law and its business performance.”

But oversight liability under Caremark is premised on a breach of the fiduciary duty of care, which Chancellor William T. Allen characterized as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” Allen postulated a demanding test of liability: “a sustained or systematic failure of the board to exercise oversight.”

For 10 years, Caremark was considered to have set the standards for director oversight liability. In November 2006, however, the Supreme Court revisited oversight liability in Stone v. Ritter. Like Caremark, the case was brought in the Chancery Court as a derivative action against the directors of AmSouth Bancorporation. AmSouth had been investigated for failure to comply with the federal Bank Secrecy Act and eventually paid $50 million in fines and civil penalties. Although no regulatory action was taken against directors, the shareholder plaintiffs alleged that they failed to implement monitoring systems that would have alerted them of problems. The Chancery Court dismissed the complaint.

On appeal, the Supreme Court affirmed the dismissal, holding that Caremark correctly articulates necessary conditions for director oversight liability. But the Stone v. Ritter opinion departs from Caremark in two significant respects. First, it emphasizes that oversight liability requires showing that directors knew that they were not discharging their fiduciary obligations. Second, the Supreme Court clarified that such failure to act in the face of a known duty is not a breach of the duty of care, but a breach of the duty of loyalty. Consequently, although it remains difficult to prove that directors knowingly failed to exercise reasonable oversight, under Stone v. Ritter they face personal monetary liability if it is proved.

What can directors do to avoid this? The first recommendation is to focus on corporate document retention and destruction (see page 52). Even years after Enron and the demise of Arthur Andersen, the failure of corporations to preserve documents remains an area of deep scrutiny. This is even more the case with respect to preservation of electronic information, evidenced by the December 2006 enactment of amendments to the Federal Rules of Civil Procedure governing electronic discovery. The newly enacted rules, bearing a startling resemblance to the language of Caremark, provide protection for deletion or destruction of electronic information through the “routine, good faith operation of an electronic information system.” Savvy directors should view this as a wake-up call.

Directors should also pay special attention to monitoring regulatory compliance. Corporate criminal and regulatory liability rarely escapes the attention of shareholders or the plaintiffs’ bar. Notably, the derivative actions in both Caremark and Stone v. Ritter were brought for losses incurred by the companies in settling criminal and regulatory investigations. Directors should review regulated business sectors and have a system in place to alert them of failed compliance.

Finally, directors should pay attention to areas where the corporation could be held liable for massive or catastrophic damages, particularly where the company bears an affirmative duty to investigate its actions, in which case it may be easier for a plaintiff to argue that a director knowingly failed to act. One example is patent infringement, where liability can include injunctive relief that effectively puts the company out of business. In special cases, the infringer can be subject to treble damages.

Cathy L. Reese (clr@fr.com) is a principal at Fish & Richardson’s Delaware office and head of its Corporate and Chancery Litigation practice. Kyle Wagner Compton (kwc@fr.com) is an associate at the Delaware office. The content of this article is not intended as legal advice.

Another disconcerting piece of the changing mosaic is the potential consolidation of international stock exchanges. Although still in the early stages, consolidation could result in companies being listed on more than one exchange, with different governance and listing requirements, which could leave them vulnerable to lawsuits in multiple jurisdictions.

There are at least three different types of directors who may be vulnerable to these new risks: board members of U.S.-domiciled companies that operate internationally, American nationals serving on the boards of non-U.S. companies, and foreign-domiciled directors of the subsidiaries of multinationals. Risks for all are magnified if the company for which they serve is listed on multiple stock exchanges because of different accounting standards and guidelines, and complications in “translating” financial information from one market to another. Different governance structures add to the complexity. In civil law countries, including Germany and France, for example, subsidiaries of foreign companies have a dual board structure—typically a management board and supervisory board—both subject to indigenous laws and regulations.

The risks vary by geography. The litigation risk appears to be the greatest in Britain, Australia, Japan and parts of Europe, while regulatory requirements may be more stringent and complex in Germany, Brazil and India. In those latter countries, the regulators are increasingly vigilant on governance and, with the augmented presence of plaintiffs’ lawyers, a company that runs afoul of a country’s regulatory climate automatically makes it vulnerable to private suit. Plaintiffs’ lawyers are routinely shopping for major institutional investors to enlist them in legal challenges.

One key element in protecting management and boards is the proper Directors and Officers (D&O) insurance, which my company underwrites. You might think that any multinational corporation could come to us and say, “Give us one insurance policy that covers us in the 25 countries in which we operate,” but it’s not that simple. A company may not always be able to rely on a single “global” D&O policy.

For one thing, regulations governing what policies may provide to foreign insureds vary around the world. In many countries, policy forms providing coverage to risks in those countries must be submitted to and explicitly approved by local regulators (“admitted”), as consistent with local law, and issued locally. Accordingly, for example, the directors of a German subsidiary of a U.S. corporation may not be able to effectively rely on D&O insurance issued in New York, which would be written in English and premised on applicable local law, to cover their German risks, because coverage by the New York-issued policy may contravene German insurance regulations. Brazil, where a policy must be issued locally to facilitate the carrier ceding a piece of the risk to state-owned reinsurance companies, provides another example of bad consequences—where a New York-issued policy would possibly leave a coverage gap and might also produce regulatory exposure.

With large international D&O claims no longer uncommon and international D&O exposure continuing to mount, the consequences of not acting in compliance with local laws to close coverage gaps and comply with regulation seem likely to become increasingly severe.

In view of these new developments, many top U.S. corporate leaders are examining their international risks with a keener eye. Getting the right coverage in the most difficult markets is obviously the first line of defense. The art of managing risk has never been more important.

John Doyle is president and CEO, National Union, the D&O unit of insurer American International Group.

Regardless of size, the companies that insureindividual board members against legal damages vastly outnumber thosethat do not—87 percent to 13 percent, in fact. And a full 64 percent ofrespondents said their companies had increased D&O coveragerecently.

Perhaps quite obviously, firms as well asindividual board members are growing increasingly cognizant of therisks. Nevertheless, well over half (59 percent) of board memberspolled said they obtain coverage above and beyond what their companiessupply, such as umbrella insurance, Side A insurance or errors andomissions coverage. The significant number who do not may feel thattheir corporate coverage is adequate, or they may be aware that manyindividual umbrella policies specifically exclude accusations offinancial wrongdoing, such as inappropriate or misleading disclosure ofinformation. “Untested and unknown,” one respondent wrote. Thus, manydirectors may feel such insurance doesn’t offer much of a shield.

At the same time, many feel the need to protecttheir personal assets from potential seizure as a result of litigation.Fully 34 percent of polled board members maintain some kind of trust,and a further 16 percent say they place personal assets in a spouse’sor another person’s name. And 10 percent say they have “other” plans ormechanisms that protect assets from garnishment or seizure, such as”entering into indemnification contracts with the company and inappropriate circumstances having the company create a rabbi trust orother bankruptcy remote mechanism and placing sufficient assets inthem,” one respondent wrote.

Thus, 60 percent of directors are worried enoughabout losing personal wealth as a direct result of board service thatthey try to shield at least some assets from lawsuits. Clearly, theyhave a reason, because 38.5 percent have either been named in a suitwhile serving on a board or think they are currently at legal risk.

Board members also have given thought to howcompanies can make their jobs less dangerous as individual directors.When asked to choose the best ways to lower risk, 64 percent saidcorporations should establish a central spokesperson and eliminate anyand all director contact with the public, and 56 percent said companiesshould impose stricter controls over both external and internalcommunications. And half thought investor relations education for boardmembers would help them avoid lawsuits.

All three responses suggest that public relationsis a field much on directors’ minds. A majority still seem to believethat careful image management is key to limiting risk. Yetincreasingly, shareholders are sensitive to being locked out ofdialogue with directors—witness the uproar after Home Depot’s annualmeeting. And many investors dislike being “spun.” So, puttingcommunications through too many filters could wind up causing moreproblems than it solves.

Currently, almost 53 percent of respondents—afairly high percentage—said all external communications were vetted bythe CEO. Fellow directors approved a third of communications. Butanother third said “nobody” cleared communications before disseminationto the public. Again, that’s a big percentage, and a surprising onegiven the prevailing legal environment. Another 18 percent said aninvestment relations officer approved them; 5 percent said “other”; andin at least one case, a respondent interpreted that to mean thatdirectors “don’t speak to the press at all unless there is a divergenceof defense.”

Half of the polled directors weighed in withadditional suggestions for reducing risk. They include outside legaland audit reviews of board and committee procedures to ensure fiduciaryduty compliance, companywide risk management systems with boardinvolvement and “better qualified directors.”

When asked the most likely source of futurepotential lawsuits, almost 80 percent named investors. Only about 8percent named the SEC or NASD, and 5 percent feared that suits mightoriginate from employees; nearly 3 percent cited fellow officers anddirectors, suggesting a new dynamic that not only do board members haveto maintain a high level of diligence for their own conduct but also intheir interactions with each other.

And as for the potential causes of such suits, anoverwhelming 76 percent ranked making decisions in conjunction with theboard as their primary or secondary source of concern. The increasedcirculation of board minutes, due to the Internet and other venues, aswell as increased scrutiny of board meetings by the press, seems tohave heightened such fears. Some 58 percent of respondents cited jointdecision-making with another party and the scrutiny it would attract asa primary or secondary concern.

Another 30 percent of respondents cited relationsand interaction with the public as a primary or secondary concern.Those who ranked another concern as their primary or secondary—51percent—picked filing requirements and scrutiny from the SEC and NASD.Just 30 percent picked public relations as primary or secondary, thelower number perhaps reflecting the fact that board members view thechief executive as the company’s public mouthpiece. Another 17 percentchose internal communications with employees as their primary orsecondary concern for the source of a potential suit.

So, how to avoid all this paranoia in the firstplace? Most directors (86 percent) think improving corporate culture iskey, and in particular emphasizing honesty and integrity in order toprevent misconduct, including detailing potential conflicts of interestwith greater frequency. The remaining directors polled said eitherusing an outside auditor as an additional policing vehicle or imposingrestrictions on internal and external communications would be mostbeneficial. Very few said they would encourage the practice of”whistleblowing” as a top priority.

But they did note overwhelmingly (72 percent) thatpreparedness prior to board meetings was key to best practices and toensuring that the necessary documentation of board decisions anddiscussions are being made.

More broadly, however, directors had somesuggestions for how to protect themselves if board decisions are laterquestioned or scrutinized. They include increasing transparency ofrationales in decision-making, as well as publishing quarterly reportsand employing software tools that allow collective keeping of files andnotes. But other responses diverged, ranging from “Keep excellentminutes!” to advocating that directors not make their recordkeeping toodiligent lest they attract culpability. “Do not leave notes to yourselfin files that could become damaging when taken out of context duringlitigation,” one respondent wrote.

Others suggested that there’s not much a directorcan do to avoid scrutiny, other than to behave above reproach andmaintain the highest ethical standards. “The curious and ‘anti’ crowdwill always ask and probe,” one respondent said.

In general, however,directors are feeling somewhat victimized. “I do find it ironic,” onerespondent wrote, “that at the very time that many are criticizingboards and senior management for what they believe are excesses incompensation, not only is much more being asked of senior managers anddirectors, but their exposure to significant liability is increasingpretty dramatically.” That sums it all up right there.

]]> http://www.directorship.com/more-protection-can-only-be-good/feed/ 0 http://www.directorship.com/stock-options-the-dating-game/ http://www.directorship.com/stock-options-the-dating-game/#comments Thu, 01 Jan 1970 00:00:00 +0000 Richard H. Girgenti http://www.directorship.com/?p=4396

For years, suspicious business school researchers noted something fishy with the grant dates of stock options designed to reward top executives. The actual dates of the grants themselves were often different from the dates that the board of directors approved them. Finally last summer, a little known finance professor at the University of Iowa started putting it all together. Erik Lie, a native of Norway, was stunned with his results. “From 1996 to 2002, more than 10 percent of all companies, and perhaps as many as 25 percent, were backdating options,” he says. [Web Editor Note: In fact, Lie and fellow researcher Randall Heron now estimate that as many as 29.2 percent of companies manipulated grants.]

He sent his findings to the Securities and Exchange Commission and shared them with The Wall Street Journal, which printed its own groundbreaking investigation in March. The resulting firestorm presents boards of directors with a crisis.

The SEC already has announced probes of about 30 companies, including UnitedHealth Group, Caremark Rx, Juniper Networks and Quest Software, among others. SEC Chairman Christopher Cox says backdating “is a matter of ongoing interest toour enforcement division.” The Department of Justice and the Internal Revenue Service have started their own investigations. Class action lawyers lie in wait, ready to sue following civil or criminal charges. [Web Editor Note: the ISS Securities Litigation Watch blog maintains an updated list of such class action suits.] Pension funds backed by unions also have started suing.

While backdating options is not illegal per se, Section 403 of the Sarbanes-Oxley Act requires that, after August 29, 2002, granting or exercising options must be done within two business days instead of 30, as required previously. A company that backdates an option and fails to disclose it could be accused of fraud.

For directors, fiddling with grant dates opens big cans of worms. For starters, companies could be in violation of SOX and face penalties. Manipulating option grants could force a company to restate its earnings or bring allegations of tax fraud. Already, backdating options has led to high-profile dismissals of top corporate executives and big and immediate drops in stock prices. Directors could end up paying a price personally, since companies offering directors and officers insurance could greatly boost their premiums or deny coverage altogether for errant firms.

“Almost always, [manipulating grant dates] is both unethical and illegal,” says Lie. How far the stock option scandal goes will likely depend on just how widespread the practice is found to be. If more companies are involved, the chances of prosecution are higher. Some executives who serve on various boards, however, are dismissive. “This will be double digit, rather than thousands of companies,” believes Dennis Chookaszian, former CEO and chairman of CNA Insurance.

Another academic study raises more questions about dating options. That report, called “The Dating Game” and completed in April, reviewed 638,757 option grant filings from the date SOX disclosure took effect in 2002 to Dec. 31, 2004. Professors M.P. Narayanan and H. Nejat Seyhun of the University of Michigan concluded that 23 percent of those options were filed late, and some nearly a month late.

Why? One possibility, the authors write, is that “a manager receiving a large grant of 1 million shares of a typical company’s stock can increase the value of their grant by about $1.23 million, or 8 percent, by reporting 30 days late.” The longer the delay, notes Seyhun, the bigger the subsequent stock price rise. What’s more, he says, the study found examples of forward-dating stock options to achieve the same purpose of fattening an executive’s wallet. Smaller firms, Seyhun notes, are more likely to backdate or frontdate option grants.

Companies are already paying a price for backdating controversies. Software security firm McAfee fired its general counsel in a backdating dispute. Mercury Interactive saw its stock price dip $27 in a day after reporting backdating by its three executives. Monster Worldwide, parent company of Monster. com, has been subpoenaed by the U.S. attorney for the Southern District of New York over the timing of option grants.

According to the Standard & Poor’s ratings firm, “the most immediate implication could be companies having to restate prior-year financials.” Moreover, “it is expected that shareholder lawsuits may be filed and SEC actions taken on the grounds of inadequate and misleading disclosures under securities law.” If a compensation committee awarded options immediately following bad news or just before good news, it could give the appearance of backdating and “have a material effect” on the company’s share value, S&P says.

Providers of D&O insurance all have taken notice of the scandal. Companies involved in backdating probes or cited for violations could find their D&O premiums increased, or be denied insurance altogether.

What can directors do? Lie says there’s no excuse for filing late with the SEC, since doing so takes about 30 minutes online. Seyhun tells Directorship that boards should double-check the date of any option grants against the forms the company actually files with the SEC. (The company’s legal department keeps these.) “The directors must also have policies in place that make it impossible to have executives play these games,” he says. Lie says he doesn’t think boards and managements will act until the SEC forces their hand.

The SEC addressed some aspects of backdating in its new regulations for executive compensation. The CFA Centre for Financial Market Integrity has urged the SEC to require dates for all board compensation meetings in proxy statements and in quarterly 8-K forms; the effective grant dates for share-based awards, if different from the approval dates; and disclosure by the compensation committee if grant dates were picked to exploit the pending release of material information.