In the following guest post, Michael W. Peregrine, a partner at the McDermott, Will & Emery law firm, take a look at regulators’ new “gatekeeper” expectations that now face corporate directors. This article is reprinted with permission from Corporate Board Member, First Quarter, 2016. I would like to thank Michael for his willingness to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Michael’s guest post.
Corporate board members are encountering a new, perhaps unexpected and likely distracting oversight responsibility: managing the personal liability concerns of corporate “gatekeepers”. This new responsibility is the byproduct of three particular, intersecting developments: the Department of Justice enforcement focus on individual accountability; regulatory scrutiny of the role of corporate “gatekeepers” in connection with financial reporting and corporate compliance; and ongoing litigation addressing access to traditional individual defenses. The corporate board will want to pursue pro-active responses to these concerns in order to assure the continued engagement of its valued “gatekeepers”.
Who is a “Gatekeeper”?
The definition of “gatekeeper” has evolved over time. At its core, “gatekeeper” refers to those who have direct, formal governance authority, and others who perform key roles in promoting corporate responsibility. Its roots are in the public policy and governance best practices arising from the Sarbanes-Oxley era. Those concepts focused not only on independent directors and committee members, but also on representatives of the private sector who similarly contribute to the oversight of corporate conduct; e.g. public accounting firms and outside legal counsel.
More recently, the definition has expanded to include positions such as internal auditor and compliance officer, as those roles have matured and assumed more prominence within the company. Concerns with “gatekeeper anxiety” can be traced to policies and enforcement initiatives of the SEC and other regulatory agencies, notably Chair Mary Jo White’s cornerstone commitment in 2014 to focus the Commission’s enforcement commitment in part on the accountability of “gatekeepers”. So, it’s not that the “target on the back” is new, but rather that it has gotten bigger over time.
Sources of “Gatekeeper Anxiety”
The most obvious new source of corporate gatekeeper anxiety is the Department of Justice’s new “Yates” enforcement policy which seeks to reduce the prevalence of corporate misconduct by holding accountable all individuals who engage in wrongdoing. This new policy serves to shift the primary attention in government investigations from the company, to allegedly culpable employees (read: executives and board members). Government attorneys are directed to focus on individual conduct from the incipiency of their investigation. As a precondition for any settlement agreement of a government investigation, the company (i.e., likely its general counsel) will be required to certify that the company provided the government with the names of all executives and other officers and agents involved in the alleged wrongdoing.
Another source of gatekeeper anxiety arises from the enforcement focus of the SEC on audit committees and, in certain circumstances, on compliance officers. For example, the SEC has recently initiated a controversial series of enforcement actions against compliance officers working in the investment adviser sector. While senior SEC officials acknowledge that these actions “have caused concern in the compliance community”, they also confirm that the SEC will continue to pursue enforcement actions against compliance officers involving conduct the SEC believes to be egregious. Indeed, three categories of conduct have been identified by the SEC as potentially exposing compliance officers to scrutiny and potential liability.
The SEC has also demonstrated an increased willingness to challenge the conduct of corporate directors and officers and, in particular, members of corporate audit committees. This, despite assurances from SEC officials that fiduciaries who perform their responsibilities diligently, in good faith and in compliance with the law need not fear enforcement action. To the extent such actions are instituted, they typically involve allegations of direct participation in, or willful blindness with respect to, corporate misconduct. Indeed, several recent SEC enforcement actions against individual directors are consistently cited by industry observers. Two of these have been brought against audit committee chairs, “an infrequent but disturbing occurrence” according to Chair White.
In addition, several new judicial decisions add complexity to the attorney-client relationship and the ability to rely on the advice of counsel. For example, two federal court decisions over the last 18 months have limited the ability of an individual or a corporation to apply the “advice of counsel” defense in the context of civil fraud litigation. Separately, a trio of new state appellate court decisions bring into sharp focus the question of who—or what—is the general counsel’s client, particularly in the context of a legal proceeding or investigation involving interaction with officers and/or directors. In each case, the appeals court ruled that the general counsel breached the attorney-client privilege that had existed for communications between her and three corporate executives.
Implications of Gatekeeper Anxiety
These various enforcement initiatives can effect gatekeepers in a variety of negative ways. An unintended consequence of the Yates Memorandum is the extent to which it creates the potential for conflict between the board and individual executives, particularly in the pursuit of strategic initiatives (as well as in the conduct of internal investigations). Executives and other gatekeepers will surely recognize that, in the context of a government investigation, the board may not automatically “have their backs.” The board’s primary fiduciary obligation will be to protect the interests of the corporation, and that may well mean “giving up” individuals believed responsible for corporate wrongdoing, in order to secure leniency for the corporation in an ultimate settlement with the government. The conflict risk may be increased by gatekeeper concerns on the accessibility of the advice of counsel defense, and with the possible need to engage separate counsel should controversy arise.
That conflict may prompt some gatekeepers to become “gun-shy”; i.e., to engage in self-protective conduct that frustrates valid board strategic (and other appropriate) initiatives. This, despite the risks a gatekeeper may assume by acting in what may be perceived as his/her own interests, as opposed to the legitimate business interests of the company. It may also cause some gatekeepers (including, perhaps senior executives) to be reluctant to cooperate with internal investigations. Self-protective conduct may increase where executives are concerned that, in the context of a governmental investigation, the benefits of “advice of counsel” defense may not be available to them.
The focus on audit committee members—especially the chairs—may have dual implications. First, it could substantially decrease the attractiveness of what has historically been a very prominent governance position. Is that a risk an experienced, competent director would be willing to assume? Second, those directors who may be willing to accept the position may request an extraordinary level of compensation and benefits for the service—which may be difficult to justify to corporate constituents and to regulators. Just what is it about the risks of the corporation’s financial reporting processes that requires this level of compensation?
The compliance officer enforcement initiatives create fundamental questions concerning the risk-reward ratio for persons who assume compliance officer positions. Is the threat of personal liability—no matter how seemingly remote—worth the compensation allocated to the position? This balance is made more complex by the fact that compliance officers are not always in the highest tiers of executive officer compensation; are often thrust into positions of great controversy; and do not always benefit from a prominent position within the corporate hierarchy. These enforcement initiatives may tend to make the position of compliance officer much less desirable, particularly if these spread beyond the financial services industry. Do I really need this job? That’s not a risk that the governing board, with its Caremark obligations to assure an “effective” compliance program, can readily accept.
A Governance Action Plan
The related challenge for the governing board is multifold. To support their oversight responsibilities over the organization’s compliance program, the board should (i) be aware of the specific government initiatives and other actions creating gatekeeper concern; (ii) understand the public policy that has prompted their development; (iii) recognize the reality of gatekeeper anxiety; and (iv) evaluate the extent to which such anxieties could negatively affect the company. More directly, the board will be called upon to deftly balance (a) the need to preserve and enhance the loyalty, morale, support and confidence of key corporate gatekeepers; (b) the obligation to promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law; and (c) the ability to take steps to achieve credit for corporate cooperation should the organization become subject to Department of Justice investigation. No easy task!
While the most effective action plan depends upon the unique circumstances of an individual company, common responsive themes might include:
- Continuously assure gatekeepers of the organization’s commitment to compliance with applicable law—by both “tone at the top” culture, and through the board’s support of effective, rigorous corporate compliance and risk management programs.
- Confirm with gatekeepers that corporate strategy, and transactions implemented thereunder, are consistent with the board-approved risk profile for the corporation, and reflect careful legal feasibility examination by qualified legal counsel.
- Make company lawyers available to counsel gatekeepers whenever they may have issues or concerns regarding corporate strategy, transactions or ethical behavior.
- Make sure that key employee gatekeepers (e.g., compliance officers, general counsel) have ready access to senior management and to the board.
- Assure gatekeeper availability to “state of the art” insurance/indemnification/advancement coverage and, should the circumstances warrant, access to outside counsel who would represent them individually and not the company.
Michael W. Peregrine, a partner at McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer-director liability issues. He thanks his partner, Eugene I. Goldman, and his associate, Kelsey J. Leingang, for their assistance in preparing this article.