Law & Governance

Law & Governance November -0001 : 0-0

Personal Liability: Have the Rules Changed?


Experts differ on what legal changes might lie ahead after the personal settlement payments at Enron and WorldCom.
The participants in this roundtable discussion were:

William T. Allen, NYU Center for Law and Business

Paul D. Lapides, Coles College of Business, Kennesaw State University

Robert B. Thompson, Vanderbilt University, School of Law

Tom Wardell, McKenna Long & Aldridge LLP

T.K. Kerstetter, Corporate Board Member magazine

Should directors be concerned about outof- pocket settlements such as Enron and WorldCom?

Robert B. Thompson: Enron and WorldCom are examples where directors are writing a check and paying out of their own pockets. Should that alarm directors? Not necessarily. First, Enron and WorldCom are the most visible symbols of the excesses of the bubble. They are the two companies that, by themselves, provided the spark for Sarbanes-Oxley. When Enron occurred in the winter of 2001, the legislation was not going anywhere. WorldCom followed in June 2002, and within six weeks, Sarbanes-Oxley passed through both houses of Congress, was signed by the President, and we were on our way. So it's not surprising those two situations provoked what in effect are exceptions to the long trend of directors not having to worry about paying out of their own pockets. It will take something else-a third or fourth case that is not the high-visibility poster child of the Enron and WorldCom scandals-before directors need to worry.

Second, these cases occurred in the unusual setting of the 1933 Securities Act. They were not based on state law, or on duty of care, or on generic 1934 act obligations. They occurred in a setting in which directors were held accountable for the statutory strict standard of liability and due-diligence questions under the 1933 act provision. To that extent, it doesn't affect directors' duties. So Enron and WorldCom are more unusual, although provocative, scary examples, and thus do not demonstrate the everyday, run-ofthemill concern for what directors do in most American corporations.

Tom Wardell: I disagree with respect to the immediate, shortterm impact on directors, but I agree with respect to the long-term impact. The law hasn't changed as far as directors' ultimate responsibilities. Are they still entitled to indemnification under most circumstances? Absolutely, there's no change there. What concerns me is while Enron and WorldCom were the poster children, the Disney case is making its way through the courts and there's the old Abbott case in the wings, and these have led to resistance on the part of insurers to paying defense costs in the first instance as well as reticence on the part of judges to consider dismissals in the same way. This puts directors, if they are named in a suit, squarely on the hot seat during the early litigation stage while in discovery and the motions process, and before they actually go to trial where the facts come out. In that circumstance, the business judgment rule is alive and well for most boards, and there won't be a negative outcome.

William T. Allen: I agree the law has not fundamentally changed, and I also agree that Enron and WorldCom are unusual cases. But the political environment has changed, meaning juries have changed, judges are more sensitive, and people who bring suits make decisions with respect to director liability for political reasons and not for anything else. So while fundamentally the law is unchanged and the same risks have been out there under Section 11 since 1933, we do live in a different political environment and that should alert directors to a heightened degree of risk. Is it a significant degree of risk? That depends on how sensitive you are to being tied up in litigation. There is an enhanced likelihood of being sued and of not getting a business judgment rule dismissal at the outset. At the end of the day, there won't be a liability risk for many directors. But it is a new world, unquestionably.

Paul D. Lapides: While the law hasn't changed, Chancellor Allen is absolutely right, the environment has changed, particularly the legal environment. Anyone who reads these settlements and doesn't think he or she has liability is not reading them properly. It's a good opportunity for directors to think, "I have a responsibility and that responsibility means I need to do the right thing or I could be found liable." Is it likely that they will be? No. But shouldn't directors be liable for the actions they take? Employees lose their jobs when they don't do a good job. And if they are negligent in their responsibilities, actions can be taken against them. Shouldn't directors fall into the same category? So in terms of just ignoring it and saying it's an aberration, from a practical point of view, this is a very good wake-up call for directors. And it's clear that more directors are being targeted, not just in lawsuits, but in terms of SEC investigations to unveil what directors knew, when they knew, and what they did about it. More directors have been barred from serving as officers or directors in the last two years than in the two years prior to that. So it's a good opportunity for directors to think, "If I'm going to be on a board, I'd better do my job the right way."

What advice would you give a friend considering a board seat today to reduce his or her personal liability?

Wardell: Well, it would not be to move his or her assets. There are two specific things people considering board seats should do. One would be to make sure the company in question has bylaw provisions that take indemnification expenses, especially legal costs, from the realm of discretionary approval and make those mandatory. If the bylaw provisions are not written that way, then the individual should ask for an agreement because the board always has that authority and can indeed turn a "may" into a "shall" so there would be that arrangement up-front. The second thing is to make sure the D&O liability policy is as strong as it can be in favor of defending up-front costs. It's that up-front cost section that is the most difficult part for any director or officer who faces possible personal liability. If those two things are as strong as they can be, then the individual has done what can be done to diminish his or her exposure.

Allen: The primary thing I would advise someone considering a board seat to do is to get information about the board and the CEO's character. And of course, it's important to have the standard legal protections of D&O insurance, indemnification, and mandatory advancement. But before getting there, you want some idea of who the CEO is and if there's a controlling shareholder- which is a particularly difficult and dangerous board to sit on, in my opinion-who that person is and what his or her history is. One way you can do due diligence is by reading analysts reports, if it's a public company, but also by talking to people informally, particularly those who have formerly served on the board. They can give you a sense of how the board operates. Is it a board that takes seriously its governing responsibilities, or is it a sort of easy board over which a strong CEO dominates? Obviously you don't want to join that board, because that dominant CEO may take you to a place you had no idea you were going to until it's too late. This sort of investigation from every source you can find is a first step in protecting yourself.

Lapides: To really reduce the risk of liability, I'd tell my friend not to join the board. That would reduce his or her liability the most. And probably more people should have no as their default answer, and then decide to do their homework-what Chancellor Allen is talking about-to see if joining the board makes sense. That homework should include looking at the integrity of the management team and CEO; the culture of governance, which was also mentioned in terms of what types of processes are in place; is it a free or dominated board; does it have an internal control function; what's its relationship with the external auditor? There's a lot of homework to be done before joining a board today; otherwise you shouldn't be joining a board, because you are jumping into an enormous amount of risk. Generally, you need to look at the ethical culture and do your homework before you even think about the D&O insurance, because if the first thing you think about is D&O insurance, you probably shouldn't be going on the board. And there's much more than the D&O insurance, there are reputational risks and things like that. After your homework is done, study up on governance and what your job is as a director. Third, learn about the industry and the competition. Last, if you take a directorship, actually do your job as expected. If you do those things, then your liability is reduced to near zero.

Thompson: Directors should care about two kinds of protection: legal and business/personal. The legal protection has three parts: insurance, indemnification, and exculpation. You don't want to join a board without all three. You want to have exculpation of 102(b)(7) in Delaware. You must have indemnification pursuant to the bylaws or the charter. You want to have insurance from a solvent company. Those are check-off items. The second concern, one Chancellor Allen mentioned, is more business or personal. Even if you have the first three legal elements, you shouldn't stop there, because that's your backstop. The CEO is very important in helping you evaluate the business tone and where you fit in. That will help you determine if you are at risk of finding out in a year or two about a scandal you didn't anticipate. And so you want to do due diligence about the business and personal side, which includes finding out if questions are welcomed, how directors interact with the CEO, and if they push the envelope in areas that make you uncomfortable. Now pushing the envelope can be good in terms of entrepreneurism, so you have to make a judgment about whether pushing the envelope will come back to bite you.

Has any of this created a crack in the Delaware courts such that the plaintiffs' bar is trying to, in a sense, make that crack bigger, with regard to personal settlement situations or changes in attitudes in the Delaware courts? Have the courts lightened up at all?

Allen: It's difficult to predict whether or not the Delaware courts will be more open to plaintiffs. Several of the current Delaware Supreme Court justices have a kind of intellectual commitment to what I think of as the old-time religion. On the other hand, given the Disney case, it's going to be very easy for a plaintiff to allege that a defendant's action was not simply a breach of due care, that it was so careless that it reflects a lack of good faith, and if it's a lack of good faith, under some of these opinions, then it doesn't qualify for business judgment protection. You can't get a dismissal at the early stage. Does this mean it's going to be easy for people to hold directors in past the motion to dismiss? An original function of the business judgment rule was to clear out, at an early stage, disagreements about the decisions without any conflicting interest. I still don't think the Delaware courts want a world where it's too easy for shareholders to get to a trial or to a beneficial setting for settlement, but we're going to have to wait and see. It doesn't mean enhanced liability, because these cases will be settled, but it may mean a world of enhanced bother and burden, and I don't think the Delaware courts want to move in that direction, but they may be forced to from a sort of doctrinal development level.

Lapides: It would be difficult to add to Bill's comments, but I think the business judgment rule has moved. The expectation of duty of care has also been moved; therefore, we will see an excited plaintiffs' bar looking for opportunities where it's easier to show that care was not taken, that the business judgment rule does not apply, and that there is more likelihood of obtaining a liability judgment against defendants. I don't know that the law has changed as much as the practice or the implementation of it has moved, largely because of a change in the legal and political environment.

Thompson: Litigation is an inherently dynamic process, and with each new case, the plaintiffs' bar tries to shift the vocabulary a bit so it can make new law. What's happened in this area is that good faith has become the label of discussion. Good faith has been around forever as far as directors' duty, but it has not been the basis on which decisions have been made. Most important for an offensive strategy is that good faith is not covered by exculpation under Delaware law. But the duty of care is. So if you are a plaintiff's lawyer, you have an incentive to take a set of facts and say, "Ah ha, good faith" as opposed to saying, "Ah ha, duty of care." So what we've seen in the last two years in as opening or slight crack going back to your question, that the Delaware courts may be receptive to letting a good-faith argument develop. But where is it going? Bill Allen, our Delaware chancellor, referred to the old time religion that some members of the Delaware Supreme Court now have. The Delaware Supreme Court for some time has believed in sermonizing, to use the religious analogy, not to find liability, but to establish and outline rules of conduct. What we've seen recently is the use of the good-faith vocabulary to say what we want directors to do. The unanswered question is whether or not this will be a basis for saying directors should pay. That's what we should be looking for in terms of trying to figure out what expressed liability there will be in the future.

Wardell: I have the cynical practitioner's view. Plaintiff litigation is all about your settlement. If you get pas the motions phase of the trial. You have a much more expensive case in your briefcase. Second, companies are feeling pressure to do things that will be able to resist discovery. Two quick examples: We worry constantly about wheter or not committee meeting minutes will be subject to disclosure. How do you record the meeting without putting something in the file indicating you worried about a particular problems at a particular time? That's discoverable. The second thing is, how do we undertake the board evaluations that everybody is now urging in a genuine way and not provide something for the plaintiffs' bar to get past a motion to dismiss?

Allen: Should there be notes or minutes of an executive session? Should there be written peer review? There are a number of governance activities that boards should be doing, but if you create them, that brings on worry. The general counsel who has the litigation responsibility and advises the board is very concerned about the creation of documents that could some day be used against the company. He or she is stuck between a rock and a hard place. Thus we end up affecting the quality of our governance in order to protect corporations from future lawsuits.

How can directors keep themselves informed enough to anticipate risk and consider it in a timely fashion rather than confirming it after the fact, when it becomes a question of crisis management versus risk management?

Wardell: This is one of the two big phantoms in today's boardroom, the other being executive compensation. And the problem precedes Section 404. In fact, it's implicit in Section 404. It hasn't been helped by the way in which the SEC ultimately framed the regulations under Section 404 because, theoretically, it teased the risk management piece away from it, but if you adopt the COSO framework, you're right back to risk management. And let's face it, if you, as a director, are towing the line for the financial statements, imbedded in those statements are all of the risks your company is undertaking, known or unknown. Directors need to confront this head-on. Some boards have done this by creating risk management committees - a group of directors responsible for ferreting out the major risks and then explaining how the company is addressing those. Board members are responsible for what goes into the company's market information principally through the 10K, and a description of environmental risk. That means understanding something that, if done well, is based upon a lot of modeling and financial analysis. To get to that point, someone in management must be responsible, either directly to the board or directly to the risk management committee, for explaining what is going on with respect to environmental risk management , how frequently it's undertaken and so forth, at every board meeting. Maybe it's a three-minute update; maybe it's an extensive report. At companies with a risk management committee that is the process, and I think it's a good one. But when you look across the panorama of public companies, you see companies at one end that do it very well and then you will find companies at the other end of the spectrum where the most attention that's paid to risk is to regurgitate a bunch of predigested risk factors an query whether anyone understands them.

Allen: If you think about being a fiduciary in fundamental terms, obviously risk management is as elemental a thing as any trustee or other fiduciary must be concerned about. In the past, we have taken these responsibilities and said the board as a whole oversees them. And once the board as a whole has them, no individual on the board has them, thus the responsibility effectively passes to management. Few companies outside of the financial industry have formal risk committees, but it's a very natural next step in governance evolution. The risk committee members identify all sources of risk the enterprise faces. It may be that financing is a source of interest rate risk. It may be environmental risk. It may be dependence on a few customers. It may be R&D product cycle risk. IT may be personnel risk. So every souce of risk should be identified, and a rational way to do that is through some system of gauging it with management reporting to this committee. If you started out designing governance anew at a corporation, risk committees would be included. But at established companies, risk oversight has fallen under the audit committee's responsibility because it's reflected in the financial statements. And now the audit committee, which already has so much responsibility, gets this risk oversight function in a backhanded way. It's odd because the SEC is essentially predicated on disclosure, so we end up with the audit committee being a risk committee.

Lapides: I agree with both my colleagues. It's natural that a lot of the risk management overight ends up with the audit committee because many risks are about safeguarding assets. Even with reputational risks, audit committee members are familiar with some of that quantification in terms of the number of people they meet with. However, we often lose sight that risk management is also about assessing opportunities and making strategic decisions, and that is not under the audit committee nor should it be.

The greatest risk facing directors is finding that the CEO and one other member of management are corrupt. Something like 83% of all frauds that occured during a 10-year study were done by the CEO and one other senior executive. The greatest motivation people have to join a board is confidence in the CEO - thinking the CEO has great integrity, feeling good about his or her track record and stature in the community - so our greatest safeguard in terms of risk management is management and our greatest risk is also management. Directors must pay a lot more attention to the CEO, CFO and the general counsel and what kind of information they receive.

Thompson: When I try to predict the future of risk management, it's pretty hazy. Risk management has been handled in a number of ways - by the audit committee, through the financial statements, through disclosure through SEC disclosures on prospectuses in which the inside pages list the risks. My experience is that these things are not that helpful. This really pushes us to ask what board members, who spend 250 to 300 hours a year meeing collectivelly, really contribute in terms of risk management? That's difficult to answer. It may not be as much as we think and so we many end up putting this task on management more than on directors. Five years from now, I'd be interested in seeing whether we have developed a real risk evaluation role for directors, or whether we are at the very same place we are today, which is that directors aren't really making much of a difference in risk evaluation.


Reprinted with permission.

This discussion first appeared in the Corporate Board Member's 2005 Academic Council Supplement, Emerging Trends in Corporate Governance.


Be the first to comment on this!

Note: Please enter a display name. Your email address will not be publically displayed