A Seminal Challenge for the Audit and Compliance Committee
Federal deregulation efforts are taking place while at the same time we are witnessing heightened expectations of governance accountability. The rapid convergence of these two trends is creating a seminal challenge for the audit and compliance committee of many corporate boards.
At the surface, it is hard to spot any corporate negatives to the administration’s deregulation initiatives. Indeed, boards may well embrace the expectation of relaxed regulations and more limited civil and criminal enforcement activity.
Yet, there is a legitimate concern that executives and line managers who are ordinarily prone to “push the edge of the envelope,” may interpret deregulation as a “green light” to pursue business strategies that may be legally problematic. This attitude could threaten the authority and influence of the committee’s compliance agenda.
This relaxing of executive attitudes towards legal boundaries would come at the worst possible time, with emerging expectations of fiduciary obligations heading in exactly the opposite direction. Rather than relaxing expectations of compliance program oversight, these trends (reflected in court decisions, regulatory actions, and academic commentary) would hold directors more directly accountable for corporate compliance failures. “Where was the board when all this was going on?” Now especially, the audit and compliance committee is well advised to be pro-active in asserting its oversight powers.
These converging initiatives are highlighted by several recent developments.
The “Brand Memorandum” from the Department of Justice (DOJ) is the most recent compliance extension of administration-driven deregulation. The specific focus of the Brand Memorandum is to (i) confirm that the DOJ may not use its enforcement authority to effectively convert agency guidance into binding rules; and (ii) prohibit DOJ attorneys from using noncompliance with guidance documents as a basis for proving legal violations in civil enforcement actions, including but not limited to actions brought under the False Claims Act.
Examples of such guidance include documents such as preamble commentary, manuals, bulletins, fraud alerts, policy guidance, advisory opinions, and national and local coverage determinations. Often times, such guidance is woven into corporate compliance programs and risk guidelines, as may be relevant to a particular industry sector.
The Brand Memorandum provides defendants with a valuable tool in defending FCA actions—whether brought by the DOJ or relator’s counsel—that attempt to use alleged noncompliance with agency sub-regulatory guidance as support for a False Claims Act theory. It does not, however, suggest any relaxation of existing DOJ enforcement practices.
The pending release of long-anticipated revisions to the controversial Yates Memorandum would likely add to the audit and compliance committee’s burden. According to Deputy Attorney General Rod Rosenstein, the changes to Yates will be “modest,” and are intended to address possible ambiguities and potentially inconsistent applications of policy.
The main idea of the Yates Memorandum, holding individuals accountable for corporate wrongdoing where appropriate, is expected to be kept in place. But the corporate compliance concern is the potential for organizational misperceptions that because of the Brand Memorandum, “Yates has been repealed,” and that individual accountability is no longer a focus of government enforcement policies.
Board Accountability Developments
The Delaware Supreme Court requires a very high burden of proof to sustain a claim for breach of the director’s Caremark compliance program oversight duty. However, leading governance observers acknowledge the potential that, given harsh fact patterns (e.g., material harm to consumers or shareholders), courts may less strictly apply the Caremark standard in the future. A recent decision of the Federal District Court in Northern California, involving a derivative action against the officers and directors of a financial services firm for breach of fiduciary duty, lends credence to this concern.
There, the court denied a motion to dismiss filed by the defendant officers and directors. The court was sufficiently persuaded by the totality of red flags of which the board was allegedly aware, and the fact that many of them were presented in the form of direct communications and reports to the board. The court also appeared persuaded by the fact that many of the defendant officers and directors also served on committees with direct oversight over the alleged conduct that was the source of the losses cited in the complaint. Thus, the case continues.
The Federal Reserve Bank’s February enforcement action against Wells Fargo & Co., with its concurrent impact on officers and directors, is the most recent indication that regulatory agencies may be willing to hold directors personally accountable for serious corporate compliance and conduct failures occurring during the period of their board service. The Fed clearly sought to hold governance responsible for the weakness of the company’s risk management and legal compliance programs. It is conceivable that this enforcement action may serve as a model for other regulatory agencies confronting issues associated with corporate compliance breakdowns.
More generally notable are efforts such as the New York City Comptroller’s Boardroom Accountability Project 2.0, which is intended to improve the quality of boards of directors.
A Possible Approach
Boards may need to take proactive steps in order to counter the consequences of the convergence of deregulation and accountability. It may be important to send a clear message throughout the organization that corporate policies on legal compliance, corporate conduct, and legal risk evaluation of business initiatives will not change—and may even be strengthened. This action would build upon the elements of director accountability increasingly identified by courts and regulatory entities; i.e., that compliance committees should be particularly engaged in monitoring the legal risks of business strategies.
The committee may thus choose to increase its focus on, among other steps, ensuring that (i) the business strategies approved by the board are consistent with the risk management capabilities of the company; (ii) the company’s risk management and legal compliance programs are sufficiently robust to prevent improper behavior; (iii) the board has sufficient information to carry out its responsibilities; (iv) robust inquiry and demand for further information is made about serious compliance issues that come to the board’s attention; and (iv) corporate culture recognizes the importance of adherence to internal policies, and awareness of regulatory agency guidance documents.
Michael W. Peregrine, a partner at the law firm of McDermott Will & Emery, advises corporations, officers, and directors on matters relating to corporate governance, fiduciary duties, and officer and director liability issues. His views do not necessarily reflect the views of the firm or its clients. Mr. Peregrine thanks his partner, Tony Maida, for his contributions to this post.