Board of Directors’ Personal Liability for Oversight of BSA/AML Compliance
 
February 15, 2007
 
Timothy N. Bergan- Chicago
Janet Wagner- Chicago

In our October 2006 Financial Institutions newsletter, we discussed how bank regulators are raising the bar for Board of Directors’ accountability to regulators for BSA/AML compliance deficiencies. A recent court decision in Delaware addresses the companion issue of Board of Directors’ personal liability for such deficiencies when performing their oversight responsibilities. In Stone v. Ritter¹ the court articulated a high standard for bank director oversight liability for BSA/AML compliance deficiencies.

Major BSA/AML Deficiencies and Severe Sanctions

In the regulatory actions that preceded the litigation, bank regulators found board and management oversight of a bank’s BSA/AML program to be inadequate, which resulted in a deferred prosecution agreement, a cease and desist order and significant monetary penalties imposed on the institution. However, no penalties were assessed, nor was any regulatory action taken, against the directors individually. Rather, the regulators imposed substantial obligations on the board and management to correct the deficiencies and ensure they were corrected.

Caremark Standard Affirmed

Notwithstanding the major compliance deficiencies and severe sanctions, the court found that the individual directors were not liable personally. The court held that inadequate oversight is not enough to impose personal liability. Rather, liability attaches if directors know they are not discharging their fiduciary obligations, or consciously disregard their obligations to act in the face of a known duty to act.

The court held specifically that

“Caremark² articulates the necessary conditions predicate for director oversight liability: (a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention. In either case, imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith.”

What’s the Point?

Overall, the decision is good news for bank directors who approach their responsibilities seriously. A high standard for director oversight liability is consistent with corporate governance principles that directors are responsible for directing – but not managing – the day-to-day operations of the institution.

Only time will tell whether the high legal standard for director oversight liability will affect the regulators’ standards for director accountability for BSA/AML deficiencies. While the decision demonstrates the difference between accountability and liability, it also suggests a relationship between the two.

If regulators are satisfied that directors are fulfilling their fiduciary responsibilities, it should help insulate them from personal liability. However, failure to satisfy the regulators could be a road map to personal liability.

For more information, e-mail Tim Bergan or Janet Wagner Jelen at tim.bergan@hklaw.com or janet.jelen@hklaw.com , respectively, or call toll free, 1-888-688-8500.

¹ Stone v. Ritter, ___ A.2d. ___, 2006 WL 3169168 (Del. Nov. 6, 2006)

² In Re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959 (Del. Ch. 1996).