Court Expands Duty to Corporate Officers and General Counsel to Implement Compliance and Ethics Programs
Since 1996, it has been generally understood that corporate boards of directors, particularly those in heavily regulated industries, have had a fiduciary duty to ensure that their companies have in place an appropriately designed and implemented compliance program with internal controls sufficient to identify potential corporate wrongdoing and bring it to the attention of management and the board. That principle was adopted in the landmark case of In re Caremark International, Inc. Derivative Litigation1 by the Delaware Chancery Court and confirmed by the Delaware Supreme Court in the 2007 decision in Stone v. Ritter.2 Until recently, however, the Caremark obligations had not been formally extended to senior management of companies or their general counsel.
If executive management was of the notion that compliance and related internal controls were not its responsibility – that has now changed. In the case of Miller v. McDonald, et al. (In re World Health Alternatives, Inc.),3 the United States Bankruptcy Court for the District of Delaware held that corporate officers, and, in particular, the general counsel, can be held personally liable for corporate fraud and related wrongdoing, even if they do not have personal knowledge of, involvement in, or benefit from the underlying wrongful activities. The path to avoiding such liability is clear: senior management must take steps to ensure that appropriate compliance program structures and activities are in place and operating.
It has long been established that directors have responsibility to supervise and monitor the operations of a corporation. The legal presumption is that “in making a business decision, the directors of a corporation acted on an informed basis, in good faith, and in the honest belief that the action taken was in the best interests of the company.”4 This is called the “business judgment rule.” Directors’ actions are protected by the business judgment rule unless there is evidence that the directors have breached their fiduciary duty of care (i.e., have acted with gross negligence) or duty of loyalty (i.e., have acted with deliberate indifference and have failed to act in the face of a duty to act) or have acted in bad faith (i.e., have acted with a conscious and intentional disregard of their director responsibilities). The Caremark decision held that
[g]enerally, where a claim of directorial liability for corporate loss is predicated upon ignorance of liability-creating activities within the corporation, … only a sustained or systematic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists –will establish the lack of good faith that is a necessary condition to liability.5
The court continued to note that this test of liability for lack of good faith as evidenced by “a sustained or systematic failure … to exercise reasonable oversight” is quite high. In other words, unless the directors “sleep on the job” or choose not to receive timely and accurate corporate information that may give rise to suspicion of wrongdoing, they are generally protected from claims of personal liability under the business judgment rule. That protection is lost, however, if directors fail to ensure that an “information and reporting system,” now commonly understood to mean a corporate compliance program, has been implemented at the company.
In the Miller v. McDonald case, the U.S. Bankruptcy Court for the District of Delaware specifically expanded the Caremark principles to senior officers of the company, including the general counsel. The Miller court took the position that under Delaware law, the “fiduciary duties of officers have been assumed to be identical to those of directors.” While both directors and officers enjoy the presumption of the business judgment rule, the rule can be overcome by evidence of gross negligence, including the failure to implement and utilize a reasonably adequate corporate “information and reporting system” (i.e., compliance program).
World Health was a nationwide health care-staffing services provider to hospitals and other health care facilities. The company filed a Chapter 11 bankruptcy petition in February of 2006, which was later converted to a Chapter 7 case. The bankruptcy trustee, Miller, brought suit against several senior executives of the company, including Brian Licastro, who served as the company’s vice president of operations and “in-house general counsel.” Three of the other defendants were also members of the board of directors. According to the complaint, in 2003 and 2004, World Health began an aggressive strategy of growth, primarily through a series of private placement transactions. During this process, the company purportedly raised more than $45 million and made eight acquisitions of smaller staffing companies around the United States. By the end of 2004, however, the company had spent all of the money it had raised and began to borrow heavily. In February of 2006, the Internal Revenue Service filed liens on company property, alleging an unpaid tax liability of more than $4 million.
The trustee’s lawsuit against Licastro and the other executives alleged that they had allowed the “routine waste of World Health’s limited resources on expensive and unnecessary luxuries for their personal benefits.” The alleged waste included such luxury items for the executives as extensive time on private jets and luxury car leases for the executives. In addition, the lawsuit alleged fraudulent tax reporting to the IRS, misstatement of financial reports on related-party loans, misrepresentations on company financial statements and securities filings, false press releases, and false certifications under Sections 302 and 906 of the Sarbanes-Oxley Act. It was alleged that all of these activities led to the collapse and subsequent bankruptcy of World Health.
One of the claims against Licastro, the former general counsel, was that he had “breached his duty of care by failing to implement an adequate monitoring system and/or the failure to utilize such system to safeguard against corporate wrongdoing” based on the Caremark decision and the subsequent decision by the Delaware Supreme Court in Stone v. Ritter.6 Licastro moved to dismiss the breach of fiduciary duty claim, in part, on the ground that Caremark and subsequent cases “addressed the fiduciary duties of directors, not officers,” and that the trustee was attempting to improperly expand the concept to employees.
The court held that even though Licastro may not have personally gained from the wrongdoing, or had knowledge of, or affirmatively participated in the wrongdoing, his failure to “implement an adequate monitoring system and/or the failure to utilize such system to safeguard against corporate wrongdoing” was sufficient to give rise to liability for his breach of duty of care owed to the corporation and its shareholders.
The court also noted that Section 307 of the Sarbanes-Oxley Act of 20027 directs the Securities and Exchange Commission (SEC) to issue rules that set forth minimum standards of professional conduct for attorneys who appear and practice before the SEC, and such standards must contain a rule requiring “an attorney to report evidence of a material violation of securities law or breach of fiduciary duty or similar violation” by the issuer up-the-ladder within the corporation.8 The court held that the in-house general counsel, as the only lawyer in top management, had the duty to know and should have known of the malfeasance and should have reported the management’s breach of fiduciary duties up the chain of command.
The court further inferred under Section 307 of the Sarbanes-Oxley Act that the in-house counsel had an affirmative duty to inspect the truthfulness of the corporation’s SEC filings. By failing to provide oversight and advice that would have prevented the corporation from making material misrepresentations in its SEC filings and press releases when he should have been aware of wrongdoing and discrepancies in the corporation’s revenues, the former general counsel exposed himself to potential claims for breach of fiduciary duty, negligent misrepresentations, and professional negligence.
The Caremark standards still apply and “only a sustained or systematic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists – will establish the lack of good faith that is a necessary condition to liability.” Among other egregious failures, the health care staffing company had tax liens filed against it for unpaid income taxes and reported debt which was under-stated by over $20 million.9 Assuming the allegations of the complaint were true, as it was required to do in the preliminary phases of the litigation, the court found that such an utter failure did exist and held management responsible.
The Miller decision should serve as a wakeup call to all in-house counsel and senior executives, many of whom are also officers of their corporations. The court has made clear that non-director corporate officers owe to the corporation the same Caremark and related fiduciary duties as those owed by directors. Although under the Attorney Conduct Rules promulgated by the SEC under Section 307 of the Sarbanes-Oxley Act,10 counsel has a duty to report only a material violation of the law that he or she becomes aware of, the Miller decision has gone beyond that and has determined that in-house counsel also has the duty to take affirmative steps to provide oversight and “safeguard against corporate wrongdoing.” Lack of personal benefit or knowledge of actual wrongdoing is not enough to absolve in-house counsel of these liabilities. Instead, he or she must be vigilant and make sure that the company implements a reasonable compliance system and utilizes the system to monitor fraud and other kinds of corporate wrongdoing. When there is a reason to suspect a material violation of the law, he or she must promptly take other affirmative actions, such as up-the-ladder reporting and corrective or remedial actions to reduce the adverse impact of the wrongdoing on the corporation and its shareholders. Even without reasonable suspicions, liability may be imposed if the company does not have a reasonable, operating compliance program in place.
This article, which appears here with permission from the Society of Corporate Compliance and Ethics, was first published in the October 2008 Compliance and Ethics Magazine.
1 698 A.2d 959 (Del. 1996).
2 911 A.2d 362, 370 (Del. 2006).
3 Bankr. Case No. 06-10166, Adv. Pro. No. 07-51350
(Bankr. D. Del. April 9, 2008).
4 Aronson v. Lewis, 473 A. 2d 805, 812 (Del. 1984).
5 Id. at 971.
6 911 A.2d at 370.
7 15 U.S.C. §7245.
9 According to filings with the SEC, World Health had total assets of $112 million, total liabilities of $54 million and shareholder equity of $50 million in March of 2005.
10 17 C.F.R. Part 205.