What is a director's duty for corporate legal compliance? Recent amendments to the United States Organizational Sentencing Guidelines can help directors and their advisors answer that important question.

Directors Have a Duty to Implement Effective Compliance Programs to Deter, Detect and Respond to Employee Misconduct

Courts have increasingly held that directors have a duty to ensure that companies implement effective compliance programs to deter, detect and respond to employee misconduct. In the seminal 1996 Caremark decision, a Delaware court considered whether directors of Caremark International breached their duty of care in connection with alleged violations by company employees of federal and state laws and regulations applicable to health care providers. The court found that the directors had not breached their duties to the company, but also held that directors have "a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards." In re Caremark Int'l Inc. Derivative Litig., 698 A.2d 959, 970 (Del. Ch. 1996) (emphasis added).

A number of other courts have followed Caremark in finding that directors have a duty to ensure that their companies have effective compliance programs, and that directors may be liable if they breach that duty. In 2003, for example, a federal court of appeals held that directors of Abbott Laboratories may have breached their duties by failing to take reasonable action to prevent and remedy the company's noncompliance with the law. See In re Abbot Labs. Derivative Shareholders Litig., 325 F.3d 795 (7th Cir. 2003). The court further held that claims for the directors' alleged breaches were not barred by a waiver clause in the company's articles of incorporation. Id.

Amended Organizational Sentencing Guidelines – Turning a Sow's Ear Into a Silk Purse

In light of these types of holdings, it is important for directors to understand their duties for corporate compliance. Two recent developments point to the Organizational Sentencing Guidelines as an important source of guidance regarding those duties. First, the United States Sentencing Commission amended the Organizational Sentencing Guidelines, effective November 1, 2004, to define the essential elements of an effective compliance program. The amended Guidelines reflect a new focus on directors' duties regarding effective corporate governance. Second, in a constitutional challenge to a different section of the Guidelines, the United States Supreme Court has ruled that federal courts must continue to consider the Guidelines in imposing sentences. The Organizational Sentencing Guidelines will therefore continue to play an important role in determining directors' duties for corporate compliance.

The amended Guidelines provide a classic "sow's ear" of requirements from which a board of directors can craft a silk purse for developing an effective compliance program. Of most interest to directors, the amended Guidelines impose three types of duties on directors for corporate compliance.

  • Be Knowledgeable. Directors should be knowledgeable about the "content and operation" of the compliance and ethics program. The board (or a board committee) should receive periodic reports on the implementation and effectiveness of the compliance and ethics program. Directors should ask for reports both from the high-level managers responsible for the program and from those with day-to-day responsibility for it – and, at least annually, get a compliance review.

  • Get Training. The Guidelines expressly require that directors receive training appropriate to their roles and responsibilities. Periodic presentations by the company's compliance officer, consultants or counsel may satisfy this requirement.
  • Exercise Reasonable Oversight. Directors must exercise "reasonable oversight" over the "implementation and effectiveness" of the compliance program to ensure that it is "generally effective in preventing and detecting criminal conduct." This includes following up on reports of violations and risks by making sure that the company is taking effective remedial and preventive action.

The Guidelines provide a critical role for directors in protecting their companies from liability for employee misconduct and can help directors identify their duties for compliance. An effective compliance program can prevent or mitigate misconduct, influence charging decisions, reduce penalties, and demonstrate that directors and officers are carrying out their duties to protect corporate assets and monitor the business.

Practical Tips

How Do Directors Exercise Reasonable Oversight?The Organizational Sentencing Guidelines suggest three steps that directors can take to fulfill their oversight duties:

  • Ensure That the Correct Management Structure Is in Place for the Compliance Program. Specific high-level individuals within the organization must have direct, "overall responsibility" for the compliance program and must have adequate resources and authority to ensure the program's implementation and effectiveness. Those individuals must report directly to the board (or a board committee such as the audit committee).

  • Make Sure That the Company Is Using Ongoing Risk Assessments to Design, Implement and Modify the Compliance Program.
    • Risk assessments should consider the company's compliance history, the nature and seriousness of specific potential violations and the likelihood that violations will occur. The company, moreover, should act on those risk assessments by implementing remedial and preventive measures that are reasonably calculated to ensure compliance.
  • Regularly Evaluate the Compliance Program.
  • Directors should regularly evaluate the elements and effectiveness of the company's compliance program.

Questions for Directors.  Directors should ask the following specific questions:

    • Does the company have reasonable processes to ensure that the compliance program is followed, including monitoring, auditing, evaluating and promoting the reporting of potential or actual violations?

    • Is management involved in and knowledgeable about the compliance and ethics program?
    • Does the compliance program promote a culture of compliance?
    • Is management authority responsibly delegated?
    • Does the company have an effective program for training employees and communicating compliance standards?
    • Does the program promote accountability through incentives and discipline?
    • Is the company responding appropriately to actual or potential legal violations when they are detected?


Additional Information

You can find the amendments to the Organizational Sentencing Guidelines at http://www.utcle.org. For a more extensive discussion of the Organizational Sentencing Guidelines and the essential elements of a corporate compliance and ethics program, see Shelter From the Storm: Designing Effective Compliance and Ethics Programs to Protect Businesses From Criminal Liability.  You can find discussion of other recent rule proposals, laws and regulations of interest to public companies on our website.