The Sarbanes-Oxley solution: new corporate governance standards redefine directors and officers liability.Directors and officers of major U.S. companies have been hit by the perfect storm. That storm consisted of the shock of Enron, WorldCom and other companies; the response of the Sarbanes-Oxley Act of 2002 and the difficulty insurance companies have in providing fairly priced D&O coverage to their insureds. Sarbanes-Oxley has become the omnipresent force in corporate, accounting and legal cultures and is quickly shaping the way business is done. Even an officer, director or legal officer of a company not presently covered by the act should be aware of the new rules to protect the individual officers, the company and its shareholders. The Sarbanes-Oxley Act was passed on July 29, 2002. Among its important mandates is a code of ethics for senior financial officers and their principal executive officers. There are also new rules for directors and auditors. In addition, Item 307 of the new rules issued by the Securities & Exchange Commission governing the standards of professional conduct for attorneys provides new rules for attorneys who have an attorney-client relationship with the company (called issuer in the Act). It is generally accepted that these new rules will eventually apply to large privately held companies, municipalities, nonprofit organizations, banks, and brokerage houses because states are considering "mini SOX" acts which will affect nonpublicly traded entities. Brokerage houses are already affected to an extent under the act. What Is the Issue? A new world of conflict and exposure has been created because the Sarbanes-Oxley Act imposes duties on lawyers that combine a duty to the client with a duty to the investing public. The attorney can transfer that duty to the chief legal officer and eventually to the board of directors. The issue is how to handle it. What is the New Duty? On Jan. 29, 2003, the SEC issued new rules governing the standards of professional conduct for attorneys, which became effective Aug. 5. These basic obligations are described in the sidebar "Basic Corporate Obligations Under Item 307 of the Sarbanes-Oxley Act." (See page 48.)The new rules stipulate that the attorney may transfer the duty to report evidence of a violation of law to: * the insurer's chief legal officer (or the equivalent); * the issuer's chief executive officer (or both); or * the board of directors, or a committee of the board. If the report is to the chief legal officer, then that officer must conduct some investigation in most cases, and must report the result to the attorney who made the initial report. In lieu of conducting such an investigation, however, the chief legal officer of the original attorney may refer the report to a "qualified legal compliance committee." This committee is a special committee of the board of directors that is made up of independent directors, at least one of whom must be on the issuer's audit committee or its equivalent. These directors then have specified duties to conduct the same investigation the chief legal officer would have conducted. They also have the same duties of reporting and acting if they determine that an investigation warrants action. This duty includes: * recommending that the company implement an appropriate response to the evidence of a material violation; * informing the reporting attorney and the appropriate officers and directors of the results of the investigation; and * taking all needed remedial action including (in some cases) reporting the evidence to the SEC if the situation is not appropriately remedied. What is the Conflict? The lawyer, and hence the officers and directors, have a duty to the public, as well as the company, and that duty may be irreconcilable. Each party with this duty has a duty to act in the best interests of the client (the issuer) and the investing public. These are two distinct entities with differing interests in many cases. It is not, for example, in the best interests of the company to report a violation of law that could risk the financial health of the company. On the other hand, this is information the average investor would want to know. What Triggers the Need to Act? A company must act when there is credible evidence which would cause a prudent and competent attorney to reasonably believe that a material violation of federal or state securities law or breach of fiduciary duty or similar violation of any federal or state law has occurred, is occurring or is likely to occur, and is discovered by an attorney covered by the act, and this violation was by an issuer or agent of the issuer; and the violation is likely to result in substantial injury to the financial interests or property of the issuer of to investors. What If There Isn't an Adequate Response? In the absence of an adequate response in the face of credible evidence, the attorney must report up the ladder within the company. Reporting up the ladder means going up the corporate hierarchy until the attorney receives an appropriate response. If the attorney reports to the chief legal officer, the burden of further reporting switches to the chief legal officer. The attorney may start with a special committee of the board or the quality legal control committee, if one has been established. If the attorney does not receive an appropriate response, however, he or she may have to report to the SEC. If the attorney transfers his or her obligation, then the chief information officer or board of board committee may need to report to the SEC. The obligation to report could include individual members of the board. If the attorney has confidential information, that information may be subject to public disclosure. Generally, an attorney (and hence the company's officers and/or directors) may be required to report material violations in the following situations: * to prevent the company from continuing to commit a material violation that is likely to cause substantial injury to the company, or the investing public, and there is no adequate response to the attorney who reported the alleged violation; * to prevent the company (in an SEC investigation) from committing or suborning perjury, or concealing material facts, or using a false document; and * to rectify the consequences of a material violation by the company in which the attorney's services were used that caused, or could cause, injury to the company or investors. Risk Management Over the next five years, there will be accusations at most companies. The accusations themselves can be debilitating. They will cost money, lower morale, affect stock value and be the source of embarrassment for officers, directors and others. It's better to plan ahead rather than try to manage in crisis. The Sarbanes-Oxley Act is extensive. There is considerable controversy as to what each term means. There is controversy about the obligations of an attorney or auditor who is hired to investigate an allegation. This article is not intended to cover all aspects of Item 307. It is clear, however, that each issuer (including small companies) should generally do the following: * Institute a comprehensive training program for its legal staff, officers and directors. They should understand the new rules and what is expected of them. They should also understand the new rules of discovery that can affect them, especially the rules of electronic discovery. * Develop a structured program and system for reporting alleged violation of law. This is critical in the new age of discovery. Also consider a quality legal control committee. * Develop a structured system for dealing with and investigating these allegations. * Consider hiring independent counsel to conduct these investigations because they are more likely to be protected by the attorney-client privilege, and can help guide the issuer through difficult times. The world of professional and executive (including in-house lawyers) conduct has been changed dramatically. Attorneys, officers and directors now have a duty to the investing public. Other federal and probably state agencies are likely to enact their own special rules of practice. With these different rules come different standards. RELATED ARTICLE: How to limit the exposure of directors, officers and attorneys. To comply with the new investigative responsibilities established by the Sarbanes-Oxley Act, companies may set up a process for reporting complaints, a standard for judging the materiality of those complaints, and a process for subsequently investigating and reporting on them. By considering the items on this checklist, the company will have gone a long way toward controlling individual and corporate exposure for attorneys, officers and directors. This is necessary risk management in the brave new world of the Sarbanes-Oxley Act of 2002. [check] Exactly what steps will the chief legal officer take when a report of a material violation of law is received? [check] How, and to what extent, will the investigation be conducted? Will it be by an audit agency, the board, outside counsel? The answer could affect the liability of those conducting the investigation and could affect the privacy of that information. [check] How will a response be presented to the person reporting the violation? What facts will be shared, if any? How will an "appropriate response" be defined by the company, taking into consideration the definitions under the act? [check] What will be considered "remedial action" if a violation is found? Will it include restitution to injured parties? Is it sufficient if the company is planning on adopting remedial measures or must they already have been adopted or implemented? [check] If an outside firm is hired, what factors and issues must be considered in relying on its determination that no violation has occurred (if that is the conclusion)? What if the position of the outside firm is in conflict with the company's regular counsel that blew the whistle? [check] What are the criteria for instructing outside counsel to assert a colorable (subject to contention) defense? [check] What are the criteria for asserting this colorable defense and not reporting the matter any further? [check] When can counsel or the board rely on the representation of the chief legal officer that there is no violation? [check] What is considered a reasonable time period for an investigation of a report? What circumstances will be considered, and how will they be weighed? [check] When should the board of directors, or a special committee of the board, or the qualified legal compliance committee be asked to consent to hiring an outside attorney for purposes of conducting an investigation? [check] What happens when the results of an investigation are inconclusive? How is this handled within the company? [check] When will a company want a defense attorney in addition to an investigating attorney? [check] Under what circumstances should a disclosure be filed with the Securities & Exchange Commission? [check] What will be considered "gossip, hearsay or innuendo," which does not need to be acted upon? [check] Reports up the ladder do not have to be made unless it is reasonably likely that a violation has occurred, is occurring of is likely to occur in the future. How is "reasonably likely" going to be defined? [check] If the attorney is not providing legal services to the issuer, the attorney has no duty to report, and that can be the end of the matter. When is an attorney "providing legal services" to a company? [check] When is an attorney on notice that information he or she is supplying will be submitted of filed with the SEC? [check] What entities are controlled by the company? Subsidiaries can be included within the act. Some subsidiaries are not within the act and thus, are exempt from reporting violations. [check] Who will be considered an agent of the company? Is an underwriter within this definition? When? [check] What is a "similar duty" to a fiduciary duty? [check] Should a qualified legal compliance committee be set up, and if so, what guidelines and procedures should be established for them? What are the drawbacks to setting up such a committee? [check] What criteria will be used when there is uncertainty concerning the best interest of the company (and its shareholders), and the best interests of the investing public? [check] What happens when there is a conflict between state bar ethical rules and this act? [check] Exactly what steps are considered the proper ones when reporting "up the ladder?" [check] What is considered the duty of a board member who does not agree with a majority of the board that no reporting or further investigation is necessary? [check] Who, individually, may have to report to the SEC and when might this be required? If the law develops that the lawyer must report, when might it breach the attorney-client privilege to make this report? If a director or officer reports, when might it breach that individual's fiduciary duty to the company as an officer or director? RELATED ARTICLE: Basic corporate obligations under item 307 of the Sarbanes-Oxley Act. * On Jan. 29, 2003, the Securities & Exchange Commission issued final rules establishing minimum standards of professional conduct for attorneys appearing or practicing before them. * The new rules require attorneys to report evidence of a material violation of securities law or breach of fiduciary duty or similar violation, by a company or agent of a company, up the ladder within the company until the attorney receives an adequate response. * The act is designed to protect the company (called issuer), as well as the investing public. Therefore, legal obligations go beyond traditional concepts. Also, there is likely to be a cascading effect from the act because states are likely to pass little Sarbanes acts. Connecticut has already passed one that will become effective Oct. 1. * If someone at a company believes that an employee or agent of the company has violated the law, the company must act. RELATED ARTICLE: What do these words mean? * Evidence: Credible information that would lead a prudent and competent attorney to believe that a material violation has occurred, is occurring, or is about to occur. It does not mean a mere suspicion. It is an objective standard. * Type of conduct: Either intentional and reckless or negligence it is intentional and reckless if the conduct is a conscious plan. Negligence could be a single instance of highly unreasonable conduct of repeated instances of minor violations. The test has also been phrased in the negative. It is evidence such that, according to the SEC Regulation 17, Code of Federal Regulations 205.2(e), "It would be unreasonable, under the circumstances, for a prudent and competent attorney not to conclude that it is reasonably likely that a material violation has occurred, is occurring or is about to occur." * Material violation: Conduct or information that a reasonable investor would want to be informed about before making an investment. * Securities law: Refers to violations of federal securities laws including the 1933 and 1934 acts as amended by the Sarbanes-Oxley Act, plus any violation of state securities laws. * Breach of fiduciary duty: Recognized at common law, including misfeasance misfeasance n. management of a business, public office or other responsibility in which there are errors and an unfortunate result through mistake or carelessness, but without evil intent and/or violation of law. Misfeasance is distinguished from "malfeasance" which is conduct in violation of the law. (See: malfeasance), nonfeasance nonfeasance n. the failure of an agent (employee) to perform a task he/she has agreed to do for his/her principal (employer), as distinguished from "misfeasance" (performing poorly) or "malfeasance" (performing illegally or wrongly). (See: misfeasance, malfeasance), abdication of duty, abuse of trust and/or the approval of unlawful transactions. * Similar violation: Not defined, but it is likely to encompass a definition that extends beyond a breach of fiduciary duty or a violation of securities law. * Has occurred, is occurring or is likely to occur: An attorney's reporting obligation is not triggered with respect to future conduct until the attorney can be sure that the officer, employee, director or agent will actually pursue the illegal coarse of action. * Discovered by an attorney covered by the act: An attorney who is acting in any way on behalf, at the behest, or for the benefit of an issuer, whether or not employed or retained by the issuer. * Violation by the company of any agent of the company: Violation by an officer, director, employee or legal agent of the company. * Which is likely to result in substantial injury to the financial interests of the issuer or to investors: The attorney has become aware of information that an officer, employee or other person associated with the organization is engaged in action, or intends to act or refuses to act, in a way that will violate his or her legal obligation, and such action or lack of action could reasonably be expected to have a material effect on the issuer's financial statements or property, and which could therefore reasonably affect investors. George D. Royster is an attorney, with Halloran & Sage, Hartford, Conn. |
|
||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion