While attending a conference on boards of directors years ago, consultant Steven Ortquist met a “professional” board member who said he wouldn’t accept a seat on a board anymore unless it had a committee exclusively for compliance oversight. “It wasn’t enough to have an audit committee,” said Ortquist, founder of Arete Compliance Solutions in Arizona. “He saw the writing on the wall.”
The writing on the wall turned out to be recent changes in Delaware case law that have made board members everywhere more vulnerable to personal liability. “What the law says these days is if a director sees red flags or an indication there are problems, the director has an obligation to take action to address those problems,” Ortquist said.
Compliance officers and boards of directors everywhere should take note of these developments. “If you’re not organized or located in Delaware, it doesn’t matter. Courts in your state look to Delaware case law to decide how to manage your case,” he explained. And it affects board member obligations whether the organization is for-profit, nonprofit or venture-capital backed—“whoever you are, these things are in play for you.”
That’s why it’s a good time for boards to reassess how they meet their obligation to provide oversight of the compliance program, Ortquist said at a Sept. 6 webinar sponsored by the Health Care Compliance Association. There have been large-dollar settlements in lawsuits against boards of directors in the wake of enforcement actions against their companies. “Boards are put in the position that they or their insurers decide it makes more sense to settle as a result of derivative litigation,” he noted.
Two Fiduciary Obligations
Boards have two fiduciary obligations to their organizations. One is the duty of care, which requires board members to act in good faith, “with the level of care an ordinarily prudent person would exercise in like circumstances and in a manner that they reasonably believe is in the best interest of the corporation,” he said. The other is the duty of loyalty. “It’s really in play when we think about board member oversight of the compliance program,” Ortquist noted. The duty of loyalty “requires a director to act in good faith and with the conscientiousness, fairness, morality and honesty that the law requires of fiduciaries.”
He explained how views of fiduciary duties evolved over the years. In 1963, the Delaware Supreme Court ruled in Graham v. Allis-Chalmers that without red flags, “there is no duty upon the directors to install and operate a corporate system of espionage to ferret out wrongdoing which they have no reason to suspect exists.”[1] Ortquist said that was the status quo for many years.
Fast forward to 1996 when the landmark Caremark decision came down, changing everything.[2] Caremark, a pharmacy management company, settled a case with the U.S. Department of Justice (DOJ) for $250 million over kickback allegations. Then it was hit with a shareholder derivative lawsuit alleging the board failed to oversee compliance processes, Ortquist said. The Delaware Chancery Court ruled that the board of directors’ duty of care includes a duty to try to ensure there’s a corporate information and reporting system and the reporting system is sufficient to ensure appropriate compliance-related information will come to their attention timely, Ortquist explained.
For the previous 30 years, boards had no obligation to ferret out wrongdoing, but the Caremark decision changed that.