Governance Challenges When Gatekeepers are “Chilled”

Michael W. Peregrine is a partner at McDermott Will & Emery LLP. This post is based on an article by Mr. Peregrine, with assistance from Joshua T. BuchmanEugene I. Goldman, and Kelsey J. Leingang; the views expressed therein do not necessarily reflect the views of McDermott Will & Emery LLP or its clients.

An emerging governance challenge is the need to address the tension between the pursuit of legitimate corporate strategic goals, and the concerns of internal “gatekeepers” who perceive themselves at increasing personal legal risk for corporate wrongdoing. This challenge is a direct byproduct of new enforcement initiatives of the Department of Justice and the Securities and Exchange Commission, and other recent developments with respect to corporate officials.

The concern is that these developments may cause some gatekeepers and other corporate officials to be much more self-protective in performing their corporate and fiduciary responsibilities, to the possible detriment of strategic implementation. Attentive boards will acknowledge this challenge and engage its gatekeepers in an appropriate resolution.

Who are the “Gatekeepers?”

Regulators often use the term “gatekeepers” to refer to those within the organizational hierarchy who have fiduciary or professional obligations to spot and prevent potential misconduct, and respond to any problems that do occur. These “essential” individuals typically include auditors, lawyers, and compliance officers, as well as directors and committee members. The notion of the corporate gatekeeper has its roots in the Sarbanes-era evolution of corporate responsibility principles. Concerns with “gatekeeper anxiety” can be traced to SEC Chair Mary Jo White’s cornerstone commitment in 2014 to focus the Commission’s enforcement commitment in part on the accountability of “gatekeepers.” [1]

The New Focus on Individuals

A series of specific regulatory developments over the last year combine to increase the personal liability concerns of gatekeepers:

The DOJ Policy. The Department of Justice’s new enforcement policy reflects a view that an effective way to combat corporate misconduct is to hold accountable all individuals who engage in wrongdoing. [2] This new policy serves to shift the primary attention in DOJ investigations from the corporation, to allegedly culpable employees. It also significantly incentivizes companies to “give up” individuals believed responsible for corporate wrongdoing, in order to receive leniency for the company in an ultimate settlement with the government. [3]

When originally introduced in September, 2015, the new DOJ policy was focused on individual accountability in matters implicating criminal and civil corporate fraud allegations. Since that time, comments by DOJ officials have publicly clarified that the policy will apply to individual conduct in the context of any corporate wrongdoing; e.g., to actions instituted under the False Claims Act, to health care and food safety cases brought under the federal Food, Drug and Cosmetics Act, and to civil and criminal violations of the federal antitrust laws. [4]

Compliance Officer Actions. A recent series of enforcement actions have been initiated by the SEC against compliance officers working in the investment adviser sector. [5] In a November, 2015 speech, SEC Enforcement Director Andrew Ceresney acknowledged that these actions “have caused concern in the compliance community,” and pledged continued SEC support for the compliance officer function. [6] That notwithstanding, he confirmed that the SEC will continue to pursue enforcement actions against compliance officers involving conduct the SEC believes to be egregious. Indeed, the SEC’s Enforcement Division has identified three categories of conduct that could expose compliance officers to scrutiny and potential liability. [7]

Audit Committee Actions. Also noteworthy is the series of recent SEC enforcement actions against corporate directors and officers, and members of corporate audit committees. This, despite assurances from SEC Commissioner Luis Aguilar that “conscientious” outside directors “should have nothing to fear” from the SEC. [8] To the extent such actions are instituted, they are typically limited to allegations of direct participation in, or willful blindness with respect to, corporate misconduct. Indeed, several recent SEC enforcement actions against individual directors are consistently cited by industry observers. [9] Two of these have been brought against audit committee chairs, “an infrequent but disturbing occurrence” according to Chair White. [10]

Operation Broken Gate. The SEC’s Enforcement Division, through its “Operation Broken Gate” initiative, is also formally focused on the accountability of “gatekeepers who fail to carry out their duties and responsibilities consistent with professional standards.” [11] While this particular initiative focuses on identifying wrongdoing by auditors, Division staff will also review the conduct of attorneys and other gatekeepers who have special duties and responsibilities to ensure that the interests of investors are safeguarded.

Responsible Corporate Officer. The 28 year prison sentence of a former peanut company executive (following his conviction under the Food, Drug and Cosmetic Act for the sale of misbranded foods) serves as a stark reminder that the government will continue to prosecute individuals under the strict liability “Responsible Corporate Officer Doctrine” for violations of public welfare statutes. [12]

These new policies and enforcement actions have received substantial publicity. Directors and executives are becoming increasingly sensitive to both the existence of the new policies, and the tensions they may create in the management/board relationship. Indeed, a senior Department of Justice official has acknowledged that while the new DOJ policy “may make some employees nervous. …[s]ome may have reason to be nervous.” [13] And in fact they may be. Yet boards should be nervous well—not necessarily for their own exposure, but for the fate of key strategic initiatives that management is charged with implementing.

Informed Risk Taking

Corporate law protects directors who innovate and accept informed risks in their pursuit of the company’s strategic and other initiatives. The concept of “risk” is not antithetical to effective governance, legal compliance and prudent corporate strategy. Indeed, excessive caution by a board may be harmful to the company’s long term sustainability. Yet, in the new enforcement environment, some executives may have an entirely different perspective on risk—at least as it relates to their personal role in implementing certain corporate strategies or performing similar duties. Those who feel “chilled” by concerns with personal liability may not be easily convinced that certain strategic initiatives comfortably fall within the corporation’s risk tolerance range.

The Governance Concern

The primary board concern is that for certain potentially controversial initiatives, some gatekeepers may become “gun-shy;” i.e., may engage in self-protective conduct that frustrates valid board strategic initiatives and other appropriate efforts. This, despite the fiduciary or employment risks a gatekeeper may assume by acting in what may be perceived as his/her own interests, as opposed to the legitimate business interests of the company. Note that this is a concern separate and distinct from the concern, expressed by some knowledgeable observers, that the new DOJ policy will have a chilling effect on employees’ willingness to cooperate in their companies’ internal investigations. We’re talking here about a different kind of “chill.”

Such self-protective conduct may manifest itself in both obvious and subtle ways:

Examples of obvious self-protective conduct could include the gatekeeper’s refusal to engage with the initiative; written or oral expressions of discomfort made to corporate leadership, or—at the extreme—resignation. [14] Examples of subtle self-protective conduct could include approaching an initiative with excessive cautiousness; substantial equivocation in his/her observations or recommendations; or simply delegating initiative responsibility to a lower level of management. Whether obvious or subtle, it is conduct intended to provide the gatekeeper with “plausible deniability” as to material involvement with, and support of, the initiative. Yet, the board must be extremely careful not to misinterpret or confuse such self-protective comments, or other indicia of “gun-shy” behavior, with legitimate expressions made by gatekeepers of compliance-related, or other concerns.

To a certain extent, this is all just human nature. And, the government may, indeed, applaud self-protective conduct as an appropriate check and balance to problematic corporate behavior. But it becomes a governance issue when such self-protective conduct impedes the implementation of otherwise legally appropriate strategies.

The Board’s Challenge

The challenge for the governing board is multifold. On the one hand, it is expected to exercise informed risk taking with its strategic initiatives, while continuing to promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law. It must also be prepared to take steps to achieve credit for corporate cooperation should the organization become subject to Department of Justice investigation. On the other hand, it will want to preserve and enhance the loyalty, morale, support and confidence of the corporate management team, such that it may successfully implement its strategic initiatives.

How, then, can board members do their jobs and implement appropriate corporate strategy in the face of roadblocks raised by self-protective conduct? Indeed, some individual board members may feel the same concern regarding issues of their own personal liability, and thus may become more inclined to say “no.” How do leaders make difficult and important decisions for the company when they feel pressured to prioritize concerns with their personal liability profile over concerns with the legitimate interests of the company?

Possible Action Items

A pro-active response by the governing board might include elements of the following:

  1. An internal board-to-gatekeepers acknowledgement that this new tension exists; why it exists; why it is more the function of human nature than it is of bad faith; and of the risks that can arise from this conduct.
  2. Assure gatekeepers that corporate strategic plans are consistent with the board-approved risk profile for the corporation, and that all major corporate strategy decisions have been carefully vetted by experienced legal counsel.
  3. Provide gatekeepers with clear legal advice on the proper implementation of approved corporate strategies. Make it known that company lawyers are available to counsel gatekeepers at all times.
  4. Enhance gatekeeper confidence in the effectiveness and rigor of existing corporate compliance and risk management programs, and of conduits through which gatekeepers and others can express—without fear of retribution—to the highest organizational authorities their concerns about individual strategic initiatives.
  5. With the help of qualified advisors, carefully review the adequacy of existing indemnity and insurance coverage available to gatekeepers. The goal is to assure gatekeepers that “state of the art” coverage is in place with the best possible terms; e.g., whether the policy covers fines and penalties assessed by a regulatory agency, and how policy coverage is affected by the presence of multiple defendants seeking coverage, and multiple actions (i.e., the potential for “catastrophic circumstances”).


New federal regulatory initiatives that focus on the culpability of corporate “gatekeepers” (as well as other employees) can, in certain circumstances, create barriers to the implementation of otherwise appropriate corporate strategies. These barriers could arise from the understandable tendency of some gatekeepers to place their own personal interests above the goals of the corporation when the two appear to be in conflict.

The attentive board will acknowledge the potential for this conflict and will take a series of pro-active steps to reduce the understandable concerns of gatekeepers. Such steps should be consistent with a top-down organizational “culture of compliance” that the board is responsible for maintaining. In that way, the board’s action will be additive to existing corporate compliance and risk management programs. And, ultimately, that’s what the new government enforcement policies seek to achieve.


[1] Chair Mary Jo White, “A Few Things Directors Should Know About the SEC,” June 23, 2014,, discussed on the Forum here.
(go back)

[2] Memorandum from Sally Quillian Yates, Deputy Attorney General, U.S. Department of Justice, September 9, 2015, Individual Accountability for Corporate Wrongdoing (Guidelines), available at
(go back)

[3] Remarks of Deputy Attorney General Sally Quillian Yates at New York University School of Law Announcing New Policy on Individual Liability in Matters of Corporate Wrongdoing (September 10, 2015); available at
(go back)

[4] See, e.g., Remarks of Principal Deputy Assistant Attorney General Benjamin C. Mizer at the 16th Pharmaceutical Compliance Congress and Best Practices Forum (October 22, 2015); available at; remarks of Deputy Assistant Attorney General Jonathan Olin at the Food and Drug Law Institute’s Enforcement, Litigation and Compliance Conference (December 9, 2015); available at; Daniel Wilson, “DOJ Official Says Civil Side of Yates Memo Wrongly Ignored,” Law360 (November 12, 2015).
(go back)

[5] See, e.g., Evan Charles, “SEC Focuses Attention on Chief Compliance Officers”; New York Law Journal, August 13, 2015.
(go back)

[6] Remarks of Andrew Ceresney, Director, Division of Enforcement, Securities and Exchange Commission to the 2015 National Society of Compliance Professionals National Conference (November 4, 2015 [henceforth, “Ceresney Remarks”]); available at:
(go back)

[7] “Ceresney Remarks,” supra at p. 4.
(go back)

[8] Commissioner Luis A. Aguilar, “The Important Work of Boards of Directors,” October 14, 2015;, discussed on the Forum here.
(go back)

[9] See, e.g., Bradley J. Bondi, Bart Friedman, Sean P. Tonolli and Margaret D. McPherson, A Brief History of SEC Enforcement Actions Against Directors, LAW360 (Oct. 16, 2015),; Press Release, U.S. Securities and Exchange Commission, SEC Announces Enforcement Results for FY 15 (Oct. 22, 2015),; Kevin LaCroix, SEC Enforcement Actions Against Outside Directors, The D&O DIARY (Oct. 18, 2015),
(go back)

[10] Chair Mary Jo White, “A Few Things Directors Should Know About the SEC,” June 23, 2014,, discussed on the Forum here.
(go back)

[11] Securities and Exchange Commission, 2016 Budget Request by Program (at p. 81); available at
(go back)

[12] Department of Justice, Office of Public Affairs (September 21, 2015), “Former Peanut Company President Receives Largest Criminal Sentence in Food Safety Case; Two Others Also Sentenced For Their Roles in Salmonella-Tainted Peanut Product Outbreak;” available at:
(go back)

[13] Remarks of Deputy Attorney General Sally Quillian Yates at American Banking Association and American Bar Association Money Laundering Enforcement Conference (Monday, November 16, 2015); available at
(go back)

[14] See also, the ongoing controversy in the Pennsylvania courts involving the propriety of “reporting up” and “reporting out” rights and obligations of general counsel under state law (and, by association, state rules of professional responsibility). Commonwealth v. New Foundations, Inc., No. 145 MAP 2014 (Pa. June 15, 2015) (order vacating Commonwealth Court’s opinion and remanding for further proceedings).
(go back)

Both comments and trackbacks are currently closed.