Robert Biskup is a managing director at Deloitte Risk & Financial Advisory, Krista Parsons is a managing director at Deloitte & Touche LLP, and Robert Lamm is Independent Senior Advisor at the Center for Board Effectiveness at Deloitte LLP. This post is based on their Deloitte memorandum.
Introduction—Compliance oversight as a board responsibility
Nearly 25 years have passed since a landmark decision of the Delaware Chancery Court involving the board’s role in compliance oversight. The case was based upon claims that the board in question had breached its fiduciary duty regarding compliance with legal requirements applicable to health care providers, leading to an extensive federal investigation, an indictment charging multiple federal felonies, and fines, penalties, and damages approximating $250 million. Among its other findings, the Chancery Court concluded that:
“a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and . . . failure to do so under some circumstances may . . . render a director liable for losses caused by non-compliance with applicable legal standards.” [1]
As a result of this decision and its progeny, it is now settled doctrine that a board of director’s fiduciary duties include establishing that management has an effective corporate compliance program in place, exercising oversight of that program, and taking regular steps to stay informed of the program’s content and operation. Aside from the many adverse consequences of an inadequate compliance program, a breach of these duties can result in shareholder derivative litigation, and may even subject board members to personal liability under some circumstances (though that did not happen in the case cited above). Of equal or greater importance, a compliance failure can lead to critical operational, reputational, and other business challenges that can haunt a company for years—or even destroy it.