The Independent Director’s Toolkit

Proactive strategies for oversight of investigations and compliance crises implicating financial reporting and internal controls

Independent directors often find themselves thrust into crisis management and leadership roles when there is a need for independent investigation or for resolution of a critical compliance issue. They interact with management that often is focused on short-term rather than long-term responses and navigate the minefields of fiduciary duties and competing demands for stakeholders. Complicating this is the increasing frequency with which independent auditors are threatening to initiate reporting procedures under Section 10A of the Securities Exchange Act of 1934 absent an independent investigation into suspected wrongdoing.1 In this article, we recommend 5 proactive steps independent directors can take to assure they are prepared to respond when problems arise, and to do so in a manner consistent with established principles of corporate governance and regulators’ expectations.

Principles of Corporate Governance and Regulators’ Expectations
On their first day of board orientation training, amid presentations on company objectives and corporate structure, new directors are typically reminded of the prerequisites for protection under the business judgment rule and the fiduciary duties of care and loyalty owed to company shareholders.2 These duties rest at the core of a director’s good faith oversight and stewardship responsibilities. While “directors’ good faith exercise of oversight responsibility may not invariably prevent employees from violating criminal laws, or from causing the corporation to incur significant financial liability or both,”3 directors are expected to take steps to implement reasonable reporting, information and compliance systems, and address corporate misconduct of which they become aware.4

Parallel to the legal standards articulated in Caremark and its progeny, the Sarbanes-Oxley Act (“SOX”) sets expectations for audit committee (and consequently independent director) responsibilities.5 These include oversight of the company’s independent auditors, review of audit reports and establishment of procedures to address complaints regarding the company’s accounting and financial reporting. SOX empowered audit committees to hire independent counsel to assist them in fulfilling their responsibilities, typically in the context of audit committee-driven investigations, compliance reviews and evaluation of related-party and other transactions that raise the specter of a conflict of interest on the part of management.

U.S. regulators have been vocal in commenting on the roles and responsibilities of independent directors. “One question we are often asked is whether some of the things we are doing may actually discourage strong directors from serving on boards because of the risk that they may unfairly find themselves on the wrong end of an SEC enforcement action. While we do bring cases against directors, these cases should not strike fear in the heart of a conscientious, diligent director.”6 The Securities and Exchange Commission (“SEC”) and the Department of Justice (“DOJ”) have been particularly strident with respect to financial reporting and Foreign Corrupt Practices Act matters. In addition, the SEC has become more searching in its review of audit committee interaction with independent auditors, including exploring proposed revisions to audit committee disclosure requirements designed to delve deeper into the audit committee’s oversight of the independent auditor.7

“Director training should provide a basis from which the directors can ask questions regarding compliance risks and analyze responses consistent with their oversight responsibilities.”

The Toolkit: Proactive Strategies for Independent Directors
There is no effective one-size-fits-all approach to optimal corporate governance or neat checklist for directors. That said, there are concrete steps the conscientious director can take to meet the recurring challenges and expectations of regulators and stakeholders.

Company Culture and Tone from the Top – “Culture” and “Tone” have become buzzwords in the governance lexicon and in discussions with regulators. The challenge for the board is to turn these into more than just platitudes. Independent directors should play a direct and forceful role in overseeing the work required to create a strong, ethical culture that is openly endorsed by board members and senior management. Deliverables in this regard can include: (1) unambiguous written and oral statements advocating compliance by senior management and the board; (2) clear repercussions and incentives for company personnel based on compliance performance; and (3) regular interaction and open dialogue between the company’s compliance leaders and the audit committee or compliance committee, including discussion of recent issues and opportunities declined due to compliance concerns.

Risk Management and Compliance Infrastructure – Independent directors should require evidence from management that the company has a risk-based approach to identify high-risk compliance issues and to prioritize resources accordingly. Such evidence may include: (1) regular reports regarding the recent activities of the company-level Governance and Risk Committee or similar entities; (2) annual compliance risk assessments; (3) reports regarding formalization of compliance standards and controls, employee training and ongoing monitoring of compliance activities; and (4) proof that compliance concerns and initiatives are communicated clearly throughout the company in a manner designed to avoid a silo approach.

Specialized Considerations: Independent Investigations and Compliance Crises – The time to establish a crisis management strategy and investigative protocol is before such measures are needed. Independent directors should encourage the board to establish a framework for the board’s response in the event an independent investigation is necessary. This may include proactive delegation of oversight responsibility to the company’s audit committee or a special litigation/investigation committee. It also may include an annual presentation from management, including the legal and compliance functions, as to the company’s readiness in the event a government inquiry, whistleblower complaint or other event gives rise to the consideration of an independent investigation. Such a presentation should include the following topics, and may be supplemented by advice from external counsel: (1) process for reporting, evaluation and escalation of circumstances giving rise to consideration of an investigation; (2) familiarity of the legal, finance, internal audit, communications and IT functions with the basics of document preservation, confidentiality and investigative protocols; (3) factors for considering disclosure to regulators, independent auditors, company personnel and the market.

Training the Board – It is important for independent directors to have sufficient training to be familiar with more than just principles of corporate governance, personal trading and the organization of the company. Director training should provide a basis from which the directors can ask questions regarding compliance risks and analyze responses consistent with their oversight responsibilities. Annual training may include overviews of topical issues, particular risks and related internal controls such as: (1) anti-corruption; (2) accounting fraud and financial reporting; and (3) cybersecurity. A particularly timely topic for training in today’s enforcement environment is how the audit committees can build a positive relationship and productive interaction with the company’s independent auditor. Sound practices in this regard can mitigate risk in the event of an investigation or enforcement action. They also are consistent with the audit committee’s obligation to oversee the financial reporting and the independent audit relationship.

Making the Record – One outgrowth from the recent surge in regulatory enforcement investigations and prosecutions is the realization that a documented approach to corporate governance and adherence to fiduciary duties can provide tangible benefits to the board and its directors. This is critical in the context of a board committee’s evaluation of issues involving investigations and compliance crises. Clear, current minutes of audit committee or special investigative committee meetings are important evidence of the directors’ fulfillment of their obligations under Caremark. These are not ministerial records. Drafting minutes of this sort requires skill and experience. They cannot be simple, self-serving statements and should balance the need for confidentiality with the value of demonstrating the directors’ exercise of judgment in weighing the advantages and disadvantages of a proposed course of action and the sometimes competing interests present at the company.

Implementation of these strategies may not guarantee a worry-free tenure for independent directors, but it will improve the awareness and discussion regarding corporate governance. It will demonstrate the conscientious independent director’s adherence to the bedrock principles of fiduciary duty articulated in Caremark and espoused by regulators.

This article was co-authored by Jae Sung Kim – Summer Associate.

1Securities and Exchange Act of 1934 § 10(A), 15 U.S.C. § 78j-1.
2See In re Caremark Int’l, 698 A.2d 959, 971 (Del. Ch. 1996).
3Stone v. Ritter, 911 A.2d 362, 373 (Del. 2006)
4id at 370
5Sarbanes-Oxley Act of 2002, Pub. L. No. 107-204, 116 Stat. 745 (2002).
6Mary Jo White, Chair, U.S. Securities and Exchange Commission, “A Few things Directors Should Know About the SEC” (June 23, 2014).
7Possible Revisions to Audit Committee Disclosures, 80 Fed. Reg. 38,995 (July 8, 2015).

  • Get the Corporate Board Member Newsletter

    Sign up today to get weekly access to exclusive analysis, insights and expert commentary from leading board practitioners.



    AI Unleashed: Oversight for a Changing Era




    20th Annual Boardroom Summit

    New York, NY