U.S. Securities & Exchange Commission
SEC Seal
Home | Previous Page
U.S. Securities and Exchange Commission

Speech by SEC Staff:
Remarks before the Vanderbilt Director's College


Giovanni P. Prezioso

General Counsel
U.S. Securities and Exchange Commission

Nashville, TN
September 23, 2004

As a matter of policy, the Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners or other members of the staff.

Thank you, Jim, for the kind introduction. It is a pleasure and an honor to speak to this group today, and to kick off what promises to be an exceptionally interesting and rewarding conference. As always, the views I express today are solely my own, and do not necessarily represent those of the Commission or my colleagues on the staff.

It was gratifying to see that former Chairman Breeden will be addressing the conference this evening. I suspect he will have a few suggestions about some of the things that directors should not be doing. My hope is to focus, instead, on some of the things that directors should be doing - or at least some of the questions they should be asking - in the post-Sarbanes-Oxley era, particularly when they are confronted with evidence of misconduct by a company's CEO or other senior management.

First, I would like to review briefly the ways in which the Sarbanes-Oxley Act and other recent developments have made this topic so central to the concerns of directors today - and how it fits into my assessment of the broader objectives of that legislation and the Commission agenda. Second, I would like to touch on the potential benefits to directors - as well as the potential legal liabilities - associated with those developments. Finally, I would like to offer some thoughts, from my perch within the Commission, on the questions a board may want to consider when evaluating information - particularly information suggesting potential misconduct sufficient to trigger an internal investigation or other similar response.

Getting Information to Directors: the Post-Sarbanes-Oxley Landscape

The Sarbanes-Oxley Act and recent Commission rulemaking have led, as you all know, to substantial changes in the legal and regulatory landscape for public companies. The large number, variety and pace of the changes has, at times, made it difficult to discern a simple or overarching set of policy principles guiding them. Nonetheless, one theme emerges, I think, in reviewing the changes as a whole: more, and better, information must be disseminated to directors and other fiduciaries and "gatekeepers" acting on behalf of public companies.

The policy logic of ensuring the broader spread of information is straightforward and has a long history in securities law enforcement.1 Financial fraud and other securities law violations rarely can occur without the participation, even if only tacit or unwitting, of a host of fiduciaries and advisers - officers, directors, accountants, bankers and attorneys. By ensuring that these fiduciaries and advisers obtain greater information, the securities laws can better enable them to thwart potential violations. Further, viewed more cynically, these fiduciaries cannot, if provided with complete information, avail themselves of the sometimes convenient "Sergeant Schultz" defense - protesting innocently when things go awry that they "knew nothing" of the misconduct.

Consider some specifics. Under Section 404 of Sarbanes-Oxley, issuers now must assess periodically the effectiveness of their internal controls - a key step in assuring that management does not overlook potential weaknesses in its business processes. Similarly, the CEO and CFO certification requirements of the Act - by focusing senior managers' attention on their personal responsibility for company disclosure and internal controls - have heightened management's commitment to ferreting out problems that might otherwise have gone unnoticed.

The increased flow of information to a company's senior officers is supplemented under the Act by provisions designed to strengthen the role of the company's board. Under Section 301, listed companies must have an independent audit committee. Notably, the committee must have procedures in place for the receipt, retention and treatment of complaints regarding accounting and related internal control and auditing matters.2 Further, the Act seeks to ensure that the board will understand the material provided to it: Section 301 provides that the audit committee must have the authority and funding to retain counsel and other advisers; and Section 407 requires the disclosure of whether the issuer's audit committee contains a qualified "financial expert" with experience in relevant accounting matters.

Sarbanes-Oxley also establishes new regulatory requirements for lawyers to assure that information relating to potential misconduct will reach the most senior levels of the organization. The Commission's regulations under Section 307 of the Act generally require a public company's attorneys - both inside and outside counsel - to report evidence of a material violation of the securities laws, a material breach of fiduciary duty, or a similar material violation "up-the-ladder" to the company's chief legal officer. If the chief legal officer does not make an appropriate response to the evidence of a violation, the attorney must bring the information to the attention of an appropriate committee of directors or the full board. In addition, Section 806 of the Act provides protection to "whistleblowers" who provide information to the government or senior company officials regarding conduct that an employee reasonably believes may violate securities regulations and similar laws.

Efforts to improve the flow of information to senior managers and directors have not been limited to Sarbanes-Oxley. For example, the Commission's recent mutual fund initiatives include a new requirement that a fund's compliance officers report directly to the board.3 They also include a series of new disclosure requirements that will not only help investors, but will also likely have the added benefit of keeping boards better informed about various aspects of their funds' businesses.4

The Impact on Directors of Increased Information

Ensuring that information finds its way to officers, directors and other fiduciaries and agents, of course, merely sets the stage - they still have to decide what to do with the information once they receive it. What are the duties of directors in these circumstances?

As a threshold matter, it's striking how little Sarbanes-Oxley or Commission regulations have done to alter the formal legal standards governing the fiduciary duties of public company directors. As in the past, the fundamental fiduciary obligations of directors continue to arise under state corporate law (an area which has independently been evolving, as others at this conference will discuss). Directors' additional obligations under the securities laws have generally focused on assuring accurate disclosure and preventing fraud.

Nevertheless, in practice, much has changed. Historically, it has often been difficult to establish violations of the securities laws by directors - even some whose good faith may fairly be questioned - because of their ability to assert ignorance of the underlying facts or misconduct. Further, directors have often buttressed the defense of their conduct by asserting their reliance on management, accountants and counsel - who themselves often have not had access to all the relevant facts. By broadening the dissemination of salient information, to directors as well as the advisers upon whom they rely, Sarbanes-Oxley and other recent regulatory initiatives reduce the likelihood that a director can reasonably assert a "pure heart, empty head" defense against liability. It is hard to imagine why, from an investor perspective, this is not a good thing.

The potential for increased director liability, though, raises at least one point of recurring sensitivity: will these new laws and regulations deter qualified individuals from serving on corporate boards? Directors have expressed concerns that, at least in the case of seasoned business executives, the incentives to serve on corporate boards do not adequately offset the risks of board service. They observe that many directors, including many of the best ones, do not need the money and that they accept their positions principally to broaden their experience and to widen their networks of personal contacts.

Two responses come to mind when I hear these concerns. First, the actual increase in liability risk to directors is, in my view, likely to be small, at least when the directors are acting in good faith and with appropriate care. Directors generally receive substantial protection from private liability through insurance and indemnities. Further, while the Commission's enforcement program has been active and growing in this area, I doubt many in this room could name more than three companies whose directors have been charged with securities law violations in the past couple of years. Second, and perhaps more controversial, it is not entirely clear to me that directors should be drawn exclusively, or even principally, from the ranks of those who view board service primarily as a means to enhance their own professional education and personal networks. There is nothing wrong with this motivation, but no one should mistake board service for a fellowship or a hobby - it's a job, and a serious one at that.

Of course, many will rightly add, directors care not only about legal liability, but also about their reputations: they do not want to take on positions that will reflect badly upon them or injure their standing among peers or in the community. On this point, I would argue, critics of the new rules have got it exactly backwards. It's true that ignorance may in some cases limit directors' legal exposure. But the scandals of the last few years have made it plain to all that "what you don't know" can (very badly) hurt your reputation - not to mention entangle you in extended and vexing litigation that will not increase your love of lawyers.

The new legal regime gets more information into the hands of directors as well as the officers and professionals upon whom they rely. In this way, it has the potential to strengthen greatly directors' ability to protect their reputation. Thus, if anything, it should encourage qualified directors to enter or remain in an arena that they might otherwise shun.

Considerations in Complying with the Securities Laws

Now, part of my job is to review and sit in on the Commission's deliberations of every enforcement case. From that perspective, what considerations would I, as a Commission lawyer, encourage directors to think about when reviewing all this new information - particularly when faced with potential evidence of misconduct?

First, does the information presented to you make sense, both as a business matter and as a matter of logic and experience? This point is pretty obvious, but it is also central to many of the enforcement matters now before the Commission. In a remarkable number of cases, senior company officials have failed to ask questions when presented with information that should have seemed implausible - or at least highly improbable. When management tells you that the company made its numbers by some novel cost-free change in operations or legal structure, you should wonder if that's very likely. If management presents quarter after quarter of operating profits at identical or near identical profit margins, you should wonder if it's good fortune or something more like high school chemistry lab results.

Second, are you receiving the information from a source with a conflict of interest? Directors always should apply a healthy degree of skepticism to information from any source, but this is particularly true when presented with information from management or others in circumstances where their interests are not aligned with, and even may be directly antithetical to, those of the company. The most striking examples, of course, arise in the case of related party transactions. It is hard to understand why directors would approve transactions with company officers (or other directors) and their relatives or affiliates without ensuring adequate disclosure or fully considering their obligations under state law. These transactions can include, I might add, expansions of the indemnities for officers and directors, especially in cases where evidence of misconduct has already been uncovered. Similarly, mutual fund directors often rely quite heavily on information provided by their fund's investment adviser - even though they know the adviser's interest on matters of fees, expenses and many other items may run entirely counter to the interests of the fund.

Third, do you understand all of the important technical, legal and other relevant aspects of the information that you have received? The material provided to directors often contains subtle judgments about legal, accounting and other technical issues. While directors can't be expected to second-guess the decisions of qualified experts, they can be expected to understand the factual assumptions underpinning the advice of lawyers, accountants and others. When the factual assumptions explicitly relied upon by those experts don't square with the facts known to a director, the Commission likely will question the director's ability to rely reasonably or in good faith on the experts' conclusions. Further, if the adviser cannot effectively respond to directors' questions, or if the situation involves a counterintuitive conclusion, there is no reason that directors should hesitate to seek a second, independent opinion. Moreover, ignorance of the law is no more an excuse for directors than for anyone else. There simply is no basis for any director to serve on the board of a public company without a basic familiarity with the substance of the securities laws and other legal obligations governing the company's activities and its directors.

Finally, have you had sufficient time to evaluate written materials, to speak with senior management and consultants, and to make thoughtful and informed decisions? Many of our cases involve situations in which business or other exigencies led directors (and others) to move so quickly that they missed key red flags.

Of course, when you hear me raising these kinds of questions, they sound quite mundane and, fundamentally, I think they are: has a director taken the steps that an honest and conscientious person would take in his or her own affairs? The Commission knows that business decisions are hard and is not interested in playing a game of gotcha' with 20/20 hindsight. If a director of a public company acts the same way a director would act if serving at a private company in which he or she has a significant personal financial interest, the director will rarely, if ever, cross the line under the securities laws. And if you're ever in doubt, you can always fall back on the "New York Times" test - or a modern variation that I find helpful: imagining that there is a videotape of your deliberations that will be played in the closed Commission meeting room.

Addressing Evidence of Potential Misconduct

Before concluding, I would like to focus specifically on one of the most difficult categories of information that directors must evaluate and address: evidence of potential misconduct by a company's officers and employees. This is a category of information that, as I mentioned earlier, Sarbanes-Oxley specifically seeks to bring more frequently and systematically to directors' attention.

The number of whistleblower cases handled by the Department of Labor is growing: as of earlier this year, the Department had already received almost 200 complaints under Sarbanes-Oxley. Further, at least based on anecdotal evidence, attorneys have taken their obligations under Section 307 of Sarbanes-Oxley and state law very seriously: my informal impression is that they are regularly directing evidence of misconduct to chief legal officers and, in many cases, directly to boards of directors.

The Commission's attorney conduct rules under Section 307, in the first instance, call for a company's chief legal officer to "take all reasonable steps to cause the issuer to adopt an appropriate response" to the evidence of a material violation The rules focus primarily on the obligations of lawyers - but directors, as fiduciaries, also cannot ignore violations without risking a breach of their duties and possibly becoming complicit in the misconduct.5 Thus, directors too must face the question of what is an "appropriate response" to evidence of a material violation.

In this connection, the Commission's new rules contain several new provisions with significant implications for directors.

First, in connection with the obligation of a company's chief legal officer to implement an "appropriate response," the Commission's regulations establish a specific duty of inquiry on the chief legal officer to ascertain whether or not a violation has occurred.6 And in cases where a violation has been found to occur, the regulations, like the Act itself, call for the adoption, as appropriate, of remedial measures or sanctions.7 Each of these requirements establishes a baseline of conduct for attorneys that it would seem unwise for boards themselves to ignore.

Second, the regulations articulate two categories of "appropriate response" that specifically require the consent of the company's board of directors, or an appropriate committee of the board.8 Thus, an appropriate response may include, if the directors consent, retaining an attorney to review the evidence and either (i) obtaining advice that the attorney may ethically assert a colorable defense to the reported evidence of a violation or (ii) implementing any recommendations of the attorney after a reasonable investigation and evaluation of the reported evidence.

Let me pause briefly on this point. The strong incentives for cooperation, in both criminal and Commission investigations, appear to have greatly increased the number of independent investigations undertaken by companies presented with evidence of potential misconduct. I encourage and applaud this development. I would sound a cautionary note for directors, though. Authorizing an independent investigation should not be approached with a bureaucratic or purely process-oriented mindset: the company's interests may not always be served by such an investigation if it is not structured correctly, and directors cannot take a passive approach when launching an investigation or considering its results.

In the enforcement context, in particular, we have come to see investigations in which companies did not provide sufficient authority or resources to the lawyers and other professionals conducting an investigation. In other cases, companies have unduly circumscribed the scope of their inquiry. Sometimes lawyers do not have the ability to ask questions of all relevant persons; sometimes accountants are asked to offer opinions based on limited factual presentations. The injury to a company from a poorly structured or executed investigation can be substantial: when regulators or enforcement authorities ultimately develop the full story, the company's credibility is injured, its attempts to claim credit for cooperation will be jeopardized, and the surprise to shareholders and others can further damage the company's reputation.

Thus, I would urge directors, when authorizing an independent investigation, to assure that their consent to any investigation is fully "informed": Have they duly considered who will conduct the investigation? Have the investigating professionals been given adequate resources and tools to conduct the investigation effectively? Has the scope of the investigation been appropriately defined? Like all of you, I am acutely aware of the costs associated with these inquiries, but once they are undertaken, they are worse than useless if conducted ineffectively.

A third element of the Commission's new lawyer rules also has special significance for directors confronted with evidence of a material violation. For the first time, the Commission has established a uniform federal rule that in some circumstances permits attorneys - without the consent of an issuer - to reveal confidential information to the Commission obtained in the course of their legal representation. These rules permit "reporting out" whenever, among other things, an attorney reasonably believes it necessary to prevent the issuer from committing a material violation, or to rectify a material violation, that is likely to cause substantial injury to the financial interest or property of the issuer or investors.9 In other word, directors now face a heightened prospect that, if they fail to do the right thing, the company's lawyers will ask the Commission to do it for them.

As you have probably heard, a debate is raging within the bar as to whether this permissive "reporting out" rule is a good thing - even though the rule basically conforms to the law that has applied in most states for many years. Regardless of your views in that debate, the practical fact is that the rule is a part of the new landscape that everyone must deal with - and I think it presents more opportunities for directors than peril.

I say this because, in my experience, most directors want to do the right thing. And in those cases where management may be implicated in wrongdoing, that will never be an easy task. The confidence that lawyers' interests will fully align with those of directors can assist the board in implementing sometimes difficult remedial steps against the will of recalcitrant officers. Indeed, we have learned of specific circumstances in which management, implicated in potential violations, has refused to act - and where attorneys' willingness to "report out" to the Commission has given directors critical leverage in addressing problematic conduct.


Let me conclude on that positive note, since I think it is consistent with the broader underlying theme I've tried to highlight today: the ways in which new laws and regulations have strengthened the hand of directors. Congress and the Commission have not, in my view, tried to change the traditional oversight role of directors: it is still to set broad policy and oversee management, not to take over the executive functions of a company's officers. The test of the new regulatory regime, which has not, even now, come fully into effect, will be how directors use these new tools, particularly their increased access to information about key matters of significance to the company's operations. Early returns suggest that, in fact, the new rules may be starting to achieve their intended effects - and I'm hopeful that, with a little luck, we will someday look back at this time as a new era of director empowerment.

Thank you for giving me so much of your time today.



Modified: 11/30/2004