S-Ox Is Not Revolutionizing Officer And Director Liability (Yet)

Friday, September 1, 2006 - 01:00

The Sarbanes-Oxley Act of 2002(S-Ox) was a significant and sweeping legislative response to the corporate accounting scandals and ensuing bankruptcies that followed the high tech boom of the late 1990s, as epitomized by the collapse of Enron. Most provisions ofS-Ox gave the Securities and Exchange Commission unprecedented rulemaking power over the corporate governance practices of public companies, an area historically regulated by state corporate law and the stock exchanges. Four years after the passage of S-Ox, most companies have implemented the bulk of the SEC's new rules, including the requirements for officers and directors to certify a company's annual and quarterly reports, for companies to establish and evaluate internal control over financial reporting, for auditors to comply with more stringent independence tests and for audit committees of listed companies to be fully independent.

On top of complying with the new legal requirements, some companies have voluntarily adopted additional internal policies and procedures with the goal of meeting or exceeding today's more stringent best practices in corporate governance. Not surprisingly, plaintiffs in corporate and securities litigation, including class actions, are now relying on S-Ox requirements, or appealing to post-S-Ox best practices in corporate governance, to help prove their cases. A theme emerging from the cases decided so far this year is that S-Ox-related requirements and standards are not yet emasculating our existing legal tests for officer and director liability, although they may rightly influence a judge's assessment of the evidence or, unfortunately, provide fodder for litigation. It remains to be seen, however, whether existing standards of liability, particularly in cases involving directors' fiduciary duties, can remain stable in the face of rising standards of best practices in governance.

S-Ox Certifications And Scienter In 10b-5 Cases

Plaintiffs in U.S. securities fraud class actions are required to plead specific facts giving rise to a strong inference of scienter , meaning that the defendants acted knowingly, or at least recklessly, in making false or misleading disclosure. Now that CEOs and CFOs of public companies are required to certify the accuracy of a company's financial statements as well as report on the quality of a company's internal controls, judges in securities fraud class actions are having to address the link between the CEO/ CFO certifications and the scienter element of Rule 10b-5 under the Securities Exchange Act of 1934. As part of their S-Ox certifications, CEOs and CFOs must state, among other things, that

  • to the best of their knowledge, there are no material misstatements or omissions in the annual or quarterly report;
  • to the best of their knowledge, the financial information in the annual or quarterly report is fairly presented; and
  • they have designed, or caused to be designed under their supervision, internal control over financial reporting to provide reasonable assurance of the reliability of the company's financial statements.
  • In securities fraud class actions under Rule 10b-5, the question is how far the signedcertifications go in helping plaintiffs prove the scienter element - that is, that the officer knew, or was reckless in not knowing, that a company's public reports contained a material misstatement or omission. Three recent cases decided in U.S. district courts suggest that the certifications will be helpful to plaintiffs from an evidentiary point of view, but will not, by themselves, go all the way to proving scienter .

    In Watchguard Securities Litigation , the plaintiffs argued that the CEO and CFO must have known that the company's financial results contained accounting errors because the officers certified that they designed and evaluated the company's internal control over financial reporting. The judge disagreed, holding that the certifications were insufficient by themselves to prove that the officers knew about the errors. Similarly, the judge in Invision Technologies, Inc. Securities Litigation held that the officers' certifications were insufficient to infer scienter, and the plaintiffs failed to plead any other facts that suggested that the defendants knew that the company's disclosure was misleading.

    In Lattice Semiconductor Corporation Securities Litigation , the judge agreed with the plaintiffs that the certifications could be used as evidence of scienter , but in that case, unlike in Watchguard and Invision , the plaintiffs were able to point to several other compelling facts suggesting that the defendants knew that the company's disclosure was misleading. Therefore, although the certifications played a role in helping the plaintiffs meet their pleading requirements, the outcome in Lattice was not inconsistent with the Watchguard and Invision cases, in which the plaintiffs failed to successfully plead intentional wrongdoing merely on the basis of the CEO and CFO certifications.

    These are sensible outcomes and it would have been alarming if the judges had decided differently by ruling that scienter can be proven merely from an officer's S-Ox certification. In the context of liability under Rule 10b-5, which requires intentional wrongdoing, it is particularly noteworthy that the statements in the S-Ox certifications are qualified rather than absolute. The CEO and CFO are certifying the contents of the company's reports 'to the best of their knowledge' and are designing internal controls to provide 'reasonable assurance' as to the quality of financial reporting. The qualified language means that CEOs and CFOs are not, by virtue of signing the S-Ox certifications, guaranteeing these matters on behalf of the company.

    Post-S-Ox Governance And Delaware's Duty Of Good Faith

    In a highly anticipated decision, the Delaware Supreme Court recently affirmed the lower court's ruling that the board of directors of The Walt Disney Company did not breach its fiduciary duties or act in bad faith under Delaware law in the hiring and subsequent termination of the company's former president, Michael Ovitz, despite the board's failure to adhere to corporate governance best practices.

    The Disney shareholder plaintiffs claimed, among other things, that certain directors breached their fiduciary duties by approving Ovitz's employment agreement, which ultimately provided him with a $140 million severance package after only 14 months of employment. The Court noted that the board's conduct - and especially that of the compensation committee, which reviewed Ovitz's proposed employment agreement and recommended that the board approve it - fell significantly short of best practices or ideal corporate governance. The Court focused on the committee's failure to document in written minutes the work done by committee members outside the committee's official meetings to inform themselves of the agreement's terms and conditions before recommending approval. Nevertheless, the Court ruled that the board's decisions to approve Ovitz's employment agreement, to hire him as president of Disney and then to terminate him on a no-fault basis, thus obligating Disney to pay him $140 million in severance, were protected by the business judgment rule and did not constitute bad faith.

    The Court confirmed that under Delaware corporate law, directors owe a duty of good faith that is distinct from the duties of care and loyalty. However, the Court acknowledged that the duty of good faith is not a well-developed area of corporate fiduciary law. The Court declined to flesh out the meaning of good faith in today's post-S-Ox world of heightened standards of corporate governance, now regulated by state corporate law, the stock exchanges and the SEC. But the Court did clearly state that adhering to voluntary best practices is not necessarily a prerequisite for good faith decision-making. Despite not living up to best practices, the Disney directors' actions were found not to constitute subjective bad faith nor rise to the level of intentional dereliction of their duties.

    The Disney decision should not be taken to mean that post-S-Ox notions of best practices in corporate governance are irrelevant. There is still a very important lesson to be learned from Disney for compensation committees - and by implication for any board of directors or committee - that process matters. Although the Court ultimately vindicated the Disney directors, it took nearly 10 years of litigation and required a lengthy trial. Trials not only increase legal costs but are risky and unpredictable, given that courts must make evidentiary and credibility determinations.

    The Disney Court suggested that litigation could have been avoided if the compensation committee had followed better procedures. The Court went on to describe a best practices scenario for considering Ovitz's proposed agreement. Before their first meeting, the committee members would have received a spreadsheet prepared by (or with the assistance of) an executive compensation expert that set forth the amounts that Ovitz could receive in each foreseeable circumstance. The contents of the spreadsheet would be explained to the committee members, either by the expert who prepared it or by a knowledgeable committee member. That spreadsheet, which ultimately would become an exhibit to the minutes of the meeting, would form the basis of the committee's deliberations. Following these procedures would have left no room for litigation over what information was furnished to the committee members, when it was furnished or how the committee deliberated.

    Although the Disney decision sets a high threshold for establishing a breach of the duty of good faith, it is far better and more cost-effective - an ounce of prevention, so to speak - for boards of directors to establish and adhere to best practices in corporate governance in order to minimize the risk of the company facing costly and unpredictable litigation.

    The Legacy Of S-Ox In The Courts

    Because plaintiffs in fraud cases under Rule 10b-5 bear the heavy burden of proving scienter , which is akin to a criminal standard of liability, the jurisprudence is more likely to be immune to changes in best practices in governance. By contrast, the jurisprudence in corporate fiduciary duty cases like Disney is less likely to remain stable, and courts are more likely to judge the reasonableness of a board's actions in light of post-S-Ox best practices in governance. This could well mean higher benchmarks in the future for boards to earn the deference afforded by the business judgment rule or for related party transactions to pass muster. As more cases proceed through the court system, the true legacy of S-Ox in fraud and fiduciary duty cases will become clearer. The cases surveyed in this article suggest that the new rules and standards under S-Ox will continue to make corporate and securities litigation even messier and more complex than it was before, although the legislation has not - at least so far - emasculated the ability of public company officers and directors to defend themselves. The best course of action for potential defendants is to minimize the risk of litigation in the first place by establishing and enforcing high-quality internal procedures to support important corporate decisions and to diligently maintain written records to show that those procedures were carried out.

    Andrew Beck practices corporate and securities law, with a focus on public and private financings, corporate governance, and mergers and acquisitions. Joshua Goldstein'spractice focuses on securities offerings and complex corporate transactions. His practice includes handling offerings of debt, equity and hybrid securities, leveraged recapitalizations, spin offs, acquisitions and divestitures.

    x7Please email the authors at abeck@torys.com or jgoldstein@torys.com with questions about this article.