Navigating The Still Murky Post-Sarbanes-Oxley World: A Roadmap For Corporate Counsel

Saturday, January 1, 2005 - 01:00

Editor: Post-Sarbanes-Oxley, the role of independent directors has been enhanced. What implications does this have for general counsel?

Mirsky: Sarbanes-Oxley did not invent the role of independent director, but what it did change was to make a variety of corporate functions mandatory and it also significantly increased their legal complexity. As a consequence, general counsel clearly face conflicting demands. On the one hand, general counsel are increasingly valued as business executives, and in many companies their position has evolved into a strategic business role. On the other hand, as legal advisers, general counsel are expected to be independent of the decision-making process.

The question then becomes, is there a need on some continuing basis for independent counsel for the independent directors and/or for the independent committees? In the post-Sarbanes-Oxley environment, will audit committees or other committees composed entirely of independent directors prefer to be counseled by the company's in-house general counsel, the company's main outside law firm, or independent lawyers that are neither of those two? This is the ongoing debate.

Editor: In the post-Sarbanes-Oxley environment, to whom does the general counsel report, the CEO or independent directors?

Mirsky: The general counsel is responsible to the entity, not to any specific director or officer. As a lawyer, the general counsel reports both to the board and to the CEO. I don't think it is an either/or situation. The question becomes how to maintain good working relationships with all involved. It's a continuing balancing act. Today, the general counsel needs to have as close a working relationship with board members as he or she has had in the past with the CEO so that he or she will feel comfortable raising issues directly with individual board members as required.

Some commentators have gone even further and have recommended that the general counsel meet regularly, and in executive session, with a committee of independent directors to communicate his or her concerns on legal compliance matters. As a result, what I am seeing increasingly is that general counsel are talking to board members much more than they ever did before, keeping them up-to-date on counsel's ongoing corporate compliance activities.

Editor: In the current environment, how is the general counsel's relationship with board members changing?

Mirsky: More and more, boards are depending on general counsel to candidly assess the risks of various courses of action and to act as the gatekeeper to the right information the board needs to discharge its responsibilities. Boards also expect general counsel to serve as the guardians of the board's relationship with independent outside advisors, when appropriate. and as proponents of good corporate governance when fraud is suspected in crisis situations.

Editor: Has Sarbanes-Oxley affected the relationship of the general counsel with the CEO as well?

Mirsky: In the current environment, CEOs listen more closely to general counsel because they know there are a host of new regulations and traps for the unwary. CEOs have also become more sensitive to the responsibility of general counsel to go "up the ladder" to the board on significant concerns, even without the CEO's consent. This whistleblower role can have a chilling effect on the general counsel's relationship with the CEO if not handled properly. It challenges general counsel to clarify with the CEO what is expected on both sides and to manage compliance and ethics matters in a way that won't threaten working relationships.

Editor: What in your judgment is the most important immediate challenge facing corporations?

Mirsky: The most important challenge facing corporations today is the requirement under Sarbanes-Oxley Section 404 for management and the company's auditors to report on the existence and effectiveness of internal controls over financial reporting. Predictions vary widely about the number of registrants who will report material weaknesses in internal controls. Some estimates run as high as 20 percent. For those companies who do disclose material weaknesses, it will be important that they do so in a manner that enables investors and other market participants to carefully evaluate the circumstances underlying the material weakness, because not all material weaknesses will be viewed as equally significant. Corporate counsel should be prepared to assist their companies with this critical disclosure that will have a significant impact on an investor's decision-making process.

Editor: Could you give us some examples of areas requiring the particular attention of corporate counsel?

Mirsky: Disclosure of environmental information has come under increased scrutiny since the General Accounting Office (GAO) issued its report in July, 2004 describing the ways in which the SEC can improve the tracking and transparency of corporate environmental disclosure. The GAO Report emphasized the need for the SEC to work more closely with the Environmental Protection Agency (EPA) to evaluate the adequacy of environmental disclosure. In this climate, companies and their counsel should review their internal processes for disclosure of environmental information carefully. Such policies and procedures should enable information on environmental issues to percolate up through all levels of the company to ensure effective disclosure.

Another example is the new collaboration between the Food and Drug Administration (FDA) and the SEC concerning a public company's pre-FDA approval promotion statements. Both agencies are working together to increase their protection of investors against false and misleading statements on FDA-related issues, particularly the status of new drugs. In this environment, corporate counsel need to increase their scrutiny of pre-FDA approval statements on clinical trials appearing in public filings and press releases.

Editor: How should global corporations handle compliance?

Mirsky: Multinational corporations should establish a global corporate culture of legal and ethical compliance. No matter where they are based, they should implement ongoing compliance education programs for all of their employees worldwide. Such corporations should also consider the appointment of employees with knowledge of local customs and laws, in each country of operation, to serve as the local compliance officer reporting directly to the home office's senior compliance officer.

It's important to remember that no one-size compliance program fits all. Each company needs to analyze the most significant legal risks for each of its business activities. The components of any compliance program will depend on the company's size, the countries in which it operates, the level of regulation in a company's industry, and each company's past compliance history.

Editor: Is it desirable to have a lawyer on the in-house legal staff who can identify possible compliance or disclosure issues relating to financial matters?

Mirsky: It could be helpful to include someone with experience in SEC accounting issues on the in-house staff, because SEC accounting issues can require specialized knowledge. But adding special counsel to each business unit adds significant costs that may not always be warranted, although such individual business unit counsel may be in a better position to get the required financial information up to the central information source. Sometimes, however, those embedded in local units work so closely with their colleagues that they can lose sight of their primary loyalty to the overall business entity. It can be a double-edged sword.

Editor: How do you distinguish between the chief compliance officer's function and the general counsel's function?

Mirsky: The general counsel has the overall responsibility both for identifying risks and for making sure that there are appropriate compliance programs in place in light of such risks. However, many corporations are finding they need to hire someone, such as a chief compliance officer, in addition to the general counsel to implement their ongoing compliance programs once such programs have been put in place. A compliance officer might not be directly involved in compliance training, but he or she would hire the right people to do this and to monitor their effectiveness.

Editor: Is failure by a company to provide adequate lawyer coverage or effective compliance tools the kind of issue that a general counsel should bring to the board?

Mirsky: Clearly, the effectiveness of a compliance program and the ethical culture of an organization should be a matter of concern to a company's board of directors. In the widely-cited Caremark decision, the Delaware Chancery Court has suggested that directors who fail to assure that their companies have effective compliance programs may have violated their fiduciary duties. Commentators have even gone so far as to suggest that it might be a breach of a director's duty of good faith to fail to comply with Sarbanes-Oxley, SEC, SRO and other requirements, such as corporate "best" practices.

The Federal Sentencing Guidelines for Organizations have long rewarded firms that implement an "effective program to prevent and detect violations of law," making the adoption and implementation of an effective compliance system a prerequisite to reducing a firm's chances of being prosecuted if wrongdoing by employees is uncovered. Moreover, recent amendments to the Guidelines have highlighted the increased emphasis on the involvement of the board of directors in the development, monitoring and maintenance of effective compliance and ethics programs.

In today's environment, if a general counsel believes that his company does not have an effective compliance system in place, he or she must advise the board of this situation and provide directors with recommendations for improvement.

Editor: How should compliance programs be shaped?

Mirsky: Companies have often asked me. as their outside counsel, what areas need to be covered. There are always certain baseline areas that every public company has to cover such as insider trading, employment policies, accounting procedures and so on. But then, depending upon what a company does and its past compliance problems, counsel will need to determine what additional policies should be considered. Corporate compliance programs often are designed around industry-specific business laws. If a company is purely a domestic operation, the Foreign Corrupt Practices Act or export-import regulations are less important. With other firms, it's environmental laws, data protection and transfer or antitrust concerns. Each company will need to make a threshold decision on what areas will be covered, what policies should be put into place and what training on those policies is needed.

Editor: When there is a compliance failure, what should be done to contain the damage?

Mirsky: It is very important to deal promptly with any kind of corporate compliance failure. Corporate directors always have had a duty to investigate fraud or wrong-doing. But Sarbanes-Oxley raised the bar by further clarifying the responsibilities of corporate directors, officers and counsel. For example, the audit committee now has direct responsibility to investigate any allegations of fraud or misconduct. A properly performed investigation enables the company to determine the extent of potential liability and to mitigate its consequences. Once the company has determined that there is a need for an investigation, it has to be conducted in a timely and thorough manner, whether done internally or with the assistance of outside counsel. Timely investigations are viewed favorably by prosecutors and regulators, and they tend to produce more accurate results because memories have not faded and documents are more likely to remain available. If unlawful conduct has occurred, the company must consider remedial measures such as disciplining or terminating culpable employees, modifying or developing internal controls to prevent recurrence of the misconduct and the identification of loss to investors or others. And from the outset, even before the regulators come to call, the board and management must assess the necessity of publicly disclosing uncharged unlawful conduct and the need or benefits of cooperating with regulators.