Companies can protect managing directors from personal liability through robust compliance frameworks. General Counsel can support managing directors by assessing the reliability and gravity of incoming information, and subsequently the effectiveness of measures taken, and ensure timely follow-up.
Corporations should protect their directors
Companies have sound reasons to protect managing directors from personal liability. First, such matters distract board members from more important matters: growing the business. Litigation and investigations targeting managing directors create significant reputational damage for the company – regardless of the outcome. Moreover, a company that fails to support its management board through robust compliance frameworks, clear escalation procedures, and adequate legal resources is itself contributing to the conditions that create liability risks for the company. Protecting managing directors through those mechanisms is therefore sound corporate governance.
The Criminal Standard: Active and Passive Conduct
When a company commits irregularities, its directors can face personal liability – criminal and civil alike. Recent case-law on criminal liability standards provide an interesting perspective on how to prevent this risk. Under criminal law, a director can be liable if the director had knowledge of the offenses but failed to take reasonable measures to stop or prevent them. Liability does not require that a director actively directs the offense. It can also arise from conduct of others that is the inevitable consequence of a general policy pursued by the director, or where the director made a sufficiently significant contribution to a pattern of conduct leading to the prohibited behavior.
The real risk lies in the potential for liability in case of passive behavior: where a director had the authority and was reasonably required to take measures to prevent or stop prohibited conduct, but failed to do so. Avoiding liability under this standard requires careful consideration on the reliability and gravity of indications of irregularities known to the management board, and sound judgement what action is required. Indeed, a robust compliance framework and clear escalation procedures.
Concrete Standards Emerging from Recent Decisions
An instructive example is the matter of ING’s former CEO. In that matter, it was established that the board’s awareness of AML policy deficiencies, combined with internal escalation and a review concluding systems were “sufficient,” were enough to escape criminal liability – even though that sufficiency assessment on the AML-framework ultimately proved incorrect. These actions (internal escalation and conducting reviews) constitute the so-called ‘reactive duty of care’: cooperating with measures established in consultation with compliance, legal, and the supervisory board. A managing director may rely on his fellow board members to implement measures properly – absent any indication to the contrary.
I would add that a relevant factor is also the effectiveness and thoroughness of the measures implemented. It’s not sufficient to just take any actions. Adequate resources should be allocated, and the actions should be suited to address the issues. An open question is whether a managing director should also be held to a ‘proactive duty of care’: actively monitoring whether measures were actually effective, and then to take subsequent actions if and when necessary.
Safety net: support active duty of care
Under these standards, there is a clear role for a general counsel to keep managing directors out of harms way. First, General Counsel should ensure that adequate mechanisms exist to report and act on any indications of irregularities. Second, in case of such irregularities, general counsel should ensure that the measures taken are proportionate and effective. Third – there should be procedures to monitor the profess of the implementation and effectiveness of the measures. These steps go a long way protecting managing directors – and thereby the company.
