Federal Reserve Gov. Daniel Tarullo touched a sensitive nerve in a recent speech when he stated that special corporate governance measures are needed in banking and he discussed the possibility of "broadening" the fiduciary duties of bank directors with respect to risk oversight. He noted the scholarly debate as to whether the unique societal and systemic risks embedded in banking call into question whether general corporate law and board governance principles sufficiently deter excessive risk taking.
For banks, this incipient regulatory call to consider broadening the fiduciary duties (and, of course, the liabilities) of bank directors should not be viewed as an idle intellectual exercise. On the contrary, in the current political environment, we could be but the next sensational risk management failure away from a legislative push to modify directors' oversight responsibilities, which would add significant additional expense, open the litigation flood gates, and discourage capable persons from serving as bank directors.
Gov. Tarullo cited to a "provocative recent paper" by two law school professors that proposed board oversight responsibility for the level of risk-taking by an institution, and the application of a simple negligence standard to this board responsibility. Shareholder loss and/or systemic harm in the traditional sense — decline in stock price or bankruptcy, for example — would not be required for a stockholder to sue the board. Rather, the triggering event would be a "significant loss" at the firm resulting from an alleged breach of a board's risk oversight responsibilities. (The example given is the $6 billion "London Whale" trading loss incurred by JPMorgan Chase.) Judges would determine if the board-approved risk management processes, including its assessment of the appropriate level of risk and potential risk outcomes, were reasonable. This broadened fiduciary duty would apply only to those firms "capable of imposing systemic loss."
Under current corporate law, directors have the fiduciary duties of due care and loyalty that are owed to the company and its stockholders. Due care requires boards to obtain adequate information about, and give appropriate consideration to, a decision. The standard applied for determining whether there is a breach of the duty of care is gross negligence. The duty of loyalty requires independent and disinterested directors to act in good faith and in a manner believed to be the best interests of the company and its stockholders. Directors are potentially personally liable for breaches of the duty of loyalty, but generally not for breaches of the duty of care. A judicial review of a due care challenge will focus on the board's process and record of decision making, and under the business judgment rule, if the record evidences a reasonable process, the board's decision will be upheld if it can be attributed to any rational purpose. The business judgment rule exists to enable independent boards acting in good faith to pursue risky strategies without fear of judicial second guessing.
A board's general oversight duties, often referred to as its Caremark obligations (named after a Delaware Chancery Court decision), are a subsidiary element of the duty of loyalty, and require a board to have information and reporting systems in place that are reasonably designed to enable boards to make good faith, informed judgments as to the company's compliance with applicable law and regulation. A Caremark claim alleging the failure of board oversight has been characterized by the Delaware courts as "possibly the most difficult theory of corporate law upon which a plaintiff might hope to win a judgment." A stockholder claiming a Caremark oversight violation must demonstrate that either the board "utterly failed" to implement reporting and information systems, or having implemented these systems, failed to inform itself or act upon information flowing back to it, constituting a failure to act in the face of a known duty to act, and thus bad faith. Consequently, a plaintiff needs to show there were "red flags" waived at the board and the board consciously disregarded its responsibilities to act upon the red flags.
Broadening a board's fiduciary responsibilities with respect to risk oversight would expose a board to liability for good faith judgments as to risk management, and would require boards to function in a management capacity. This would be expensive and inefficient, and would undoubtedly discourage capable persons from serving on bank boards. It will also ultimately be ineffective — risk and adverse risk outcomes cannot be eliminated, just as the business cycle has not and cannot be eliminated. Altering the fiduciary duty of oversight to require board "ownership" of risk management, would merely provide a prima facie basis for the filing of a lawsuit against many boards. As we know from the current corporate litigation environment, shareholder lawsuits that are not dismissed are settled (the risk that a judge or jury will rule against them and impose personal liability, is one that a board absolutely will not assume), and the primary beneficiaries of legal settlements seem to be the attorneys.
Since the Great Recession, governance has evolved through regulatory mandates and best practices, and boards are more extensively engaged in risk oversight than ever before. Boards are also already significantly exposed to litigation and potential liability to both regulators and shareholders. Through the examination process, regulators could place further burdens on a board by more actively "flagging" perceived risk management inadequacies — experienced and trained examiners arguably are in a better position than boards to analyze the effectiveness of risk management programs — which would obligate boards to be more engaged or face potential liability under existing Caremark standards. In this regard, risk management MRAs (matters requiring attention) could be made publicly available, for example on a delayed basis, or these MRAs could be made available to parties in litigation.
Any expansion of the board's underlying fiduciary duties with respect to risk management would be a dangerous development for directors of all banks.
John Gorman is a partner at the Washington law firm of Luse Gorman Pomerenk & Schick, a faculty member of the National Association of Corporate Directors, and served as a commissioner on the NACD Blue Ribbon Commission on Board Leadership.