In some instances, compliance is important because of both internal and external requirements. Let's take a board of directors. There are many different types of companies and many different types of boards and other governing bodies. Boards are generally required for public companies, but they can also exist in many private companies as well. Boards are designed to govern an organization and provide high level oversight of both the strategic objectives of the organization, as well as the policies necessary and required in some cases, to be in place. Among other things, the boards of directors also ensure that there's adequate financial oversight and accountability. Public company directors are elected by the shareholders of a company, whereas private companies usually the directors are appointed. All directors however are accountable to the company, and with regard to a public company, the directors are legally obligated as fiduciaries of the shareholders. The history of fiduciary duty in the standard of care that directors must engage in is long and complex. It can differ depending on the type of entity that's involved, as well as the country where the company is incorporated or operating. But to some degree, the duty itself is not very complex. Basically, it's the highest standard of care. It means that directors must always act in the shareholders' best interests. It means that directors must always put the interest of the shareholders and the company to the extent there is no conflict above their own personal interests. It involves a duty of care, a duty of loyalty, and a duty of good faith. Failure to fulfill these duties can make a director liable to shareholder lawsuits and more. So, if you're a director of a company, I'm certain you would want to ensure that there is an exemplary compliance program in place. In fact, there's a seminal court case that discussed the concept that directors can actually face personal liability, if the company fails to have a corporate compliance program at all. In the 1996 Court of Chancery of Delaware decision, and a Caremark International Derivative Litigation, the court wrote that a board's obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, actually exists, and that a failure to do so in some circumstances can, at least in theory, render director liable for losses caused by non-compliance with applicable legal standards. Legal commentators and other subsequent court decisions have embraced the notion that the fiduciary duty of the board of directors involves the establishment and maintenance of a compliance program that is designed to identify wrongdoing and elevated to the board as well as to management. In a move that significantly strengthened corporate governance, the Sarbanes-Oxley Act of 2002, which was actually called in act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the security law and for other purposes, greatly expanded the responsibilities of the boards of public companies. The act which was overwhelmingly passed by both Houses in the United States Congress, was designed to protect investors from fraudulent accounting practices by corporations. It was a direct response to the corporate accounting frauds at Enron, Tyco, WorldCom, and many others. There are in fact 11 sections of the Sarbanes-Oxley Act. Everything from the creation of the Public Company Accounting Oversight Board and auditor independence, to analyst conflicts and white-collar crime penalty enhancements. But let's focus on the corporate responsibility section. Under Sarbanes-Oxley, the boards of the United States companies or companies that are listed on the United States stock exchanges, must among other things, establish audit committees made up solely of board members independent from management. Because of this law, audit committees, not management, are now directly responsible for the appointment, compensation, and oversight of the work of the external auditors. Those external auditors are the ones that are charged with evaluating whether the financial statements prepared by management are fair in presenting and in accordance with relevant financial reporting frameworks. Sarbanes-Oxley also make certain corporate officers like the CFO and the CEO, responsible for certain financial and tax reports. It actually requires them to certify and sign the reports. There are specific forfeiture penalties, and penalties for non-compliance, and of course there's prison if you commit fraud. So, again, after the passage of Sarbanes-Oxley, I suspect that every director and affected corporate officer recognizes the importance of compliance. They are actually 100 percent incentivized to make sure that there is a good compliance program in place, if for no other reason than to make sure they're fulfilling their own fiduciary duties, and perhaps to keep them out of jail.
