Over this short blog post series I have been exploring the original Caremark and Stone v. Ritter decisions from the Delaware Supreme Court. The former decision was released in 1996 and the latter, some ten years later in 2006. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the original Caremark decision. In Part 1, we reviewed the underlying facts of the Caremark decision and in Part II, we considered the court holdings and rationales in Caremark and Stone v. Ritter. Today, I want to review what those decisions mean for today’s Board of Directors, Chief Compliance Officer (CCO) and compliance professional.
Bribery, Fraud and Corruption
One of the things that struck me about both decisions was how timely the underlying facts were. In Caremark, a 1996 decision with the corruption going back into the 1980s, the case involved a company which provided patient care and managed care services and a substantial part of the revenues generated by the company was derived through third party payments, insurers, and Medicare and Medicaid reimbursement programs. Medicare and Medicaid payments were governed under the Anti-Referral Payments Law (“ARPL”) which prohibited health care providers (HCPs) from paying any form of remuneration (i.e., kickbacks) to physicians to induce them to refer Medicare or Medicaid patients to Caremark products or services.
To get around this prescription, Caremark entered various contracts for services (e.g., consultation agreements and research grants) with physicians at least some of whom prescribed or recommended services or products that Caremark provided to Medicare recipients and other patients. Moreover, Caremark had a decentralized governance and operational structure which allowed wide latitude to the business units to enter into such agreements without corporate or any centralized compliance or legal oversight. The results were about what you would expect.
In Stone v. Ritter, the AmSouth bank was induced to open a custodial account for two investment advisers who induced some 40 investors into a fraudulent investment, involving the construction of medical clinics overseas, by misrepresenting the nature and the risk of that investment. The bank provided custodial accounts for the investors and to distribute monthly interest payments to each account upon receipt of a check from the investment advisors. The scheme went on for about two years before the sapped investors stopped getting paid and began to contact the bank.
Federal bank examiners examined AmSouth’s compliance with its reporting and other obligations under the Bank Secrecy Act (BSA). AmSouth “entered into a Deferred Prosecution Agreement (“DPA”) in which AmSouth agreed: first, to the filing by USAO of a one-count Information in the United States District Court for the Southern District of Mississippi, charging AmSouth with failing to file SARs; and second, to pay a $40 million fine. In conjunction with the DPA, the USAO issued a “Statement of Facts,” which noted that although in 2000 “at least one” AmSouth employee suspected that Hamric was involved in a possibly illegal scheme, AmSouth failed to file SARs in a timely manner.” From my reading of these facts, it appears that there was ample evidence an illegal scheme was ongoing, and a Suspicious Activity Report (SAR) should have been filed. As with the underlying facts of Caremark, the underlying facts of Stone v. Ritter are still the basis for enforcement actions today.
Caremark – The Evolution of Board Duties
To create the modern Caremark Doctrine the Delaware Supreme Court had to overcome prior existing Delaware law regarding the board’s obligations. That decision from 1963, is known as Allis-Chalmers, addressed the question of potential liability of board members for losses experienced by the corporation as a result of the corporation having violated US antitrust laws. There was no claim in that case that the directors knew about the behavior of subordinate employees of the corporation that had resulted in the liability.
Rather, the claim asserted was that the directors ought to have known of it and if they had known they would have been under a duty to bring the corporation into compliance with the law and save the corporation from the loss. In Allis-Chalmers the Court found “absent cause for suspicion there is no duty upon the directors to install and operate a corporate system of espionage to ferret out wrongdoing which they have no reason to suspect exists.” As there were no grounds for suspicion in by the board, the directors were blamelessly unaware of the conduct leading to the corporate liability.
The Court found that the obligations for a board had evolved significantly from 1963, most notably in three areas. First, in the area of corporate takeovers, the court viewed “the seriousness with which the corporation law views the role of the corporate board.” The second area was the recognition as an “essential predicate for satisfaction of the board’s supervisory and monitoring role under Section 141 of the Delaware General Corporation Law.” The third and final change was the 1992 US Sentencing Guides and the “potential impact of the federal organizational sentencing guidelines on any business organization. Any rational person attempting in good faith to meet an organizational governance responsibility would be bound to take into account this development and the enhanced penalties and the opportunities for reduced sanctions that it offers.”
To effectuate this change, the court stated “I am of the view that a director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.” Moreover, “it is important that the board exercise a good faith judgment that the corporation’s information and reporting system is in concept and design adequate to assure the board that appropriate information will come to its attention in a timely manner as a matter of ordinary operations, so that it may satisfy its responsibility.”
It is this final language which forms the basis of the modern Caremark Doctrine. There has been expansion of the Doctrine from this basic language over the past 25 years. Hopefully every board is aware of their obligations and are actually meeting them. However, every CCO and compliance professional needs to make the board aware of its Caremark obligations and then educate them on how to fulfill those obligations.