Published in Corporate Governance Review, August/September 2004.

Directors have significant responsibilities, but so do those in many other jobs and roles. There is a big difference between the need to be vigilant and to take your role seriously, and the need to be worried about that role.

Most of the time, directors can be exclusively in a vigilant-responsible mode. They should have little need to lie awake at night if they have justified confidence in management; they receive and scrutinize suitable information; the board and its committees are suitably staffed, engaged and focused; and board and committee meetings are effective.

But so many companies have failed in spectacular fashion in the recent past, and directors have been criticized (and sanctioned, in some cases) for their alleged failures to prevent the crashes. When is this criticism fair? When should directors get worried?

Directors are not criminal investigators, whose job is to probe beneath apparently supportable assurances to uncover purposeful frauds (although sometimes, directors’ efforts and concerns can lead them to involve other experts in investigations of this sort). But directors must develop and operate suitable risk-management strategies to ensure that nothing short of planned criminal behaviour would cause unexpected serious damage. The strategies can be structured and intentional or can simply require capable directors to be alert to warning signs.

Having a formal risk-management strategy requires the board to continuously manage the risks of the business. These measures would include developing and measuring progress against a plan and annual budget, understanding the business (including the industry and the company’s place therein) and being aware of changes (in the macro-environment, market, competitors, regulation) that could affect the company. The board must also monitor risks relating to the management, including ensuring that the right people (in terms of competence, integrity and teamwork) are running the business, that succession plans are sound and that formal risk-management procedures (suitable check processes, a chief risk officer function, suitable internal control processes—now formalized through Sarbanes-Oxley 404 audits) are in place. The board must be comfortable that it is receiving the right information, in a timely manner; that it is spending adequate meeting time on risk management; that management is candid with the board; and, in general, that it has confidence in management. And finally, the board must be confident that adequate arrangements are in place (suitable advice has been sought, board processes are proper, effective directors’ and officers’ insurance is in place) to protect the board if things go wrong.

But beyond all of this, there is no substitute for directors who are alert to warning signs that something is wrong. The following list, while not exhaustive, is illustrative of signals that increased vigilance may now be in order:

  • Corporate governance processes are not being followed.
    • Management does not deliver information in a timely manner.
    • There are surprises in financial or other business results (key customer losses, changes in deals). Particular note should be taken if surprises occur regularly.
    • There is an unusually high turnover of employees.
    • When the board requests certain information, management is evasive, provides only selective information or unduly delays providing information.
    • Management is unavailable to the board (either it will not respond to board enquiries or management, other than the CEO, is discouraged from contact with the directors).
    • The board becomes aware that internal control processes of any sort (from financial compilation to contract signing procedures) are inadequate (the intended purpose of Sarbanes-Oxley 404 audits).
    • Board members have a sense of discomfort with the corporate culture or the candour of any employee (on the theory that what is observed anywhere often reflects the leadership culture at the top).
    • The board receives express warnings of trouble. These are far more frequent than one might presume. They come in the form of warnings from advisers (for instance, in auditors’ annual reports on issues with management or on financial controls), from members of management (particular board members tend to bond with particular executives, who often share concerns with their "director friend") or from other directors (directors sometimes consult one another to assess whether a discomfort is warranted).

    If even one of these signs appears, it is time for the directors to get out of business-as-usual mode. In my experience, if there is any sign of trouble, the trouble is far worse than the sign, and the directors should not lose any time in beginning to investigate the problem(s).

    Directors’ and Officers’ Insurance

    When things go wrong, little can ameliorate the potential for embarrassment and the requirement to spend considerable time in discharging unpleasant responsibilities (in courts, with regulators, in the media). Sound legal and public relations advice may soften the blows, but some of them must be absorbed.

    On the other hand, suitable insurance coverage may (virtually) completely address the financial risk, that could otherwise be devastating to an individual director (who is subject to unlimited liability—liability to the full extent of his or her assets). A typical D&O insurance policy will cover the directors (and executives) for liability for which they would otherwise have to respond personally in cases in which the directors (or executives) have failed to act as they should. Coverage does not extend to willful criminal behaviour, but will typically cover most examples of negligence.

    The D&O insurance market is an inefficient one. While there is a reasonably stable group of brokers who sell the insurance, there is a large group of potential insurers who choose to increase or reduce their exposure to this coverage on a fairly regular and often sudden basis. The result is widely varying rates for comparable coverage, the non-availability of reasonably priced coverage to some companies, widely varying coverages and exclusions, differential co-insurance and top limit amounts for comparable premiums, and a variety of other discrepancies. D&O insurance details tend to be poorly understood by directors, who (if they focus on this at all) focus on the deductible (when the insurance coverage starts) and the limits (what is the maximum coverage). D&O insurance is the ultimate backstop for directors. It is important to obtain competent and adequate advice on the nature and cost of coverage. Given the inefficiencies and certain conflicts that can arise in this market, it would be wise to solicit proposals from more than one broker when obtaining or renewing D&O coverage. Ultimately, having a reliable and capable broker with expertise in the area is essential. It is now becoming common for directors to have their D&O insurer make a presentation directly to the board. It is most unwise for directors to simply accept an executive’s assurance that "suitable D&O is in place. "

    Formerly a law professor at the Faculty of Law, University of Toronto, Barry Reiter has published books and articles on corporate governance, advisory boards, joint ventures, contracts, real estate, the legal process and debtor-creditor relations. His practice focuses on corporate development and finance of new-economy companies. Barry is Chair of Torys’ Technology Group, which handles all aspects of technology law.

    Torys LLP is an international business law firm with more than 330 lawyers in its Toronto and New York offices. The firm is known for its successful representation of clients in significant corporate transactions and cases.

    The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.