Directors’ Duties: The US Perspective

43.1 Introduction

As stewards of the corporation and fiduciaries of its shareholders, directors are primarily responsible for overseeing the company’s business and affairs. In exercising these responsibilities, directors must discharge their fiduciary duties of care and loyalty and their obligation to act in good faith. Directors, however, confront mounting litigation and regulatory risk in navigating their fiduciary duties and the demands of shareholders in the face of corporate compliance crises and independent investigations. In addition, regulators in the United States and around the world have become increasingly focused on the role of the board and its directors with respect to corporate governance, financial reporting and promoting a culture of compliance. In this chapter, we discuss the fiduciary duties owed by directors in the context of independent investigations, potential director liability for violations of those duties, and strategic considerations for directors to satisfy their fiduciary duties when faced with compliance crises.²

43.2 Directors’ fiduciary duties

In the United States, the fiduciary duties and responsibilities of members of boards of directors arise primarily out of state corporate law, both from state statutes and evolving case law.³ Fundamentally, directors owe fiduciary duties of care and loyalty to the corporation and are expected to carry out their obligations in good faith.⁴ These duties are an essential part of a director’s oversight and stewardship responsibilities to the corporation.

43.2.1 Duty of care

The duty of care requires directors to exercise the proper amount of care as they make business decisions on behalf of their corporation. Directors must act with that amount of care which ordinarily careful and prudent people would use in similar circumstances, and consider all material information reasonably available in making business decisions.⁵ Therefore, to fulfil their duty of care, directors must, among other things: be knowledgeable about the corporation, its business, its industry and relevant risks, including by regularly reviewing financial statements and inquiring into corporate affairs; remain informed about decisions faced by the board; and engage in meaningful deliberation of issues that arise.⁶ If a director ‘feels that he has not had sufficient business experience to qualify him to perform the duties of a director, he should either acquire the knowledge by inquiry, or refuse to act [as a director]’.⁷

Director liability for breaching the duty of care typically arises in two contexts: (1) grossly negligent board decisions that result in a loss for the corporation; and (2) liability for a loss that arose from an ‘unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss’.⁸ In Smith v. Van Gorkom, the Delaware Supreme Court found that the directors of Trans Union Corporation had breached their duty of care by acting with gross negligence in failing to make an informed decision regarding the sale of the company.⁹ The Delaware Supreme Court cited the board’s approval of the sale without having reviewed a term sheet or any other documentation to support the adequacy of the sale price, and that the board relied, without any basis, on the uninformed statements of a director regarding the proposed agreement.¹⁰

Directors are only liable for breach of the duty of care if their conduct is grossly negligent, meaning that they demonstrated a ‘reckless indifference to or a deliberate disregard of the whole body of stockholders or actions which are without the bounds of reason’.¹¹ Courts have found that ‘directors’ actions need not achieve perfection to avoid liability’, and that directors do not breach a legal duty simply because they ‘failed to act as a model director might have acted’.¹² In general, monetary damages are unavailable to plaintiffs alleging breach of the duty of care, even if they can demonstrate gross negligence, since many states, in response to Van Gorkom,¹³ enacted statutes permitting corporations to eliminate or limit directors’ personal liability for monetary damages for breaches of their duty of care.¹⁴ Significantly, these state laws do not authorise corporations to eliminate or limit directors’ personal liability for breaches of their duty of loyalty or good faith obligations, and monetary damages remain available to plaintiffs for such breaches.¹⁵

43.2.2 Duty of loyalty

The duty of loyalty ‘mandates that the best interest of the corporation and its shareholders take precedence over any interest possessed by a director, officer or controlling shareholder and not shared by the stockholders generally’.¹⁶ Directors are also prohibited from using their position of trust and confidence to further their private interests.¹⁷

As a ‘subsidiary element’ of the duty of loyalty, directors must carry out their duties in ‘good faith’.¹⁸ The obligation to act in good faith is not an independent fiduciary duty or direct basis for liability, but rather is at the core of the duty of loyalty – ‘a director cannot act loyally towards the corporation unless she acts in the good faith belief that her actions are in the corporation’s best interest’.¹⁹ A director fails to act in good faith where the director ‘intentionally acts with a purpose other than that of advancing the best interests of the corporation, where [the director] acts with the intent to violate applicable positive law, or where [the director] intentionally fails to act in the face of a known duty to act, demonstrating a conscious disregard for [his or her] duties’.²⁰

Courts have interpreted the duty of loyalty as giving rise to the duty to exercise oversight in the day-to-day business operations of the corporation. The Delaware Court of Chancery set forth the standard for directors’ obligation to oversee and monitor the corporation in In re Caremark International Inc. Derivative Litigation, holding that directors have an affirmative duty to establish a reporting system and internal controls, and to monitor and oversee internal compliance activity.²¹ Directors must ensure that the system of internal controls is ‘reasonably designed’ to allow senior management and the board to reach ‘informed judgments concerning both the corporation’s compliance with law and its business performance’.²² Failure to do so, the court held, may ‘render a director liable for losses caused by non-compliance with applicable legal standards’.²³

Thus, while ‘directors’ good faith exercise of oversight responsibility may not invariably prevent employees from violating criminal laws, or from causing the corporation to incur significant financial liability or both’,²⁴ directors are expected to take steps to implement reasonable reporting, information and compliance systems, and to address known instances of corporate misconduct.²⁵

43.2.3 Oversight obligations under US securities laws

In addition to the standards articulated in Caremark and its progeny, the Sarbanes-Oxley Act of 2002 established expectations for public company audit committees (and consequently the independent directors that serve on audit committees) with respect to their oversight of companies’ accounting, internal controls and auditing matters. These include oversight of the company’s independent auditors, review of audit reports and the establishment of procedures to address complaints regarding the company’s accounting and financial reporting.²⁶ Audit committees may also hire independent counsel to assist them in fulfilling their responsibilities, including in independent audit committee investigations and compliance assessments.²⁷

43.3 Liability for breach of fiduciary duties

43.3.1 Caremark claims in private civil actions

Directors who allegedly breach their fiduciary duties may be subject to civil action in their personal capacity by shareholders of the corporation, both directly and in derivative lawsuits on behalf of the corporation. Courts determine liability on a director-by-director basis, as opposed to the conduct of the board as a whole.²⁸ In the majority of US states, the remedy for breach of a fiduciary duty can be ‘Any form of equitable and monetary relief’²⁹ that the court finds ‘appropriate’.³⁰

Caremark established the standard of liability for alleged breaches of directors’ duty of oversight, holding that ‘only a sustained or systemic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists – will establish the lack of good faith that is a necessary condition to liability’.³¹ Caremark, therefore, ‘articulates a standard for liability for failures of oversight that requires a showing that the directors breached their duty of loyalty by failing to attend to their duties in good faith’.³² In order to establish liability, plaintiffs must demonstrate that ‘the directors were conscious of the fact that they were not doing their jobs’.³³

In Stone v. Ritter, the Delaware Supreme Court affirmed the Caremark standard for oversight liability,³⁴ holding that a claim for director oversight liability requires the following conditions predicate: (1) that the directors ‘utterly failed to implement any reporting or information system or controls’; or (2) that the directors, ‘having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention’.³⁵ In either case, plaintiffs must demonstrate that directors knowingly violated their fiduciary obligations to hold them liable for such a claim.³⁶

While Caremark and Stone set a high bar for establishing liability for breach of oversight obligations, board processes and decision-making can nonetheless result in director liability. For example, in the Wells Fargo & Co Shareholder Derivative Litigation, plaintiffs alleged that the defendant directors ‘knew or consciously disregarded’ that Wells Fargo employees were fraudulently creating millions of deposit and credit card accounts for customers as part of ‘cross-selling’ activities.³⁷ In denying Wells Fargo’s motion to dismiss, the court relied on allegations that the board had been informed of multiple ‘red flags’ of improper conduct, including alleged communications between employees and board members regarding the fraudulent activity, several related lawsuits, news reports, investigations by government agencies, employee terminations allegedly aimed at silencing whistle­blowers, and emphasis on the importance of cross-selling practices in the bank’s financial reports.³⁸ The court found that the numerous red flags alleged ‘collectively supported an inference that a majority of the Director Defendants consciously disregarded their fiduciary duties despite knowledge regarding widespread illegal account-creation activities, and that there is a substantial likelihood of director oversight liability’.³⁹

43.3.2 The business judgment rule

Directors’ actions are generally shielded by the ‘business judgment rule’, a standard of judicial review that protects directors from personal civil liability for their decisions to the extent that the decision was independent, informed and made in good faith, with due care and with the honest belief that the action taken was in the company’s best interest.⁴⁰ The business judgment rule presumes that ‘in making a business decision the directors of a corporation acted on an informed basis, . . . and in the honest belief that the action taken was in the best interests of the company [and its shareholders]’.⁴¹

Therefore, the business judgment rule presupposes that directors have satisfied their duty of loyalty to the corporation. In the absence of evidence to the contrary, the board’s ‘decision will be upheld unless it cannot be attributed to any rational business purpose’.⁴² Plaintiffs that fail to rebut this presumption will not be entitled to any remedy unless the transaction constitutes corporate waste.⁴³ To rebut this presumption, plaintiffs must demonstrate that the directors breached either their duty of loyalty or duty of care in connection with the transaction at issue.⁴⁴ In that instance, the burden shifts to the directors to demonstrate that the challenged transaction was ‘entirely fair to the corporation and its shareholders’.⁴⁵

Even if directors have exercised their business judgment, the business judgment rule will not protect directors who have made an ‘unintelligent or unadvised judgment’.⁴⁶ Furthermore, the protections of the business judgment rule will not apply in the event of director inaction, absent a conscious decision not to act.⁴⁷ Accordingly, boards and directors should work with management to develop a process that (1) enables the board to obtain the information it needs to evaluate and decide on a course of action, (2) facilitates careful consideration and debate at the board level consistent with directors’ fiduciary obligations and (3) results in a record that illustrates the board’s execution of its responsibilities.

43.4 Regulatory enforcement actions

In addition to being named in securities class action or derivative suits, directors of public companies can be subjected to regulatory investigations and enforcement actions under US securities laws. Directors increasingly face all three proceedings – securities class actions, derivative litigation and enforcement proceedings – in parallel. Since one type of proceeding often leads to another type alleging the same conduct or inaction, a director’s exposure to liability from a breach of fiduciary duties can multiply.

The Securities Exchange Act of 1934 (the Exchange Act), as amended by the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act), authorises the US Securities and Exchange Commission (SEC) to institute administrative and civil proceedings and to seek monetary and injunctive relief from directors for their violations of the securities laws.⁴⁸ The SEC also can seek a court order permanently or temporarily barring an individual from serving as a public company officer or director for violations of the anti-fraud provisions of the US securities laws.⁴⁹ Additionally, the US Department of Justice (DOJ) can criminally prosecute directors for ‘willful’ or ‘knowing’ violations⁵⁰ of the US securities laws or conspiracy to commit such violations.⁵¹

US regulators may impose clear and direct consequences against companies whose oversight they determine to be lacking. In evaluating corporate compliance programmes, regulators focus on the types of information that the board has examined in its exercise of oversight in the area in which misconduct occurred. US regulators have been vocal in commenting on the roles and responsibilities of directors and have been critical of boards of directors that, in their view, fail to exercise reasonable oversight.⁵² The SEC and DOJ have been particularly outspoken with respect to financial reporting and Foreign Corrupt Practices Act (FCPA) matters. For instance, in a 2017 settlement with Sociedad Química y Minera de Chile (SQM) for internal controls and books-and-records violations under the FCPA, the DOJ explicitly noted that although SQM’s board had been briefed on certain internal controls failures flagged by internal audit, ‘no adequate changes were made to SQM’s internal accounting controls’.⁵³

Section 20(a) of the Exchange Act is particularly relevant to public company directors, as it provides that every person who indirectly or directly controls another person found liable for a securities violation under the Exchange Act is liable for that same conduct.⁵⁴ For ‘control person’ liability to attach, the majority of US circuit courts require only that the director exercised control over the general operations of the business that included the violation and could exercise control over the transaction or activity giving rise to it.⁵⁵ Section 20(a) provides an affirmative defence to a director who ‘acted in good faith’ and ‘did not directly or indirectly induce’ the act constituting the violation.⁵⁶

For example, in 2009, the SEC filed a settled enforcement action against Nature’s Sunshine Products, its chief executive officer (CEO) and board member, and its chief financial officer (CFO), alleging that the CEO/director and CFO, in their capacities as control persons under Section 20(a), violated the books-and-records and internal controls provisions of the FCPA.⁵⁷ Notably, the SEC did not allege that these individuals had direct knowledge of, or participated in, the underlying improper payments or accounting failures, but rather that the executives failed to identify certain red flags that would have alerted them to the improper payments and failed to perform their corporate duties adequately and in good faith.⁵⁸

43.5 SEC Whistleblower Program

Over the past decade, directors have also faced increasing regulatory scrutiny as a result of the SEC Whistleblower Program, which provides monetary incentives for individuals to come forward and report possible violations of the federal securities laws to the SEC.⁵⁹ Since Congress established the Whistleblower Program pursuant to the Dodd-Frank Act, the SEC has imposed over US$2 billion in total monetary sanctions in enforcement matters brought with information from meritorious whistleblowers.⁶⁰

Notably, under SEC Rule 21F-4, compliance personnel, auditors, directors and other employees can submit tips anonymously to the SEC and be eligible for a whistleblower award if (1) they have a reasonable basis to believe that disclosure is necessary to prevent conduct likely to cause ‘substantial injury’ to the financial interest or property of the entity or investors, (2) they have a reasonable basis to believe that the entity is engaging in ‘conduct that will impede an investigation of the misconduct’, or (3) at least 120 days have passed either since they properly disclosed the information internally, or since they obtained the information under circumstances indicating that the entity’s officers already knew of the information. Under this authority, the SEC has issued three whistleblower awards to individuals with compliance or internal audit responsibilities.⁶¹ Directors who fail to exercise their oversight responsibilities with respect to investigations may find themselves the target of SEC whistleblower complaints brought anonymously by compliance or internal audit personnel from within their corporations.

43.6 Duty of oversight in investigations

Directors’ duty of oversight, and their obligation to act in good faith, are implicated at multiple stages of a corporate investigation – from the decision whether to initiate an investigation, to how to most appropriately design and implement such an investigation (e.g., choice of counsel); to the decision whether to self-disclose potential wrongdoing to regulators; to decisions authorising negotiation or settlement with regulators. At each stage, directors must ask appropriate questions, obtain sufficient information and engage in meaningful deliberation to satisfy themselves that the decision is in the best interests of the corporation. Increasingly, independent auditors threaten to initiate reporting procedures under Section 10A of the Exchange Act in the absence of an independent investigation into suspected wrongdoing.⁶² In addition, directors must bear in mind that if the corporation is prosecuted for misconduct, prosecutors will consider the board’s execution of its duty of oversight in sentencing the corporation.⁶³

Moreover, directors play a central role in remediating issues identified during an investigation. Directors must oversee the process of enhancing or establishing internal controls for financial reporting, cybersecurity or other material aspects of the company’s compliance infrastructure that are found lacking. This frequently requires directors to adapt to, and occasionally reassess, their view of company processes and the conduct of management based on facts developed during an investigation. At the same time, directors must interact with external auditors in connection with the issuance of an audit opinion and oversee a financial reporting process that contemplates such changes.

Director liability for breach of fiduciary duty frequently arises from the alleged failure of the board to respond to ‘red flags’ of corporate misconduct. When faced with actual knowledge or red flags of wrongdoing, directors must take good-faith steps to conduct reasonable inquiry to understand the cause and scope of the issue, and to implement appropriate remedial measures, as necessary. Directors may be subject to oversight liability because of inaction, wilful ignorance or failure to investigate and address possible misconduct in good faith.

As reflected in Wells Fargo, there are several ways in which a director may be considered to be on notice of possible corporate wrongdoing,⁶⁴ such as internal and external audit reports, whistleblower complaints, consumer complaints, news reports, regulatory investigations and related civil litigation claims. The case law emphasises the need for directors to respond to repeated signs of misconduct, since courts and regulators may interpret the absence of a response as a conscious disregard of the directors’ duty of oversight. As the Delaware Court of Chancery explained:

a Caremark plaintiff can plead that “the directors were conscious of the fact that they were not doing their jobs,” and that they ignored “red flags” indicating misconduct in defiance of their duties. A claim that an audit committee or board had notice of serious misconduct and simply failed to investigate . . . would survive a motion to dismiss, even if the committee or board was well constituted and was otherwise functioning.⁶⁵

Importantly, by virtue of the audit committee’s oversight of accounting, internal controls and auditing matters, directors naturally receive information regarding the corporation’s internal controls and compliance system that implicates their duty of oversight. This level of knowledge could subject directors to increased risk of regulatory scrutiny and private shareholder action if they fail to respond to internal control deficiencies and red flags of potential misconduct that are reported to them.

43.7 Strategic considerations for directors

While there is no effective one-size-fits-all approach to satisfaction of fiduciary duties, directors can take certain steps to meet the ongoing challenges and expectations of regulators and shareholders. Although such measures may not eliminate the risk of director liability, they will demonstrate directors’ adherence to the core principles of their fiduciary duties.

• Risk-based compliance framework: Directors should require management to demonstrate that the company has adopted an effective risk-based compliance programme to identify high-risk compliance issues and prioritise resources accordingly.
• Remaining informed: Directors should implement a formal process that facilitates communications between the board and management regarding the compliance programme and business performance. Directors should remain informed about ongoing and acute risks, as well as about the broader business environment and industries in which the company is operating.
• Independent investigations and compliance crises: Directors should develop a crisis-management strategy and establish an investigative protocol before such measures are needed, including a process for the board to respond if an independent investigation is necessary. This may include proactive delegation of oversight responsibility to the company’s audit committee or a special litigation or investigation committee. This also may include an annual presentation from management, including the legal and compliance functions, as to the company’s readiness if a government inquiry, whistleblower complaint or other occurrence necessitates consideration of an independent investigation.
• Training: Directors should have sufficient training not only to be familiar with principles of corporate governance and the corporation’s business, but also to provide directors a basis from which they can inquire about compliance risks and analyse responses consistent with their oversight responsibilities.
• Overseeing the external auditor relationship: The audit committee owns the relationship with the external auditor. Too often, directors limit their interaction with the external auditor to engagement of the auditor and a quarterly discussion in advance of the issuance of a filing. The better approach is for directors, particularly those on the audit committee, to establish a deeper relationship with external auditors that provides for a foundation of trust and familiarity from which both parties can act when an unexpected problem arises.
• Documenting directors’ oversight work: A documented approach to corporate governance and adherence to fiduciary duties can mitigate directors’ risks in the event of litigation or an enforcement proceeding. Real-time documentation, including through minutes of audit committee or special investigative committee meetings, are critical evidence of directors’ fulfilment of their oversight obligations in the context of a board committee’s evaluation of issues involving investigations and compliance crises.

Effective board processes enable directors to carry out their responsibilities in accordance with applicable fiduciary duties and the expectations of regulators and the market. Adherence to sound principles of corporate governance protects directors and benefits the company in several forms, including through heightened investor confidence and corporate reputation; increased efficiency and avoidance of costly investigation due to early issue spotting and risk mitigation; and higher levels of customer and employee retention.

Footnotes

¹ Daniel L Stein, Jason Linder and Glenn K Vanzura are partners, and Bradley A Cohen is an associate, at Mayer Brown. The authors would like to acknowledge the work of Timothy P O’Toole, William P Barry and Margot Laporte of Miller & Chevalier Chartered for the fourth edition of this volume and on which this present chapter is based.

² Directors also face potential liability for breaches of fiduciary duties in other contexts beyond independent investigations, such as those arising in the mergers and acquisitions context, though a discussion of such duties falls beyond the scope of this chapter.

³ While civil liability for breaches of fiduciary duties arises under state law, public company directors separately may face federal criminal and civil liability for violations of the federal securities laws. For example, among other violations, public company directors may be held liable for financial reporting and disclosure violations, and insider trading and other fraud violations, under the Securities Act of 1933 [Securities Act] and the Securities Exchange Act of 1934 [Exchange Act]. The Sarbanes-Oxley Act of 2002 [Sarbanes-Oxley] and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 also enhanced director liability under federal law for self-dealing and compensation-related violations, among others.

⁴ In re Walt Disney Co. Derivative Litig., 907 A.2d 693, 745 (Del. Ch. 2005), aff’d, 906 A.2d 2 (Del. 2006) (Disney).

⁵ Id. at 749 (internal quotation marks omitted).

⁶ See Francis v. United Jersey Bank, 432 A.2d 814, 822 (N.J. 1981) (duty to conduct regular review of financial statements); Barnes v. Andrews, 298 F. 614, 615 (S.D.N.Y. 1924) (duty to enquire into the corporate business).

⁷ Francis, 432 A.2d at 822 (internal quotation marks omitted).

⁸ Disney, 907 A.2d at 749 (quoting In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 967 (Del. Ch. 1996) [Caremark] (alterations omitted)).

⁹ Smith v. Van Gorkom, 488 A.2d 858, 881 (Del. 1985).

¹⁰ Id. at 874.

¹¹ Disney, 907 A.2d at 750 (internal quotations marks omitted).

¹² Cooke v. Oolie, Civ. Action No. 11134, 2000 Del. Ch. LEXIS 89, at *58–59 (Del. Ch. 24 May 2000).

¹³ Disney, 907 A.2d at 751.

¹⁴ See, e.g., Del. Code Ann. tit. 8, § 102(b)(7). In states that have enacted statutes in response to Van Gorkom, plaintiffs may still seek equitable remedies such as injunctive relief; in those states, however, directors may be protected from monetary liability where their corporation, in its by-laws or otherwise, has eliminated or limited its directors’ personal liability for monetary damages for breaches of their duty of care. See, e.g., Arnold v. Society for Sav. Bancorp, Inc., 678 A.2d 533 (Del. 1996).

¹⁵ See, e.g., Del. Code Ann. tit. 8, § 102(b)(7).

¹⁶ Disney, 907 A.2d at 751 (internal quotation marks and alteration omitted).

¹⁷ Guth v. Loft, Inc., 5 A.2d 503, 510 (1939).

¹⁸ Stone v. Ritter, 911 A.2d 362, 369 (Del. 2006).

¹⁹ Id. at 370.

²⁰ Id. at 369.

²¹ Caremark, 698 A.2d at 970.

²² Id.

²³ Id.

²⁴ Stone, 911 A.2d at 373.

²⁵ Id. at 370.

²⁶ Sarbanes-Oxley, Pub. L. No. 107-204, 116 Stat. 745, § 301.

²⁷ Id.

²⁸ Disney, 907 A.2d at 748.

²⁹ In re Tri-Star Pictures, Inc. Litig., 634 A.2d 319, 333 (Del. 1993) (internal quotation marks omitted).

³⁰ Cinerama, Inc. v. Technicolor, Inc., 663 A.2d 1156, 1166 (Del. 1995) (internal quotation marks omitted). Often, directors’ liability for monetary payments will be covered by directors and officers liability insurance.

³¹ Stone, 911 A.2d at 369 (internal quotation marks omitted).

³² Guttman v. Huang, 823 A.2d 492, 506 (Del. Ch. 2003).

³³ Id.

³⁴ Stone, 911 A.2d at 369.

³⁵ Id. at 370.

³⁶ Id.

³⁷ In re Wells Fargo & Co. S’holder Derivative Litig., 282 F. Supp. 3d 1074, 1082 (N.D. Cal. 2017) (Wells Fargo).

³⁸ Id. at 1088.

³⁹ Id. (alterations omitted); see also id. at 1107–09.

⁴⁰ See Gantler v. Stephens, 965 A.2d 695, 705–06 (Del. 2006).

⁴¹ Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984).

⁴² Disney, 907 A.2d at 747 (internal quotation marks omitted).

⁴³ Id.

⁴⁴ Id.

⁴⁵ Id.

⁴⁶ Id. at 748 (internal quotation marks omitted).

⁴⁷ Id.

⁴⁸ Exchange Act §§ 21(a)(1), (d)(3), (d)(5), 15 U.S.C. §§ 78u(a)(1), (d)(3), (d)(5).

⁴⁹ Id. § 21(d)(2), 15 U.S.C. § 78u(d)(2).

⁵⁰ Securities Act § 24, 15 U.S.C. § 77x; Exchange Act §§ 13(a), 32(a), 15 U.S.C. §§ 78m(b)(4) and (5), 78ff(a). The securities laws define ‘knowing’ violations as being ‘aware’ that one is engaging in conduct, that circumstances exist, or that a result is substantially certain to occur, or having a firm belief of the same. 15 U.S.C. § 78dd-1(f).

⁵¹ Sarbanes-Oxley § 902(a), 18 U.S.C. § 1349.

⁵² See, e.g., Mary Jo White, Chair, US Securities and Exchange Commission, Address at the Stanford University Rock Center for Corporate Governance: A Few Things Directors Should Know About the SEC (23 Jun. 2014) (‘One question we are often asked is whether some of the things we are doing may actually discourage strong directors from serving on boards because of the risk that they may unfairly find themselves on the wrong end of an SEC enforcement action. While we do bring cases against directors, these cases should not strike fear in the heart of a conscientious, diligent director’).

⁵³ United States v. Sociedad Química y Minera de Chile, S.A., No. 1:17-cr-00013, Deferred Prosecution Agreement (D.D.C. 13 Jan. 2017).

⁵⁴ Exchange Act § 20(a), 15 U.S.C. § 17t(a).

⁵⁵ See, e.g., In re Mut. Funds Inv. Litig., 566 F.3d 111, 129–30 (4th Cir. 2009); Laperriere v. Vesta Ins. Group, 526 F.3d 715, 723–25 (11th Cir. 2008).

⁵⁶ Exchange Act § 20(a), 15 U.S.C. § 17t(a).

⁵⁷ U.S. Sec. Exch. Comm’n v. Nature’s Sunshine Prods., Inc., Civ. No. 2:09CV0672, Compl. (D. Utah 31 Jul. 2009).

⁵⁸ Id.

⁵⁹ SEC Whistleblower Program, Frequently Asked Questions, available at https://www.sec.gov/whistleblower/frequently-asked-questions#faq-1.

⁶⁰ SEC Whistleblower Program, 2019 Annual Report, available at https://www.sec.gov/files/OW_2019AR_FINAL_1.pdf.

⁶¹ ‘SEC Awards $450,000 to Whistleblower’, U.S. Securities and Exchange Commission (30 March 2020), available at https://www.sec.gov/news/press-release/2020-75.

⁶² Exchange Act § 10(A), 15 U.S.C. § 78j-1.

⁶³ See U.S. Fed. Sentencing Guidelines Manual § 8B2.1(b)(2)(A) (‘The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance program.’).

⁶⁴ Wells Fargo, 282 F. Supp. 3d at 1088, 1107–09.

⁶⁵ Shaev Profit Sharing Account v. Armstrong, C.A. No. 1449-N, 2006 Del. Ch. LEXIS 33, at *16 (Del. Ch. 13 February 2006).