 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Prepared Witness Testimony The House Committee on Energy and Commerce
The Financial Collapse of HealthSouth
Subcommittee on Oversight and Investigations
Mr. Gregory Wallance
Mr. Wallance submitted his testimony in Adobe Acrobat format. You can download the PDF version here. Below is the extracted text from Mr. Wallance's testimony. No attempt has been made to format this testimony. Thank you Chairman Greenwood, Members. My name is Gregory J. Wallance. I am currently a partner at Kaye Scholer LLP, a New York based law firm. I served for five years as an Assistant United States Attorney in the Eastern District of New York. My practice currently involves white collar defense representation of both individuals and corporations, internal investigations and advising corporations on corporate compliance. I also lecture and write on corporate governance and compliance. I am grateful for the opportunity to appear before this Committee to address the issue of the role and responsibility of a board of directors of a corporation in assuring that the corporation's activities fully comply with the law. Recently, I had the privilege of serving as a member of the Ad Hoc Advisory Group to the United States Sentencing Commission on the Organizational Sentencing Guidelines, whose recent report addresses this issue. As background, the Sentencing Commission deserves a great deal of credit for, in effect, revolutionizing the field of corporate compliance. In 1991, the Commission promulgated the organizational sentencing guidelines ("OSG"), also known as the Chapter 8 guidelines, to govern the sentencing of organizations for most federal criminal violations. The OSG became effective on November 1, 1991. They provide incentives for organizations to report violations of law, cooperate in criminal investigations, discipline responsible employees and take the steps needed to prevent and detect criminal conduct by their agents. A critical feature of the OSG 1Dan K. Webb & Steven F. Molo, Some Practical Considerations in Developing Effective Compliance Programs: A Framework for Meeting the Requirements of the Sentencing Guiudelines, 71 Was. U.K.Q. 375 (1993). 2 30747042.WPD was the creation of a sentencing credit for organizations that put in place "effective programs to prevent and detect violations of law." For organizations that have no such program, the OSG mandate high fines, in some instances, dramatically so. The OSG described 7 steps that an organization could take to implement such a program, including the use of auditing and monitoring systems, dissemination of compliance materials, and means for employees to report violations of law without fear of retaliation. Although such a compliance program is not a legal obligation, corporations began implementing them. One commentator noted that, "without question, the organizational sentencing guidelines 'greatest practical effect thus far is to raise the business community's awareness of the need for effective compliance programs."1 The OSG even shaped corporate governance law. In 1995, the Delaware Chancery Court, in In re Caremark Litigation, approved settlement of a shareholder derivative suit alleging that the Caremark directors had breached their duty of care by failing to supervise the conduct of Caremark's employees. In doing so, the court emphasized the importance of the role and responsibility of the board of directors to assure that the corporation functions within the law to achieve its purpose. The Chancery Court stated that the OSG "offer powerful incentives for corporations today to have in place compliance programs to detect violations of law, promptly to report violations to appropriate public officials when discovered and to take prompt, remedial efforts." The Court distinguished a prior opinion that arguably could be read to state that directors have no responsibility to assure that adequate reporting systems are in place, by stating: "Any rational person attempting in good faith to meet an organizational governance 2In re Caremark Int'l, 698 A.2d 959, 970 (Del. Ch. 1996). 3 30747042.WPD responsibility would be bound to take into account this development and the enhanced penalties and the opportunities for reduced sanctions that the federal sentencing guidelines offer."2 On the tenth anniversary of the OSG, the Sentencing Commission announced the formation of the Advisory Group. We were empaneled in February 2002. The Group consisted of 15 lawyers, former prosecutors and Department of Justice officials, academics, compliance professionals and a United States Attorney, all with wide experience in corporate governance and compliance programs. The Advisory Group was tasked with reviewing the general effectiveness of the guidelines for sentencing corporations, with special emphasis on the application of the criteria for an effective compliance program. We were asked to submit a final report to the Commission in 18 months. The Advisory Group sought and reviewed information from a variety of sources, both in written statements and at a public hearing. Two factors were especially influential in shaping our report. One was simply the passage of time. In the 10 years since the OSG became effective, a great deal of experience had been gained in designing and implementing compliance programs. The other was that the formation of the Advisory Group coincided with the corporate scandals involving Enron, Worldcom and other companies, which greatly contributed to the public's lack of confidence in the capital markets. The scandals also led to significant legislative and regulatory changes affecting corporate governance and compliance. The Advisory Group delivered its report to the Sentencing Commission on October 7, 2003. The report, 138 pages in length with 444 footnotes, contains an appendix setting forth the recommended OSG compliance criteria. The report is notable for several important proposals. 4 30747042.WPD First, the Advisory Group recommended that the Sentencing Commission promulgate a stand-alone guideline, §8 B2.1, defining "an effective program to prevent and detect violations of law." Currently, the criteria for such a program is in the Chapter 8 guidelines' commentary. The recommendation was intended to give the compliance criteria for an effective program special emphasis and visibility. Second, in the proposed new guideline, the Advisory Group proposed, inter alia, the following changes to those criteria: . emphasizing the importance of an organizational culture that encourages an organizationalwide commitment to compliance with the law. . provision of a definition of "compliance standards and procedures." . specification of the responsibilities of an organization's governing authority and organizational leadership for compliance. . providing adequate resources and authority to individuals with responsibility for the implementation of the program. . revision of the current terminology "propensity to engage in violation of law," which has been the source of considerable confusion in the past. . inclusion of training and dissemination of compliance training materials and information as a criteria for an "effective program." . requiring as part of monitoring and auditing the "periodic evaluation" of the effectiveness of the compliance program. . a mechanism for anonymous reporting. . on-going risk assessments as part of the implementation of an effective program. Third, the Ad Hoc Group recommended modifications to the OSG to clarify under what circumstances a waiver of the attorney-client privilege and work product protections is required for an organization to receive credit for cooperation with law enforcement. 3 See the role of the Board of Directors in Enron's collapse, S. Rep. No. 107-70(2002). 4 Most commentary received by the Advisory Group supported adding specific references to the guidelines to amplify the role of the governing authority, providing direct access between the governing authority (or one of its committees) and a company's compliance officer, to ensure prompt and unfiltered communications. 5 As defined in commentary to this proposed guideline and Application Note 1, the "governing authority" of an organization is "(A) The Board of Directors or (B) if the organization does not have a Board of Directors, the highest level governing body of the organization." 5 30747042.WPD Of special interest to this committee are the Advisory Group's recommendations regarding the role of the "governing body" -- in most cases a board of directors -- in assuring that the corporation complies with the law. In virtually all of the recent corporate scandals, the alleged malfeasance occurred at the senior management end/or governing authority level. Even where there was no actual malfeasance by members of the governing authority, there were often instances of negligence.3 As a result of the foregoing, the Advisory Group concluded that the current absence in the OSG of any discussion of the role of the governing authority needed to be addressed. In effect, the obvious needed to be stated: ultimately, the governing authority is responsible for the activities of the organization.4 It can only perform this function if its members are reasonably educated about the business of the organization and actively engaged in compliance oversight. The Advisory Group therefore proposed a new guideline defining the compliance roles of the organizational leadership at three levels: (1) members of an organization's governing authority, which generally means the Board of Directors;5 (2) executives comprising an organization's managerial leadership; and (3) one or more individuals having primary, day to day responsibility for the organization's program to prevent and detect violations of law. To quote from the proposed 6 30747042.WPD guideline: . "The organizational leadership shall be knowledgeable about the content and operation of the program to prevent and detect violations of law." . "The organization's governing authority shall be knowledgeable about the content and operation of the program to prevent violations of law and shall exercise reasonable oversight with respect to the implementation and effectiveness of the program to prevent and detect violations of law." . "Specific individual(s) within high-level personnel of the organization shall be assigned direct, overall responsibility to ensure the implementation and effectiveness of the program to prevent and detect violations of law. Such individual(s) shall be given adequate resources and authority to carry out such responsibility and shall report on the implementation and effectiveness of the program to prevent and detect violations of law directly to the governing authority or an appropriate subgroup of the governing authority." As to the top level body in charge of organizational affairs, i.e., the Board of Directors, the proposed guideline states that the Board should be knowledgeable about the content and operation of the organization's compliance program. The Board's knowledge about program features and operations should include, inter alia, practical management information about the major risks of unlawful conduct facing their organization; the primary compliance program features aimed at counteracting those risks; and the types of problems with compliance that the organization and other parties with similar operations have encountered in recent activities. Significantly, the proposed guidelines do not specify the fact finding procedures or methods that members of a governing authority should use in acquiring this type of information. The proposed guidelines leave to the particular organization the choice of methods to gather and deliver information to governing authority in a manner that best fits the organization's overall operations. Under our proposed guideline, the governing authority should exercise reasonable oversight with respect to the implementation and effectiveness of the program. This obligation recognizes 7 30747042.WPD that such oversight is a key part of the duties of top level organizational officials. Effective management requires that a Board of Directors, for example, be proactive. They must seek information about compliance programs, evaluate such information when received, and monitor the implementation and effectiveness of responses when compliance problems are detected. For example, the governing authority of the organization or some appropriate subgroup (such as an audit committee) should receive periodic reports from the person or persons in high level management with direct, overall responsibility for an organization's compliance program. The Advisory Group's report envisions that a board of directors would hear from such persons periodically as to the nature, progress and success of the compliance program without the potential filtering or censoring influence of senior organization managers. In cases of actual or apparent involvement in, or support for, illegal conduct by top level organizational executives, our report suggests that the head of the organization's compliance program should take steps to ensure that the course of this behavior are made directly known to the organization's governing authority, or an appropriate subgroup of the governing authority, or the organization's qualified legal compliance committee. In addition, as described in the proposed new commentary at §8B2.1 Application Note 3 (B), the governing authority or an appropriate subgroup, periodically should receive information on the implementation and effectiveness of the compliance program from the individual or individuals with day-to-day operational responsibility for the program. Direct contact with those who have such day- 6As stated in the Report at p. 61, "Typically, however, members of a governing authority will gain information on the features and operations of a program to prevent and detect violations of law through reports from senior organization managers or other experts (in large organizations), or through information about program features and operations gained in the course of day-to-day management and oversight of related organizational activities (in small organizations). The proposal anticipates that members of a governing body will update their information about program features and operations periodically. This update would occur at least annually, and more frequently when legal changes or shifts in organizational activities raise new compliance risks for the organization." 7The Conference Board Commission on Public Trust and Private Enterprise, Findings and Recommendations, Part 2: Corporate Governance (January 9, 2003) p.9. 8 30747042.WPD to-day responsibility will, for example, help the governing authority more effectively assess the adequacy of resources being made available to the program.6 In making these recommendations, we do not think that we were breaking new ground. More than 7 years ago, the In re Caremark decision had defined the role of the board of directors in substantially the same terms. More recently, the Conference Board's Commission on Public Trust and Private Enterprise stated in a similar manner: In fulfilling its oversight function, boards must monitor management's operating performance as well as ethical and legal compliance. In approving strategies, boards need to understand, among other things, the corporation's capital allocation, debt levels, risks and vulnerabilities, compensation strategy and growth opportunities. Importantly, they must engage management on the central issues facing the company and have a firm grasp on the tradeoffs that lie at the heart of a corporate enterprise.7 Unfortunately, over the past two years we have learned the hard lesson 9 30747042.WPD that lessons can never be learned enough. We therefore hope that the Advisory Group's report will be of assistance to the Commission as it considers amendments to the OSG and to this Committee in the course of its investigations. Thank you.
|
|||||||||||
|
