The Blame Game (Understanding your Fiduciary Duties and Protecting against Personal Liability Claims)


Corporate & Finance Alert

June 2, 2009

Recently I spoke at the 105th Annual Convention of the New Jersey Bankers’ Association on the topic of key legal issues for bank directors. Although the subject matter was focused on directors of financial institutions, the issues discussed and the potential risks involved are generally applicable to the directors of middle market companies as well, particularly those who may have a wide shareholder base or shareholders not involved in the corporation’s operations. While serving on a board of directors may be a privilege, doing so imposes certain responsibilities and duties which if not properly carried out could lead to personal liability. When something goes wrong, shareholders and other constituents are quick to play the “blame game,” and as recent litigation demonstrates, directors can be a primary target.

As a society it seems we are often focused on finger pointing and finding someone to blame (and sue) when things go wrong. Shareholder derivative suits typically target officers and directors, and recent cases were brought involving Citigroup and AIG. These suits pose the risk of personal liability to directors.

In my presentation, I covered three primary areas:

  • Compliance Oversight
  • Corporate Governance
  • Evolving Fiduciary Duties


This area is certainly an area of importance to banks. However, companies operating in other regulated industries (health care and pharma for example) also need to be concerned with compliance. Directors should be generally familiar with any regulations that may impact their corporation, and should monitor compliance with such regulations.

Internal controls should be in place to ensure compliance (either through internal audit functions or external vendors). Directors should ask and consider whether the corporation has the processes, personnel, and control systems in place to ensure adherence to its internal controls. Do the persons responsible for implementing the internal audit programs report directly to the Board, or to a designated committee of the Board? Does the Board or such Committee have the sole power to direct their activities? Maintaining independence is critical to the process and all reports prepared by the audit staff should be filed directly with the Board and not through any intervening party.


Corporate governance in general continues to be a hot topic. Privately held companies, if they have not already done so, should consider voluntary implementation of Sarbanes-Oxley provisions as best practices. These include the following:

  • Audit Committees and Independent Auditors
  • Executive Compliance Committee
  • CEO and CFO Certification of Financial Reporting
  • Whistleblower Procedures
  • Internal Controls; Management Assessment of Internal Controls
  • Code of Ethics/Conflicts of Interest Policy

Compensation is a major focus, particularly in the financial industry and those institutions participating in the Troubled Asset Relief Program (TARP). In particular, those companies participating in the TARP Capital Purchase Program must abide by certain executive compensation standards that relate to corporate-risk taking, including “ensuring that incentive compensation for senior executives does not encourage unnecessary and excessive risks that threaten the value of the financial institution.”

The TARP standards include a three step process. First, the compensation committee must meet with the corporation’s senior risk officers to review each senior’s executive incentive compensation arrangements and verify that the arrangements do not encourage the executive to take risks that would threaten the value of the corporation. The second step requires annual reviews to determine whether each executive’s incentive compensation arrangements comply with the corporation’s risk management policies and procedures. In these first steps, the compensation committee and risk officers must identify and limit any features of the incentive compensation arrangements that could encourage unnecessary or excessive risks. The last step includes a certification by the compensation committee that it has completed these reviews and that it has made reasonable efforts to assure that senior executive incentive compensation arrangements do not encourage unnecessary or excessive risks.

At least in the financial industry, regulators simply do not want to see compensation programs that reward risk taking for short term gains. Even if your corporation is not participating in TARP-CPP, the Board should consider evaluating compensation policies in light of the TARP standards.


A significant portion of my presentation focused on the basic fiduciary duties of directors, as complying with these duties typically can provide a strong defense against certain assertions of personal liability against a director.

Most states have enacted statutory provisions to address the duties of directors. The statutes in part have been derived from case law involving directors’ responsibilities, particularly in the acquisition context. Judicial discussion in this area frequently divides a director’s duty into two separate components: the duty of care and the duty of loyalty.

The duty of care requires directors to act in an informed, careful manner. The duty of loyalty requires directors to act in good faith, without self interest and in the best interests of the corporation and its shareholders. Subsumed in these duties is a duty to act in good faith and an oversight duty of the Board.

Business Judgment Rule

Fortunately for directors, there is a presumption that in making a business decision the directors of a corporation acted on an informed basis, in good faith and in the honest belief that the action taken was in the best interests of the corporation. The burden is on the party challenging the directors’ decision to rebut this presumption. The merits of the directors’ decision will not be substantively reviewed so long as the decision is made without self-dealing and in good faith while abiding by the duties of care and loyalty.

Duty of Care

The duty of care requires directors to act in an informed, careful manner, and includes the duty of a director to inform him or herself of alternatives prior to making a business decision based on all material information reasonably available. Delaware case law recognizes a “gross negligence” standard (New Jersey uses a simple negligence standard).

What all this means is that the Board needs to be informed and get appropriate information prior to making a decision. The Board does not need to be experts on all subjects – the Board can be protected by relying on reports and other information from Board committees or management, or by outside experts. When evaluating more significant decisions it is important to make sure the record – like minutes of a board meeting – reflects the time and effort expended by the Board in reaching its decision.

In a Delaware case, Smith v. Van Gorkom, 488 A.2d 858, 874 (Del. 1985), for example, the Delaware Supreme Court concluded that the decision of the board of directors of Trans Union Corporation to approve a cash-out merger was grossly negligent and not the product of an informed business judgment. Among other inadequacies, the court found that the Board (a) relied primarily upon the twenty minute oral analysis by the President of Trans Union’s merger transaction; (b) received no written documentation to support the adequacy of the price; (c) reviewed no valuations or opinions as to the fairness of the proposed transaction; and (d) failed to review any documents concerning the proposed merger.

On the other hand, in another Delaware case, Pogostin v. Rice, 480 A.2d 619, 627 (Del. 1984), the Delaware Supreme Court found that the directors had acted on an informed basis in rejecting a tender offer where (a) valuation studies, carefully prepared by outsiders, were presented to the Board; (b) a special committee of independent outside directors was formed to gather and analyze information; and (c) the Board carefully considered the information prior to making its decision.

Duty of Oversight

The duty of care has been expanded to include a duty to properly oversee company operations.

To establish oversight liability a plaintiff must show that the directors knew they were not discharging their fiduciary obligations or that the directors demonstrated a conscious disregard for their responsibilities such as by failing to act in the face of a known duty to act.

A bank Board, for example, is tasked with monitoring performance of the bank’s business and its operating, financial and other plans, strategies and objectives, as well as understanding the bank’s financial statements and monitoring the adequacy of its financial and other internal controls.

Fortunately, finding liability on a theory of a breach of a duty of oversight is a difficult task as demonstrated by the Citigroup case discussed below.

Duty of Loyalty

The duty of loyalty requires directors to act in good faith, without self interest and in the best interests of the corporation and its shareholders. This duty includes both an affirmative duty to protect the interests of the corporation and an obligation to refrain from conduct that would injure the corporation and its shareholders.

The duty of loyalty is breached when a director uses his or her corporate office to promote, advance or effectuate a transaction between the corporation and such director (or an entity in which the director has a substantial economic interest, directly or indirectly) and that transaction is not substantively fair to the corporation.

Some examples of transactions implicating the duty of loyalty are as follows:

  • Contracts between the corporation and a director (or an entity in which the director has an interest)
  • Usurpations of corporate opportunity
  • Competition by directors with the corporation
  • Use of corporate office, property or information for purposes unrelated to the best interests of the corporation
  • Failure of a director to act in the face of a known duty to act

Conflicts of interest, however, do not automatically result in a breach of the duty of loyalty. Generally speaking, to the extent that the interested directors are excluded from the decision-making process, the decision of the entire board may remain protected under the business judgment rule. When determining the propriety of the director’s conduct and the validity of the particular transaction, consideration must be given to the manner in which an interested director handles a conflict and the process invoked to insure fairness to the corporation and its shareholders. Of course each situation may be different (and each state’s laws can vary on this) and directors should tread carefully and with the advice of counsel when dealing with conflict situations.

Duty of Good Faith

Embedded in the duty of loyalty is a duty of good faith which requires that directors act honestly, in the best interests of the corporation, and in a manner that is not knowingly unlawful or contrary to public policy. There is a general presumption of good faith. To overcome this presumption one must show that the Board’s decision was so egregious or irrational that it could not have been based on a valid assessment of the corporation’s best interests.

Potential Liability

When directors breach their duties of care, good faith, or loyalty, personal liability may be imposed. Potential liability includes monetary damages and equitable relief (for example, unwinding a transaction or an injunction). This is where directors have a target on their backs and the “blame game” comes in.

Fortunately there are defenses and Boards can take appropriate steps to minimize the risk of any personal liability. As mentioned above, if the Board has followed the proper procedures to gain the benefit of the business judgment rule, and there is no bad faith or breach of a duty of loyalty, the Board’s business decision will not be second guessed. D&O insurance may also provide some comfort to directors.

In addition, depending on its state of incorporation, Boards are entitled to rely on certain information provided by others. Delaware law for example provides that a director “shall, in the performance of such [director’s] duties, be fully protected in relying in good faith upon the records of the corporation and upon such information, opinions, reports or statements presented to the corporation by any of the corporation’s officers or employees, or committees of the board of directors, or by any other person as to matters the [director] reasonably believes are within such other person’s professional or expert competence and who has been selected with reasonable care by or on behalf of the corporation.”

Most state laws also permit a corporation to limit a director’s personal liability by including certain provisions in its charter documents, however such laws typically prohibit limiting liability arising from a breach of loyalty or receipt of an improper benefit. Delaware law provides that a certificate of incorporation may include a provision limiting a director’s personal liability for monetary damages due to a breach of fiduciary duty, provided that the provision cannot limit liability “(i) For any breach of the director’s duty of loyalty to the corporation or its stockholders; (ii) for acts or omissions not in good faith or which involve intentional misconduct or a knowing violation of law; (iii) under § 174 of this title [unlawful payment of a dividend]; or (iv) for any transaction from which the director derived an improper personal benefit.”


In a recent Delaware case analyzing a Boards’ duty of oversight, shareholders of Citigroup, Inc. brought a derivative lawsuit seeking to recover from Citigroup’s current and former officers and directors, Citigroup’s losses arising from exposure to the subprime lending market.1

The plaintiffs claimed the directors breached their fiduciary duties by failing to properly monitor and manage the risks Citigroup faced from problems in the subprime lending market and for failing to properly disclose Citigroup’s exposure to subprime assets. They claimed the Board ignored extensive red flags in pursuit of short term profits and at the expense of the company’s long term viability. They also alleged corporate waste for approval of the former CEO’s severance package.

The Chancery Court looked to prior case law, and in particular the Caremark case2, to analyze whether the Board breached its duty of oversight. The court noted that the “red flags” presented by the plaintiffs amounted to nothing more than public documents reflecting a worsening economy and subprime mortgage market. The generalized information, including the decline of the housing market, a rise in foreclosure rates, bankruptcy filings for subprime lenders, and reported losses by Citigroup’s peers, was not enough to support a claim that the directors knew of any wrongdoing at Citigroup or that they “consciously [disregarded] a duty somehow to prevent Citigroup from suffering losses.”

The court distinguished this case from a case involving claims against AIG directors which was decided shortly before the Citigroup case. In AIG, the directors were being accused of financial fraud involving high level management at AIG. In the court’s view, in the Citigroup case the directors were not being accused of fraud but of making the wrong decision. The court dismissed the breach of duty of oversight claims against the directors, holding that they did not claim sufficient facts. The chancellor’s opinion is chock full of good quotes and other dicta which are helpful and should give comfort to Boards’ who act in good faith and in a well informed, well-intentioned manner.


As I stated at the outset, we are a blame focused society, and when a corporation’s value decreases, management and the Board are often targets of the shareholders. The foregoing is a lot to digest, but hopefully will help directors to better understand their duties and liabilities, and to protect themselves from being an unwitting participant in the “blame game.” Following are some “take aways” that highlight some of the points made in my presentation:

  • Review internal controls for risk.
  • Ensure proper training programs are in place.
  • Investigate warning signs and document the monitoring and investigatory activities of the Board.
  • Establish specialized committees to review risk exposure in certain areas and to report back to the Board.
  • Minutes of Board meetings should reflect the time and effort spent by the Board in conducting its oversight.
  • Review compensation plans in the context of risk management and risk oversight – avoid compensation schemes which reward excessive short-term returns or risk-taking.
  • Be and stay well informed – Consider asking for periodic reports and tutorials by management and outside consultants.
  • Seek Board candidates with directly relevant industry or business expertise.
  • Private companies should consider implementing SOX best practices.
  • Review D&O coverage.
  • Board decisions made in an informed manner, in good faith and in the belief that the action is in the best interests of the corporation should be protected.

In addition, below are some guidelines and best practices a Board should consider when weighing a significant decision:

  • The directors should be provided with sufficient information concerning the matters to be decided upon.
  • The directors should critically examine the information available to them for positive and negative implications.
  • The directors should be given sufficient time to evaluate the information. Proposals should not be hastily accepted or rejected.
  • The Board should secure independent expert advice, for example, legal counsel, investment advisor or independent public accountant or actuary and the written advice of the chief financial officer or president.
  • The procedures followed by the Board in its deliberations should reflect appropriate concern for any personal interest on the part of any director.

The information contained in this article is intended to supply general information and is not intended to provide legal advice. All those interested in assessing their own potential liability and understanding their duties are strongly encouraged to discuss their particular circumstances with legal counsel and other professional advisors. 

1 In Re Citigroup, Inc. Shareholder Derivative Litigation, Civil Action No. 3338-CC (Court of Chancery of the State of Delaware).

2 In re Caremark Int’l, 698 A.2d 959, 967 (Del. Sup. Ct. 1996).