By Amy J. Sepinwall
On September 19, Senator Chuck Grassley (R-IA) issued a press release stating that the bipartisan authors of a 2015 landmark criminal justice reform bill were preparing to reintroduce that legislation. The Sentencing Reform and Corrections Act of 2015, to which Sen. Grassley will grant new life, was part of a widespread effort at criminal justice reform that appeared to have died with the 2016 election. A centerpiece of the effort would have clarified and enhanced the mens rea (or mental state) necessary for conviction: in the House version, a defendant could be convicted only if she knew she was engaged in criminal activity; the Senate version was even more defendant-friendly, requiring willful participation.
Criminal justice reform has a laudable overarching ambition—to reduce sentences and incarceration rates, especially for minor drug and firearms offenses. As Yale Law Professor Gideon Yaffe writes, this would benefit “those who are especially ill-treated by the criminal justice system: the poor and racial minorities.” But these efforts are being championed by some unusual suspects: Republican members of Congress, who don’t ordinarily vie for more leniency when it comes to street crime, and the Koch brothers, who also are not usually poster boys for the plight of the underclass, who are over-represented in criminal prosecutions, convictions and America’s prisons. Continue reading
by Peter Varlan
Despite the increase in cyberattacks and data breaches against large corporations, directors have avoided personal liability. In three recent data breaches—Wyndham, Target, and Home Depot—shareholders have unsuccessfully brought derivative claims against directors. These Caremark claims against directors have failed because oversight duties for cybersecurity are not yet specific enough to establish that directors deliberately breached a known duty of care.
The current protection that directors have enjoyed from cybersecurity-related Caremark suits may soon come to an end. New and pending regulations from the New York Department of Financial Services and the Federal Reserve System provide more specific cybersecurity guidance for corporations. Failing to comply with these more detailed regulations prior to a cyberattack may increase the possibility that directors will be held liable for violating their Caremark oversight duties. Accordingly, directors should familiarize themselves with these new regulations that are applicable to the corporations they serve, and develop best practices to both protect corporate data and inoculate themselves from personal liability. Continue reading
by Michael W. Peregrine
The recent release of substantive compliance program guidance by the Fraud Section of the Department of Justice (“DOJ”) provides an excellent opportunity for corporations to re-examine the effectiveness of their current internal compliance mechanisms. While the “Evaluation of Corporate Compliance Programs” (“the Guidance”) is not specific to the any particular industry, it provides a practical set of benchmarks that can be referred to throughout an organization and is of particular relevance to the board of directors (logically through its audit & compliance committee), in the exercise of its compliance oversight duties. Continue reading
by Michael W. Peregrine
Delaware court interpretations of the Caremark standard provide a daunting pleading barrier to derivative actions based on alleged breach of compliance oversight responsibilities. The Chancery Court’s October 18 decision in Reiter v. Fairbank is particularly notable for its thoughtful analysis of the duty of oversight. But corporate leadership should recognize that these decisions may not provide impenetrable protection to them, and to the corporation, from compliance-based liability exposure, especially in the current individual accountability environment. Continue reading