Corporate Governance and Compliance Readiness Seminar: New Challenges for Corporations and Their Lawyers

Speech by Thomas C. Baxter, Jr., on The New Governance and Compliance Challenges for Corporations—Empowering Lawyers to Meet Them

Good Morning, Ladies and Gentlemen, and welcome to the "Corporate Governance and Compliance Readiness Seminar: New Challenges for Corporations and Their Lawyers". I am Thomas Baxter. I serve as General Counsel and Executive Vice President of the Federal Reserve Bank of New York, and also as President of the New York Chapter of the Association of Corporate Counsel, one of the sponsors of today's program. My introductory remarks this morning are personal and do not necessarily reflect the views of the Federal Reserve or ACC. I will focus on our principal topic—the new governance and compliance challenges facing corporations.

Before turning to these "new" challenges, let me spend a few moments acknowledging that the "old" challenges facing corporations have not disappeared. We still need to confront and resolve them, and if anything, they have become more difficult.

I suspect this is why many of us feel that we work harder and longer than our predecessors. We do. Two decades ago, a corporation needed lawyers to inform it about the content and application of the laws in the places where it conducted business. The corporation would then ordinarily conform its operations to the advice received.

Corporate law departments today perform this traditional function, and it remains essentially unchanged. What has changed, however, is the business atmosphere. Today, business has become more complex, and the content of the law that applies to this more complex business is also more complicated. At the same time, corporations today are likely to conduct their business in more places than they did 20 years ago. Because all law is territorial, we have not only more complicated laws, but also more laws to apply.

Another more complicated "old" challenge for corporations is the challenge of litigation. Corporations two decades ago were the object of lawsuits, just like today. The role of corporate counsel with respect to such litigation is not much different than before: the corporate lawyer today is expected to arrange for representation and to supervise litigation affecting the company. But today, the plaintiffs' lawyers are better and smarter, and the theories of recovery more sophisticated. In addition, American-style litigation seems to be something we have successfully exported, much like (and please excuse the comparison) American television.

Corporations today depend on their lawyers to confront and resolve these old challenges, just as they always have. Yet while we continue to perform these traditional roles as corporate counsel, there has also been what I see to be a dramatic change in the business environment. This dramatic change, which can also be a great opportunity, has brought with it new governance and compliance challenges. To highlight the change first, let us compare a few cases "ripped from the headlines" of yesterday with some of the cases that are in the media today.

In the headlines of yesterday, we saw Johnson & Johnson weather the storm of controversy relating to a malefactor who was able to poison a company product, Tylenol. We also saw Union Carbide and Exxon deal with crises occasioned by environmental disasters. In all three of these prominent corporate crises, the shocks to the affected companies were not caused by actions in the boardroom. To the contrary, these shocks were caused by factors that had little to do with the way the affected companies were governed. Malefactors and inattentive employees caused these problems of yesterday.

Compare these incidents with Enron, Adelphia and Worldcom, three companies in today's headlines. These companies were brought to bankruptcy not by external factors, but by the internal machinations of individuals working at the highest corporate levels. The people who caused crises for these companies were largely insiders, and not one was a stranger in the board room. And these are only three examples. You know that there are many others.

The experiences of companies like these are symptomatic of a clear and different danger. In the past, companies could be buffeted by external shocks like the emission of a toxic gas from an overseas plant, or oil from a tanker that soils a pristine wilderness area. In contrast, more recently, companies' senior management seem to be causing their firms to commit what might be considered commercial suicide. As I see the situation, many governance and compliance challenges involve preventing the senior officials in a public company from acting on a suicidal tendency.

There are many who would blame today's challenges on legislation like Sarbanes-Oxley. These individuals will mention the name of the legislation and roll their eyes to indicate that the new challenges of today are simply the result of a misguided Congress. These people are wrong. Sarbanes-Oxley was a reaction by our elected representatives to a constituency - the American people - who were mad as hell at the suffering that resulted from what I have characterized as corporate suicides.

The "new" challenges facing corporations relate not just to Sarbanes-Oxley compliance or any one of its implementing regulations. Rather, the new challenges relate to the broader issues of how corporations can govern themselves better and how corporate officers are to behave going forward.

Our new governance and compliance challenges all relate to this fundamental failure to effectively manage compliance and reputational risk. I find it telling that many of the senior executives who drove their companies to suicide felt that they were acting just within some legal rule. In some cases, there were elaborate explanations propounded by legal and other experts that would enable wrong-minded officials to feel comfortable about such a conclusion. Of course, it was also clear that many of these detailed structures were designed in derogation of the values underlying the detailed rule. Values simply did not matter, because values just were not important - the corporate culture was to achieve compliance with the letter of the rule, and nothing more.

The business environment today is very different than the environment just five years ago. From my perspective, the difference relates to the close relationship between corporate reputation and corporate culture. Let me give a few examples from the world that I know the best, the financial services world. Five years ago, a financial services firm could engage in complex structured financial transactions with a counterparty, and the firm would concern itself with the legal and accounting rules that applied to the firm itself—not to the rules affecting its counterparty. In the environment of the time, the financial services firm was not seen as its brother's keeper.

By contrast, today, there are "appropriateness" committees in many of the leading firms which did not exist before. One of the principal tasks of these committees is to assure that the firm does not inadvertently assist a counterparty in issuing a financial statement that does not fairly represent the counterparty's true financial condition, an objective that might be achieved through one of these complex structured financial products. In the new business environment, which is geared more toward broader corporate values as opposed to skirting particular rules, this is deemed to be "inappropriate". An inappropriate transaction, even if in full compliance with legal and accounting rules, is a transaction that is wrong and should not be done. It should not be done because it is seen to be inconsistent with the financial services firm's evolving corporate culture. In this evolving culture, an unethical transaction is bad business.

The new challenges in corporations today include what we have loosely labeled governance and compliance challenges. Because reputational risk is so important, someone in senior management needs to be the champion of the company reputation. In many leading corporations, the General Counsel or the Chief Legal Officer is expected to be the champion of the corporate reputation and an ethical culture. I do not mean to suggest that the CEO and the CFO are unimportant in setting the tone at the top. They, and the remainder of the senior management team, must work together to set that tone. In my view, however, you also need a person who has an understanding not only of the rules that apply to the company's business, but also the values underlying those rules. The ideal person should have an understanding of all material business activities and an appreciation of what is being done in those material activities. This person is often the General Counsel.

The board of directors is the highest constituent body of the American corporation. This is not new, yet many of us would acknowledge that few boards seemed to operate this way. Today, outside directors understand that their duty of care includes a duty to pay attention to the conduct of senior management, especially when the interests of the senior management might diverge from the interests of the shareholders. In a sophisticated corporation, the outside directors need to rely upon someone who can help them to perform their supervisory function. Whom can they rely on? Increasingly, the person is the General Counsel.

I do not believe that directors expect or want the General Counsel to be running to them about insignificant disagreements. Conduct of this nature would be deleterious to effective team building and would suggest an absence of trust that is likely over time to make the lawyer out-of-touch and ineffective. What I believe board members expect is a General Counsel who has the legal, business and communication abilities sufficient to help senior management get to "yes", but with the courage and backbone to say "no" when a material compliance or reputation issue is at stake. At a minimum, this "no" should stay in place until the board of directors resolves the disagreement.

The new challenges related to compliance and governance, therefore, are challenges sure to involve corporate counsel. These new challenges come along with all the old challenges that we have had to address.

Our conference today proceeds from the starting point that we have old challenges and new ones. And, we also proceed with a belief that it is important to be empowered to cope with the new challenges. How can we as corporate counsel become so empowered?

First, the place to start is with yourself. You need to see the new challenges, and you need to own their resolution. Your role is not just giving legal advice. You need to see your role more broadly, as a legal and reputational risk manager. You need to view yourself as the champion of the company's ethics, and you need to be a key player in setting the tone at the top.

In this regard, let me tell you about a behavior that I loathe. I loathe corporate lawyers who whine about Sarbanes-Oxley requirements and cry about everything from SOX certifications to a belief that it is undermining the attorney/client privilege. Stop whining and start working. Sarbanes-Oxley is a reaction to a problem, and whining will not get the problem fixed. Action is what is needed, and corporate counsel should take the lead. I believe the leadership of the corporate bar ought to gather and declare in a loud clear voice, "this is our problem and we will fix it".

Second, we need to marshall our ability to be both independent and informed to create a unique and powerful role in our senior managements. Let me explain.

A corporation's directors need to rely on someone who is involved in the company's day-to-day activity. Auditors, who report to the audit committee, may well be the champions of internal controls. But the structural independence required of auditors - which is hardwired into legal standards as well - renders the auditor incapable of making a strong impression on ethics and the tone at the top.

Unlike independence for auditors and accountants, which is structural, a lawyer's professional obligation is judgment independence. A lawyer must be zealously aligned with his client's interests: a good corporate lawyer cannot be disconnected or separated from the client.

From my perspective, that judgment independence, combined with a role in senior management, makes the General Counsel the ideal champion of the corporation's culture and the master of the company's legal and reputational risk. As long as the General Counsel exercises judgment independence, he or she may supervise directly the company's compliance personnel and its ethics program. By being a part of senior management, the lawyer's independent judgment will be informed, warranting the strong support of the directors and the chief executive officer.

Third, the General Counsel is ideally suited to address the problem of senior corporate officials whose actions contradict the corporate culture and other good practice. The recent corporate scandals I mentioned at the beginning of this talk all started with senior corporate officials acting in their own interests. Who is best suited to address such individuals? The General Counsel, who can prove his or her utility by taking on that role. Again, being part of senior management is a strength, not a weakness. A member of your management team whose actions are heightening the company's legal or reputational risk may appreciate being informed of that fact - and coached to better performance - by a trusted colleague like the General Counsel.

Being empowered to address the new challenges as well as the old is easy to state but hard to execute. As corporate lawyers take on these new challenges, the risks of failure are clear and daunting. Given that the old challenges already were sufficient to create full time work for General Counsel, how can empowered corporate counsel possibly expect to get it all done? To make the matter even more unsettling, recent surveys of chief executive officers show a renewed interest that we better control the cost of legal services. How do we square the circle?

Our program today will seek to develop answers to these questions, mindful of the fact that we cannot expect to be empowered with a blank corporate check. In meeting our new governance and compliance challenges, we must become more efficient and do more with less. Efficiency may come in how we handle our new challenges, and it may also come in how we resource for the old.