The September 9 Department of Justice release of guidelines on corporate prosecution is a significant development that should be taken seriously by governing boards across industry sectors. The new guidelines, with their substantially increased focus on individual accountability, will likely affect the board’s approach to legal compliance, internal investigations and interaction with management on matters of regulatory concern. An attentive, yet measured response would be consistent with the board’s fiduciary duty of care.

The guidance, presented in the form of a memo to federal prosecutors from Deputy Attorney General Sally Quillan Yates, concentrates on seeking individual accountability for corporate wrongdoing. The guidance incorporates six key steps to be pursued in any DOJ investigation of corporate conduct: (i) condition eligibility for corporation credit on disclosure of what the corporation knows about individual misconduct; (ii) focus on individual conduct from the inception of any investigation; (iii) enhance communication between civil and criminal prosecutors handling investigations; (iv) resolution of allegations against the corporation will not, except in extraordinary circumstances, provide liability relief for any individuals; (v) corporate cases should not be resolved before deciding how to resolve related individual cases; and (vi) an individual’s ability to pay should not be a factor in determining whether to pursue civil actions against individuals.

While DOJ’s expectation is that the guidelines will incentivize both individual and corporate behavior, its concentrated focus on individual accountability is unmistakable. The governing board, as the body ultimately responsible for organizational compliance with laws – as well as for the supervision of management and the protection of the corporate reputation – will be expected to take action to address this expectation. In this regard, the board should also take into consideration the recent DOJ announcement that it is appointing a specific “compliance counsel” to assist prosecutors by reviewing the effectiveness of compliance plans of companies targeted for investigation.

In doing so, boards should understand that the new guidelines are not simply a restatement or re-emphasis of standard government policies. Nor is the attention they are receiving a function of legal community hyperbole. Rather, they reflect a significant shift in governance enforcement policy that focuses on individual wrongdoers, and not just their corporate employers. The seriousness of the new policies reflect the realities of political influence, and ultimately, electorate concern with respect to holding individuals responsible for corporate wrongdoing where it is appropriate to do so. Given these factors, it would be quite difficult for a corporate board to dismiss or marginalize the implications of the guidelines (e.g., on a “they’re after the Wall Street bankers” perspective.) Basic duty of care principles, as well as emerging risk management principles, argue for an attentive and focused board response. Note that the guidelines apply to both criminal AND civil matters.

Thus, a proper board response could have both organizational and individual-focused aspects. From an organizational perspective, the board (or its audit committee), may wish to review such matters as the adequacy of resources applied to legal and regulatory compliance activity; the hierarchical prominence and authority of the general counsel; the compliance-based education provided to executives and employees; protocols for the conduct of internal investigations; and the mechanisms by which legal and compliance risk is communicated to the board.

From an individual perspective, the board may wish to revisit the adequacy of the organization’s “D&O” insurance, indemnification and defense expense advancement rights extended to employees – and any limitations thereon. It should anticipate executive requests for greater legal support when dealing with transactions with complex legal and regulatory implications. The audit and other committees may make themselves more available to address executive level concerns regarding the organizational risk profile. Compliance-focused goals could be incorporated into executive incentive compensation plans. The general counsel could be directed to maintain a list of competent defense counsel available to represent corporate employees in the event of investigation. There should no confusion as to the fact that the general counsel represents the organization, and not the individual officers and directors in their personal capacity.

As part of its response, the board should also anticipate the potential for increased sensitivity – in multiple respects – from the management team, as they become aware of the potential that, in investigations, “cooperation” may mean actively assisting the government’s investigating and prosecuting members of management. An open question is whether the guidelines will have a “chilling effect” on informed risk taking by management, or otherwise reduce management’s appetite for strategic initiatives that may involve a heightened level of legal risk.

A more subtle, and certainly discreet board response would be to review the completeness of its emergency and permanent executive succession plans, even assuming the remote possibility of an extreme result.

DOJ’s new fraud enforcement guidelines should prompt the attention of boards of all corporations, not just those of Wall Street firms. While the guidelines reflect a specific focus on individual accountability, they speak to a broader concern with corporate wrongdoing; both are significant issues that require the attentiveness, and prudent response of, the governing board.

In all respects, the board must be measured in its response to corporate cooperation-related concerns. It should understand that, DOJ’s focus notwithstanding, not all alleged corporate crime involves individual culpability. And even where such suggestions arise, it is not axiomatic that high level management is involved. (Indeed, it is quite possible that senior management may be uninvolved in, or unaware of, the alleged wrongdoing.)

Michael W. Peregrine, a partner at McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties, and officer-director liability issues. His views do not necessarily reflect the views of McDermott Will & Emery or its clients. He would like to thank his partner, Joshua T. Buchman, and his associate, Kelsey Leingang, for their material contributions to the preparation of this article.