Https www caremark com startnow

Discussion Question

Rachel E. Barkow Segal Family Professor of Regulatory Law and Policy Faculty Director, Center on the Administration of Criminal Law New York University School of Law

Erwin Chemerinsky Dean and Distinguished Professor of Law Raymond Pryke Professor of First Amendment Law University of California, Irvine School of Law

Richard A. Epstein Laurence A. Tisch Professor of Law New York University School of Law Peter and Kirsten Bedford Senior Fellow The Hoover Institution Senior Lecturer in Law The University of Chicago

Ronald J. Gilson Charles J. Meyers Professor of Law and Business Stanford University Marc and Eva Stern Professor of Law and Business Columbia Law School

James E. Krier Earl Warren DeLano Professor of Law The University of Michigan Law School

Tracey L. Meares Walton Hale Hamilton Professor of Law Director, The Justice Collaboratory Yale Law School

Richard K. Neumann, Jr. Professor of Law Maurice A. Deane School of Law at Hofstra University

Robert H. Sitkoff

3

John L. Gray Professor of Law Harvard Law School

David Alan Sklansky Stanley Morrison Professor of Law Stanford Law School Faculty Co-Director Stanford Criminal Justice Center

4

5

6

Copyright © 2017 CCH Incorporated. All Rights Reserved.

Published by Wolters Kluwer in New York.

Wolters Kluwer Legal & Regulatory U.S. serves customers worldwide with CCH, Aspen Publishers, and Kluwer Law International products. (www.WKLegaledu.com)

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or utilized by any information storage or retrieval system, without written permission from the publisher. For information about permissions or to request permissions online, visit us at www.WKLegaledu.com, or a written request may be faxed to our permissions department at 212-771-0803.

To contact Customer Service, e-mail customer.service@wolterskluwer.com, call 1-800- 234-1660, fax 1-800-901-9075, or mail correspondence to:

Wolters Kluwer Attn: Order Department PO Box 990 Frederick, MD 21705

eISBN 978-1-4548-8713-3

Names: Miller, Geoffrey P., author. Title: The law of governance, risk management, and compliance / Geoffrey Parsons

Miller, Stuyvesant P. Comfort Professor of Law Director, Center for Financial Institutions Co-Director, Program on Corporate Compliance and Enforcement, New York University Law School.

Description: Second edition. | New York : Wolters Kluwer, [2016] | Series: Aspen casebook series

Identifiers: LCCN 2016044848 | ISBN 9781454881988 Subjects: LCSH: Corporate governance--Law and legislation--United States. | Risk

management--Law and legislation--United States. | Compliance. | LCGFT: Casebooks Classification: LCC KF1422 .M55 2016 | DDC 346.73/0662--dc23

LC record available at https://lccn.loc.gov/2016044848

7

http://www.WKLegaledu.com
http://www.WKLegaledu.com
mailto:customer.service@wolterskluwer.com
https://lccn.loc.gov/2016044848
About Wolters Kluwer Legal & Regulatory U.S.

Wolters Kluwer Legal & Regulatory U.S. delivers expert content and solutions in the areas of law, corporate compliance, health compliance, reimbursement, and legal education. Its practical solutions help customers successfully navigate the demands of a changing environment to drive their daily activities, enhance decision quality and inspire confident outcomes.

Serving customers worldwide, its legal and regulatory portfolio includes products under the Aspen Publishers, CCH Incorporated, Kluwer Law International, ftwilliam.com and MediRegs names. They are regarded as exceptional and trusted resources for general legal and practice-specific knowledge, compliance and risk management, dynamic workflow solutions, and expert commentary.

8

http://ftwilliam.com
To my parents

9

Contents Preface Introduction

Part I Governance Chapter 1 Shareholders Chapter 2 The Board of Directors Chapter 3 Executives

Part II Compliance Chapter 4 Introduction to Compliance Chapter 5 Internal Enforcement Chapter 6 Regulators Chapter 7 Prosecutors Chapter 8 Whistleblowers Chapter 9 Gatekeepers Chapter 10 Plaintiffs’ Attorneys Chapter 11 Information Security Chapter 12 Off-Label Drugs Chapter 13 Foreign Corrupt Practices Chapter 14 Anti-Money Laundering, the Bank Secrecy Act, and OFAC Chapter 15 Sexual Harassment Chapter 16 Ethics, Social Responsibility, and Culture Chapter 17 When Compliance Fails

Part III Risk Management Chapter 18 Introduction to Risk Management Chapter 19 Approaches to Risk Management Chapter 20 When Risk Management Fails Table of Cases Table of Authorities, Statutes, and Other Materials Index

10

Preface

Introduction

A. What are Governance, Risk Management, and Compliance? B. The Role of Attorneys C. Subject Areas

Part I Governance

OECD Principles of Corporate Governance Douglas M. Branson, Proposals for Corporate Governance

Reform: Six Decades of Ineptitude and Counting Basel Committee on Banking Supervision Consultative Document

—Core Principles for Effective Banking Supervision

Chapter 1 Shareholders

A. Pros and Cons of Shareholder Power Lucian Bebchuk, The Case for Increasing Shareholder Power Stephen M. Bainbridge, The Case for Limited Shareholder Voting

Rights B. Shareholder Proposals

SEC Rule 14a-8 C. Say on Pay D. Investor Activists E. Proxy Advisers

Chapter 2 The Board of Directors

A. The Full Board 1. Powers 2. Size 3. Tenure in Office

Sally Beauty Holdings, Inc. 2013 Proxy Statement

11

4. Qualifications a. Independence

NYSE Listed Company Manual §303A.02 b. Skills c. Diversity

5. Fiduciary Duties a. The Duty of Care

In re Citigroup Inc. Shareholder Derivative Litigation b. The Duty of Loyalty

In re Southern Peru Copper Corp. Shareholder Derivative Litigation

c. Caremark and the Duty of Oversight In re Caremark International Inc. Derivative Litigation Stone v. Ritter Rich ex rel. Fuqi Int’l, Inc. v. Yu Kwai Chong In re Pfizer Inc. Shareholder Derivative Litigation

B. Chairmen Hess Corporation 2013 Proxy Statement

C. Lead Directors Carlon Corporation Charter of the Lead Independent Director

D. Audit Committees E. Risk Committees

Greenbrier Corporation Risk Committee Charter F. Compliance Committees

Applied Bosonics Compliance Committee Charter G. Governance and Nominating Committees

NYSE Listed Company Manual, ¶ 303A.04: Nominating/Corporate Governance Committee

Klaassen v. Allegro Development Corporation H. Compensation Committees

1. General Considerations 2. Structure and Function

In re The Walt Disney Company Derivative Litigation 3. Consultants 4. The Role of Shareholders in Compensation 5. Compensation of Independent Directors

Chapter 3 Executives

12

A. Introduction B. The Management Team

General Electric Company Annual Report to Shareholders, for the Fiscal Year Ended December 31, 2012

C. Chief Executive Officer General Electric Company Annual Report to Shareholders, for the

Fiscal Year Ended December 31, 2012 D. Chief Financial Officer E. Chief Audit Executive

1. What Is Internal Audit? 2. How Does Internal Audit Work? 3. Best Practices

Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation Office of the Comptroller of the Currency Office of Thrift Supervision, Interagency Policy Statement on the Internal Audit Function and Its Outsourcing

Board of Governors of the Federal Reserve System, Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing

4. Vendors Board of Governors of the Federal Reserve System, Interagency

Policy Statement on the Internal Audit Function and Its Outsourcing

Board of Governors of the Federal Reserve System, Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing

F. Chief Compliance Officer Chief Compliance Officer

G. General Counsel H. The Chief Risk Officer I. Director of Human Resources

Part II Compliance

Chapter 4 Introduction to Compliance

A. What Is Compliance? B. Landmarks in the History of Compliance C. The Rise of the Administrative State

13

1. Increases in the Scope and Complexity of Regulation 2. From Judging to Administration

a. The Power to Establish Norms of Conduct SEC v. Chenery Corp. National Cable & Telecommunications Association v. Brand X

Internet Services City of Arlington v. F.C.C.

b. The Power to Determine Legal Rights Crowell v. Benson Atlas Roofing Co., Inc. v. Occupational Safety and Health Review

Commission Gray Financial Group, Inc. v. SEC Camp v. Pitts Ex parte Young Sackett v. Environmental Protection Agency

3. Enforcement Powers a. Power to Obtain Information

Donovan v. Dewey b. The Power to Impose Penalties

D. The Compliance Response E. The Compliance Industry

Chapter 5 Internal Enforcement

A. Introduction B. Compliance Policies C. Compliance Programs

Zambac Co. Compliance Program D. Hiring

1. Background Investigations 2. Use of Information

a. Arrests and Convictions Equal Employment Opportunity Commission, EEOC Files Suit

Against Two Employers for Use of Criminal Background Checks

b. Credit History E. Training F. Monitoring

1. Drug and Alcohol Testing

14

Texas Workforce Commission, Model Drug-Free Workplace Policy

2. Surveillance G. Investigations

1. Types of Investigations Miriam Hechler Baer, Corporate Policing and Corporate

Governance: What Can We Learn from Hewlett-Packard’s Pretexting Scandal?

2. Comparison of Internal Investigations and Government Investigations

3. The Role of Counsel 4. Disclosure 5. Enforcement Credit

Assistant Attorney General Leslie R. Caldwell Remarks at the Compliance Week Conference

Chapter 6 Regulators

A. Individual or Corporate Liability? Individual Accountability for Corporate Wrongdoing, Deputy

Attorney General Sally Quillian Yates B. Regulation of the Compliance Program

1. General Considerations 2. “Best Practice” Recommendations

Remarks by Assistant Attorney General for the Criminal Division Leslie R. Caldwell

3. Legislative and Regulatory Mandates Bank Secrecy Act Securities and Exchange Commission Final Rule: Compliance

Programs of Investment Companies and Investment Advisers 4. Compliance Terms in Settlements

Consent Order, In the Matter of: RBS Citizens, N.A. Consent Order, In the Matter of: HSBC Bank USA, N.A. United States v. International Brotherhood of Teamsters,

Chauffeurs, Warehousemen and Helpers of America, AFL-CIO C. Regulation of Compliance Officers

1. Requirements to Establish and Empower Compliance Officers Securities and Exchange Commission Final Rule: Compliance

Programs of Investment Companies and Investment Advisers

15

2. Obligations to Compliance Officers Securities and Exchange Commission, In the Matter of Carl D.

Johns 3. Liability of Compliance Officers

In the Matter of Judy K. Wolf Statement of Commissioner Daniel M. Gallagher on Recent SEC

Settlements Charging Chief Compliance Officers with Violations of Investment Advisers Act Rule 206(4)-7

In the Matter of Theodore W. Urban D. Oversight Liability

SEC, In the Matter of Steven A. Cohen United States v. S.A.C. Capital Advisors, LLP

E. Mitigation of Penalties EPA, Incentives for Self-Policing: Discovery, Disclosure,

Correction, and Prevention of Violations SEC, Report of Investigation Pursuant to Section 21(a) of the

Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions

F. Advice G. Admissions

SEC’s Memorandum of Law in Response to Questions Posed by the Court Regarding Proposed Settlement

SEC v. Citigroup Global Markets, Inc. SEC v. Citicorp Global Markets, Inc.

Chapter 7 Prosecutors

A. The Problem of Corporate Criminal Liability Samuel W. Buell, The Blaming Function of Entity Criminal

Liability B. The Decision to Prosecute

United States Attorneys Manual, Principles of Federal Prosecution of Business Organizations

C. Plea Bargains, Deferred Prosecution Agreements, and Non-Prosecution Agreements 1. Plea Bargains

United States Attorneys Manual, Principles of Federal Prosecution of Business Organizations

16

2. Deferred Prosecution and Non-Prosecution Agreements a. Nature and Rationale

United States Attorneys Manual, Principles of Federal Prosecution of Business Organizations

b. Contents Deferred Prosecution Agreement, United States of America v.

Aibel Group Limited c. Judicial Review

United States v. Fokker Services B.V. D. Sentencing

Federal Sentencing Guidelines, §8B2.1 Effective Compliance and Ethics Program

Chapter 8 Whistleblowers

A. Whistleblowers 1. Who Is a Whistleblower?

Testimony of Sherron Watkins Before the Oversight and Investigations Subcommittee of the House Energy and Commerce Committee

2. Encouraging Whistleblowing a. Tone at the Top b. Protections for Whistleblowers

Lawson v. FMR LLC c. Rewards and Bounties d. Mandatory Reporting

3. Whistleblower Policies OVB Inc. Whistleblower Policy

4. Responding to the Whistleblower Report of Investigation by the Special Investigative Committee of

the Board of Directors of Enron Corp. B. Qui Tam Actions

Darity v. C.R. Bard Inc. Department of Justice, Office of Public Affairs, C.R. Bard Inc. to

Pay U.S. $48.26 Million to Resolve False Claims Act Claims

Chapter 9 Gatekeepers

A. Introduction

17

Lincoln Savings & Loan Ass’n v. Wall B. Attorneys

1. Zealous Advocates or Public Servants? a. Lord Brougham, Dean Pound, and the Rules of Professional

Conduct b. The Kaye Scholer Affair

Harris Weinstein, Attorney Liability in the Savings and Loan Crisis

c. Lauren Stevens United States v. Stevens

d. Cahill Gordon Williams v. BASF Catalysts LLC

2. Organization Clients a. Who Is the Client?

ABA, Model Rule of Professional Conduct 1.13, Organization as Client

b. Relations with Employees United States Attorneys Manual, Principles of Federal Prosecution

of Business Organizations 3. Confidentiality

a. Scope of the Lawyer’s Duty of Confidentiality ABA, Model Rule of Professional Conduct 1.6(b), Confidentiality

of Information b. Special Confidentiality Rules for Organization Clients

ABA, Model Rule of Professional Conduct 1.13, Organization as Client

4. Attorney-Client Privilege a. Scope

Upjohn Co. v. United States In re Kellogg Brown & Root, Inc.

b. The Crime-Fraud Exception c. The Fiduciary Exception

Garner v. Wolfinbarger 5. Work-Product Protection

Hickman v. Taylor 6. Waiver of Privilege

United States Attorneys Manual, Principles of Federal Prosecution of Business Organizations

United States Attorneys Manual, Principles of Federal Prosecution of Business Organizations

18

7. Reliance on Counsel C. Accountants D. Auditors

1. Introduction PCAOB, Proposed Auditing Standards—The Auditor’s Report on

an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion

Indictment, United States of America Against Arthur Andersen, LLP

2. Independence Requirements 3. Attestation of Internal Controls 4. PCAOB Enforcement Actions

In the Matter of Ernst & Young LLP In the Matter of PricewaterhouseCoopers LLP’s Quality Control

Remediation Submissions 5. Compliance Audits

E. Monitors United States v. HSBC Bank USA, N.A. and HSBC Holdings PLC

F. Consultants In re American Continental/Lincoln Savings & Loan Securities

Litigation NYDFS, In the Matter of Deloitte Financial Advisory Services LLP NYDFS Announces PricewaterhouseCoopers Regulatory Advisory

Services Will Face 24-Month Consulting Suspension; Pay $25 Million; Implement Reforms After Misconduct During Work at Bank of Tokyo Mitsubishi

G. Providers of Financial Services In re Rural Metro Corporation Stockholders Litigation

Chapter 10 Plaintiffs’ Attorneys

A. Shareholders Derivative Litigation 1. Procedural Hurdles

a. The Demand Requirement Grimes v. Donald

b. Special Litigation Committees Zapata Corp. v. Maldonado In re Oracle Corp. Derivative Litigation

2. Compliance Remedies

19

In re Johnson & Johnson Derivative Litigation B. Class Actions

In re JPMorgan Chase & Co. Securities Litigation Chevron Corporation v. Donziger Chevron Corp. v. Donziger

Chapter 11 Information Security

A. Introduction Viator Email to Customers

B. Gramm-Leach-Bliley Act Gramm-Leach-Bliley Act §501 Federal Financial Institution Examination Council, Interagency

Guidelines Establishing Information Security Standards Federal Financial Institution Examination Council, Interagency

Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice

C. HIPAA Health and Human Services, 45 C.F.R. §164.306 Security

Standards: General Rules Resolution Agreement, U.S. Department of Health and Human

Services and Wellpoint, Inc. Acosta v. Byrum

D. FTC Act Federal Trade Commission v. Wyndham Worldwide Corporation FTC, In the Matter of Dave & Buster’s, Inc.

E. Securities Law 1. Disclosure Requirements

SEC, Cybersecurity 2. Regulated Entities

In the Matter of R.T. Jones Capital Equities Management, Inc. Securities and Exchange Commission Investment Advisers Act Release No. 4204

F. Fiduciary Duties G. Rules of Professional Responsibility

State Bar of Arizona Ethics Opinion 05-04 Note on Cloud Computing Pennsylvania Bar Association Committee on Legal Ethics and

Professional Responsibility Ethical Obligations for Attorneys

20

Using Cloud Computing/Software as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property

Chapter 12 Off-Label Drugs

A. Background U.S. Department of Justice Press Release, Pharmaceutical

Company Eli Lilly to Pay Record $1.415 Billion for Off-Label Drug Marketing: Criminal Penalty Is Largest Individual Corporate Criminal Fine

FDA, Guidance for Industry: Responding to Unsolicited Requests for Off-Label Information About Prescription Drugs and Medical Devices

FDA, Good Reprint Practices for the Distribution of Medical Journal Articles and Medical or Scientific Reference Publications on Unapproved New Uses of Approved Drugs and Approved or Cleared Medical Devices

United States v. Caronia B. The Compliance Response

Corporate Integrity Agreement Between the Office of Inspector General of the Department of Health and Human Services and Cephalon, Inc.

Chapter 13 Foreign Corrupt Practices

A. Basics 1. Elements of the Statute 2. What Is an “Instrumentality” of a Foreign Government?

United States v. Esquenazi 3. Consultants and Business Partners

SEC, In the Matter of Alcoa, Inc. 4. Successor Liability

DOJ Opinion Procedure Release No. 14-02 5. Problems

B. Elements of Effective FPCA Compliance 1. FCPA Compliance Programs

U.S. Department of Justice and SEC, A Resource Guide to the U.S. Foreign Corrupt Practices Act

2. FCPA Investigations

21

Avon Products, Inc., 2010 Form 10K

Chapter 14 Anti-Money Laundering, the Bank Secrecy Act, and OFAC

A. Anti-Money Laundering/Bank Secrecy FinCEN Guidance on Preparing a Complete and Sufficient

Suspicious Activity Report Narrative FinCEN Guidance on Preparing a Complete and Sufficient

Suspicious Activity Report Narrative United States v. Wachovia Bank Board of Governors of the Federal Reserve System, Written

Agreement by and Among M&T Bank Corporation, Manufacturers & Traders Trust Company and Federal Reserve Bank of New York

B. Sanctions United States v. Barclay’s Bank Department of Justice Office of Public Affairs BNP Paribas Agrees to Plead Guilty and to Pay $8.9 Billion for

Illegally Processing Financial Transactions for Countries Subject to U.S. Economic Sanctions

C. Attorneys ABA Task Force on Gatekeeper Regulation and the Profession,

Voluntary Good Practices Guidance for Lawyers to Detect and Combat Money Laundering and Terrorist Financing

ABA Standing Committee on Ethics and Professional Responsibility, Formal Opinion 463: Client Due Diligence, Money Laundering, and Terrorist Financing

Chapter 15 Sexual Harassment

A. Introduction Faragher v. City of Boca Raton

B. Sexual Harassment Programs U.S. Equal Employment Opportunity Commission, Vicarious

Employer Liability for Unlawful Harassment by Supervisors C. Enforcement

EEOC v. Carrols Corp.

Chapter 16

22

Ethics, Social Responsibility, and Culture

A. Charitable Gifts A.P. Smith Mfg. Co. v. Barlow

B. Public Benefit Companies C. Codes of Ethics

Mike’s Bagels, Code of Ethics and Professional Conduct D. Social Responsibility E. Human Rights

United Nations High Commissioner on Human Rights, Guiding Principles on Business and Human Rights

F. Sustainability Judd F. Sneirson, Green Is Good: Sustainability, Profitability, and

a New Paradigm for Corporate Governance Plexus Inc. Sustainability Policy

Chapter 17 When Compliance Fails

A. Introduction B. Enron

Report of Investigation by the Special Investigative Committee of the Board of Directors of Enron Corp.

C. WorldCom Report of Investigation by the Special Investigative Committee of

the Board of Directors of WorldCom, Inc. D. Sexual Abuse by Priests

Commonwealth of Pennsylvania Office of the Attorney General A Report of the Thirty-Seventh Statewide Investigating Grand Jury

Protecting Minors: Declaration by the Director of the Holy See Press Office on Response to Sexual Abuse

E. General Motors Ignition Switch Scandal Written Testimony of General Motors Chief Executive Officer

Mary Barra Before the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations

GM Announces New Vehicle Safety Chief Jeff Boyer Named Vice President, Global Vehicle Safety

Statement of the Honorable David Friedman Acting Administrator, National Highway Traffic Safety Administration Before the

23

Committee on Energy and Commerce Subcommittee on Oversight and Investigations U.S. House of Representatives

Anton R. Valukas Report to the Board of Directors of General Motors Company Regarding Ignition Switch Recalls

Part III Risk Management

Chapter 18 Introduction to Risk Management

A. What Is Risk? B. What Is Risk Management? C. The Public Interest in Risk Management D. Enterprise Risk Management

1. Definition of Risk 2. Distribution of Responsibility for Managing Risk 3. Risk Mitigation Strategies 4. Priority of the Topic 5. Focus of Risk Assessment 6. Transparency of Risk and Risk Management

E. Types of Risk F. Governance of Risk

1. Corporate Law Approaches Wachtell, Lipton, Rosen & Katz, Risk Management and the Board

of Directors Unwritten Rules: The Importance of a Strong Risk Culture

Thomas J. Curry, Comptroller of the Currency 2. Regulatory Approaches

G. Disclosure of Risk Target Corporation 2012 Form 10-K Item 1A

Chapter 19 Approaches to Risk Management

A. Data B. Risk Appetite C. Implementing the Risk Appetite

1. Compiling a Risk Inventory 2. Assessing Inherent Risk 3. Assessing Controls and Mitigation Options 4. Assessing Residual Risk

24

5. Accepting Residual Risk D. Black Swans, Fat Tails, and Stress Tests

Kevin Dowd, Math Gone Mad: Regulatory Risk Modeling by the Federal Reserve

E. Drilling Down: Specific Risk-Management Strategies 1. Corporate Default Estimation Methods 2. Black-Scholes Option Pricing Formula 3. Value-at-Risk Models

F. Model Risk Board of Governors of the Federal Reserve System, Supervisory

Guidance on Model Risk Management In the Matter of: JPMorgan Chase Bank, N.A.

G. Rating Agencies H. Government Risk Assessment I. Behavioral-Economic Approaches to Risk Management

Geoffrey Miller & Gerald Rosenfeld, Intellectual Hazard: How Conceptual Biases in Complex Organizations Contributed to the Crisis of 2008

Chapter 20 When Risk Management Fails

A. UBS and the Financial Crisis Transparency Report to the Shareholders of UBS AG: Financial

Market Crisis, Cross-Border Wealth Management Business, Liability Issues and Internal Reviews

B. The London Whale Permanent Subcommittee on Investigations, United States Senate,

JPMorgan Chase Whale Trades: A Case History of Derivatives Risks and Abuses

C. Benghazi Report of the State Department Accountability Review Board

D. Royal Bank of Scotland U.K. Financial Conduct Authority Final Notice to Royal Bank of

Scotland Plc. et al. Table of Cases Table of Authorities, Statutes, and Other Materials Index

25

This book is born out of concern and conviction. As a professor specializing in corporate and financial law, I have long nurtured an interest in governance, risk management, and compliance—topics that seemed to be incompletely conceptualized and imperfectly understood either individually or in relationship to each other. As an observer of business practices and financial markets, I am convinced that governance, risk management, and compliance are important today and will only increase in significance over the coming decades. As an independent director of a financial institution, I am impressed by the subtlety and breadth of the governance issues facing business organizations in a rapidly changing world. Added together, these considerations—coupled with the dearth of materials covering these topics on a systematic basis from a legal point of view—led me to write this book.

A word is in order about terminology. The world of governance, risk management, and compliance is populated by an exotic zoo of acronyms, technical terms, and metaphors, often used without much attempt to offer a precise definition or to explain the background of their use. I have attempted to avoid most of these terms, preferring instead to write in a simple and nontechnical way. However, the reader will observe that technical language does find its way into the pages that follow. Where arcane terminology is used, it is usually for one of two purposes. Sometimes the words usefully capture ideas or nuances of meaning that would not be embodied in more familiar language (for example, the notion of a “risk appetite”). At other times, I use unusual language because the terms are ubiquitous among people working in the field of governance, risk management, and compliance (e.g., the “three lines of defense” or “enterprise risk management”). Anyone who wants to become active in this field needs to know how to use these terms; you may as well start now. To aid the reader in this journey, I include text boxes containing definitions of many of the key concepts.

I have used the following conventions in excerpting materials. From time to time I have presented documents or problem sets involving fictional organizations. No connection with any actual organization is intended or should be assumed. In the interest of brevity I have limited the excerpted material to text that is most pertinent to the question at hand; although I provide background needed for a full understanding, some

26

context is necessarily lost. I have included ellipses when substantive text is omitted but have not indicated the omission of citations, paragraph numbers, or other non-substantive material. In order to increase readability I have occasionally, and without alerting the reader, made stylistic alterations: breaking longish sections of text into separate paragraphs or joining shorter sections together, revising or eliminating headings, or changing the case of text. Readers should refer to the original texts for more information.

One cannot spend many years in the world of law and law practice without coming into contact with the leading problems of the day. I am grateful for having been a witness to some of the events recounted in this book. Those experiences have stimulated my interest in the topic of governance, risk management, and compliance, and enriched my understanding of the events and underlying social policies. Although I don’t believe these experiences have biased the ideas presented in this book, in the interest of full disclosure I note that I have been involved in numerous class actions and shareholders derivative suits as a lawyer, adviser, or expert witness. I served as an expert in cases arising out of the failure of Bank of Credit and Commerce International, the Enron scandal, and the Deepwater Horizon oil spill. I am a member of the board of directors and the risk and compensation committees, and serve as chair of the audit committee of State Farm Bank, a thrift institution that is a wholly-owned subsidiary of State Farm Mutual Automobile Insurance Company.

Many people assisted in the preparation of this volume. Lauren Citrome, Colin S. Huston-Liter, and Adam Karman provided excellent research assistance. My extraordinarily capable assistant, Jerome Miller, helped keep me organized and facilitated the process in innumerable ways. Many colleagues and friends provided advice, counsel, and feedback: Jennifer Arlen, Colleen Baker, Stephen Bainbridge, Carole Basri, Karen Brenner, Theodore Eisenberg, Howell Jackson, Bruce McClure, Gerald Rosenfeld, Roberta Romano, and Helen Scott among many others. I have been fortunate to learn about governance from some exceptionally able business leaders including Charles Brummel, Carolyn Chin, Gerald Czarnecki, Steve Jones, Eric Malcholdi, Ed Rust, Marilyn Seymann, Mike Smith, Paul Smith, Michael Tipsord, Howard Thomas, and Astrid von Baillou. I am grateful to my publisher, Wolters Kluwer, for their professional production operation and for their confidence in producing a course book for a topic with no established market. My wife, Allison Brown, tolerated prolonged periods of distraction and research; she also

27

provided generous input into many questions both of structure and detail. She taught me a lot about governance, risk management, and compliance! While each of these people or institutions provided invaluable input, none is responsible for errors or shortcomings. The field of governance, risk management, and compliance is developing with dizzying speed.