Ten Things: Protecting Your Board of Directors

At the end of every blog, I always ask my readers to please let me know if they have any topics they would like me to write about.  While I don’t get a huge number of “requests,” I do get some – though I am still trying to figure out what to do with “My boss is an a$%#^le, what do I do?”  I did, however, recently get a reader request that I thought would be a good topic to cover this week.  If you work for a company of any material size, there is likely a Board of Directors.  For smaller, family-run companies, this usually means a Board comprised of several family members with very little risk of problems from outsiders.  But, as the company gets bigger, and especially if the company is publicly traded, the risk of problems grows quickly.  As in-house counsel one of your main tasks is to protect the Board of Directors from going down the wrong path or setting themselves up for potential exposure from lawsuits or regulatory sanctions.  This edition of “Ten Things” discusses some of the basic things you should be doing to help protect the Board, regardless of whether the company is public or private:

1.  Ensure they know their core duties as Directors.  First and foremost, be sure that all of the Directors understand their duties as members of the Board.  All Directors owe their corporation: a “Duty of Loyalty.” This means they are “disinterested” (i.e., not on both sides of the transaction or otherwise stand to receive some personal benefit not shared with the shareholders of the corporation) and “independent” (i.e., acting in the best interests of the corporation and not themselves or another person or entity to which they may be beholden); a “Duty of Care.” This means they perform their duties after review and consideration of all applicable information reasonably available to them (i.e., a due diligence requirement); and a “Duty of Good Faith and Fair Dealing.” While sometimes viewed as part of the Duty of Loyalty, this means acting with a good faith belief that the actions taken are in the best interests of the corporation.  If these duties are met, then – for the most part – the actions of the Directors are immune from second-guessing by the court under what is known as the “Business Judgment Rule.”  It is a smart idea to ensure any new Director to the Board receives a solid background on these duties and that you refresh all Directors of these duties on at least an annual basis.  Be sure to provide ways for Directors to speak up about any potential conflicts as that is usually where trouble occurs.  In addition to these duties, be sure to keep your Directors apprised of their obligations under the rules of the appropriate exchange (e.g., NYSE or NASDAQ) if the company is (or is soon to be) publicly-traded.

2.  Provide regular updates on governance issues.  Given the importance of the “core duties,” get in the habit of regularly updating the Board on key developments in the area of corporate governance.  This can mean new court decisions, new regulations, issues raised by proxy advisory services (such as, ISS, Glass-Lewis), activist shareholders, and so forth.  As in-house counsel, you can stay abreast of governance developments by reading the Wall Street Journal or Financial Times, by subscribing to capital markets alerts prepared by most large law firms (e.g., Weil Gotshal, Cleary Gotlieb, Gibson Dunn, Cooley, Baker McKenzie, etc.), finding a good blog dealing with governance issues (I like the Harvard Law School blog and Compliance Week), and by joining the Society for Corporate Governance.  Make providing a short “update” on governance issues part of every regular Board meeting and part of the Director materials (and proactively send the Directors updates of truly important and critical developments as they arise).  Finally, consider having each Director join the National Association of Corporate Directors and attending a nationally recognized Director training course, such as that offered by Stanford University (especially if they are Directors of a publicly-traded company).

3.  Prepare smart agendas, minutes, and resolutions.    Meetings of the Board of Directors go to the heart of the operation and governance of the company.  As a result, it is paramount to ensure that you properly prepare records of what was discussed and decided at Board meetings.  There are three core documents to focus on, and each provides protection for the Directors by helping to show how they met their duties of loyalty, care, and good-faith.  These are a) the meeting agenda, b) the meeting minutes, and c) any resolutions voted on by the Board authorizing company actions.  The agenda for each Board meeting should, at a minimum, set out the time and place of the meeting, call to order, approval of the minutes of the last meeting, the topics that will be discussed (new and old business), the expected allotted time for each topic, and the speakers/presenters for each topic.  The “minutes” are a written record of what occurred during a Board meeting.  The proper drafting of corporate meeting minutes is very important (especially in these litigious times).  Minutes are not a verbatim transcript of what was said at each meeting.  Instead, they should focus on things like:

  • The meeting date, time and location.
  • The nature of the meeting (regular, committee, special, telephonic, etc.)
  • A list of all attendees (and a list of directors absent from the meeting and whether a quorum of directors is present).
  • The general topics of discussion, the names of all individuals making specific presentations and the general nature of their presentations.
  • Attach the meeting agenda and reference any materials distributed before or at the meeting.
  • Confirmation of all actions taken by the Board, e.g., adoption of resolutions and the vote tally

There are many things you will want to accomplish via the meeting minutes, but probably the most important to that they accurately demonstrate the Directors exercising their “business judgment” when considering company matters at the meeting.  To this end, accurately describing the tenor of the discussion, the length of time taken, etc.  For example, “After the CEO’s presentation on the need to purchase a new building, the Board and members of management present discussed the issues presented in the materials for 25 minutes.”

Finally, where appropriate, all corporate actions taken by the Board of Directors should be reflected in a written resolution.  A resolution is formal written document that sets forth an action of the Board and records the vote.  Most resolutions are voted on during meetings (in person or telephonic) and are part of the minutes, though sometimes resolutions are voted on outside of a regular meeting.  In some instances the by-laws permit electronic voting via email. When drafting, keep the language formal, ensure that the title of the resolution spells out what the Board is considering, and use language that walks the reader through all of the important considerations leading up to the vote of “yes” or “no.”  What you ultimately want is a document that, in the event the action is ever challenged, clearly sets out what was considered by the Directors and why they took the action they took.

4.  Put it in the By-Laws.   Simply put, only the shareholders can amend the articles of incorporation.  The by-laws, however, can be amended by the Board of Directors.  To maximize flexibility, you should put the minimum operational requirements in the articles of incorporation and everything else important to running the company into the by-laws.  The best time to do this is when forming the corporation or while it is still private and before an IPO.  If you try to amend the articles of incorporation after going public, you may run into shareholder resistance or, as is becoming more common now, negative reaction from proxy advisory services like ISS.  One way you can really protect your Directors via the by-laws is to include a provision setting out an exclusive jurisdiction for any shareholder-derivative lawsuits.  The most likely jurisdiction for such an “exclusive forum” clause is Delaware, which is consistently the most sophisticated and company-friendly/Director-friendly place to incorporate in the United States.   Regardless of the jurisdiction you select, you can ensure that any shareholder litigation is fought in a place most convenient to the company and the Directors.  As I’ve remarked in the past, they don’t call them “hell holes” without good reason.

5.  Provide appropriate indemnity agreements and D&O Insurance.  While taking steps to avoid problems is certainly worth the effort and should be your main focus, there will be times when things go off the tracks and your Directors will get sued because of something related to their service on the Board.  You need to prepare for this by ensuring that the company properly indemnifies the Directors and that the company has secured sufficient Directors & Officers (“D&O”) liability insurance.  To begin, both the articles of incorporation (a/k/a the “charter”) and the by-laws should contain language stating that the company will indemnify its Directors to the full extent permitted by law.  Doing so will prevent questions from arising later as to whether the company can or should indemnify its Directors (a conversation and fight you do not want to be dealing with mid-way through a nasty lawsuit).  Next, it is best practice to prepare and execute separate indemnity contracts for your Directors (in fact, most Directors will likely insist on such agreements before joining the Board).  These agreements supplement the terms found in the by-laws and the articles of incorporation.  One key contractual issue is whether the company will advance indemnity around costs of defense to Directors.  An additional benefit to the Director is that, unlike the by-laws or articles of incorporation, the company cannot change the terms of the contract without the Director’s consent.  Sample director indemnity agreements can be found on the SEC’s “EDGAR” website where publicly-traded companies must file copies.  The final piece of protection is D&O insurance.  This type of insurance is really the “back-stop” to ensure that the protections offered via the by-laws and agreement are properly funded, i.e., the insurance picks up the cost of whatever indemnity is offered to your Directors.  If a company cannot payout on an indemnity, then the indemnity is worthless.  There are additional issues to consider around indemnity for Directors, such as carve outs for intentional misconduct and bad faith, where the company will not indemnify a Director from his/her own bad acts.  Outside counsel can be very helpful here.

6.  Include the Board in crisis planning.  If there is a real crisis at your company you can rest assured that the Board of Directors will be (or should be) fully engaged from the get-go.  This means that you need to consider and include the Board as you design your crisis planning documents and procedures.  The last thing you want to have happen is it suddenly dawning on the crisis team that “someone should let the board know what is going on!”  That is a bad, bad moment.  Instead, your planning should include things like when to let the Board know about a crisis, who will communicate with them and how, contact information for the Directors (including alternative phone numbers and email accounts – if for some reason the company email system is down).  Additionally, you should plan on how the Directors will get updates about the crisis and how they can ask questions and get information.  When you run crisis plan testing or simulations, don’t leave out the Board.  They will need the “practice” of what to do when bad things happen just as much as the C-Suite and the rest of the company.  Be thoughtful about how you take up their time, but with the right planning and communication, the Directors will quickly see the value in incorporating them more closely into your crisis planning.

7.  Regularly identify the “Big Risks” for them.  The Board is ultimately only as good as the information they receive from the company.  This can be through the official Board of Director materials (e.g., board books made available before meetings), discussions and briefings during board meetings, informal discussions with officers and management as the need arises, and through their own diligence and sources.  All of the regularly-scheduled Board of Directors meetings I attended had a period of time set aside for a briefing on “legal” issues.  This was typically the opportunity to bring forward any of the “Big Risks” the legal department may have spotted out on the horizon, e.g., regulatory changes, litigation risks, etc.  Things we felt the Directors needed to know about or flagging things that we would bring forward in more detail down the road.  This also occurred in a more focused manner during the Audit Committee meetings where we would discuss compliance risks, in particular those issues that came in through the “hot line” or other sources.  The important part was having access to the Directors directly to raise issues that warranted their attention and, sometimes, their input.  It’s also important that the Directors not receive all of their information about the company from one source or one person.  While the relationship between the Board of Directors and the CEO is critical, the Directors should also have access to key employees of the company at Board meetings or on an “as needed” basis so that they can get the information they need or check the information they received.  This could include access to the CFO, the Chief Compliance Officer, the General Counsel, Internal Audit, the CIO, etc.  There are so many things that Directors need to be concerned about these days (vs. 10 years ago) that ensuring multiple sources of information is important to ensuring they can satisfy their legal duties.  However, be sure that the CEO has bought into and agrees with how people can and will communicate directly with the Board of Directors.  This should not be a way to get around or undermine the CEO.

8.  Explain how the attorney-client privilege works.  Even lawyers mess up how to properly protect documents and communications otherwise subject to the attorney-client privilege.  Consequently, there should be no expectation on the part of in-house counsel that the Directors understand how the privilege works either.  The key things to remember are that the privilege only applies to: a) client communications with counsel; b) for the purpose of obtaining/giving legal advice; and c) which are otherwise kept confidential.  The most common mistake people make is thinking that all communications with lawyers are privileged (they are not) or that simply copying a lawyer on a document or email will cloak it with the privilege (definitely not the case). A close second is thinking you can share privilege information outside a small circle of those with a “need to know” (you can’t).  Given the amount of sensitive legal information shared with the Board of Directors, it is worth training them on how the privilege works, how to properly label privileged communications, how to protect it at all times, and to provide them with yearly “refresher” training as it’s way too easy to fall into bad habits that can be extremely costly if they result in the privilege being waived or not applying at all.

9.  Provide them with a company email account.  In the right type of litigation or investigation, the emails sent to and by the Directors may be relevant and therefore called for with regard to a document request.  Your Directors may even be subject to deposition under the right circumstances.  While it’s easy to simply default to communicating by email with the Directors via their personal or business email accounts, this is a mistake.  Set up a company email account for each Director (and their administrative assistants) and conduct all company business with the Directors via company email.  This way, if there is litigation or an investigation, the emails you need to search should be limited to company email accounts and not the Director’s personal or business accounts (though you will still need to ask the Directors to be sure they did not conduct relevant company business on non-company email accounts).  If not, then a wide reaching email search may pick up sensitive (and even embarrassing) extraneous information from the Directors’ personal and business accounts — not something any Director wants to see happen.  Additionally, emails on company accounts are subject to your record retention program.  So, while it may be a pain for the Directors to manage another email account, there are big benefits to doing so.  You should also provide a Director Portal where board books, resolutions, calendars, minutes, agenda, and other communications and Board business can be conducted.  This will allow you to properly manage record retention related to the Board.

10.  Ensure they complete the company’s compliance training program.  If you’ve worked in-house long enough you’ve not only completed the company’s compliance training program, but you’ve also probably contributed to the courses in some manner.  And you’ve probably gotten grief from your business colleagues about “how long” or “how unnecessary” the training is.  The latter simply isn’t true and the former may be a valid gripe depending on how your training is structured.  While you may focus on the C-Suite and key employee groups, don’t forget to include the Board of Directors in the mandatory training.  First, it’s good policy that everyone in the company complete the training, even the Board.  For some members, this may be the only compliance training they receive at all.  Second, it gives the Directors — especially those on the Audit or Governance committee — a first-hand view of what the company is doing with respect to its compliance program and training.  Third, it looks good to regulators if the company’s Directors take part in the training program.  Moreover, since both the Directors’ and the company’s potential exposure to liability hinges in part on how well the company’s employees comply with the law, along with the strength of the training program, giving the Directors visibility into the program is just smart.  Obviously, give them the opportunity to provide feedback on the quality, ease of use, and other aspects.  This can only make the program better.  And, even better, when an employee complains about the time needed to complete the compliance training it’s always nice to say “Well, the CEO and Board of Directors found time to complete it.  I’m sure you can work it into your busy schedule too.”


Being a company Director is a tough job, especially in today’s environment.  No one becomes a Director knowing “how” to do it.  Even the brightest and most capable people need to be oriented and protected.  This is one of the prime responsibilities of the legal department.  Stay current on changes in law and regulations (and the rules of any applicable public exchange), keep abreast of what’s going on in the headlines and how it might affect your Directors, and don’t be bashful about helping your Directors understand their obligations and make it easy for them to do so.  Finally, take advantage of every opportunity to protect your Directors from personal exposure, first by being a good counselor and second by ensuring the right agreements, policies, and insurance are in place at all times.  Being proactive in this area can be a boon to your career as everyone will remember who had their back.

Sterling Miller

March 31, 2017

It’s here!  Ten Things You Need to Know as In-House Counsel the book is now available for sale.  Described by the American Bar Association as “The one book all in-house counsel need to own!”  Click here for details on how to order.  Perfect for your library, or as a gift to clients or members of the legal department.


Follow me on Twitter @10ThingsLegal and LinkedIn where I post articles and stories of interest to in-house counsel daily.  

 (If you find this blog useful, please click “follow” in the top right and you will get all new editions emailed to you directly.  Pass it along to colleagues or friends and/or “Tweet” it. “Ten Things” is not legal advice or legal opinion. It is intended to provide practical tips and references to the busy in-house practitioner and other readers. You can find this blog and all past posts at www.TenThings.net.  If you have questions or comments, please contact me at either sterling.miller@sbcglobal.net or smiller@hilgersgraben.com).

My first book, “The Evolution of Professional Football,” is available for sale on Amazon and at www.SterlingMillerBooks.com.



  1. Pingback: Lily Zemke

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s