Banking Law

Document Sample
Banking Law Powered By Docstoc
					                ABA BANKING LAW COMMITTEE PROGRAM:
   RISK MANAGEMENT AND COMPLIANCE: COUNSEL'S OBLIGATIONS AND DILEMMA

                                                 TABLE OF CONTENTS

Role of the Corporate Lawyer as a Control Person within a Large and Complex Banking
Organization, Thomas C. Baxter, Jr.................................................................................................1

Compliance from the General Counsel's Perspective, Michael Roster ...........................................2

Legal Ethics and the Lawyer's Role in Ethical Corporation, Peter L. Rossiter ...............................3

Biography of Peter L. Rossiter, Partner, Schiff Hardin LLP ...........................................................4

Biography of Michael Roster, Executive Vice President and
General Counsel, World Savings/Golden West Financial Corporation...........................................5




                                                                 1
613963.01-D.C. Server 2A                                                                       MSW - Draft February 15, 2006 - 4:48 PM
                      The Role of the Corporate Lawyer as a
                       Control Person Within a Large and
                         Complex Banking Organization

                          Thomas C. Baxter, Jr.
               General Counsel and Executive Vice President
                      Federal Reserve Bank of New York1
                          ABA Section of Business Law
                                 Spring Meeting
                       “Risk Management and Compliance:
                       Counsel’s Obligations and Dilemma”

                                           April 6, 2006




1
  The views expressed in this manuscript are those of the author, and do not necessarily reflect the views of
the Federal Reserve Bank of New York, or any other component of the Federal Reserve System.
    THE ROLE OF THE CORPORATE LAWYER AS A CONTROL PERSON
      WITHIN A LARGE AND COMPLEX BANKING ORGANIZATION

       Today, I will discuss the role of the corporate lawyer as a control person within a
large, complex banking organization. My starting point, therefore, is acceptance of the
proposition that the lawyer’s role in such organizations has changed, and more is
expected of the lawyer than delivering legal advice when it is requested. The lawyer in a
large and complex banking organization continues, of course, to perform the traditional
role of answering questions about the law and how to comply with it, but the job today is
so much more. In most such organizations, the law department generally, and the chief
legal officer specifically, are expected to participate actively in managing the company’s
legal and reputational risk, and to be accountable to the company’s board of directors
when there are problems. I do not mean the law department owns the organization’s
legal and reputational risk, because risk is properly placed in the hands of the appropriate
business area. However, they key advisor to the business area with respect to legal and
reputational risk will likely be counsel.
       In turn, the willingness of and incentive for the business areas to manage all forms
of risk is directly impacted by the organization’s senior management, most importantly,
its chief executive officer. Top management not only needs to set the proper “tone at the
top” regarding the importance of compliance and the need to protect against legal and
reputational risk, but it also must implement appropriate compensation and incentive
structures that address and minimize conflicts of interest across business lines. I believe
that the law department should embrace responsibility as a partner with top management
and the business areas for how well such risk is managed.
       Many informed commentators say, and I concur, that corporate lawyers are
performing the expanded role exceptionally well. Corporate lawyers succeed by
exercising their independent professional judgment and by convincing their colleagues on
the management team to stay within the letter of the law and the bounds of propriety. But
the best of the class go further, and actively work to see that reputational risks and even
business risks are kept within manageable limits. In this connection, the American Bar
Association Model Rules of Professional Conduct anticipate that, “[i]n rendering advice,




                                            -2-
a lawyer may refer not only to law but to other considerations such as moral, economic,
social and political factors, that may be relevant to a client’s situation.”
        We have moved to this point in the face of some spectacular corporate failures,
and the lessons of failure helped us along. The names Enron, WorldCom, Adelphia, and
Parmalat are emblematic, and I suspect we all know at least a part of their specific stories.
Of course, the insolvency of a company does not necessarily mean that its law
department has failed in the mission to keep legal and reputational risk within appropriate
limits. But sometimes, the failure of a law department or a corporation’s lawyers can be
a contributing cause of company failure, or at least a cause of the problem escalating to a
point of no return. In its 2005 report on corporate citizenship, Ben Heineman, who heads
General Electric’s Law and Public Affairs Department, said “there is no more urgent
socially responsible act, especially in this post-Enron world, than creating a culture of
compliance and ensuring a global corporation’s observance of diverse and complex
financial rules.”
        In this new and challenging corporate environment, the effective functioning of
the corporate lawyer as a control person is especially important. I will seek to
demonstrate this point by articulating the various ways in which a law department or a
corporation’s lawyers can fail. Reviewing the ways in which a law department may fail
is useful, because such a review also illuminates the types of action that may lead to
success. I will concentrate on success in the second part of the paper.
                                      Four Flavors of Failure
        My experience in banking supervision across the last 25 years has shown four
different flavors of law department failure. Each flavor is distinct and every one will
yield a bad result. All present a common problem, because the failure of the law
department or a lawyer within it represents the failure of an internal control. One of my
central themes is to elucidate how the lawyer is an integral part of the bank’s system of
internal controls. Consequently, those who are interested in effective internal control
systems – boards of directors, regulators, shareholders, unions, employees, and investors
– all have an interest in the goal of effective corporate lawyering.
    A. Law Department Uninvolved




                                             -3-
       A brilliant trader comes up with a new derivative transaction that is designed to
capitalize on market volatility. The trader discusses it with his supervisor and with his
colleagues. They meet with some key support personnel who are needed for effective
execution. In today’s world, the support personnel will likely include information
technology people, and perhaps also accounting personnel. The trader sells the brilliant
transaction to several counterparties, and the results exceed even the trader’s
expectations. The bank makes a great profit, and for a short time, the business area
where the trader works is ecstatic. Then, it turns out that the trade has produced gains at
the expense of several highly valued customers of the bank, who feel that the gain to the
bank resulted from market manipulation rather than market foresight. Some customers
terminate their relationship with the bank, and others talk about litigation. Market
supervisors commence an investigation. The brilliant trader is suspended.
       What went wrong? The short answer is that there was no legal involvement. A
legal review would have introduced a professional who is duty bound to exercise
independent professional judgment on behalf of the company. Assuming that such a
professional had been contacted and was competent, the legal review would likely have
identified the issue of market manipulation, and thoroughly vetted it before the
transaction was sold and executed. If the lawyer concluded that trade execution would
constitute manipulation, then presumably the law department would interpose an
objection to the introduction of the new product. This reveals the law department
performing in a control function. The legal objection would mean the transaction would
be escalated to more senior management, and in some organizations, the law department
is empowered to halt a particular proposed action.
       On the other hand, if no lawyer is involved, then the opportunity to have the
transaction escalated or stopped does not arise. In my view, the lack of involvement by
the law department is more than a lost opportunity. The lack of involvement is a
deficiency in the bank’s system of internal controls.
   B. Law Department Overtaxed
       I use “overtaxed” not in the sense of what is done by the governmental authorities
who tax our hard earned income, but in the sense of a burden. The burden reveals itself
in a few different ways, but the principal troublemaker is a lack of resources. The law



                                            -4-
department will ordinarily be a part of the institution’s overhead or support areas, and in
many cost conscious environments and especially during hard times, these places draw
the attention of the corporate cost cutters. Consequently, when a law department is not
sufficiently funded, the lawyers in the department are overtaxed. There is simply too
much work and not enough talent to do it. Sometimes, this particular phenomenon is the
cause of the first flavor of law department failure – lawyers are uninvolved because there
are just not enough of them. But even more often, in my experience, a lawyer is
consulted but she just cannot afford the time needed to learn the salient facts, research the
applicable law, and deliver a cogent legal work product.
        It is true that a lawyer’s time is her stock in trade. But even the best lawyer can
handle only a fixed number of assignments competently. If there is too much to do, then
the lawyer will do a sloppy job on all assignments, or alternatively, will perform some
well and others not at all. Once again, this situation results in bad lawyering. Yet, it is
unfair to blame the overtaxed lawyer. Blame should fall on the banking organization that
has not devoted sufficient resources to managing legal and reputational risk. This is a
control problem.
    C. Incompetent Lawyer
        I use the term “incompetent” in a technical sense and not as a pejorative. A
particular lawyer may be the greatest litigator in the world, but that lawyer lacks the
technical competence to prepare the documentation for a complex credit derivative
transaction. This is another mistake that a large and complex banking institution can
make. The institution begins a new business line, let us say it is a line devoted to credit
derivatives, but it does not take the time to build the needed skill sets in its legal staff.
Instead, the institution relies on a lawyer who has been doing real estate lending for 20
years, and has not been given the time and resources to re-train in new financing
techniques. This, again, is a control problem.
        Another variant is where the institution tries to save money by using an
incompetent lawyer. Consider the institution that hires a new member of the bar, fresh
out of law school, to prepare the credit derivative documentation. It is true that such
lawyers are likely to come cheaper, but it is also true that you get what you pay for.
Other organizations see some efficiency from using paralegals, but this does not mean



                                              -5-
they are appropriate for the most difficult legal assignments. Here, cheaper is not better.
Being cheap, in this instance, also happens to be a control problem.
   D. Compromised Lawyer
       Of all of the flavors, this is the most distasteful. The lawyer has a fiduciary duty
to serve the interests of the large and complex financial institution, which Cardozo, the
great American jurist, described as “the punctilio of an honor the most sacred . . . .” But,
in this most distasteful of flavors, the lawyer has a personal interest that conflicts with the
duty to his client, the banking organization. Turning to the truly bitter part, the lawyer
elevates his personal interest over the interest of his client. I do not know how Cardozo
would characterize such behavior. The word “dishonorable” works for me. The
compromised lawyer dishonors himself and the profession in various ways, some subtle
and some not. Without attempting to array all of them, which would be sheer folly, let
me set out two representative forms of the behavior.
       In one form, the corporate lawyer has a personal financial interest that colors the
ability of the lawyer to exercise independent judgment. Those who structure complex
financial transactions know that special purpose vehicles can be used for legitimate
business purposes, like creating a vehicle for the purpose of being bankruptcy remote.
But the special purpose vehicle may also be used for other purposes, like compensating
the people who are structuring the deal. There have been cases where a lawyer rendering
services related to a structured transaction received compensation from the profit realized
in a special purpose vehicle. Obviously, one of the possible reasons for giving a lawyer a
financial stake in the deal is to move the lawyer to say “yes” rather than “no”. The
lawyer who does this creates a control problem for his client, breaches a fiduciary duty,
and in many jurisdictions, commits a crime. As someone who cares about my profession,
I would like to say this form of compromised lawyer is extinct. Regrettably, experience
counsels otherwise.
       In another form, the lawyer is compromised in a much more subtle way. Some of
the most subtle threats to independent judgment arise out of compensation arrangements.
At a certain level, all compensation arrangements are of like kind – they put money in the
pocket of the lawyer in consideration of the lawyer’s services. But they differ greatly in
variety and in the degree they may compromise the lawyer’s judgment independence. In



                                             -6-
one notorious case, a lawyer approved a hugely rich compensation arrangement for the
chief executive officer and the chief financial officer, and later received a similar
arrangement himself. One can wonder whether there existed a tacit understanding at the
time the lawyer approved the arrangement for the two other corporate officers that, “if I
do this for you, you will do it for me”. The point here is simple: the lawyer’s
professional judgment is compromised by his personal financial interest in the subject of
his work. This is a control problem.
       In some institutions, the business area can have a direct and material impact on
the lawyer’s compensation. Most justify this by referencing that they “pay for
performance”, a principle that is hard to dispute in a market economy. Who can judge
performance by a service provider better than the recipient of the service? The flaw with
this simplistic analysis is it sees the lawyer too clearly as service provider and too
vaguely as control person. Would you compensate an auditor in the same manner? Is the
lawyer’s independence somehow less important than the auditor’s independence?
       Let us again take the example of the trading area which has its own lawyer on
staff. A trader designs a new trading strategy that seems destined to make a windfall
profit, and here, unlike in the first flavor, our lawyer is very much involved. But, in this
situation, the lawyer partakes of a bonus pool that gives the lawyer a financial interest in
a percentage of the trading area’s annual profit. Our lawyer knows that, if he says the
strategy is too risky because of the potential for a market manipulation charge, the lawyer
will likely shrink the size of the bonus pool, and necessarily, reduce the amount of his
annual bonus compensation. Of course, the business area will favor the lawyer’s
participation in their bonus pool, because it will likely avoid the lawyer causing an
escalation to a higher management level, or worse, the prospect of a lawyer veto. In my
view, compensation arrangements of this kind represent a control problem. I do know
some excellent lawyers in fine companies who argue my concern about eroding the
control of “independent legal judgment” is exaggerated, but I continue to hold the view.
       Perhaps the most innocuous type of potential “compromise” is when a business
area wishes to grant extraordinary compensation to a lawyer for past work. Suppose that
a corporate lawyer has worked for several months on a particular transaction, working 16
hour days without a day off. The transaction is done, and the financial institution has



                                             -7-
realized (assume it is already in the bank) a tidy profit. The business leader recognizes
the extraordinary effort of our corporate lawyer, and pays him a cash bonus of say,
$25,000. Most would say that there is not potential for compromise here, because the
lawyer’s independence cannot be compromised when the deal is done. The
compensation is no more than premium pay for past premium service. Yet, a minority
would say there is control problem here, because the bonus payment creates an
expectation in the lawyer who receives it. He got this deal to “yes”, and was nicely
rewarded by the corporate officer doing the deal. A lawyer in this situation might think,
the corporate officer did it this time, and he is likely to do it again. For those holding
very strict views on lawyer compromise, any compensation decided solely by a business
area is a control problem.
       I take time with these four flavors of law department failure because they assist
me in driving home my central point – in today’s environment, the lawyer in a large and
complex banking organization is much more than a mere legal advisor. The lawyer is a
key and integral part of the banking organization’s system of internal controls. The “four
flavors of failure” are also useful devices because they illuminate ways to achieve highly
effective legal and reputational risk management controls, which is my next topic.
                          Effective and Efficient Controls for Managing
                                   Legal and Reputational Risk

       The device that I employ to evaluate the strength of the control environment for
legal and reputational risk is the converse of the approach used to identify weakness. The
four flavors of failure are derived from first hand observations of problem institutions and
problem cases. All are flavors to avoid. So, let us move to consider the following flavors
for success.
       A. Law Department Involved
       The first principle is that this will not happen without real effort. There is a myth
among lawyers that if you build a high quality corporate law department, the business
will come. I do not agree with this, because some business people will always avoid
someone who can block the achievement of a desired objective. All the talk about
lawyers adding value is nice and it can be very helpful to growth, but it is just not




                                             -8-
enough. Being involved takes real work. In my view, working to be involved is essential
and hard but it always pays off. There are many different ways to achieve success.
       For the centrally managed law department, specific lawyers can be assigned to
specific business areas. The assigned lawyers should attend the business meetings that
are held by the business areas. In many banks, it is the only way to know what is
happening. The assigned lawyers should be people with the necessary competence, who
understand the business of the areas where they are assigned. But this will not be
sufficient. Over time, the assigned lawyers will need to gain the trust of the business
area, without becoming a servant to the area. This is a sensitive and careful balance. It is
most often achieved by demonstrating how the lawyer can function as a team member,
while exercising judgment independence. The risk is that the lawyer will become
captured by the business people, and that is another way of saying that the lawyer’s
judgment has eventually become compromised. A solution to the “captured lawyer”
problem is sometimes found in a periodic rotation of assigned lawyers (an expensive
option).
       Another method for lawyer involvement is a review of reports on the business
operation. These reports are as varied as banking organizations. In some places, the
reports will look like numbers on a dashboard, which may be especially challenging to
many of us who fled to the law to seek words and avoid numbers. But mastery of the
dashboard will lead to an understanding of the business, a key to involvement. In other
places, there will be a textual description of major matters, and review here will be more
natural for most of us.
       Still another method focuses on committees. Committees are ubiquitous in most
large and complex banking organizations. They provide an effective vehicle for lawyers
to be involved in material matters. For example, many organizations have a “new
products” committee, and I would question the wisdom of such a committee without a
senior member of the law department. I also believe the chief legal officer or general
counsel should serve on the management or executive committee of the banking
organization. Ordinarily, the most material issues facing the banking organization will be
discussed in the executive committee, so it is a superb way for the chief legal officer to
stay involved. Now, some commentators would disagree with my view, and would argue



                                            -9-
that by participating in a business discussion at the executive committee, the chief legal
officer loses his independence. While I understand the point, there are ways to guard
against a loss of independence. On the other hand, and the cost of becoming
“uninvolved” is, in my opinion, a far greater risk.
       Let me digress with some thoughts about how “independence” can be preserved.
Remember that independence for lawyers is different than for auditors. For the auditor,
independence is a structural concept. Principles of governance require that the auditor be
“structurally independent” of the management. Accordingly, in the United States, a basic
governance principle is that the auditor does not report to management but to the audit
committee of the board of directors. For lawyers, independence is about judgment not
structure. When rendering a legal opinion, a lawyer must exercise independent judgment
on behalf of the banking organization. From my standpoint, this can be done when acting
as a member of a committee, as long as the lawyer is careful to separate his opinion as
counsel from his opinion as committee member. When articulating an opinion as a
lawyer, the lawyer must always ask himself whether the judgment formed is independent.
If there is doubt, there is a need to seek advice from another lawyer. At the executive
committee level, this may warrant a referral to outside counsel. A conclusion that no
lawyer should sit on the executive committee is too drastic. My bottom line is that lack
of involvement is a greater evil.
   B. Law Department Adequately Resourced
       How do you know if your law department is adequately resourced? The easiest
way is to ask your lawyers, but nearly all will complain about being over worked. A
better way is to obtain benchmarking metrics, where you can compare your banking
organization to a peer group, and see how you measure. If you look exceptionally lean,
this is a signal that your law department may be overtaxed.
       Numbers may also be misleading if your banking organization is experiencing an
abnormal event, like a take over or litigation that is threatening to the bank’s viability.
Similarly, if there is extensive use of outside counsel, the numbers may also look lean
because of the heavy reliance on external sources.
       A global business also presents special problems. The banking organization may
be right sized in its home country but wrong sized in a host jurisdiction like the United



                                            - 10 -
States. To my knowledge, useful benchmarking metrics do not exist for the global
enterprises. I think that, for now, the best any such organization can do is to muddle
along with self-analysis.
   C. Competent Lawyers
       No large and complex banking organization sets out to create a law department of
the incompetent. Instead, incompetence is usually the result of cost cutting or a lack of
realization. The risk of cost cutting is the obvious one. Most banking organizations
place their law department on a budget, and give discretion to the General Counsel how
to make the budget numbers work. This is where mistakes are made, and they come in
all shapes and sizes. I will describe only two.
       When the business of the banking organization changes from relatively simple to
relatively complex (and most have during my career), an attentive management will at
some point need to upgrade the talent pool. So, for example, when a banking
organization decides to move from commercial lending to complex structured financial
transactions, it needs to expend sufficient money on the legal talent needed for this new
line of work. It should not be done by novices. The same is true of anti-money
laundering. A banking organization needs to invest in technically competent counsel, but
it also needs to implement properly the program developed by counsel. All of this takes
time, talent and money.
       Competency needs constant evaluation, because the nature of the business
changes and so does the risk environment. A few years ago, very few mutual funds in the
United States were concentrated on problems related to conflicts of interest. Today, they
all are. Accordingly, technical competency must continually be developed to deal with
the changing nature of the risk environment. Law department managers should also read
the newspapers, and should adapt quickly to the problems they see their peers
experiencing. As for the business itself, only a few years ago, banks in the United States
did not engage in the insurance or securities businesses. They were in the banking
business. All of that changed. In 2005, a large and complex banking organization that
conducts business in the United States will probably need expertise in insurance,
securities, and banking.




                                           - 11 -
       The complexity of law and regulation has led to much greater specialization than
just a few short years ago. We have lawyers that specialize in not simply finance, but
project finance, Islamic finance, and consumer finance. These are not simply adjectives,
the new terms describe new forms of specialized practice, and again, the expertise for
such practices is not developed overnight or during law school. Further, in view of the
fact that some of these skills are not widely available, it is a seller’s market and a buyer
will need to pay a premium for the competency.
   D. Lawyers Without Conflicting Interests
       I assume that everyone here would agree with me that no lawyer in a large and
complex banking organization should have a financial interest in a special purpose
vehicle with which the organization is conducting business. To assure this, banking
organizations should establish control mechanisms prohibiting conflicts of interests and
when a conflict is unavoidable, requiring the reporting of such interests and recusal
protocols. The audit department should follow up to make sure these reports are
completed and reviewed. Violations should receive discipline, and customary discipline
for an intentional violation should be discharge.
       Other compensation-related conflicts can be more difficult. My personal
preference is for a centralized law department, where a lawyer’s compensation is
determined by other lawyers and not by corporate officers who are receivers of legal
services. In the case of the chief legal officer or General Counsel, the salary
determination should be reviewed by the board of directors or a compensation committee
of the board. Bonus compensation is too complex to address in a short manuscript like
this. Nevertheless, I would advocate compensation mechanisms, including options, that
provide compensation based upon longer term value appreciation, to avoid decisions that
could be influenced by the prospect of a quick gain related to a specific application of
legal judgment.
       I also believe that corporate officers should not be able to authorize bonus pay for
a corporate lawyer without the consent of the chief legal officer or General Counsel. I
would expect there would be an extensive dialog between the corporate officer and the
chief legal officer before authorization. Another way to avoid the compromise of
judgment, as suggested earlier, is periodic rotation of lawyers. I do not think that



                                            - 12 -
technique is very practical, however. It involves a significant cost of retraining for the
bank, and many lawyers will resist laying their highly marketable skills down to learn
some new discipline. Yet, the benefit is difficult to deny. If a lawyer is moved every two
years, the lawyer is less likely to be “trained” by compensation granted by a corporate
officer.
                                             Conclusion
           In today’s large and complex banking organizations, the law department is not
merely a place where the bank’s business decisions and strategies are supported by
advisors. The law department is a key part of the organization’s system of internal
controls. The lawyers will provide legal advice, to be sure. But they will also have the
power to question a particular product or strategy. All who are interested in effective
controls, therefore, should want the law department to be effective and engaged. An
engaged and effective law department will provide a mechanism that enables the
management of legal and reputational risk, and today, that is a key ingredient in
shareholder value.


                                                                         LEGALDOCS-#120971-v2




                                             - 13 -
                 Compliance from the General Counsel’s Perspective
                                    By Michael Roster
               Executive Vice President, Golden West Financial Corporation
                          Business Law Section Spring Meeting
                                      April 6, 2006


I.    The Compliance Function Covers a Wide Range of Substantive Areas

      A. Consumer and commercial lending, deposit-taking, payment systems, trust,
         mutual funds, securities, real estate, treasury and the many other diverse
         activities of the bank and its affiliates.
      B. Corporate governance, including Sarbox.
      C. Ethics.


II.   Unique Skills Are Needed for Compliance Personnel

      A. Knowledge of complex and highly detailed statutes, regulations, agency actions,
         interpretations, court decisions, etc.
      B. Knowledge of everything the bank and all its affiliates is doing (and thinking of
         doing).
      C. Trusted by all levels of management and staff, so they are willing to bring
         questions and concerns forward, often informally.
      D. Direct access to the CEO and others in top management.
      E. Comfortable in interactions with directors, regulators and others.
      F. Focused on appropriate outcomes and results.
      G. Wisdom, balance, knowledge of history and a sense of perspective.
      H. Patience.
      I. Sense of humor.
      J. Sainthood.


III. Possible Organizational Structures (not mutually exclusive)

      A.   Report to the general counsel/chief legal officer
      B.   Part of internal audit
      C.   Under a separate compliance unit, headed by a chief compliance officer
      D.   Report to the CEO
      E.   Report to the board (or the board’s audit committee), similar to internal audit
      F.   Work with a coordinating committee of the GC, CCO, internal audit, and others
      G.   Other?




                                            -1-
IV. Various Roles of Counsel, and Issues of Privilege

     A. The compliance personnel must have access to legal advice, no matter how
        structured.
     B. The legal department will inevitably have multiple roles:
        1. Advice to compliance department as to current substantive and procedural
            issues.
        2. Prior legal advice to relevant operating units, now possibly being questioned
            by the compliance department.
        3. Advice to management and ultimately the board as to risks, obligations and
            actions to consider.
        4. Handle potential or actual litigation, regulatory enforcement actions, and/or
            other adverse actions initiated by third parties.
        5. Advice re public disclosure obligations under the securities laws.
        6. Advice to HR regarding possible employment actions in response to
            potential or actual wrongdoing by individuals, including senior officers.
     C. Each of these roles of counsel may involve privilege.
        1. Can privilege be maintained in each instance?
        2. Is privilege compromised when the administrative/operating unit that
            receives legal advice also reports to the chief legal officer?
        3. When and how might outside counsel be used in all of this?

V.   Emerging Elements for Bank Compliance Programs

     A. The compliance unit has appropriate independence.
     B. One or more compliance officers report to the board’s audit committee, much in
        the same way internal audit does.
     C. Someone carries the title and responsibilities of chief compliance officer.
     D. An internal or external group does independent testing of the compliance
        function.
     E. What the regulators are saying (and not saying).

VI. Some Questions

     A. What are some of the better organizational structures to consider?
     B. Can you have compliance units within the various business units, and if so, do
        you still need a separate, centralized compliance unit?
     C. What are some of the better ways the compliance unit can have access to legal
        advice, and how do you coordinate what the legal and compliance groups are
        thinking and doing?
     D. How do you protect legal privilege?
     E. Is it best to find a chief compliance officer inside the company, or to look
        outside? Is it best that the chief compliance officer come from within the
        industry, or can he/she come from another industry?
     F. What are some of the more likely ethics questions to arise, and how can you
        best handle the training function for these types of questions?



                                         -2-
VII. A Real World Hypothetical – Assume the following:

     A. The Compliance Department reports to the General Counsel at Big Bank. Big
        Bank’s Legal Department for years has given advice to its commercial lending
        department, has drafted the form agreements and alternative clauses for
        commercial loans, and has given extensive advice, among other things, on
        guarantees and protection of collateral, some of which advice has been
        privileged.

     B. A senior lawyer in Big Bank’s litigation group, which is not the group that
        drafted the documents for the commercial loan department and is not the group
        that has been advising them, is aware of a lawsuit against another bank
        elsewhere in the country where there are significant risks that the other bank’s
        collateral protections and guarantees are defective. If true, it is likely similar
        problems may be found to exist at Big Bank, and the senior litigator advises Big
        Bank’s General Counsel of that fact.

     C. When pursuing the matter informally, Big Bank’s General Counsel learns that
        Big Bank’s Vice Chair for Commercial Lending was fully aware of the potential
        problems but saw Big Bank’s approach as a significant competitive advantage.
        The Vice Chair thus had leaned hard on the Deputy General Counsel who
        oversaw this area to “go along” and keep things simple and not “over-lawyer”
        the documents. Indeed, it turns out the Deputy General Counsel had doubts but
        had told no one after the Vice Chair made his views known. The General
        Counsel also learns for the first time that the Vice Chair, about six months ago,
        had told the Deputy that the Vice Chair would support the Deputy becoming
        General Counsel at the end of the year when the General Counsel is scheduled
        to retire, assuming, as the Vice Chair put it, “everything stays peaceful here.”

     D. What should Big Bank’s General Counsel do? Among other things:
        1. Should the GC have a review of the relevant issues undertaken, and if so, by
           whom? Should that review be privileged?
        2. Should the GC alert the Compliance Department (again, a department which
           reports to the GC), Internal Audit, the CEO, and/or the Board?
        3. Can corrective action be taken going forward (for example, revise the
           standard commercial loan documents, obtain revisions to existing loans
           when there is an intervening event such as an extension of the current loan
           commitment, etc.) without undermining the legal positions that might be
           taken regarding the existing loan portfolio?
        4. Should the examiners be told?
        5. Should the independent outside auditors be told?
        6. Does this affect Sarbox controls? Does it affect any of the officer
           certifications that are given quarterly and annually?
        7. What else might be considered, and won’t retirement be nice?




                                          -3-
Legal Ethics and the Lawyer’s Role
    in the Ethical Corporation


           Peter L. Rossiter




      ABA Business Law Section
           Spring Meeting
            April 6, 2006
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                                          AGENDA
          The Corporate Lawyer’s Ethical Obligations
          Sarbanes-Oxley Act § 307 Requirements and SEC Rulemaking
          Creating a “Tone at the Top” – Corporate Codes of Ethics
          Compliance and Ethics Programs
          Role of Outside vs. Inside Counsel




                                                                     2
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                The Corporate Lawyer’s Ethical Obligations

         American Bar Association Model Rule 1.13 makes it clear that an
         attorney for a corporation represents the corporation – not the Board,
         the CEO or any particular constituency.
         Rule 1.13 requires “up-the-ladder” reporting of known existing or
         intended breaches of fiduciary duty or other fraudulent conduct, unless
         the lawyer believes it is not in the best interests of the corporation to
         do so.
         As a result of a post-Enron amendment, Rule 1.13 allows (but does not
         require) reporting outside the corporation if the Board fails to act and
         the lawyer reasonably believes the corporation will otherwise be
         substantially harmed.



                                                                                     3
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

                The Corporate Lawyer’s Ethical Obligations
                               (continued)
        Other ABA Model Rules require action in some circumstances.
         • Model Rule 1.2(d) prohibits counseling a client to engage, or
           assisting a client, in criminal or fraudulent conduct, and the lawyer
           must withdraw if he discovers his advice has been used in such
           conduct.
         • Model Rule 4.1(b) prohibits a lawyer from failing to disclose a
           material fact when disclosure is necessary to avoid assisting a
           criminal or fraudulent act by a client, unless disclosure is prohibited
           by Rule 1.6.
        Rule 1.6, the basic rule on client confidences, allows disclosure to
        prevent serious crime or fraud, or to prevent, mitigate or rectify serious
        harm that has occurred or is likely to occur.

                                                                                     4
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

                The Corporate Lawyer’s Ethical Obligations
                               (continued)
        State provisions can vary – sometimes dramatically – from the ABA
        Model Rules.
        In California, the ethical rules contemplate “up-the-ladder” reporting,
        but strictly prohibit reporting outside the corporation if the Board
        refuses to act.
        In New Jersey, the ethical rules require a lawyer to disclose to the
        proper authorities information necessary to prevent serious fraud.
        Illinois limits mandatory disclosure of client confidences to situations
        involving death or serious bodily harm, but allows it when required by
        law or in situations involving the client’s intention to commit a crime.




                                                                                   5
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

                The Corporate Lawyer’s Ethical Obligations
                               (continued)

        These rules present difficult issues for outside and inside counsel.
        Outside counsel may find it hard to verify or disprove suspicions – and
        rules tend to have a “reasonably likely” standard.
        Inside counsel face day-to-day interaction with multiple corporate
        constituencies – resulting social dynamics are challenging.
        Consequences of “withdrawal” for inside and outside counsel are very
        different.




                                                                                  6
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


             Sarbanes-Oxley Act § 307 and SEC Rulemaking

        Sarbanes-Oxley Act § required SEC to adopt “up-the-ladder” reporting
        requirements for attorneys advising public companies on securities
        matters.
        SEC adopted 17 C.F.R. Part 205 in January 2003.
        Applies to both inside and outside counsel, with different obligations
        for subordinate attorneys, supervisory attorneys and chief legal officers.
        Also sets up different reporting paths, depending upon whether issuers
        elects to create a “qualified legal compliance committee” (QLCC)
        consisting of non-employee directors (one of whom must be an audit
        committee member).




                                                                                     7
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

             Sarbanes-Oxley Act § 307 and SEC Rulemaking
                             (continued)
        Reporting obligations are triggered by complex test, starting with
        credible evidence of material violation of securities laws, fiduciary duty
        or any U.S. federal or state law.
        Basic concept is same as ABA Model Rules – reporting goes “up-the-
        ladder,” as far as the Board of Directors, until there is a satisfactory
        response (no violation found or appropriate remedial/preventive action
        taken).
        Exception is for companies that have a QLCC – a report to a QLCC
        ends the lawyer’s obligation.
        Rules also permit reporting outside the company but – for now at least
        – do not require it.


                                                                                     8
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

             Sarbanes-Oxley Act § 307 and SEC Rulemaking
                             (continued)
        SEC elected not to adopt a proposed “noisy withdrawal” requirement in
        January 2003.
        The proposed rule would have required a lawyer to withdraw and
        disavow any filings in which the lawyer had participated by notice to
        SEC if pursuing “up-the-ladder” reporting did not produce a
        satisfactory response in a reasonable time.
        SEC re-proposed this rule for additional comment and also put out
        alternative proposal that would require the company – not the lawyer –
        to report a withdrawal and the circumstances surrounding it.
        Neither proposal would apply to companies with QLCC’s – the
        lawyer’s responsibility ends with the report to the QLCC.


                                                                                 9
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

             Sarbanes-Oxley Act § 307 and SEC Rulemaking
                             (continued)
        SEC acknowledges that either “noisy withdrawal” proposal goes
        beyond the requirements of Section 307.
        Opponents argue that “noisy withdrawal” would chill lawyer-client
        relationships, resulting in less consultation with lawyers and therefore a
        lower level of compliance.
        Proponents argue that “noisy withdrawal” would encourage lawyer-
        client communication about the legality of proposed actions, or about
        what remedial action needs to be taken when illegalities are detected,
        because it increases the probability that illegality will be detected.




                                                                                     10
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


      Creating a “Tone at the Top” – Corporate Codes of Ethics

           SEC rules under Sarbanes-Oxley Section 306 require all U.S. public
           companies to adopt a Code of Ethics for “senior financial officers,”
           covering:
            • Honest and ethical conduct, including ethical handling of conflicts
              of interest.
            • Quality of disclosure in periodic reports.
            • Compliance with laws and regulations.
           Code must be filed with SEC and posted on issuer’s website.
           Any amendments or waivers must also be promptly made public.




                                                                                    11
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

           Creating a “Tone at the Top” – Corporate Codes of
                          Ethics (continued)
        NYSE and Nasdaq have taken the Sarbanes-Oxley provision further,
        requiring Codes of Ethics for all directors, senior officers and
        employees.
        The codes, and any amendments or waivers, must also be made public.
        Required coverage of codes differs somewhat between NYSE and
        Nasdaq and between the SEC requirement for financial officers and the
        NYSE/Nasdaq rules. For example:
         • Disclosures in periodic reports not specifically covered in NYSE
           rule.
         • NYSE requires coverage of corporate opportunities and use of
           corporate assets.


                                                                                12
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

           Creating a “Tone at the Top” – Corporate Codes of
                          Ethics (continued)

        Companies have taken varying approaches to implementing these
        requirements:
         • One, overarching Code that covers all requirements.
         • Separate codes for one or more of these groups: directors; senior
           financial executives; other senior officers; employees generally.
         • Integration with Corporate Compliance and Ethics Program (more
           on this later).
        Rules do not require – and most companies should not try to –
        consolidate all of their policies in a single document.




                                                                               13
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

           Creating a “Tone at the Top” – Corporate Codes of
                          Ethics (continued)
        Inside lawyers play important roles under these Codes
         • Drafting
         • Alerting
         • Advice in interpreting
         • Enforcement and penalties
         • Advice with respect to waivers
        Inside lawyers – including the General Counsel – are subject to them.
        The continuing problem: counselor vs. cop.




                                                                                14
Legal Ethics and the Lawyer’s Role in the Ethical Corporation

                          Compliance and Ethics Programs
       Corporate Compliance Programs have their genesis in 1991 Guidelines
       of the U.S. Sentencing Commission for sentencing organizations.
       The 1991 Guidelines gave “credit” in sentencing computations for
       organizations that had in place at the time of the offense an “effective
       program to prevent and detect violations of law.”
       Under the 1991 Guidelines, the “hallmark” of an effective program was
       the exercise of due diligence, which required “as a minimum” the
       following steps:
         • Establishing standards and procedures “reasonably capable of
           reducing the prospect of criminal conduct.”
         • Assigning specific, high-level individual responsibility to oversee
           compliance.
         • Using due care not to give “substantial discretionary authority” to
           persons whom the organization knew or should have known had a
           “propensity to engage in illegal activities.”
                                                                                  15
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)
       • Effectively communicating compliance standards and procedures to
         employees and agents.
       • Taking “reasonable steps” to achieve compliance with standards, as
         by having monitoring and auditing systems and systems that allow
         reporting of criminal conduct “without fear of retribution.”
       • Enforcing compliance standards consistently through “appropriate
         disciplinary mechanisms.”
       • Responding appropriately to all offenses detected, including making
         any changes in the program needed in light of the offenses.




                                                                               16
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)
         The 1991 Guidelines caused many companies to adopt compliance
         programs, with the twin goals of preventing violations in the first place
         and enabling the company to take advantage of the Guidelines’ credit
         for an effective program if violations in fact occurred.
         The Department of Justice, along with many other federal and state
         enforcement agencies (including the SEC), regularly take the existence
         of an effective compliance program into account in deciding whether to
         bring charges or other enforcement action against a company. The
         DOJ’s current policy is set forth in the Thompson Memo issued to U.S.
         Attorneys in 2003.
         In the oft-cited Caremark decision (In re Caremark Int’l Inc. Derivative
         Litigation, 698 A. 2d 959 (Del. Ch. 1996)), the Delaware court pointed
         to the company’s adoption and maintenance of a compliance program as
         a significant factor in protecting directors against a claim that they
         breached their duty of care.

                                                                                     17
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)
         Many companies integrated some of the policies required by the
         Sarbanes-Oxley Act – especially the “whistleblower” policy – into their
         existing compliance programs.
         After an extensive process of hearings and a report by an Advisory
         Group, the U.S. Sentencing Commission recommended to Congress a
         revised set of guidelines for sentencing organizations that took effect
         November 1, 2004.
         The new Guidelines make a number of significant changes.
          • Organizations receive credit for an “effective compliance and ethics
            program,” reflecting an explicit requirement that the organization
            promote a “culture that encourages ethical conduct” as well as
            compliance.


                                                                                   18
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)
         • The Board of Directors (or other governing authority) must be
           knowledgeable about the compliance and ethics program and
           exercise “reasonable oversight.”
         • There is increased emphasis on the involvement and specific
           responsibilities of senior management, the formality with which
           compliance activities are assigned and reported through all levels of
           the organization, training throughout the company and the resources
           and access given to compliance personnel.
         • Instead of requiring efforts to identify people with a “propensity” for
           illegal activity, the new Guidelines focus on persons who have
           “engaged in illegal activities or other conduct inconsistent with an
           effective compliance and ethics program.”



                                                                                     19
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)

         • There is a specific requirement “to evaluate periodically the
           effectiveness” of the program.
         • The system for reporting potential criminal conduct must also
           include a means to “seek guidance” with respect to such conduct.
         • In addition to imposing discipline for violations, the compliance and
           ethics program must include “appropriate incentives” to perform in
           accordance with the program.
         • The organization must also periodically assess the risks of criminal
           conduct, and modify the program to reduce the risks identified in the
           assessment.




                                                                                   20
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)

         In two cases decided early in 2005, United States v. Booker and United
         States v. Fanfan, a divided U.S. Supreme Court held that, under the
         Sixth Amendment to the Constitution, federal judges could not be
         required to increase sentences because of facts presented to the judge
         but not considered by the jury.
         The effect of the opinions in the two cases – written by different Justices
         – is to make the Guidelines something judges must consider but are not
         required to follow. Although the cases involved individuals, they
         probably apply to the guidelines for sentencing organizations as well.
         Congress may act. In the meantime, the Department of Justice has taken
         the position that the Guidelines should continue to be applied by
         sentencing judges.


                                                                                       21
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)
         In the wake of these decisions, it seems clear:
          • Having an effective program can only play a positive role in
            sentencing – whether the Guidelines are mandatory or merely
            advisory.
          • The relevance of compliance programs to charging and enforcement
            decisions has not changed. Prosecutors and other law enforcement
            officials still attach significant weight to them.
          • Compliance programs continue to be relevant when violations of
            law occur and directors seek to demonstrate that they adequately
            discharged their duty of care.
          • For all these reasons, companies are well advised to review their
            compliance (and ethics) programs and tune and tighten them so they
            comply with the “best practices” reflected in the new Guidelines.

                                                                                 22
Legal Ethics and the Lawyer’s Role in the Ethical Corporation


                Compliance and Ethics Programs (continued)
         The Basel Committee on Banking Supervision in April 2005 published its
         paper on “Compliance and the Compliance Function in Banks”
         The Basel Committee paper spells out key characteristics of an effective
         compliance function:
          • Board and senior management responsibility.
          • Adequate independence and resources for the compliance function.
          • Responsibilities of the various players.
          • Relationship of the compliance function with internal audit.
          • Outsourcing considerations – subject to oversight by internal personnel.
         FIL-105-2005, “Corporate Codes of Conduct – Guidance on Implementing
         an Effective Ethics Program,” issued by the FDIC on October 21, 2005,
         outlines the components of a Code of Conduct for U.S. financial
         institutions.
                                                                                       23
Legal Ethics and the Lawyer’s Role in the Ethical Corporation



                                Roles of Outside Counsel

                Specialist
                Reinforcements
                Investigator
                Scapegoat




                                                                24
Peter L. Rossiter is a partner in the Chicago office of Schiff Hardin LLP, where his practice
focuses on securities, corporate governance and regulatory matters, as well as mergers and
acquisitions and other transactional work, for financial institutions and other businesses.

From 1992 to 2004, Mr. Rossiter was an Executive Vice President of Northern Trust
Corporation, serving as General Counsel until 2000. As General Counsel, he led a 30+ attorney
legal department to support Northern Trust’s leading private banking and trust, institutional and
investment management businesses worldwide. In 2000, he became President of Northern
Trust’s Corporate and Institutional Services business unit, which manages Northern Trust’s
relationships with the institutional investors Northern serves around the globe. In 2003, he
became the head of the Corporate Risk Management Group for Northern Trust, where he
designed, organized, and led this new function. In 2004 he returned to the Schiff Hardin firm,
where for the sixteen years prior to 1992 he had concentrated his practice in corporate and
securities work for public and privately held clients across a range of industries.

Mr. Rossiter received his A.B. with high honors in the Woodrow Wilson School of Public and
International Affairs from Princeton University, and received his J.D. from Yale Law School,
where he was a member of the Board of Editors of the Yale Law Journal. He served as a law
clerk to the Honorable Alvin B. Rubin, U.S. District Judge, Eastern District of Louisiana (1973-
75), and the Honorable Warren E. Burger, Chief Justice of the United States (1975-76).

Schiff Hardin LLP
6600 Sears Tower
Chicago, IL 60606

Telephone:       (312) 258-5579
Fax:             (312) 258-5600
e-mail:          prossiter@schiffhardin.com




CH1\ 4320645.2
                              MICHAEL ROSTER

Michael Roster is Executive Vice President and General Counsel of World
Savings/Golden West Financial Corporation, a $125 billion financial services company
operating in 39 states. He previously was Managing Partner of Morrison & Foerster’s
Los Angeles office as well as co-chair of the firm’s Financial Services Practice Group
nationwide and, between 1993 and 2000, he was General Counsel of Stanford University
and Stanford Medical Center.

Mike is currently a director of the California Bankers Association and the Federal Home
Loan Bank of San Francisco. He previously has served as chair of the Association of
Corporate Counsel (ACCA), outside director and vice chair of Silicon Valley Bank, chair
of the Stanford Alumni Association, and chair of two start-up companies: Insert
Therapeutics and Encirq.




2/13/06