Understandably, it’s hard to find a corporate board member who isn’t concerned about the prospect of civil and criminal liability.  They are not alone as the overwhelming focus of corporate attorneys, in a boardroom context, pertains to compliance with relevant state and federal corporate laws (read: liability avoidance for board members).

Far less than 1/10th of 1 percent of public company board members who’ve served on corporate boards in United States history have ever been held civilly or criminally liable for their boardroom acts or omissions.  You likely have a similar chance of winning a $500 million Powerball drawing as you have of getting in legal hot water in the boardroom.

You might be thinking: “Does this mean that fiduciary obligations or the business judgment rule are any less important than what our lawyers have suggested?  The answer is a resounding NO. They couldn’t be more important.  But the consequences for getting them wrong pale in comparison, statistically, to poor management of the two risks below.

Ignored, Real Risk #1: Reputation Risk

One of the many anomalies of corporate board service is that directors are ultimately held responsible for businesses they don’t run (i.e., board members oversee companies, they don’t operate them).

As Warren Buffett aptly says in this terrific interview, right now in any company there are employees doing things they shouldn’t be (e.g., stealing, bribing foreign officials, improperly accounting for transactions, harassing employees, posting improper content on social media, unwittingly providing login credentials to cybercriminals, loading corporate secrets on their laptop prior to quitting, etc.).

As a board member, your job, among other things, is to develop and oversee a corporate ecosystem together with management that discourages and finds such indiscretions as quickly as possible.  But completely preventing them is a physical and intellectual impossibility.

In the real world, every transgression is a public relations nightmare, social media firestorm, accounting restatement, or state/federal investigation waiting to happen.  If this sounds overstated to you, go and read some of the headlines from United Airlines and Wells Fargo over the last several years.  Today, more than ever, social media can help make brands – and break them – with equal velocity.

Why is this particularly important to small-cap board members? Large-cap companies are operated and governed by executives with extensive public company experience who have the resources to immediately hire leading advisors, along with balance sheets that can typically withstand crises.  Because of this, there are real impediments to board members suffering reputational damage.

Small-cap companies, on the other hand, are often operated and governed by individuals with far less public company experience who lack the resources to garner quality outside assistance. And many small-cap businesses simply could not financially withstand a crisis.  When you add the fact that many of these companies have a shadow of the reporting, compliance, and governance infrastructures as larger public companies, small-cap board members have orders of magnitude more reputation risk than board members of larger companies. 

• Spend time talking to the CEO about enterprise risks that keep them up at night, and what plans exist to mitigate them. Provide an example and ask how the board is prepared to address it (e.g., cyber breach, or social media firestorm). Listen very carefully to the answers; there should be highly specific, thoughtful responses.
• When boards are largely comprised of the CEOs friends (very common in smaller public companies), there is typically oversight “lite.” Reputation risk rises dramatically with highly deferential boards.
• If the company has formal compliance policies (e.g., Foreign Corrupt Practices Act, social media, etc.), ask the CEO to take you through how each of those policies are administered and enforced. It’s one thing to have a policy, quite another to have effective mechanisms in place to drive company-wide adherence.
• Meet in person with mid-level finance team members (preferably without the CEO or CFO present). When finance team members have ethical reservations about assorted business practices, or feel they can’t openly provide disappointing news to their superiors, accounting issues are typically not far off.
• Speak with the key audit partner from the company’s audit firm and ask them whether the finance team is sufficiently staffed to file timely, accurate financial statements. Just because companies are publicly traded doesn’t mean they are prepared to be publicly traded.

It’s incredible how many intelligent, successful people don’t quantify these particular risks – or others – prior to joining small-cap boards.  If you could speak to the scores of board members whose reputations have suffered from board service gone awry, they would tell you: “If I had to do it all over again, I would have been far less trusting, and I would have been much more methodical in my diligence.”

Ignored, Real Risk #2: D&O Insurance & Indemnification

In theory, board members are protected from financial liability in two ways: director and officer insurance (D&O), and corporate indemnification.

D&O policies are designed to insure board members against costs arising out of carefully delineated errors and omissions. Corporate indemnification provisions are designed to broadly hold directors harmless for their lawful conduct as board members.  Unfortunately, in the small-cap ecosystem, theory regularly diverges from reality, and surprisingly few sitting or prospective board members are sufficiently aware of these risks.

D&O. There are multitudes of small-cap directors serving on boards with D&O policies that might not be worth more than the paper they are printed on.

Small-cap board members should consider the following steps to better understand the caliber of a given D&O policy.

• At most small public companies, CFOs (who are often extremely cost conscious) are often charged by boards to solicit proposals for D&O policies. You might have a non-insurance expert shopping on the company’s behalf for a hyper complex insurance product.  Procuring D&O insurance isn’t for novices.  And, D&O insurance isn’t something you want to pinch pennies on; insurance is one industry where you usually get what you pay for.
• Board members should confirm that the brokers being used are D&O experts and are highly experienced in assisting companies of your size and in your industry.
• At many small-cap companies, the board seeks the opinion of company counsel regarding the policy under consideration. The problem is that the typical, large firm corporate attorney is not a D&O expert. Consider getting input from a prominent securities litigation defense lawyer at your counsel’s firm, because their bills are largely paid by D&O carriers (i.e., they know everything about the carriers and the policies).
• Like most things in life, the devil is in the proverbial details. For example: (1) underwriters all have different ratings and reputations for coverage; (2) how a “stack” of policy underwriters is constructed can be impactful on insureds; and (3) every policy has a labyrinth of different exclusions that should be explained to the entire board in plain English by counsel and/or brokers. Remember, while the size of a D&O policy is informative, it’s not necessarily determinative of coverage efficacy.

Indemnification. All prospective board members should have their own counsel advise them as to the acceptability of the company’s proposed indemnification.

But…here’s the thing about an indemnification policy that’s easy to overlook: they are only as strong and as compelling as the assets of the indemnitor (the company, in this case).  There are literally thousands of U.S. public companies that potentially lack the financial resources to actually hold indemnitees (officers and directors) harmless.

Assessing small-cap corporate indemnifications is thus, part art, part science. Experienced counsel can help to shape the provisions to be more “director friendly,” but ultimately it’s up to the prospective board member (and their advisors) to make an assessment of the health of the business underlying the indemnification.