The S&P conflicts debacle: questions for the board of directors

Last week shareholders of McGraw-Hill got walloped, as its stock plunged by 27% on news that the Department of Justice had brought a conflicts-of-interest- and fraud-based lawsuit against the company and its Standard & Poor’s Ratings Service unit.  As described by Attorney General Eric Holder, the case alleges “that S&P falsely claimed that its ratings were independent, objective, and not influenced by the company’s relationship with the issuers who hired S&P to rate the securities in question — when, in reality, the ratings were affected by significant conflicts of interest…” With a $5 billion damage claim, the lawsuit – which arose from S&P’s ratings of certain collateralized debt obligations and residential mortgage backed securities during the financial crisis – seems to pose considerable peril to McGraw-Hill.  Moreover, the claim does not include the damages sought in various similar lawsuits by state governments.  All told, this legal assault – which S&P has called unjustified and without merit – could be one of the costliest COI matters in U.S. history, with some observors wondering whether the company will ultimately suffer the fate that Enron and Arthur Andersen did.

I’m not a McGraw-Hill shareholder but if I were I’d want to know what the board of directors had done to try to prevent something like this from happening.  Of course, boards are not responsible for managing all compliance and ethics efforts at a company.  However, where both the likelihood and potential impact of a risk are great, the C&E-related expectations of a board are obviously enhanced – and that would certainly seem to be the case with COIs in a ratings provider given the long-standing concern with the “issuer pays” model and the great damage (both from direct liability and harm to the brand) that could be expected from tainted ratings (even in a setting less dramatic than that of the financial meltdown of 2008).

Additionally, the case for a relatively high degree of board C&E program oversight becomes greater still in situations of  what might be called C&E-related moral hazard, i.e., where the individuals creating the C&E risks (or responsible for managing the actions of such risk creators) might have a strong short-term interest in the continuation of non-compliant practices, to the detriment of the long-term interests of the shareholders.  The ratings business in the years in question might well fit that description, assuming – as seems likely – that senior executives of these companies received significant compensation from revenues based on the practices now being questioned. (Indeed, the government’s complaint is replete with references to how important this business was to S&P.)

Of course, it is possible that the McGraw-Hill board recognized the risks at issue but felt that they were adequately mitigated. Indeed, as noted by the government’s complaint, the company had COI-related policies at the time (and, in fact, part of the theory of liability is that S&P’s promises to adhere to such policies were false).

But McGraw-Hill shareholders will presumably want to know about more than the company’s promises to be ethical, since written policies by themselves often provide little protection from C&E risks. The real issue – given the likelihood and potential impact of the risks, combined with potential for moral hazard – is likely to be whether the board had sufficient reason to believe that relevant policies were being effectively enforced and promoted.  Among the questions going to this key issue are to what extent did S&P:

– Have a robust risk assessment process, to identify service lines most likely to create COI risks?

– Have COI monitoring and auditing protocols addressed to COIs?

– Encourage employees, in a persuasive way, to report concerns around COIs?

– Investigate any such reports and respond with appropriate discipline when a violation has been proved (meaning not only discipline for those engaged in violations but those who could have but failed to stop the misconduct).

– Use incentives to encourage effective COI mitigation?

– Assess the efficacy of its efforts in this area?

– Create a culture that helped prevent COIs from arising in the first place?

– Empower a compliance officer to help with all of the above?

Finally, given that the conduct at question in the S&P case took place in 2004-2007, is asking these questions in 2013 an unfair exercise in Monday morning quarterbacking?  I don’t think it is,  because all are based on the federal government’s most important C&E standards – the Sentencing Guidelines for Organizations – as they existed at the time at issue. Indeed, the fact that the Guidelines had been amended – with great fanfare – in 2004 to add many of these expectations would make the board’s failure to determine if they were being taken  hard to defend.  Moreover,  as far back as 1996 the Delaware Chancery Court had said “[a]ny rational person attempting in good faith to meet an organizational governance responsibility would be bound to take  [the Guidelines into]  account…” (Note: I’m not saying that the board necessarily failed in this regard.  But I’m pretty sure McGraw-Hill shareholders will be eager to find out if the board made an adequate effort in trying to protect their investment.)

Some related posts:

The Goldman Sachs case holding that false claims of COI mitigation can be the basis for legal liability.

The costliest COI cases ever.

How boards should oversee C&E programs.