Homeland security policy expands corporate liability

In the post-Sept. 11 world,

corporations must confront numerous liability issues related to terrorism. One is the liability of the corporation, its directors and officers for business decisions related to a company's preparedness for terrorist attacks.

In the National Strategy for Homeland Security, released in July, the Bush administration placed responsibility for certain terrorism-related planning squarely on the shoulders of American business, recommending that businesses "conduct risk assessments on their holdings and invest in systems to protect key assets." The White House stated such action is not simply sound corporate governance and good corporate citizenship, but "an essential safeguard of economic assets for shareholders, employees and the nation."

Similarly, in the recent draft of the National Strategy to Secure Cyberspace, the administration described cybersecurity as a "management challenge" requiring senior leadership within an organization, including the close attention of the corporate board of directors.

The strategy stated: "Considering security only after an incident has occurred places the business, the customers and even the country at risk. In contrast, effective governance of cybersecurity promotes growth, productivity and shareholder confidence."

Thus, the White House has characterized terrorism-related planning as a corporate governance issue. This is important, because it suggests that corporate decision-makers -- whether directors or officers of large, publicly held corporations or of small private companies -- may face increased liability for decisions relating to counterterrorism and security.

Generally, the directors and officers of a corporation owe fiduciary duties to both the corporation and its shareholders. One of these duties, the duty of care, requires that directors and officers act in good faith, with the care that an ordinarily prudent person would exercise under similar circumstances, and in a manner that the officer or director believes to be in the best interest of the corporation.

More specifically, the duty of care has two components: decision-making and oversight. In making business decisions, directors and officers have a duty to protect corporate assets and minimize exposure to third-party liability. In the exercise of oversight obligations, directors and officers are responsible for monitoring the corporation's business, policies and procedures with regard to compliance with applicable law.

Corporate directors typically are protected against liability for their business decisions by the so-called business judgment rule. As stated by the Delaware courts, this rule is based upon "a presumption that in making a business decision, the directors of a corporation acted on an informed basis, in good faith and in the honest belief that the action taken was in the best interest of the company."

The business judgment rule may not, however, protect directors from liability if they have made ill-advised or negligent decisions, or if a director has abdicated his or her role through inattention and lack of involvement. A director may face personal liability for corporate inaction if he or she was fully informed and attentive with regard to a particular risk, but failed to take appropriate action.

Thus, given the continuing threat of terrorism, a corporation's effort, or lack of effort, in assessing vulnerabilities and in implementing security measures may have significant legal consequences.

We advise corporate clients to take steps in four areas: protecting employees, visitors and facilities; protecting shareholders; complying with security-related laws; and protecting directors and officers. In addition, companies must assess industry-specific risks and obligations.

The bottom line, as the Bush administration has suggested, is that no corporation can afford the status quo on security issues. A thorough liability assessment should be performed to ensure informed and considered decision-making. *

Richard Rector is a partner in the Government Contracts Group of Piper Marbury Rudnick & Wolfe LLP in Washington. His e-mail is richard.rector@

piperrudnick.com.

Doing Business With | The General Accounting Office | By Evamarie Socha

VITAL STATISTICS