Ethical Rules and Professional Liability Risks of Business Lawyers Advising on Executive Protection Programs

19 Min Read By: Sarah H. Duggin, Stephen Braga, Adam P. Schwartz, James Wing


  • A culture of cooperation has emerged over the last 20 years with regard to investigations of corporate wrongdoing, and individual executives now bear the brunt of the public need for retribution and deterrence.
  • Business lawyers responsible for the creation or renewal of an executive protection program should be mindful of the potentially adverse interests of entities and the executives who serve them.
  • What ethical rules apply to the business lawyer tasked with the creation or renewal of an executive protection program?

“Cooperation Revolution” Shifts Focus to Executives and Managers

In 1999, then-U.S. Attorney General Eric Holder issued an internal Justice Department memo entitled: Bringing Criminal Charges Against Corporations. It laid the groundwork for policies that allowed more leeway in bringing criminal charges against large firms.

By 2002, the Enron and WorldCom failures had occurred, and Arthur Andersen had imploded after it was indicted. The firm was ultimately acquitted of criminal misconduct, but innocent partners, employees, and others suffered severe losses as a result of Andersen’s demise.

Congress acted promptly. The Sarbanes-Oxley Act (SOX) became law in 2002, with the express goal of improving the quality of public company financial reporting. SOX imposed on senior executives enhanced disclosure and certification obligations, eliminated accountants’ potential conflicts of interest, and established a new federal regulatory body, the PCAOB, to police the quality of public company audits. The ABA created a task force to consider the impact of SOX on executives. That task force later became the Director’s and Officer’s Liability Committee of the Business Law Section.

At the same time, the Internal Revenue Service had begun investigating the involvement of major accounting firms, law firms, the investment arms of banks, and securities firms in promoting allegedly abusive tax shelters. The tax shelters under investigation had operated to shield from taxes billions of dollars of taxpayer income generated in the years leading up to the crash of 2000. The IRS referred the matters to the Department of Justice (DOJ). The DOJ brought or threatened criminal proceedings against both taxpayers and major accounting firms as well as other participants in the tax-shelter industry. The criminal cases were plowing new legal ground in that they sought for the first time to criminalize conduct that had been exclusively the province of highly disputed areas of civil tax law. With only four major accounting firms left, the Andersen experience gave rise to an acute need to balance the interests of law enforcement and erosion of federal revenue against a desire to avoid the severely negative damage to innocent bystanders that followed Andersen’s collapse.

In 2003, the DOJ issued a second memo that superseded the 1999 Holder Memo. This memo, known as the “Thompson Memo” after its author Deputy Attorney General Larry Thompson, was entitled Federal Prosecution of Business Organizations. The memo specifically held out the possibility that large organizations could escape criminal charges completely by “cooperating” with law enforcement. The Thompson Memo listed nine specific factors for DOJ lawyers to consider before filing criminal charges against business entities. It indicated that to avoid prosecution, entities must turn over to the government materials they obtain as a result of an internal investigation of the alleged misconduct, waive attorney-client privilege, and refrain from providing company-paid lawyers to executives targeted for individual prosecution.

The U.S. Chamber of Commerce, the ABA, and others immediately lodged vociferous objections to the Thompson Memo with Congress. The objectors focused on what they characterized as a wholesale assault by the DOJ on the sanctity of the attorney-client privilege. The DOJ responded by issuing the 2006 McNulty Memo. That memo, entitled Principles of Federal Prosecution of Business Organizations, restrained the ability of line prosecutors to demand the turnover of privileged materials. It also scaled back the importance of an entity’s advancement of attorney’s fees to its executives as a factor militating in favor of the filing of criminal charges against an entity.

The DOJ’s Filip Memo of 2008 bore the same title as the Thompson Memo. It clarified that the quality of an entity’s cooperation would be measured by the extent to which it discloses facts, as opposed to waives privileges, and that the DOJ would no longer consider advancement of attorney’s fees or the existence of joint defense agreements between a company and its executives as factors demonstrating a lack of cooperation. The same year, in US v. Stein, the U.S. Court of Appeals Second Circuit affirmed a ruling of the U.S. District Court for the Southern District of New York that held unconstitutional the efforts by the DOJ to pressure KPMG to cut off defense funding of its tax partners on the eve of their 2005 criminal trial for promoting allegedly abusive tax shelters.

This chain of developments set the stage for the last major DOJ memo in the sequence significant to our subject, the Yates Memo of 2015.[1] By this time, the DOJ had announced that it would no longer consider an entity’s advancement of defense costs to its executives as a factor favoring criminal indictment of a company; it had relinquished much of its ability to force wholesale waivers of privilege; and it had announced that it would no longer view negatively the existence of joint defense agreements between companies and potentially targeted individuals. By this time, large commercial entities were accustomed to cooperating with the government to obtain deferred prosecution agreements to avoid their own prosecution.  Entities typically would agree to pay a substantial fine or make restitution, institute internal reforms, finance internal investigations of potential misconduct by individual executives and employees, and turn the results of their investigations over to the government. The establishment of a “culture of compliance” in large business entities was well underway. What was required was a clear means of meeting the public need for retribution and deterrence. The Yates Memo made clear that those objectives were to be met by prosecuting individual executives.

Indeed, the Yates Memo’s very title emphasized this objective: Individual Accountability for Corporate Wrongdoing. It outlined six steps designed to enhance the DOJ’s “pursuit of corporate wrongdoing”: (1) to be deemed cooperative an entity must designate the individuals involved; (2) DOJ prosecutors should target individuals from the outset; (3) DOJ civil and criminal staff should share information; (4) there were to be no tradeoffs between a larger fine for the entity in exchange for a release of individual responsibility; (5) there were to be no entity settlements without a “clear plan” for individual responsibility; and (6) civil staff should pursue individuals with civil charges regardless of the individuals’ ability to pay.

Today, the concept of entity cooperation is established and has gone global. Scarcely a day goes by without a major entity telling the press in respect to some scandal or charge that it is “cooperating” with the government. An industry of former prosecutors in private practice has sprung up to cover the demand for internal investigations. Through this “cooperation revolution,” the burden of the criminal law is now placed squarely on individual executives. The higher profile they are, the more they are exposed. Indeed, heavily footnoted law review articles going back years—one written by an insightful observer who later became a major prosecutor himself—argue that massive unfairness to innocent executives is highly likely given the enormity of the government’s leverage in persuading business entities to cooperate. Anecdotal evidence suggests that this unfairness can even extend to entities’ selective disclosure of facts to prosecutors that conceal potentially exculpatory Brady and Jencks Act evidence. To the extent this exists, central elements of the U.S. criminal justice system are being compromised.

The enormity of the government’s leverage in these negotiations derives from two factors: (1) U.S. Supreme Court precedent from the early 20th century imposes vicarious liability for criminal conduct on entities for the smallest infractions of low-level agents who may be acting only in part for the benefit of the entity; and (2) the “egg shell” status of large entities that cannot—a la Arthur Andersen—even risk a criminal charge. As a result, the onus of the criminal law now falls primarily on individuals. Indeed, a recent ABA panel listed 12 “Best Practices Take-Aways” for internal investigations. Number six is: “Throw the guilty under the bus.”[2]

Application to Business Lawyers

The application of these developments to business lawyers is plain. As a result of the cooperation revolution, the interests of entities and the executives who serve them can now become adverse once a potential violation of criminal law becomes subject to internal investigation. This potential adversity of interest has direct application to business lawyers who are charged with responsibility for the creation or renewal of any component of an executive protection program. The fact that the lawyer’s real client—the corporation or alternative entity—asks him or her to draft a plan that protects nonclients—individual board members and officers—raises pointed questions of legal ethics.

From the Commencement of an Investigation, the Individual Executive Is Placed under Extreme Duress

Before addressing the ethical conflicts in detail, we point out an experiential reality. Individuals  undergoing investigation for criminal charges (which often involve gray areas of fact and/or law) are subject to intense stress, regardless of their ultimate guilt or innocence. Most executives believe when they accept a management position (often without investigating their rights to litigation protection) that their company will stand behind them in any case of legal doubt or inquiry.

However, the cooperation revolution described above proceeds on the exact opposite assumption. It assumes that under governmental pressure to cooperate, otherwise presumptively innocent executives will be identified by the entity they serve as candidates for potential criminal prosecution. Once so identified, investigated or charged executives frequently lose the ability to sleep or to concentrate. Their health and family relationships deteriorate. They feel shunned by their colleagues. If they insist on legal protections like Fifth Amendment privileges when interviewed by company investigators, they are typically fired. Any professional designations or licenses they hold are placed in jeopardy. They lose their incomes and employment benefits. They may need to sell their home(s). They sometimes lose their health coverage or other critical benefits for their dependents. Many white collar practitioners, when commencing their representation, direct their clients to seek immediate psychological counseling, another major cost item, precisely because the stress is so severe.  Of course, this stress pales in significance to that of a catastrophic legal outcome. An adverse legal outcome is far more likely if their executive protection program fails to afford them enforceable advancement rights to hire competent counsel to defend their individual interests.

Business Lawyer Conflict at the Drafting Stage

Faced with the above realities, what ethical rules apply to the business lawyer tasked with the creation or renewal of an executive protection program? An executive protection program refers to the documents that corporations and alternative entities adopt for the protection of their directors, officers, and other managers that, in combination, cover four legally distinct subjects: (1) exculpation of corporate directors from liability in damages for breach of the fiduciary duty of due care; (2) advancement, i.e., the financing of a covered executive’s defense costs while an underlying criminal or civil case or investigation is proceeding against him or her; (3) indemnification, i.e., reimbursement for all defense costs not advanced and the forgiveness of any duty to repay previously advanced defense costs after the underlying proceeding is concluded; and (4) director and officer liability insurance that backstops and supplements the above benefits in the event that they are defectively drafted or incomplete, or in the event that the entity is unable or unwilling to provide them due to perceived government pressure or otherwise. 

These documents are put into place on the “clear day,” i.e., before any civil claim or criminal charge or investigation is in the offing, but they are designed to cover what happens on the “stormy day,” i.e., after a claim or charge is made or investigation commenced. THUS, ALL THE CONFLICTS BETWEEN THE ENTITY AND THE EXECUTIVE THAT MAY ARISE ON THE STORMY DAY SHOULD BE ANTICIPATED AND DRAFTED FOR ON THE CLEAR DAY.

The complexities of the law in this area are intense. At least four substantive legal specialties are implicated: the law of advancement and indemnification with and without a corporate law overlay; the law of preliminary injunctions to the extent necessary to enforce advancement rights; the complex law of D&O liability insurance; and the law and practice of white collar criminal defense and Fifth Amendment privilege protection. The task of drafting is not for amateurs or legal tourists. 

The Applicable Ethical Rules and Law of Professional Liability to Nonclients

So our in-house or outside business lawyer is asked by the board of a corporation or managing body of an alternative entity to review and evaluate, or even just comment on, the firm’s executive protection program. Alternatively, for example, one or more directors ask for the lawyer’s opinion on the scope or adequacy of its coverage of them personally, or to consider revising a bylaw provision, to review and comment on some provision of a firm’s insurance policy incident to its initial negotiation or renewal, to explain an existing set of articles/bylaws/policies to a new director, or to put together new bylaws or a new operating agreement for a recently formed alternative entity that is about to receive outside financing from a venture capital firm. The list goes on and on.

On each occasion, the lawyer is being asked to create, evaluate, draft, or counsel as to the renewal of an executive protection program. By definition, these requests implicate Model Rules 1.1 and 1.3, the rules mandating competency and diligence. Demonstrating competency is no small matter, given that the subject matter transcends existing legal silos. Complicating the matter is the fact that the lawyer’s exclusive de jure client is the entity, but either the entity or one of its most senior constituents is asking him or her for advice on protecting nonclients—the directors and other potentially covered executives in their individual capacities—from personal, potentially catastrophic loss. In such a case, additional rules of ethics come to bear. They are:

  • Model Rule 1.13 (Organization as Client). The lawyer represents the organization acting through its authorized “constituents”—its board or equivalent. Assuming the lawyer knows that the organization’s interests are adverse to the interests of any of the individuals, Rule 1.13 requires the lawyer to point out that he or she represents the organization, not the individuals who are the very people whom the executive protection program is supposed to benefit. Once the stormy-day conflicts are brought forward to the clear day on which the program is drafted, the drafting conflicts are intense and numerous.[3] The lawyer has no conflict because he or she represents only the entity. The law permits the board to resolve the conflict even though the individual directors are beneficiaries of the program personally because the board acts collectively as the embodiment of the corporation. The rules of ethics require the lawyer to be careful how he or she deals with the board’s members individually, however, because they are entity “constituents” whom the rules single out for special treatment. 
  • Model Rule 2.1 (Counselor). In rendering candid advice to the board, the lawyer may refer not only to the law and practice of cooperation as we did above, but also to the moral, social, and economic factors relevant to the drafting of the program. The latter may well favor vigorous protection of directors and officers. Most states’ laws recognize that without adequate protection from litigation, including advancement of legal fees and expenses, most entities will have difficulty in attracting and retaining executives. It is easy to see why that is so upon consideration of the experiential factors listed above. Most states’ laws also recognize that executives who defeat meritless litigation against them arising from their service to an entity should be indemnified by the entity for the costs they incur in the effort. Most boards opt to select in principle a grant of both advancement and indemnification “to the fullest extent permitted by law” once they are told that in the event of a change in control, any of them, or all of them, and their insurers to boot, may be in the sights of new, sometimes hostile, managers. However, rarely do they (and shareholders) feel so magnanimous after a real threat arises when they are in charge. The devil, then, is seen as lurking in the drafting details, and blame is frequently laid on the drafting lawyer for facilitating what is viewed as the unjust protection of a miscreant.
  • Model Rule 2.3 (Evaluation for Use by Third Persons). This rule may be implicated when the board, the personification of the entity, asks the lawyer to evaluate the corporation’s existing or new executive protection program for personal consideration by directors and other covered executives. The rule permits a lawyer at the request of the corporate client to make the evaluation for the benefit of individual nonclients if the lawyer reasonably believes the evaluation is “compatible” with his or her relationship with the client. Given that an entity’s clear-day agreement to protect executives from some of the adverse consequences of the cooperation revolution furthers the entity’s ability to attract and retain talented management, “compatibility” of interest to that extent is self-evident. On the other hand, at a later time, some of the protections adopted for executives may be perceived as hampering the corporation’s ability to later throw a perceived miscreant director or officer “under the bus.” On the stormy day, shareholders may criticize the board for excessive liberality, and the board may criticize drafting counsel. Permitting perceived miscreants to “lawyer up” at company expense may be seen as both a waste of corporate assets and as hampering the entity’s ability to achieve appropriate “cooperation credit” to avoid a catastrophic indictment. To that extent, the interests of the client and the nonclient may be distinctly adverse even on the clear day. As a result, the client’s “informed consent” may be required. See articles cited in footnote 3 for ideas about how to do that.
  • Model Rule 4.1 (Truthfulness in Statements to Others). Lawyers are charged ethically with a duty to speak truthfully and to refrain from assisting a client in a criminal or fraudulent act by remaining silent and thereby failing to disclose a material fact. An entity lawyer’s failure to disclose the risks inherent in serving as a business executive in the era of the cooperation revolution to a group of directors voting on a protection program is akin to remaining silent when a corporate HR representative in the lawyer’s presence extolls a health insurance program to a group of employees while failing to reveal that it contains a cancer exclusion.
  • Model Rule 4.3 (Dealing with Unrepresented Person). In the executive protection context, this rule supplements Rule 1.13. Given that the directors are (usually) not personally represented in the drafting of the protection program, the lawyer must disclose the lawyer’s obligations to the entity client; thus, the lawyer ordinarily should not give the individual beneficiaries legal advice (other than to retain personal counsel), and must do what is necessary to “correct” any “misunderstanding” of the lawyer’s role by the individuals. We believe that a misunderstanding of the business lawyer’s role in this area is extremely difficult to avoid, particularly if the lawyer deals with any entity constituent one-on-one. We thus suggest that to minimize liability risks to counsel, (1) the lawyer should always remind constituents that he or she represents the entity, not the individual officer or director; and (2) entities should retain separate representation for beneficiaries of the executive protection program as a group to address any questions. We believe strongly that business lawyers may not avoid this issue by deferring to an entity’s risk manager where the lawyer is involved in any way in the drafting of advancement or indemnification provisions or the review or negotiating of liability insurance protection. 
  • Sections 51(2) and (3) (Duty of Care to Certain Nonclients) of the Restatement (Third) of the Law Governing Lawyers. These sections supplement and support Rule 2.3 and raise the consequences for an ethical breach to the level of possible civil liability. Subsection (4) of section 51 creates a similar duty of care to a nonclient who is the beneficiary of a client’s fiduciary duty. Ordinarily, entities are not fiduciaries for their own directors and managers personally, but is that true when the entity undertakes to obtain D&O liability insurance for the personal benefit of constituents where the beneficiaries have no control or influence over the process? There is anecdotal evidence of entities refusing to produce D&O insurance policies to covered executives on the stormy day or denying them access to important coverage and claims information. Can a lawyer ethically assist such conduct under subsection (4)?
  • Section 95 (An Evaluation Undertaken for a Third Person) of the Restatement. This section supports Rules 2.3 and 4.1 and makes clear that a duty of care exists in the event of their violation.

In sum, after the cooperation revolution, the evaluation and drafting of the component documents of an executive protection program require specialized knowledge and skill overlapping four discrete areas of legal practice. The ethical duty of competency plainly comes into play. Further, by definition, drafting for the cooperation revolution is required whenever a lawyer is asked by an entity client to prepare, comment on, or oversee the renewal of a protection program for the benefit of constituents who may well rely, however inappropriately, on the entity lawyer. This situation is governed by discrete ethics rules and principles of law governing lawyers’ responsibilities to nonclients.

The cooperation revolution can yield catastrophic consequences for today’s presumptively innocent executives. It cannot safely be ignored by legal practitioners.

[1] We do not view the November 2018 remarks of Deputy Attorney General Ron Rosenstein as signaling a major retreat from the Yates Memo. The DOJ’s emphasis on individual responsibility remains applicable to highly visible senior executives who are typically the particular objects of executive protection programs. The question of the degree to which the DOJ can direct or influence internal investigations without rendering them state action for Constitutional purposes was recently addressed in U.S. v. Connolly, one of the Libor cases before the U.S. District Court for the Southern District of New York. The issue is likely to be appealed to the Second Circuit.

[2] Krantz, E., Spring 2019 ABA BLS Vancouver Spring Meeting materials for program: “Conducting an Effective Internal Investigation — One Chance to Get It Right.”

[3] Wing, J. and Oringer, A., “Discipline Involving Multiple Disciplines — Protecting Innocent Executives in the Age of “Cooperation,” ABA The Business Lawyer, Vol 70, Issue 4, Fall 2015, pp 1123-1138. James Wing, Training for Tomorrow: 2013 Checklist for Corporate Counsel Supervising the Creation or Renewal of an Executive Protection Program, Business Law Today (2013).


Connect with a global network of over 30,000 business law professionals


Login or Registration Required

You need to be logged in to complete that action.