Avoiding Liability as an Officer, Director or Business Owner
There are myriad reasons for forming a corporation or an LLC rather than conducting business sans a legal entity, but one of the more familiar reasons is avoiding personal liability.
But protections against personal liability have limits.
Owners, officers, and directors can be sued and held personally liable under various circumstances.
There are four categories of mistakes owners, officers, and directors should avoid – whether as directors of publicly traded companies, small business owners, or startup founders.
-
Alter Ego/Piercing the Corporate Veil
-
Self-Dealing/The Duty of Loyalty
-
Knowing Violations of Law/The Duty of Good Faith
-
Compliance Failures/The Duty of Oversight
Alter Ego/Piercing the Corporate Veil
Alter ego theory is a doctrine for holding individuals liable for the debts or liabilities of a company. We also call this “piercing the corporate veil.”
It is generally invoked against dominant owners, whether of an LLC or a corporation.
And it is commonly invoked when a plaintiff (the person suing) finds it necessary or advisable to hold the owner(s) personally liable. This might be because the claims are large, the company might be insolvent, or the plaintiff believes the owners already have or might soon loot the company’s cash.
To seek direct liability against a business owner under Delaware law, the plaintiff needs to claim and to prove a “unity of interest and ownership” between the business and its owners, meaning the business is essentially treated as the owner’s personal entity, and that piercing the “corporate veil” is necessary to prevent an inequitable outcome.
And that’s why the term “alter ego” is used. Alter ego is Latin for “other I,” meaning an alternate self. In this context, it means the owner treats the company as themself.
Factors to imposing liability against an owner under alter ego theory include:
-
Commingling of personal and corporate funds, aka treating the company as one’s piggy bank
-
Failure to maintain proper corporate records or hold meetings
-
Lack of adequate capitalization
-
Using corporate assets for personal use
-
No clear separation between the individual and the company’s operations
To avoid personal liability, owners, including LLC members and corporate shareholders, should:
-
Formally assign/transfer all assets related to the business to the business and only acquire business assets with business funds.
-
Maintain a business bank account and be sure to pay all business expenses from it and deposit all company revenues and other payments into that account.
-
Never comingle company and personal funds, including by withdrawing company cash for personal uses or paying for any personal expenses outside of an established expense reimbursement policy and systems for documenting expenses.
-
Observe all LLC or corporate formalities required for the entity type, including keeping the entity in good standing by filing any necessary annual reports, fees and/or taxes.
-
LLC owners and managers should abide by all terms of the company’s operating agreement. Absent an operating agreement, the owner(s) should assume state default rules apply and abide by those.
-
Directors and officers of corporations should ensure that shareholders vote on things requiring their approval, boards should vote on all things requiring board approval, and officers should always conduct business clearly as representatives of the business by signing contracts and other documents in the company’s name, using their appropriate company titles.
-
Do not “steal corporate opportunities.” This is discussed again in connection with “self-dealing,” but business owners, officers, and directors should not take personal advantage of opportunities appropriate for the business.
-
In general, failing to provide sufficient capital to a business is a weak basis for piercing the corporate veil – other listed factors generally have to be present. But evidence of intent to thwart or defraud creditors or other claimants through asset shifting schemes could be sufficient on its own, depending on the circumstances.
A common and potentially risky pattern is for startup founders to informally cover startup expenses or periodically deposit funds into the startup’s bank account to cover expenses.
The safer and more appropriate approach is to document founder loans to the company, including through documentation allowing for periodic draws by the company or additional advances by the founder. These can be tracked and recorded in a schedule to the loan agreement.
Self-Dealing/The Duty of Loyalty
The next topics are all based on Delaware law. Outcomes under other states’ laws might vary, but it would be reasonable to expect similar results for similar conduct.
Fiduciary Duties Overview
Corporate officers and directors are fiduciaries, owing duties of care and loyalty.
The duty of care requires officers and directors to use the care that a reasonably prudent person in like position would reasonably believe appropriate under the circumstances.
The duty of loyalty requires officers and directors to discharge their duties in good faith and with the reasonable belief that their actions are in the best interests of the corporation and its shareholders.
Self-interested acts are the opposite of acts in the best interests of the corporation and its shareholders.
Under Delaware law, the duty of loyalty has a subsidiary duty of good faith and the terms “good faith” and “loyalty” can be read here interchangeably.
Under the duty of good faith, there is a duty of oversight and a duty of candor/disclosure.
Only Duty of Care Violations are Exculpable
Duty of loyalty breaches, including breaches of the duties of good faith, oversight, or disclosure, can subject an officer or director to shareholder suit and personal liability.
This is because directors and officers can be exculpated (shielded) from and indemnified (compensated/reimbursed) for breaches of the duty of care, but not for breaches of the duty of loyalty.
Under modern corporate law, the vast majority of directors are shielded from personal liability for breaches of the duty of care under exculpation clauses in their corporations’ certificate/articles of incorporation.
Here’s a standard exculpation clause:
The liability of the directors and officers for monetary damages for breach of fiduciary duty as a director shall be eliminated to the fullest extent under applicable law.
Rights to exculpation were deemed necessary in order to encourage individuals to serve as officers and directors by shielding them from litigation seeking to second-guess their business judgment, particularly when risks taken in business turn out bad.
Note the words “to the fullest extent under applicable law.”
In this case, applicable law is Section 102(b)(7) of the Delaware General Corporation Law (DGCL), which says in pertinent part:
“A provision eliminating or limiting the personal liability of a director or officer to the corporation or its stockholders for monetary damages for breach of fiduciary duty as a director or officer, provided that such provision shall not eliminate or limit the liability of:
(i) A director or officer for any breach of the director’s or officer’s duty of loyalty to the corporation or its stockholders;”
Pro Tip: Note, it was only in August of 2022 that Delaware law was amended to allow for the inclusion of “officers” in exculpation clauses. Consider amending certificates of incorporation currently only protecting directors to extend exculpation to officers.
Here’s a good article on that topic: Recent Developments in Delaware Officer Exculpation Charter Amendments
No Indemnification for Duty of Loyalty Breaches
Similarly, companies can provided indemnification to officers and directors, but not for breaches of the duty of loyalty.
Here’s a standard indemnification clause like those found in most certificates of incorporation:
To the fullest extent permitted by applicable law, the corporation is authorized to provide indemnification of (and advancement of expenses to) directors, officers and agents of the corporation (and any other persons to which applicable law permits the Company to provide indemnification) through Bylaw provisions, agreements with such agents or other persons, vote of stockholders or disinterested directors or otherwise in excess of the indemnification and advancement otherwise permitted by such applicable law….
Note again the phrase “permitted by applicable law.”
Applicable law here is DGCL Section 145, limiting indemnification to circumstances where:
“… the person acted in good faith and in a manner the person reasonably believed to be in or not opposed to the best interests of the corporation.”
Again, self-interested acts violate the duty of good faith.
The prohibition against indemnifying for breaches of the duty of loyalty also applies to contractual indemnification rights and obligations.
The Business Judgement Rule
Under most circumstances, it is not difficult for boards to meet their obligations under the duty of care. In making decisions, a board simply needs to (i) reasonably inform itself, (ii) observe reasonable processes, and (iii) act in good faith in the best interests of the corporation.
These are the elements of what is called the “Business Judgement Rule.”
One of the more momentous recent cases for VCs, In re Trados Inc. Shareholder Litigation, said the BJR presumes “in making a business decision the directors of a corporation acted on an informed basis, in good faith and in the honest belief that the action taken was in the best interests of the company.”
The Trados court went on to say that, unless one of these listed elements is rebutted, “the court merely looks to see whether the business decision made was rational in the sense of being one logical approach to advancing the corporation’s objectives.”
So most garden-variety board acts and decisions by an informed, well-run board should not raise any concerns.
Acts involving actual or potential “self-dealing” or “conflicts of interest,” on the other hand, warrant careful scrutiny and special processes, and almost certainly guidance by competent counsel.
Examples of Self-Dealing/Conflicts. The following are some examples of self-dealing or conflicts of interest that should either be avoided or firewalled off by processes involving special committees, recusals, fairness opinions, shareholder approvals, and other processes that exceed the scope of this article:
-
An officer or director taking a corporate opportunity from the company, like buying a building the company was interested in and offering to lease it to the company.
-
An officer or director causing or allowing the company to enter into a contract with a business they own or control without proper disclosure and approval.
-
Providing or approving preferential deals to entities controlled by directors, officers, or their associates.
-
A director or officer failing to disclose material conflicts of interest or otherwise misleading the board about a personal interest in a transaction.
-
Loans to directors or officers on terms not favorable to the company or without proper approval.
-
Using company resources (e.g., money, property, or confidential information) for personal gain.
-
Starting a business that competes with the company without disclosing the conflict.
Financings and M&A transactions are among the types of transactions that often pose conflicts of interest, some obvious and some not.
Safely navigating such transactions often requires creating special committees of truly independent directors to review and approve them. And as Elon Musk has learned, it is often easier to challenge a director’s independence than one might expect.
Violations of Law/The Duty of Good Faith
Causing a company to engage in violations of law violates the duty of good faith and can lead to personal, non-indemnifiable liability.
The 2011 Delaware Court of Chancery Case In re Massey Energy Co. highlights this risk. Massey Energy’s directors and officers were aware of and failed to correct persistent safety violations in the company’s mines, leading to the Upper Big Branch mine disaster, which killed 29 miners.
The total settlement reached was $210 million, which was distributed among various parties including the affected miners and their families.
In addition to his civil liability, Don Blankenship, the former CEO of Massey Energy, paid a $250,000 fine and served a year in prison for conspiring to violate mine safety standards.
Tensions Between Innovation and Regulation
Success in business often requires operating in grey areas, including sometimes in areas where reasonable persons see grey, but regulators correctly or incorrectly see black and white.
The inability of regulators and regulations to keep pace with beneficial innovation is an age-old quandary. If Uber didn’t fairly blatantly violate antiquated taxi regulations across innumerable localities for several years, we’d all still be suffering under a patently inferior transportation paradigm.
Those operating in grey areas and pushing regulatory boundaries for the greater good need to be lawyered-up. They may also need to acknowledge the potential for personal liability and protect against that to the maximum extent possible.
Individual companies and industry associations can also work to achieve regulatory reform through participation in legislative processes in order to reduce risks of personal liability.
Compliance Failures/The Duty of Oversight
The duty of oversight is relatively new and goes beyond the more obvious duty to not knowingly permit violations of law.
Under this duty, directors and officers are not just personally liable for causing or encouraging violations of law, but for failing to establish appropriate compliance safeguards to prevent violations.
The 1996 Delaware Court of Chancery case In re Caremark International Inc. Derivative Litigation set the bar for such claims.
Caremark’s directors allowed kickbacks and illegal payments to go undetected, resulting in the company facing significant fines.
Caremark stands for the proposition that directors can be held liable for failing to implement a system of controls to detect and prevent corporate legal violations.
Claims of this type are often referred to as “Caremark claims” and the case is credited with establishing these “Caremark duties”:
Implement reporting systems: Directors and officers must implement systems to report on key corporate actions
Monitor and oversee operations: Directors and officers must monitor and oversee operations to ensure they are aware of risks and problems
Report red flags: Officers must report red flags that suggest improper oversight
Other cases involving inadequate compliance systems and processes include:
Rich v. Chong (2013), Delaware Court of Chancery
Key Holding: Directors may breach their duty of good faith by allowing false financial reporting and failing to address illegal conduct.
Relevant Breach: The board of China Agritech was found liable for failing to investigate and correct accounting fraud. The directors ignored red flags and allowed false financial reports to be filed with the SEC.
Marchand v. Barnhill (2019), Delaware Supreme Court
Key Holding: Directors can be held liable for failing to oversee and monitor “mission-critical” regulatory risks, particularly in heavily regulated industries.
Relevant Breach: Blue Bell Creameries faced a deadly listeria outbreak, and the board was found liable for failing to implement any food safety oversight mechanisms, despite being in the highly regulated food industry. The court held that food safety was a mission-critical risk that required active monitoring by the board.
This case marked a shift in Delaware law, emphasizing that directors must actively monitor compliance with legal and regulatory requirements that are critical to the company’s operations.
In re Clovis Oncology, Inc. Derivative Litigation (2019), Delaware Court of Chancery
Key Holding: Directors can be liable for failing to monitor compliance with critical regulatory requirements.
Relevant Breach: Clovis Oncology’s board failed to ensure compliance with FDA regulations during a clinical trial for a cancer drug. The board ignored red flags about data integrity issues and misleading public statements about the drug’s progress.
The court emphasized that directors in highly regulated industries have a heightened duty to oversee legal compliance.
City of Birmingham Ret. & Relief Sys. v. Good (2022), Delaware Court of Chancery
Key Holding: Directors can be held liable if they fail to respond to red flags about legal violations and ignore their oversight duties.
Relevant Breach: The board of Pluralsight, Inc. allegedly ignored red flags about violations of securities laws, including misleading earnings guidance and revenue manipulation.
Summary
Creating an entity is just the first step toward avoiding personal liability. Avoiding conflicts of interest, using good judgment, and seeking and following good legal and regulatory advice are also necessary.
Here are some specific takeaways:
-
Avoid alter ego exposure by following excellent “corporate hygiene,” especially with respect to keeping company funds and personal funds completely separate and obtaining appropriate board and shareholder approvals.
-
Avoid self-dealing and seek legal guidance for any decisions or transactions that involve even minor conflicts of interests, such as approving new and significant compensation programs.
-
Involve counsel in considering major transactions, particularly financings and M&A deals.
-
Avoid knowingly violating laws and regulations absent thoughtful guidance from experienced counsel, and preferably from counsel who believe in good faith that the laws or regulations in question are subject to legitimate challenge. Challenging arbitrary, overbroad, and overreaching regulations became much easier in 2024, when the U.S. Supreme Court overturned the Chevron Doctrine in the Loper Bright Enterprises case.
-
Lastly, do not operate in highly regulated areas without first developing an appropriate set of regulatory processes and systems managed by persons with the necessary expertise to implement them.
Those operating in regulatory grey areas might also consider taking appropriate steps to protect their assets from third party claims.