A corporate director’s duty of good faith has evolved over time to include an obligation to attempt in good faith to assure that an adequate corporate information and reporting system exists.
In Caremark (a 1996 decision by the Delaware Court of Chancery – a trial court), the court held that a director’s failure to do so, in certain circumstances, may give rise to individual director liability for breach of fiduciary duty.
Search for the term “FCPA” and “Caremark” and you will find enough reading material to last the rest of the day. However, much of the analysis is thin and more importantly often fails to mention Stone v. Ritter (a more important 2006 decision by the Delaware Supreme Court). Whereas Caremark answered the “could” question, Stone answers the “when” question and the “when” question (when can directors face individual liability for internal control failures) is not nearly the boogeyman that many FCPA commentators make it out to be.