Why prosecutors' focus on the board's role in scandals is bad news.
FORTUNE — Investigations into corporate malfeasance — Wal-Mart’s WMT and Alcoa’s AA alleged violation of the U.S. antibribery laws being only the latest reported examples — traditionally have been focused on company management. That is changing. Enforcement officials, regulators, and plaintiffs lawyers are zeroing in on the roles played by individual directors in the wake of corporate wrongdoing. Directors are now being named individually in shareholder suits and are subject to media scrutiny, and their “version of events” is being sought by regulators. The whistleblower provision of the Dodd-Frank Act is likely to raise the volume of complaints to the SEC against directors. While the business judgment rule often protects directors, it hardly means that they are out of harm’s way.
Directors are particularly vulnerable during investigations of violations of the Foreign Corrupt Practices Act (FCPA). With broad jurisdictional reach and expansive scope, the FCPA prohibits offering or paying “anything of value” to foreign officials to secure a business advantage. Directors who commit or conspire to commit an FCPA violation may be criminally liable in the same way as anyone else. The recently revised U.K. Bribery Act carries even stronger and more expansive prohibitions.
Perhaps the geographic remoteness of potentially illegal activity — out of sight, out of mind — may give directors a false sense of security. But activities in remote locations can become problematic, especially because conduct prohibited by the FCPA isn’t always obvious. For example, the FCPA considers employees of state-owned entities (e.g., a Chinese oil company) foreign officials.
Nevertheless, no matter what the violation, surveys reveal that most directors believe that legal insurance will protect them against alleged misdeeds. That is often not the case. Increasing underwriting risks may persuade insurers to limit coverage and payouts to directors. In the worst case, if their company ends up in bankruptcy, directors may not have access to the funds to pay for coverage, forcing them to dip into their personal assets. Further, reputation risk for individual directors can be even more daunting than tangible-asset risk.
The best protection is a good compliance program, with a committee that understands the anticorruption laws and works with management on the design, reporting structure, and implementation of the program, including a rapid-response and crisis-management plan. By taking compliance seriously, directors can avoid reputational and legal entanglements — not only for their company but also for themselves.
–Faye Wattleton is a managing director and corporate-governance expert at Alvarez & Marsal. Matt Friedrich is a partner at the law firm Boies Schiller & Flexner.
This story is from the December 24, 2012 issue of Fortune.