Better Late Than Never

Cyber-Risk Oversight and Legal Liabilities of Board Members

It was not long before the world has faced with an outage on the DDOs systems of a tech giant and responsibility claims knocked the door of board rooms, it seems notably essential to remember the legal liabilities of the members of the Board of Directors (“Board”) in times of cyber-crisis. In this article, we examine legal liability of the Board members by staying with general principles in Joint Stock Companies (“JSC”).

 

According to Turkish Commercial Code (“TCC”), JSCs are managed and represented by the Board. As part of that power, TCC requires Board members to act in compliance with “duty of care” under the article 369 of the TCC. That being said, members are required to act as a prudent manager while exercising their duties (such as senior management of the company, supervising of management) and to protect the interests of company.

 

In order to prevent steady increase in rental fees, "The Law Amending the Attorneyship Law and the Turkish Code of Obligations" ("Law") has entered into force upon its publication in the Official Gazette dated 11 June 2022, numbered 31863. The Law has added Provisional Article 1 to Turkish Code of Obligations ("TCO") and thereby temporarily capped rent increase rates at 25% in residential units which were previously capped by the Consumer Price Index (“CPI”). As regulated, the increase in the rental fees determined under the lease agreements, which are renewed for a new lease period starting from 11 June 2022 to 1 July 2023, shall not exceed 25%. On the other hand, the cap regulated under TCO is still applicable and therefore, in the event that the annual average of CPI is lower than 25%, then the lower CPI rate will apply.

As great power comes with great responsibility, if Board members breach their obligations stipulated by law and the articles of association with fault (including negligence), they shall be liable to the company and shareholders as well as the creditors of the company for the damages incurred under the article 553 of TCC. TCC also stipulates that organs or persons who transfer a duty or authority arising from the law or the articles of association to another person based on the law shall not be liable for the acts and decisions of these persons, unless it is proved that they did not exercise due care in the selection of the persons who took over these duties and powers.   

Another restriction on liability is that no one can be held responsible for breaches of the law or the articles of association or corruption beyond his control; this non-responsibility cannot be overridden by justifying the duty of supervision and care.

Share
Blog Resim
NEWS & ANNOUNCEMENTS

Regulations on the Leasing of Properties for Tourism Purposes

The procedures and principles regarding the leasing of residential properties for tourism purposes to real and legal persons are regulated under the Law on the Leasing of Properties for Tourism Purposes and Amendments to Certain Laws Numbered 7464 ("the Law") which was published in the Official Gazette on 2 November 2023. The Law has entered into force on 1 January 2024.

Blog Resim
NEWS & ANNOUNCEMENTS

Legal 500 2024 EMEA Edition

We are elated to announce that our Firm has been ranked as a Top Tier Law Firm in Real Estate and Construction for the 6th consecutive year and Leading Law Firm in Dispute Resolution in Legal 500 2024 EMEA Edition.

 

Put simply, board members may not be held liable if they exercise their duties as diligent as a prudent manager. To better measure the duty of care, “business judgement rule” should be considered as well. On the facts of that rule, decisions taken by the Board members within their commercial discretion may not lead to liability, if the decision is (i) free from conflict of interest or not influenced by a third party, (ii) taken on the basis of appropriate and sufficient information, (iii) in the best interest of the company and (iv) made in good faith.

 

All things considered, since senior management and supervising is non-delegable and inalienable authority, cybersecurity oversight and data governance is a must for the Board to mitigate data-related legal risks. As a noteworthy example, establishing specialized risk or audit committee to oversee cyber risks, having cybersecurity experts on Board and risk management frameworks, regular reporting to the Board etc. may help Board to exercise appropriate oversight and management with due care.

Share