Breach of the duty of oversight claims against Delaware directors are known as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” The plaintiff must successfully argue that the directors either “utterly failed to implement any reporting or information system or controls” or “having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” These “Caremark claims”—named after the Court of Chancery’s seminal decision in this area, In re Caremark International Inc. Derivative Litigation—require well-pled allegations of bad faith (i.e., that “the directors knew that they were not discharging their fiduciary obligations,” a standard of wrongdoing “qualitatively different from, and more culpable than . . . gross negligence”) to survive dismissal. As a result of these high pleading standards, Caremark claims have historically had limited success.
Four recent decisions have renewed focus on Caremark claims, including two that survived motions to dismiss. Our takeaway from these cases is that while they do not necessarily represent a change in the law regarding Caremark claims, they do indicate a willingness by the courts to permit these claims to go forward, particularly for boards in heavily regulated industries where the implementation and efficacy of corporate compliance and related reporting systems and controls are “mission critical” corporate risks. This may be due to the relative ease with which plaintiffs can plead board oversight failures and survive a motion to dismiss by pointing to a single catastrophic regulatory failure, but it is nevertheless significant from a practical perspective. If, however, a board has made a good faith effort to put in place and monitor a “reasonable compliance and reporting system,” the Delaware courts likely will not hold directors personally liable for a breach of their duty of oversight even if illegal or harmful activities are not detected.
Recent Caremark Decisions by Delaware Courts
- Earlier this year in Marchand Barnhill (discussed here), the Delaware Supreme Court reversed the Court of Chancery’s dismissal of Caremark claims brought against the directors of Blue Bell Creameries USA, Inc., one of the largest U.S. producers of ice cream. The case related to a 2015 listeria outbreak in Blue Bell’s manufacturing plants that caused three deaths and led the company to recall all its products, shut down all production and lay off a large portion of its workforce. The resulting liquidity crisis forced Blue Bell into a transaction that was highly dilutive to its stockholders.
- In holding that the plaintiff’s Caremark claims should survive a motion to dismiss, the Delaware Supreme Court closely examined Blue Bell’s alleged food safety practices and concluded that the allegations supported a reasonable inference that the board failed to implement any system to monitor food safety performance or compliance. While the court acknowledged that Blue Bell had certain FDA- and state-required food safety practices in place, nominal compliance with such regulations did not mean that “the board implemented a system to monitor food safety at the board level.” For the court, that there was no board-level monitoring system was especially problematic since food safety was “essential and mission critical” for a monoline food producer like Blue Bell.
- Shortly after the Supreme Court’s opinion in Marchand, the Court of Chancery reached the opposite result in Rojas Ellison (found here) and dismissed Caremark claims brought against the directors of J.C. Penney Company, Inc. The case related to claims that the directors disregarded their responsibility to oversee the company’s compliance with state laws governing price-comparison advertising. The court rejected plaintiff’s “faint-hearted” attempt to argue that the board did not implement any reporting or information system or controls, noting that it was clear the company had a board-level reporting system in place to monitor compliance with laws and regulations. The plaintiff also alleged that the directors breached their oversight duties by ignoring a “red flag” in the form of a consumer class action settlement by J.C. Penney for ongoing violations of the state laws. The court rejected this argument, noting that in this case the settlement was not a red flag because when discussed at the board level, it was done “without any admission of liability, with an express acknowledgment that the [c]ompany was not then violating any . . . laws, and with a commitment to implement a program to ensure continued compliance with [relevant] laws going forward.”
- The Court of Chancery again permitted Caremark claims to survive a motion to dismiss in In re Clovis Oncology, Inc. Derivative Litigation (found here). Clovis, a biopharmaceutical firm, was, like Blue Bell, a company in a highly regulated industry whose business was dependent on a single product. For the clinical trials of this particular cancer drug, Clovis purported to adopt a widely accepted, industry-standard protocol for measuring drug efficacy, but deviated from the protocol in reporting on the clinical trials to the FDA and investors. When the FDA required that the company comply with the protocol, it was forced to inform investors that the drug was less effective than previously thought, and the company’s stock price dropped sharply. Unlike the Supreme Court in Marchand, the Clovis court recognized that the company had in place a board-level compliance system and that the board reviewed detailed information regarding the drug’s clinical trial at each of its meetings. Nevertheless, in the court’s view, the board failed to monitor the compliance systems and ignored a series of red flags related to the trials. Importantly, the decision noted that courts are more inclined to find Caremark liability “when a monoline company operates in a highly regulated industry.” In this regard, board oversight of the company’s compliance with positive law is distinguishable from “management of business risk” inherent in the business plan. Here, regulatory compliance risk was itself “mission critical,” and plaintiffs sufficiently pled that the board knew of, yet failed to act on, management’s allegedly improper deviation from the protocol when reporting clinical trials to investors.
- Most recently in In re LendingClub Corp. Derivative Litigation (found here), the Court of Chancery dismissed Caremark claims brought against the board. The litigation related to a series of problems that surfaced following internal investigations initiated based on whistleblower reports at LendingClub, including (i) the sale of non-conforming loans to an institutional investor, (ii) the failure by the CEO and Chairman to disclose personal interests in a company investment and (iii) non-GAAP-compliant valuation adjustments that led a LendingClub subsidiary to exceed the investment parameters of one of its managed funds. Once discovered, LendingClub publicly disclosed these problems and its remediation efforts, and self-reported the misconduct to the SEC. Although the SEC issued a cease-and-desist order, it contemporaneously praised the LendingClub board’s self-reporting, thorough remediation efforts and cooperation with the SEC’s investigation. In dismissing the Caremark claims, the court concluded that the board and its committees implemented internal controls which they adequately monitored with respect to the various problems uncovered by the company’s internal investigations. The court noted that the plaintiff did not allege a “single fact” of the board’s acting in bad faith.
What Do These Cases Mean for Boards of Directors?
For the vast majority of companies, these decisions should not result in significant changes in board behavior. Notwithstanding the seeming back-and-forth of the outcomes in these decisions, some takeaways are as follows:
- Highly regulated industries beware. Marchand and Clovis suggest that Delaware courts are more inclined to find Caremark liability where “a monoline company operates in a highly regulated industry.” That is because regulatory compliance for these companies should be considered “mission critical,” and boards in such industries should ensure that they implement reasonable compliance policies and programs and require periodic board level reporting on the function of such programs and any issues identified as a result of these programs. As noted in Clovis, this type of key regulatory risk requiring compliance with positive law can be distinguishable from the overall package of business risks that boards oversee and that may be more or less critical to varying degrees.
- Minutes should reflect what the board considered and can serve as a powerful defense in Caremark cases. In Marchand, the court noted that the board minutes contained no references to management reports to the board on, or any other references to, the food safety issues that Blue Bell was experiencing or food safety compliance generally. Thus, taking plaintiff’s allegations on their face and with no additional record, the court had to assume that the board did not exercise any oversight of these matters. Contrast that with LendingClub where there was an extensive record of board action from implementation of a compliance program and reporting systems to appropriate board level action and remediation once violations came to the board’s attention; and also to Rojas where the court specifically cited to the audit committee’s mandate to oversee risk in its charter, and audit committee and board minutes indicating that the board was updated on and discussed the pricing issues. Thus, these cases serve as a reminder that corporate documents and appropriately detailed minutes that are created on a contemporaneous and timely basis can shield directors from liability and support dismissal of Caremark claims at earlier stages of litigation.
- Directors should deploy what they know. While directors with special professional qualifications are not held to a higher standard in Caremark cases, the court noted in Clovis that the board there consisted of industry experts and, therefore, it was reasonable to infer the experts would have understood the information presented to them as a failure to adhere to the industry-standard protocol. Thus, Clovis is a reminder that, while all directors owe the same fiduciary duty not to ignore known red flags regarding compliance issues, directors cannot shed their qualifications and expertise at the boardroom door, especially when those skills or knowledge may be valuable to fellow directors’ understanding of key issues brought before the board.
- Remediation should be taken seriously and swiftly. In the event of the discovery of any non-compliance or other problems, the board should oversee and document remediation efforts. Further, where appropriate after discussion with counsel, the company should adequately disclose to the stockholders any such non-compliance and the corresponding remediation efforts taken by the company. Self-reporting and cooperation with appropriate regulatory authorities may also be appropriate in certain cases.
 In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 967 (Del. Ch. 1996).
 Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006).
 Id. at 369.
This post comes to us from Paul, Weiss, Rifkind, Wharton & Garrison LLP. It is based on the firm’s memorandum, “Recent Delaware Decisions Signal Renewed Focus on Board-Level Compliance Oversight,” dated November 13, 2019, and available here.