Two recent Delaware decisions may give ammunition to stockholder plaintiffs seeking to assert claims against directors under a Caremark theory for failing to comply with their oversight obligations.  The decisions—Marchand v. Barnhill (“Blue Bell”) and In re Clovis Oncology, Inc. Derivative Litigation—make clear that courts will not give business-judgment rule deference when presented with allegations that directors acted in bad faith by failing to implement or monitor systems of oversight.  Although each case was before the courts on a motion to dismiss and therefore did not finally adjudicate the question of director liability, each decision undoubtedly strengthens the plaintiff’s hand in settlement negotiations needed to avoid trial.  Importantly, because these claims are for breaches of the duty of loyalty, directors face the risk of personal liability without the protection of exculpation or indemnification, or possibly even D&O insurance coverage.

Marchand v. Barnhill – the Blue Bell Creameries Case

Blue Bell arose from a 2015 listeria outbreak at Blue Bell’s production facilities that was tied to three deaths and led to a recall of all of Blue Bell’s products, a shut-down of its plants, significant layoffs, and a liquidity crisis that preceded a dilutive private equity investment.  In a June 2019 decision, the Delaware Supreme Court found that the plaintiff adequately alleged the board’s failure to implement any system to oversee compliance with food-safety measures, which was particularly problematic given that Blue Bell was a monoline company, reliant on a single product.

The court focused in particular on allegations that the board had no committee to monitor and oversee food safety and no process to address food-safety issues, such as a dedicated portion of board meetings each year to discuss food-safety compliance.  The court also explained that there was no mandatory protocol to provide the board with food-safety compliance reports, and the court inferred “that there was no expectation of reporting to the board of any kind.”  Lastly, the court focused on allegations that management had received reports with “yellow” and “red” flags relating to food safety, but the board was not given any material food-safety information.  The court acknowledged that the company had complied with state and federal regulations and inspections but concluded that the board was obligated to do more than simply ensure “nominal” regulatory compliance or receive regular reports on general “operational issues,” particularly given the “essential and mission critical” nature of food safety to Blue Bell’s business.

In re Clovis Oncology, Inc.

Roughly four months after Blue Bell, in October 2019 the Delaware Court of Chancery permitted another Caremark claim to proceed beyond a motion to dismiss, because even though the board had implemented an adequate oversight system, it had failed to monitor that system properly or take steps to address management’s alleged disregard of that system.  The court distinguished between a board’s oversight of business risk, for which it has “great discretion,” and its oversight of compliance with regulatory mandates.  The court further explained that director oversight must be “more rigorously exercised” when a company “operates in an environment where externally imposed regulations govern its ‘mission critical’ operations.”

The core theory of the complaint was that the board ignored red flags that management was not following mandatory clinical trial protocols relating to the development of the company’s “mission critical” lung cancer treatment drug.  The court focused on allegations that the board received regular reports that the company was knowingly miscalculating a key measure of the drug’s clinical success.  The court also credited allegations that the board knew of numerous undisclosed and serious side effects relating to the drug, and that clinical trials were compromised by various protocol violations.  The court was also troubled by allegations that the company provided investors with the drug’s inflated success rates while undertaking a secondary equity offering, particularly given that the company’s stock price dropped 70% and the FDA terminated enrollment in all ongoing clinical trials when the actual success rates were disclosed.

Key Takeaways

Because Blue Bell and Clovis Oncology involved motions to dismiss, the courts were required to accept plaintiffs’ allegations as true.  Nevertheless, the decisions provide some important guidance as directors consider how to comply with their Caremark oversight obligations.

• Identify the key risks facing the business and ensure appropriate risk reporting protocols. Directors should confirm that they have identified the key risks in the business and have implemented clear protocols to mandate reports by management on those risks.  The protocols should establish periodic reporting obligations at regularly scheduled board meetings and create mechanisms for reporting on an ad hoc basis.
• Companies with mission critical products, services or platforms should implement specific risk reporting protocols to reflect their importance. Companies whose commercial success relies on specific products or services, or specific operational or technical platforms, should implement specific risk reporting protocols to ensure sufficient board focus on those products, services or platforms.
• Consider periodic review of enterprise risk management procedures. Directors can demonstrate ongoing efforts to comply with oversight obligations by periodically reviewing enterprise risk management procedures to ensure best-practice approaches.  This can include the provision of written materials for directors’ review in advance of meetings even if topics are not specifically discussed during meetings.
• Ensure that the board and management understand affirmative legal or regulatory obligations and specifically monitor compliance with those obligations. Directors of companies operating in regulated industries should ensure that management complies with the specific scheme of regulation and periodically reports to the board on compliance.  Boards should consider the appropriateness of periodic reports from management summarizing material interactions with regulators relating to key risk areas.
• Directors should take steps to address management’s failure to respond to significant legal or regulatory obligations. Directors who become aware of “red” or “yellow” flags indicating management’s non-compliance with significant legal or regulatory obligations should address that non-compliance.
• Meeting minutes should reflect the board’s engagement in the exercise of oversight and monitoring. Minutes of board meetings at which oversight and monitoring are discussed should reflect the information provided to directors, any directions provided by the board reflecting the exercise of oversight, and steps implemented to ensure further reporting by management.

This post comes to us from Davis, Polk & Wardwell LLP. It is based on the firm’s memorandum, “Recent Delaware Cases Reinforce Director Accountability for Risk Oversight,” dated November 14, 2019, and available here.