Mission Critical ESG and the Scope of Director Oversight Duties

How can shareholders hold directors accountable for paying insufficient attention to the broader interests of society? In the past few years, several ESG issues have become a source of major risk for companies and their shareholders. Even if the behavior in question is not punishable by law, failure to address critical ESG concerns could harm a company’s reputation and ability to attract and retain talent, access capital, or sell products. The ESG literature has mostly focused on classic corporate governance mechanisms for shareholders to hold directors accountable, from voting with their feet by investing based on ESG criteria to voting with their hands by replacing directors who are inattentive to climate-related risks with “green directors”.

But shareholders could also file a derivative action, claiming that directors have breached their oversight (Caremark) duties. Corporate legal scholars have traditionally dismissed this approach, reasoning that Caremark is a toothless tiger. This belief has become outdated. Over the past two years, Delaware courts have revamped their Caremark framework. There is no longer any question about Caremark’s relevance; only its scope remains unclear. Would the courts be as willing to apply enhanced scrutiny and grant pre-suit discovery even when behavior involves nonlegal risks? My new article explores this question, and makes the following three contributions.

First, a careful reading of the case law reveals that the relevant question when determining Caremark’s scope is not whether a risk is “legal” or “reputational,” but rather whether the risk is “critical” to the company’s success. In the past, Caremark litigation revolved around clear illegality, such as a pharmaceutical company’s kickbacks to physicians. Today, though, Caremark cases increasingly involve reputational risks, such as the risk created when a board neglects product safety even though the company has technically met regulatory requirements. We can therefore conclude that directors who are not mindful of ESG risks that are critical to their company’s success face a very realistic threat of Caremark litigation.

Second and relatedly, the key question becomes what makes certain ESG risks “mission critical” and therefore subject to a realistic Caremark threat? One way to distinguish between critical and non-critical risks is to look at their potential impact on the company’s reputation. Not all ESG risks affect reputation. It is tempting to assume that because trillions of dollars are being invested according to ESG criteria, any ESG risk could have a critical effect on the company’s reputation and should therefore be on boards’ agendas. But systematic empirical studies show that most ESG news hardly affects markets and so do not fit squarely within Caremark’s framework.

In some cases, deciding whether an issue is critical is intuitive. Product safety is definitely mission critical for manufacturing companies (pace Boeing). Cybersecurity is probably mission critical for companies handling the private data of millions of users (pace Marriott). From there, things get cloudy. Is climate change mission critical for companies that do not emit substantial amounts of carbon? Is racial diversity and inclusion critical for companies looking to attract a high-quality millennial employees?

When examining these questions, it is important to keep in mind that the Caremark framework usually affects behavior not necessarily by imposing legal sanctions on directors, but rather indirectly, by subjecting directors to the nonlegal (emotional and reputational) costs of going through discovery. Accordingly, to evaluate Caremark’s potential impact on a certain ESG issue, the important question is not whether judges are likely to ultimately rule in favor of plaintiffs but rather whether judges are likely to grant pre-suit discovery (ruling in favor of plaintiffs in Section 220 actions) and draw inferences against directors at the pleading stage (ruling in favor of plaintiffs in motions to dismiss, on the way to full discovery).

From this perspective, it seems as if the threat of Caremark liability depends on the relevance of each element of ESG: “Governance” risks are in general more relevant than “Social” risks, which are in turn more relevant than “Environmental” risks. For example, cybersecurity risks are likely to count as mission critical for many businesses, whereas climate-related risks may count as critical for relatively few; and outside shareholders may find it especially difficult to locate smoking-gun type evidence linking board inaction to climate-related harms.

Finally, my article evaluates the social desirability of extending Caremark to nonlegal risks. As long as a nonlegal risk is critical, there is no good reason why Caremark should not apply to it in principle. Still, there are good reasons to be especially careful when scrutinizing a company’s oversight of reputation risks. In particular, the costs of judicial bias resulting from hindsight seem greater in such cases. Compared with legal requirements, nonlegal requirements tend to be less easily identifiable and less predictable. A reputation risk that seems critical in 2022 may not be critical in 2024. A reputation risk that is critical in one region is not in another. And within the same region, different stakeholder groups have different beliefs and expectations for companies. Planning for how stakeholders may perceive one’s company in hypothetical future scenarios involves predicting human behavior on a mass scale, under great uncertainty, and with many company-specific determinations. These are exactly the types of decisions that we normally do not want courts to interfere in with the benefit of hindsight. Judges should therefore be more conservative in granting inspection rights and drawing inferences based on constructive knowledge in the pleading stage in such cases.

Nothing in my analysis suggests that corporate managers should not do more to promote broader interests of society. When we conclude that a certain ESG issue is not critical to a company’s success and not subject to Caremark liability, we might still want directors to take action. Corporate law enables directors to pay attention to issues that are not critical to a company’s success and subjects them to personal liability for not paying attention only when the issue is critical to the company’s success. Still, when calibrated properly, corporate law’s oversight-liability doctrine can supplement (not substitute for) other tools for bringing positive change to corporate behavior.

This post comes to us from Roy Shapira, professor of law at Reichman University. It is based on his article, “Mission Critical ESG and the Scope of Director Oversight Duties,” which is forthcoming in the Columbia Business Law Review and available here.