Corporate boards are subject to a duty of oversight, as part of their duty of loyalty to their company. As outlined by Delaware’s famously stringent Caremark standard, pleading a violation of that duty is often difficult. However, the Delaware Court of Chancery has issued several recent opinions addressing duty of oversight claims where they held the plaintiffs successfully met the Caremark standard. These decisions serve as important reminders for corporate boards to thoughtfully carry out their oversight duties, in order to ensure that their internal controls, reporting systems, and other oversight-related practices are sufficiently comprehensive.
The Caremark standard requires a plaintiff to show that one of two conditions are met in order to establish a violation of the duty of oversight. First, a plaintiff can allege that directors “utterly failed” to implement any reporting or information system controls. Second, a plaintiff can allege that directors consciously failed to monitor or oversee such a system, leading to their failure to keep apprised of risks facing the company.
This standard is difficult to meet, especially as duty of oversight claims are often brought in the derivative context. Under Delaware law, derivative lawsuits are governed by Court of Chancery Rule 23.1, which requires a stockholder to plead “particularized facts” showing that a demand on a corporate board would have been futile. Thus, for derivative complaints asserting oversight violations, a stockholder must include particularized factual allegations that either the board did not establish any reporting or monitoring systems, or that the board established such systems but failed to oversee them in a manner that caused damage to the company. Coupled with a general philosophy of deference to corporate governance decisions pursuant to the business judgment rule, a Caremark claim is one of the hardest theories for plaintiffs to successfully allege.
Recently, however, Caremark claims have survived the motion to dismiss stage where one of its two conditions are alleged within an area considered “mission critical” to the company. Delaware courts have defined “mission critical” functions as those that are intrinsic or essential to the business, especially where they are subject to high levels of legal or regulatory compliance. Accordingly, Delaware courts view consumer safety as one “mission critical” area – they have defined airline safety as mission critical in a shareholder derivative lawsuit against Boeing’s board of directors, and food safety as mission critical in a case involving Bluebell Ice Cream. But mission critical functions are not limited to consumer safety, as they have been identified within other essential activities, such as clinical trials at a drug company and financial auditing at an investment company.
When plaintiffs seek to show a violation of the duty of oversight under the first Caremark prong – that the board failed to implement reporting or information system controls – cases that have defeated a motion to dismiss share some similar facts. Courts have been more likely to find sufficient allegations under Caremark’s first prong where the facts show a sustained failure to create oversight structure, often over the course of years. For example, Delaware courts have inferred a lack of oversight when a board does not have assigned committees or roles addressing a “mission critical” area of the company’s business; when meeting histories show minimal, if any, focus on the area; and when whistleblower or other complaints regarding that area have no system by which to reach the board. Additionally, the Court has looked to evidence of actual implementation of controls, such as regularity and quality of meetings.
Boards may also face liability under Caremark’s second prong if plaintiffs show that adequate oversight systems are in place, but directors have not sufficiently monitored the issues in order to inform themselves of risks or problems. This type of allegation often arises where a board fails to address “red flags.” For example, in a case against Clovis Oncology, the Chancery Court explained that directors may be held liable when a red flag is visible to the “careful observer,” meaning that information is available for a director to access and understand as a risk. Additionally, the Court took the board’s active use and reference to faulty data as an inference that the board knew of but ignored issues with the data and its risk to the company.
Recent cases finding complaints to have sufficiently pled Caremark allegations may dovetail with the ever-increasing role of ESG in corporate policy and strategy. Corporate boards may be required to oversee corporate conduct with an eye towards how the company’s financial health intersects with and relies upon its commitment to sustainability, transparency and regulatory compliance. But with these added oversight obligations may come a higher risk of liability if the Caremark standards are not met.
Corporate boards seeking to avoid liability for duty of oversight violations should therefore identify their own “mission critical” areas within the company. In doing so, they can look to the essential functions of the corporation, especially if any are in highly regulated areas. Directors may also want to evaluate what mechanisms are in place to actively oversee these functions, such as creating a committee to specifically review issues relating to mission critical activities. Additionally, the full board may want to hold regular discussions and updates on mission critical aspects of the company’s business, as well as ensuring there are mechanisms by which any complaints or flagged issues reach the board. Not only will these efforts contribute to overall risk management within the company, but they could help to defeat a Caremark claim should the company face one in the future.