paintings / Shutterstock.com
- Implement reporting protocols. Make it clear what needs reporting and how to fully do so or the board of directors could be liable for misdoings.
- Boards must oversee operations. Issues missed because a board didn’t closely monitor operations could cause a board to be held liable.
- Consider creating an executive committee. An executive committee of the board can improve the flow of information that assists management and the board in governing effectively and mitigating risk.
- Stress test. Analyze how well the board is functioning in its oversight responsibilities.
Steering an organization forward to accomplish its mission, please its shareholders, and reach new goals while being on top of governance and mitigating risk is a mighty challenge for boards of directors but one which every organization must be prepared to tackle well.
Classic example: Caremark and board duties
A board’s duty of oversight over the affairs of the corporation was first articulated in the landmark Delaware Chancery Court case, In re Caremark International Inc. Derivative Litigation.
The case of Caremark, a US corporation, is solid law in the state of Delaware and a highly influential decision in the area of corporate governance in other jurisdictions as well. The essence of the Caremark holding is that a board’s failure to attempt to assure a reasonable information and reporting system is an act of bad faith and in breach of the duty of loyalty.
The Caremark case articulated a two-prong standard for board member liability:
- The board must have utterly failed to implement any reporting information protocols over key corporate actions; and
- Even where such restrictions or controls are implemented, liability could nevertheless attach if the board failed to monitor or oversee relevant corporate operations.
Nevertheless, despite providing investors with a powerful tool in bringing shareholder derivative actions against corporate boards, Caremark has been regarded as possibly the most difficult theory in corporate law upon which a plaintiff might hope to win a judgment.
Although this analysis remains true, there have been significant developments since 2019 serving to inform corporations and their boards against becoming complacent in their oversight practices.
The Marchand decision
The first wake-up call after Caremark came with the 2019 Delaware Supreme Court decision in Marchand v. Barnhill).
Marchand involved Blue Bell Creameries USA, Inc., a Texas-based ice cream manufacturer which suffered a listeria outbreak. Three customers died after eating the ice cream and the company had to shut down production at all its plants. One-third of its workforce was laid off during the shutdown, a private equity investment was needed to deal with liquidity, and the investment diluted shareholder value.
While the board prevailed in defense of the derivative suit at the Chancery Court level, on appeal, the Delaware Supreme Court, applying Caremark, found that the board failed to implement reasonable monitoring and reporting systems on mission-critical issues. The specific mission-critical area of concern was food safety, a key area for any food manufacturer or distributor.
Marchand did not change Delaware law; it merely reaffirmed the principles first set forth in Caremark. Marchand made clear, however, that directors have a duty of oversight for mission-critical issues. Directors must implement monitoring and reporting systems to address mission-critical risks and their activities must be clearly documented.
Marchand also provided a few important lessons:
- If you are in the food business, food safety should be a mission-critical concern. Interestingly, the Blue Bell board had no committee responsible for food safety.
- Marchand never proceeded to trial after the Supreme Court reversal of the Chancery decision. Instead, the derivative suit ultimately settled for US$60 million in April 2020. This was a large derivative settlement that certainly caught the attention of the securities litigation and directors and officers (D&O) insurance communities. The terms were confidential, so we do not know whether, or to what extent, insurance proceeds may have funded the settlement.
Although these types of claims remain difficult for plaintiffs to withstand motions to dismiss under Caremark standards, the business judgment rule should remain a powerful defense if the suits are ultimately tried. The key to a successful defense, however, would be that a board-level system of monitoring and reporting is in place and enforced.
The Boeing decision
The second and arguably louder wakeup call came in late 2021 in In re Boeing Company Derivative Litigation.
The tragic underlying facts in Boeing received much media attention. Boeing manufactured the 737 Max aircraft, which was involved in fatal crashes in commercial flights in October 2018 and March 2019. Various investigations established that Boeing was at fault for the aircraft design and operation. Boeing was sued civilly and criminally and paid over US$2.5 billion in penalties and other compensation.
A shareholder derivative suit followed in Delaware Chancery Court, asserting claims similar to those in the earlier Marchand litigation. The Court declined to dismiss the derivative suit and reiterated the Caremark standards and Marchand ruling by the Delaware Supreme Court.
The Court held that board oversight for mission-critical issues must be “rigorously exercised.” The Court found “the directors complete failure to establish a reporting system for airplane safety,” and that the directors failed by “their turning a blind eye to a red flag representing airplane safety problems.”
In particular, the board did not require management to deliver regular safety reports, and management tended to provide only favorable information when it did report.
As in Marchand, this decision did not change the Caremark standard, but it is a reminder that passive oversight will not do with respect to mission-critical issues. While still generally difficult to overcome a motion to dismiss, the Delaware courts are more likely to sustain a well-pled oversight claim on mission-critical issues.
So what then are the Boeing postscripts?
If you are in the aircraft industry, safety is a mission-critical concern.
As in Marchand, this was still a relatively rare example of an oversight claim surviving a motion to dismiss. Recent studies, however, have shown that five of 17 Caremark claims have survived a motion to dismiss over the past 25 years – an almost 30 percent success rate, against a 70 percent rate of dismissal on the pleadings.
Thus, the rarity of these actions surviving a Motion to Dismiss may not be as rare as most commentators suggest. Put another way, the plaintiffs are hitting .300 – not too shabby!
Shortly after the Delaware Chancery decision, the case settled for US$237.5 million. The US$60 million settlement in Marchand was significant, but the Boeing settlement was a real bell-ringer, constituting one of the largest derivative settlements in history.
Lessons for the board and general counsel
There is one hard practical lesson to be learned here: You can never completely prevent litigation over liability due to oversight issues. That being said, steps can be taken to help better defend against these suits, including successfully moving to dismiss, reducing settlement values even after an unsuccessful motion to dismiss, and perhaps even a successful defense at trial, if necessary.
An example of a successful Motion to Dismiss in derivative litigation involving Caremark claims would be that in Construction Industry Laborers’ Pension Fund v. Bingle, No. CV 2021-0940-SG (Del. Ch., decided September 6, 2022). In that case, hackers accessed confidential information of the company’s customers. The shareholders alleged that the company’s stock price subsequently plummeted, and revenue was negatively impacted. Further, it was alleged that the board did not have adequate oversight of cybersecurity risk, which was a “mission critical” concern for this online service provider.
The court noted the proliferation of oversight failure claims, but also noted that simple negligence will not give rise to director liability. Specifically, the court held that “the lack of oversight pled must be so extreme that it represents a breach of the duty of loyalty” and specific pleading of “scienter, demonstrating bad faith. Notably, the court indicated that there were two board committees in place with oversight responsibility for cybersecurity. Although the court found “subpar” reporting from these committees to the full board, this did not constitute an “utter failure” in oversight that would be necessary to sustain a Caremark claim.
But most importantly: Have the right systems in place and vigorously apply and document them.
Another piece of practical advice is to partner with your D&O insurer. The current environment is a hard insurance market, meaning that premiums are high, policy terms may be more restrictive, and insurers can be more selective in choosing what risks to accept. Insurers have become increasingly concerned with environmental, social, and governance issues (ESG) and will look more closely at these potential governance risks at the underwriting stage. It should behoove both brokers and organizations seeking coverage to engage expert consultants, to ensure not only that the best practices are in place and enforced, but also that the corporation is presented to its potential insurers in a more favorable light.
With the foregoing legal background, we will now turn to the practical corporate governance recommendations.
Corporate governance recommendations
The courts found both the Bluebell and the Boeing boards failed in addressing their governance duties in overseeing mission-critical safety issues. In the case of Bluebell, it was food safety. In the case of Boeing, it was airplane safety.
A further powerful example of board governance responsibilities is set out on the US Federal Reserve website in which it describes a bank board’s responsibility to create and enforce prudent policies and practices:
“Directors are placed in a position of trust by the bank shareholders, and both statutes and common-law place responsibility for the affairs of the bank firmly and squarely on the board of directors. The board of directors of a bank should delegate the day-to-day routine of conducting the banks business to its officers and employees, but the board cannot delegate its responsibility for the consequences of unsound or imprudent policies and practices.”US Federal Reserve
Wells Fargo example
When tackling the 2016 Wells Fargo fraud scandal, Fed’s Board of Governors threw the full force of oversight responsibility on every member of the Wells Fargo board, with the performance of each being criticized and effectively removed all of them from their board positions.
Bluebell, Boeing, and the US Federal Reserve response to Well Fargo are prime examples of how crucial it is that boards of directors carefully monitor governance, oversight, and overall management of the corporations for which they serve.
Recognizing those duties, boards are basically faced with understanding and ensuring that the governance structure of their organization is working properly. Stress tests are a key evaluation tool to analyze how well each function performs.
A board stress testing its organization can be quite a sensitive undertaking in its examination of the responsibilities of involved parties. For this reason, and to add to the credibility of the board’s stress testing, well-qualified independent third parties may assist.
Boards, in driving the stress testing, not only contribute to the effectiveness of the operations of the organization, but can attempt to ensure the necessary checks and balances are in place to support the governance, oversight, and management of the organization.
Consider creating an executive committee
Board meetings occur only periodically, which can make it challenging for boards to satisfy all their obligations. An executive committee can improve the flow of information that assists management and the board in governing effectively. A small executive committee can enable the board and the CEO, the CLO/GC, and other members of senior management to interact in a continuous fashion.
While the executive committee can assist the CEO in addressing a broad range of issues by offering its thoughts and insights, the executive committee can also ensure that the voices of the CLO, the chief financial officer, perhaps the chief risk officer, and others will be heard. The board members of an executive committee constitute outside checks and balances, which are recognized as being superior to internal checks and balances.
Furthermore, an executive committee can be a flexible resource to monitor a wide range of developments on a continuous basis. An executive committee can serve as a sounding board for the CEO, general counsel, other members of senior management, and/or independent directors in exploring emerging issues or concerns that may or may not ultimately require a presentation to the full board. Moreover, an executive committee can institute flexible and efficient information processes that start, stop, and change easily and as needed, while in no way usurping the board, nor assuming any of its decision-making responsibilities; instead, facilitating the board’s ability to address its responsibilities.
Accessing internal information
Board and board committees can demonstrate their independence and their insights into addressing their governance, oversight, and management responsibilities by continually examining and identifying internal information which is useful to them in addressing those responsibilities.
Boards have the opportunity to receive, examine, and make decisions based upon an array of internal information. Going beyond the generally accepted accounting principles (often referred to as GAAP) is beneficial. From a financial standpoint, non-GAAP financial reporting can be insightful. One of the most important forms of financial oversight is monitoring cash flows. Board and board committee involvement in the information they are receiving provides multiple benefits to the firm. On the other hand, board or board committees that are seen to rely strictly on management for the information they receive and review are seriously at risk.
The use of an executive committee and the board involvement in selecting information for review are just two examples of steps indicative of a board addressing its governance, oversight, and management responsibilities.
Reduce the organization’s risk
Boards and corporations can never completely eliminate litigation and corporate governance risks. By implementing the guidance provided by Caremark and the other decisions discussed in this article, however, regarding a board’s duty of oversight for mission-critical activities and the corporate governance measures, including use of executive committees, general counsel can put in place a structure to significantly reduce the severity of those risks.
Disclaimer: The information in any resource in this website should not be construed as legal advice or as a legal opinion on specific facts, and should not be considered representing the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical guidance and references for the busy in-house practitioner and other readers. Information/opinions shared are personal and do not represent author’s current or previous employer.