The Caremark decision set a high bar for plaintiffs to scale in asserting a board’s failure to comply with the duty of care and loyalty standards. As Protiviti’s Jim DeLoach addresses, a 2019 decision applied that standard in ruling for the plaintiff on a critical operational risk matter.
A landmark case before the Delaware courts in 1996 was Caremark International. Inc. Derivative Litigation. The decision in Caremark clarifies the board’s duties in the context of its oversight activities. In that case, the shareholders of Caremark International Inc., in a derivative action, alleged that the company’s directors, in neglecting to effect sufficient internal control systems, breached their duty of care. Because of this neglect, the civil action alleged, Caremark employees were able to commit criminal offenses that resulted in significant fines and civil penalties of more than $250 million.[1]
In addressing a board’s oversight responsibility, the court outlined what a plaintiff must prove to demonstrate that directors breached their duty. Specifically, plaintiffs would have to show either (1) that the directors knew or (2) should have known that violations of law were occurring and, in either event, (3) that the directors took no steps in good faith to prevent or remedy that situation and (4) that such failure resulted in the losses alleged in the complaint.[2]
In essence, the fundamental issue underlying a board oversight inquiry is “whether there was [a] good faith effort to be informed and exercise judgment.” Director liability for a breach of this duty may, “in theory, arise in two distinct contexts:
- First, such liability may be said to follow from a board decision that results in a loss because that decision was ill advised or ‘negligent.’
- Second, liability to the corporation for a loss may be said to arise from an unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss.”[3]
The test outlined in Caremark has proved to be a high burden for the plaintiff bar to overcome. Indeed, it has been stated, “[Under Delaware] law, director liability based on the duty of oversight is possibly the most difficult theory … upon which a plaintiff might hope to win a judgment.”[4]
But in 2019, the Supreme Court of Delaware overturned a decision by the Delaware Chancery Court, ruling that a plaintiff (Marchand, et al.) indeed scaled the Caremark standard in a case involving Blue Bell Creameries. Blue Bell recalled all of its ice cream products and shut down all of its production operations in 2015 after the Food and Drug Administration and several state health agencies found evidence of the listeria bacteria in its products, which resulted in the death of three people. As the company’s revenues dropped substantially, it fired or suspended more than half of its workforce and ceased paying distributions to its limited partners. Ultimately, it was fined by government authorities for its poor safety policies and practices.[5]
The plaintiffs brought a complaint that the board breached its common law fiduciary duties. In ruling for the plaintiff (the Marchand decision), the court noted: “Directors have a duty to exercise oversight and to monitor the corporation’s operational viability, legal compliance and financial performance. A board’s utter failure to attempt to assure a reasonable information and reporting system exists is an act of bad faith in breach of the duty of loyalty.”
In reaching its decision, the court was compelled by the simplicity of the company’s business model, the obvious enterprise risk of food safety, the lack of board focus on overseeing food safety issues and the absence of protocols by which the board expected to be advised of food safety reports and developments. It was concerning to the court that when “yellow and red flags about food safety were presented to management, there was no equivalent reporting to the board and the board was not presented with any material information about food safety” during the critical period leading up to the three deaths. In the court’s view, these facts created “a reasonable inference that the directors consciously failed to attempt to ensure a reasonable information and reporting system existed.”[6]
Whether this decision opens the door for Delaware case law to evolve in the coming years remains to be seen.
Observations from the Blue Bell Case
- Never truncate the process with a list of risks – Align the board’s oversight with the company’s most significant risks, given its strategy and business model. Periodically listing out risks and doing nothing else falls short of effective oversight.
- Delineate full board and standing committee roles – The complaint in the Blue Bell case alleged that, despite the importance of food safety, the board had no committee overseeing it, no full board-level process to address it and no protocol by which the board expected to be advised of developments relating to it. When delegating responsibilities to its committees, the full board should ensure the key risks are covered and information flows are sufficient to apprise it of critical matters.
- Prioritize the critical enterprise risks – Focusing on the vital few by differentiating them from the trivial many targets the board’s attention on the big picture. In the Blue Bell case, the court viewed food safety risk as the proverbial elephant in the room.
- Set the risk escalation/monitoring protocols – In understanding who is responsible for the key risks, the broad strokes of the risk responses in place and the nature of any issues arising from them, the board should satisfy itself that mission-critical matters are monitored effectively and that, when significant issues arise, they are escalated in a timely manner to its attention, especially those related to compliance. In the Blue Bell case, had the board put in place an information and monitoring system, that might have avoided the reversal of the Chancery Court’s opinion and helped substantiate its “we-weren’t-told-anything-until-it-was-too-late” defense. A hands-off, inactive approach, such as when Blue Bell’s directors apparently left the matter to management after finally recognizing the full magnitude of the problem, is not going to cut it.
- Allow time on the board agenda for risk oversight – Executives responsible for managing risk should be positioned to succeed with appropriate policies, processes, reporting and systems. The board should work with the executive team to make sufficient resources available for managing the critical risks.
- Pay attention to company culture – Organizational culture and performance incentives come into play in the Blue Bell case because it is inexplicable that management did not inform the board of the matters in question. The board should have complete confidence that management will act promptly to inform it when mission-critical issues of any nature arise.
- Maintain minutes concerning critical risk matters – According to the court in the Blue Bell case, “minutes from the board’s … meetings are bereft of reports on the listeria issues … [and] revealed no evidence that these were disclosed to the board.” These findings suggest an expectation of management escalating mission-critical matters to the board on a timely basis, of the board setting escalation protocols and for evidencing that such matters were discussed by the board in meeting minutes. As noted earlier, it was troubling to the court that the board left the company’s response to management instead of holding more frequent emergency board meetings to receive constant updates.[7]
Based on unique facts dealing with a food safety and compliance matter, the Blue Bell Creameries case is a continuing evolution of the Caremark standard. An excerpt from the remanding Marchand decision tells the story: “If Caremark means anything, it is that a corporate board must make a good faith effort to exercise its duty of care. A failure to make that effort constitutes a breach of the duty of loyalty.”
In essence, the court’s decision neither breaks new ground nor sets an expectation that the board manages risk. It reiterates that the board provides the oversight that gives it assurance that management is getting the job done by putting in place reasonably designed policies, procedures and practices to mitigate critical risks. It is a wake-up call for boards to ensure that their risk oversight process is responsive to fiduciary standards.
Questions for Boards and Senior Management
Following are suggested questions that boards of directors may consider, based on the risks inherent in the organization’s operations:
- Has the board assessed its oversight process to ensure that appropriate risks are considered and that it reflects current business realities? Is it satisfied that risk monitoring and escalation protocols are up to date and address the risks that matter? Is management escalating key issues in a timely manner, particularly those pertaining to compliance matters affecting business viability?
- Is the board satisfied it is engaging management constructively on risk matters? Is it satisfied an effective information and reporting system (e.g., people, processes, organizational structure, reporting and other infrastructure elements) is in place to inform it as it discharges its responsibilities?
[1] “In Re Caremark International. Inc. Derivative Litigation,” Court of Chancery of Delaware, August 16, 1996, available at https://law.justia.com/cases/delaware/court-of-chancery/1996/13670-3.html.
[2] Ibid.
[3] Ibid.
[4] Jack L. Marchand II v. John W. Barnhill, et al. and Blue Bell Creameries USA, Inc., Supreme Court of the State of Delaware, June 18, 2019, available at https://law.justia.com/cases/delaware/supreme-court/2019/533-2018-0.html.
[5] Ibid.
[6] Ibid.
[7] Ibid.