By Gardner Davis & Danielle Whitley
Board oversight of significant company risk areas and legal compliance deserves renewed attention, as the Delaware Supreme Court recently ruled that monitoring practices that have previously been considered acceptable may constitute a breach of fiduciary duty which could expose directors to personal liability. Directors of both public and private companies are well advised to re-examine the primary risks facing their companies and adopt specific board-level procedures to identify, monitor and mitigate the risks, including legal compliance.
Corporate law requires the board to exercise good faith judgment that the company's information and reporting system is adequate to assure that appropriate information will come to the director's attention in a timely manner as a matter of ordinary operations, so that the board may satisfy its oversight responsibility. The approaches the boards take to monitor the company's affairs will vary because of the different risks and circumstances that face each business.
Historically, claims against directors for breach of the duty to monitor, known among corporate lawyers as Caremark claims, were believed to be among the most difficult legal theories upon which a shareholder plaintiff might hope to win a judgment. Where the shareholder's claim of director liability for corporate loss is predicated upon ignorance of liability creating activities within the organization, only a sustained or systemic failure of the board to exercise oversight was believed sufficient for the suit to proceed to trial.
Directors of General Motors, Citigroup, Duke Energy, UPS, Capital One and DuPont have all successfully defended Caremark claims in recent years.
However, in Marchand v. Barnhill, the Delaware Supreme Court recently imposed substantially more burdensome procedural expectations on corporate directors related to their duty of oversight. As a result, directors face an increased risk from shareholder lawsuits whenever the company suffers damages from a violation of law or other material risk area, unless the board had an active committee charged with continually monitoring these risks or the full board regularly devoted a specific portion of its meetings to risk oversight.
Marchand involved a shareholder suit against the board of Blue Bell Creameries, a Texas based ice cream maker, for failure to provide adequate oversight of food safety and legal compliance. The case arose from a listeria outbreak in 2015, which forced Blue Bell to shut down its plants and recall all products. Three consumers died from eating the contaminated ice cream.
The Blue Bell board met on a monthly basis and received briefings from management on business and operational issues as well as financial performance. A reasonable businessperson might assume that Blue Bell management would alert the directors about increasing food safety problems at the company's ice cream plants. However, the minutes from the meetings reflect that the board knew nothing about the growing risk of listeria contamination.
Under prior Caremark case law, the defendant, Blue Bell directors, should have prevailed because the company had implemented food safety compliance processes and procedures at an operational level, yet the listeria outbreak resulted from a failure of these procedures. Management essentially missed the red flags that should have alerted them to the problem and resulted in corrective action. The trial court dismissed the complaint in Marchand for failure to state a claim.
However, the Delaware Supreme Court reversed, holding the complaint alleged sufficient particularized facts to conclude the Blue Bell board failed to implement any system to monitor food safety risk. The Delaware Supreme Court stated that the board's "utter failure to attempt to assure a reasonable information and reporting system exists is an act of bad faith in breach of duty of loyalty."
Manchand stands for the proposition that it may no longer be enough for the board to wait passively for senior management to advise them of potential legal compliance problems or other material threats to the business. Instead, the directors may be required to proactively seek out risk related information and affirmatively require management and others within the company to periodically report regarding legal compliance and the company's performance on other risk related indicators.
In light of Marchand, boards should re-examine the corporate information and reporting systems and whether they are reasonably designed to provide the board with timely, accurate information sufficient to allow the board to reach informed judgments concerning the corporation's compliance with law and business performance.
Boards should specifically examine the company's primary risk areas and the measures in place to oversee and monitor the corporation's risk management. For example, in Manchand, Blue Bell could only thrive if its consumers believed its products were safe to eat. Therefore, food safety was one of Blue Bell's central risk areas.
Directors are well advised to adopt specific board-level procedures to identify, monitor and mitigate significant risks to the company, including legal compliance. Two board-level procedural safeguards noted with approval by the Delaware Supreme Court in Manchand are appointing a committee to regularly monitor these risks and establishing a regular schedule, such as quarterly or bi-annually, for the full board to examine and discuss these risk areas.
In Manchand, the Delaware Supreme Court suggested that the Blue Bell directors should have required that either the entire board or a committee receive the results of all government health inspections at its plants and all written reports from Blue Bell's outside food safety monitoring firm and that these reports be the topic for regularly scheduled discussion with management.
Manchand also admonishes boards to implement formal protocols requiring senior management to promptly advise the directors regarding indications of potential problems, so-called red flags, related to areas of substantial risk.
The board agendas and minutes should clearly document and describe the board's risk management and legal compliance oversight efforts in order to defend in the event of shareholder claims of failure to monitor.
Corporate directors must understand that the legal liability landscape has changed substantially and directors face increased risk from shareholder lawsuits whenever the company suffers damage from a violation of the law or other material risk area. Boards are well advised to make corporate oversight and monitor a new, higher priority.