Recent court decisions have set the stage for greater board accountability for corporate regulatory noncompliance.
A half century ago, Delaware corporate law placed no duty on a board of directors to implement a system for monitoring the company’s regulatory compliance, absent cause for suspicion of wrongdoing. Times have changed.
Under current law, a failure to make a good faith effort to put in place a board-level system of monitoring and reporting constitutes a breach of the duty of loyalty. And Delaware courts have finally started to show that their jurisprudence on oversight liability—known as the Caremark doctrine—actually has some bite. Recent cases provide a window into what the future might hold if this doctrine continues on its current path, inching toward holding fiduciaries accountable for monitoring what has always been required of corporations: legal obedience.
The 1990s marked the first step on this path, with Chancellor William Allen’s dicta in the landmark In re Caremark case. He famously seeded into the opinion the notion that directors might be held liable if they knew or should have known that violations of law were occurring in the corporation, and if they then failed to take steps in good faith to prevent or remedy the situation.
Chancellor Allen expressed doubt that Delaware courts would continue to hold otherwise in the face of a regulatory landscape that increasingly employed criminal sanctions against corporations for violations of environmental, financial, employee, safety, and other regulations, while simultaneously encouraging compliance programs through sentencing guidelines. Nonetheless, Chancellor Allen remarked that, as a matter of fiduciary law, “the theory here advanced is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win judgment.”
Through the 2000s, Chancellor Allen’s remarks proved telling as doctrine developed through settlement opinions and motions to dismiss—but Caremark claims almost never reached fruition in terms of trial liability. In 2006, in Stone v. Ritter, the Delaware Supreme Court validated the original Caremark dicta and situated it in the growing body of good faith case law.
The Court held that “the necessary conditions predicate for director oversight liability” include showing either “the directors utterly failed to implement any reporting or information system or controls” or the directors, “having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” Under either prong, the “imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations.” Such a showing of “conscious disregard” for discharging fiduciary obligations in good faith is a breach of the duty of loyalty.
Up until the very end of the past decade, we witnessed only a small handful of Caremark claims surviving motions to dismiss. As I have observed elsewhere, Delaware courts have prioritized giving directors broad latitude to take business risks by drawing a line at legal risk. And with limited exceptions, courts have allowed Caremark claims to proceed where evidence exists to infer that the board utterly failed to implement a compliance monitoring system or that the directors engaged in disobedience by consciously flouting, violating, or ignoring the law. This high bar and the seeming elusiveness of director liability has led some scholars to remark that oversight responsibility had considerable influence in spurring the adoption of corporate compliance programs, but might practically operate only as soft law.
In just the past year or so, however, several important Caremark decisions have left corporate law observers wondering if the Delaware courts are ushering in a new era of a more “muscular” oversight doctrine.
In Marchand v. Barnhill, the Delaware Supreme Court found the plaintiff-shareholders pled particularized facts to support a claim that the board of Blue Bell Creameries “failed to implement any system to monitor Blue Bell’s food safety performance or compliance.” The company suffered a listeria outbreak that killed three people and caused the company a variety of harms. As a “monoline” business, the Court noted that food safety is a central compliance issue for the ice cream manufacturer, and the complaint therefore created a reasonable inference that the “dearth of any board-level effort at monitoring” was a conscious failure.
In re Clovis Oncology provides another notable example. In that case, the Delaware Court of Chancery held the plaintiffs pled with particularity a Caremark claim alleging that the directors of a biopharmaceutical company “did nothing” after repeatedly receiving signals from managers that the company was violating the U.S. Food and Drug Administration’s clinical trial protocol for its most promising drug. Most problematic was the plaintiffs’ allegation that the board knowingly ignored that the company was “perhaps consciously violating” the clinical trial protocol while “misleading the market and regulators” about the company’s “mission critical product.”
Marchand and Clovis are not alone. In other recent cases, plaintiff-shareholders have similarly survived motions to dismiss, such as in a case involving a board that had “chronic deficiencies” with its audit committee. Plaintiff-shareholders have also succeeded in requests for books and records to investigate Caremark claims— for example, in a suit against Facebook directors related to the Cambridge Analytica scandal.
Whether these recent cases will be the start of a trend toward greater board accountability for oversight of regulatory compliance is uncertain. The foundation has been laid for this future. Corporate law’s commitment to the rule of law certainly supports accountability in instances of egregious monitoring failures and complicity with disobedience. A more robust approach is also possible and would further the public-regarding purpose of the good faith obligation, affirming that oversight responsibility requires that directors actively attempt to carry out their obligations with the aim of full legal compliance.