Caremark Is Not a Chimera: Delaware Supreme Court Charges Directors to Oversee Critical Compliance Risks
On June 19, 2019, the Delaware Supreme Court issued an important decision highlighting an often overlooked aspect of the seminal case addressing director liability for alleged corporate misconduct, In re Caremark International Inc. Derivative Litigation.
The Listeria Outbreak and Plaintiff’s Investigation
Founded in 1907, Blue Bell produces ice cream and frozen yogurt. As such, Blue Bell is subject to exacting FDA and state regulations on food safety.
In 2015, Blue Bell suffered a listeria outbreak at its manufacturing plants. Spreading to the company’s products, the outbreak resulted in the deaths of three consumers. The company was later required to recall all of its products, to shut down production at its three manufacturing plants, and to lay off a third of its workforce. Facing a liquidity crisis after the shutdown, the company accepted an allegedly dilutive private equity investment.
The 2015 listeria outbreak followed years of alleged problems at Blue Bell’s manufacturing plants. Drawing from the complaint’s allegations, the Supreme Court summarized both FDA and state regulator findings of compliance failures from 2009 to 2013 and a series of repeated, positive tests for listeria at the company’s plants starting in 2013.
Heeding the frequent advice of Delaware courts that plaintiffs should use the “tools at hand” before commencing a derivative action, the plaintiff in Marchand demanded Blue Bell’s books and records concerning board-level compliance efforts at the company. The documents received, however, allegedly demonstrated the absence of such efforts. As characterized by the Supreme Court, the complaint alleged that:
there was no board committee that addressed food safety;
there was no regular process or policy for management to apprise the board of food safety compliance;
the board did not schedule a regular consideration of food safety risks or discussion of food safety issues;
the board minutes did not reveal that management presented red or yellow flags about food safety to the board despite the company’s growing problems; and
management provided the board with only favorable information about food safety.
The Court of Chancery dismissed the complaint, holding “‘what Plaintiff really attempts to challenge is not the existence of monitoring and reporting controls, but the effectiveness of monitoring and reporting controls in particular instances.’”
The Supreme Court Finds a Substantial Likelihood of Caremark Liability
Despite the onerous difficulty of pleading and proving a Caremark claim, the Supreme Court held that the complaint alleged specific facts sufficient to support a claim that the Blue Bell board failed in its duty of oversight.
The standard for pleading a Caremark claim is well-settled. Directors fail their duty of oversight when they “ completely fail to implement any reporting or information system or controls, or  having implemented such a system or controls, consciously fail to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”
The Supreme Court held that the plaintiff in Marchand pled sufficient facts permitting the pleading-stage inference under the first prong of Caremark that the board “made no effort to put in place a board-level compliance system.”
That the plaintiff focused on the failure by the board to put in place board-level information systems is itself surprising, as the trial court noted in its opinion. Many Caremark cases in Delaware and federal courts turn on whether a plaintiff has pled facts that the board learned of and ignored so-called “red flags” of corporate misconduct.
The Supreme Court thus did not credit defendants’ argument that they satisfied their duty of oversight because management reported to the board on “operational issues.” While the ability to plead a Caremark claim is high, the Court made clear it is not chimeric.
Applying Marchand Going Forward
The Marchand decision provides guidance for companies and their boards as to how they should design their board-level oversight systems. The decision also leaves open a critical question that will likely be the subject of future litigation: what are the critical compliance risks that a board must oversee?
First, the Marchand decision re-emphasizes the need for board-level information reporting systems. For the critical risks to an organization, it will not be enough to have in place a compliance system at the operational level without affording a means for the board to be informed of the performance of that system. Thus, directors should ensure that policies exist to provide a means for regular reports to the board or its designated committees on mission-critical compliance risks.
Second, when the board receives compliance reports, that compliance reporting will need contemporaneous documentation, whether in board minutes or board-level presentations. Specificity and appropriate supporting detail is warranted. It is not enough to make vague references in a single line of the minutes that the board received reports on “operational issues” and that questions were asked and answered. In the event of an adverse corporate event that could draw future litigation, the absence of a sufficiently detailed written record will be used by plaintiffs to allege that the board failed in its oversight duties. In light of the need for detail, counsel drafting board minutes and materials also must be mindful of the risk that privileged communications could later be discoverable.
Third, while not expressly addressed in the decision, if presented with red or yellow flags revealing potential misconduct, directors will need to satisfy the other aspects of their duty of oversight. Directors will therefore need to understand whether the warning flags indicate an actual problem for the corporation, the scope of that potential problem, management’s proposed response, the need to assign accountability, and what follow-up will be necessary to ensure that any corrective actions taken by management are effective.
While reaffirming the guidelines for directors in exercising their oversight duties, the Marchand decision leaves open an area of uncertainty that will likely be a significant topic of future litigation. Specifically, what compliance risks are “central,” “essential,” or “mission critical” to an organization? A board cannot be expected to receive reports on every operational violation of compliance procedures. To impose such a requirement would clog board meetings with trivial details that do not require board attention. In Marchand, the Court was free not to address this issue because Blue Bell did one thing: manufacture ice cream and frozen yogurt sold throughout the south and southwest. Food safety was an obvious critical risk. But what actions should the board of directors for a company with global operations or a diverse business platform take? The Court was not asked to answer this question, though basic principles provide guidance.
Directors will need to exercise their business judgment to identify the organization’s critical risks. In endeavoring to do so, directors will necessarily rely on internal and external experts. By engaging with experts believed to be qualified for the tasks at hand, and documenting that engagement, directors should be able to obtain the protection of Section 141(e) of the Delaware General Corporation Code, which protects directors for their good faith reliance on a company’s internal records and the advice of knowledgeable employees and advisors. Practically, management and the board should focus on those risks that, whether due to scale or scope, pose an existential threat to the business. And for a public company, management and the board should consider whether there are reasonable board-level reporting procedures for the business risk factors identified in the company’s annual reports—at the very least, one can expect that plaintiffs seeking to invoke Marchand will look to those risk factors in the future.
The Marchand decision demonstrates that a Caremark claim is predicated on process and controls. Rather than focus on the process employed by directors in evaluating a business transaction, Caremark requires a court to focus on the steps directors take to inform themselves not only of problems or risks at the organization, but also on the organization’s underlying controls and compliance systems. In taking steps to inform themselves in good faith of compliance risks, and then applying their business judgment to any problems that actually arise, directors will protect the organization, its employees, customers, and community, and themselves from the risk of future harm or liability.