On June 19, 2019, the Delaware Supreme Court issued an important decision highlighting an often overlooked aspect of the seminal case addressing director liability for alleged corporate misconduct, In re Caremark International Inc. Derivative Litigation. In Marchand v. Barnhill, the Supreme Court considered de novo an order by the Court of Chancery dismissing a claim that the members of the board of directors of Blue Bell Creameries USA, Inc., an ice cream and frozen yogurt manufacturer, should face legal liability for a listeria outbreak that spread to the company’s products, resulting in the deaths of three consumers. The Supreme Court reversed. In so doing, the Supreme Court reaffirmed the “bottom-line requirement” of Caremark that a “board must make a good faith effort—i.e., try—to put in place a reasonable board-level system of monitoring and reporting.” The Supreme Court’s decision in Marchand thus reaffirms the necessity of board-level reporting systems related to the “essential and mission critical” compliance risks for an organization. Such reporting systems serve as a first line of defense to protect the corporation, its employees, and customers from harm and the corporation’s directors from claims they failed in their duty of oversight.
The Listeria Outbreak and Plaintiff’s Investigation
Founded in 1907, Blue Bell produces ice cream and frozen yogurt. As such, Blue Bell is subject to exacting FDA and state regulations on food safety.
In 2015, Blue Bell suffered a listeria outbreak at its manufacturing plants. Spreading to the company’s products, the outbreak resulted in the deaths of three consumers. The company was later required to recall all of its products, to shut down production at its three manufacturing plants, and to lay off a third of its workforce. Facing a liquidity crisis after the shutdown, the company accepted an allegedly dilutive private equity investment.
The 2015 listeria outbreak followed years of alleged problems at Blue Bell’s manufacturing plants. Drawing from the complaint’s allegations, the Supreme Court summarized both FDA and state regulator findings of compliance failures from 2009 to 2013 and a series of repeated, positive tests for listeria at the company’s plants starting in 2013.
Heeding the frequent advice of Delaware courts that plaintiffs should use the “tools at hand” before commencing a derivative action, the plaintiff in Marchand demanded Blue Bell’s books and records concerning board-level compliance efforts at the company. The documents received, however, allegedly demonstrated the absence of such efforts. As characterized by the Supreme Court, the complaint alleged that:
- there was no board committee that addressed food safety;
- there was no regular process or policy for management to apprise the board of food safety compliance;
- the board did not schedule a regular consideration of food safety risks or discussion of food safety issues;
- the board minutes did not reveal that management presented red or yellow flags about food safety to the board despite the company’s growing problems; and
- management provided the board with only favorable information about food safety.
The Court of Chancery dismissed the complaint, holding “‘what Plaintiff really attempts to challenge is not the existence of monitoring and reporting controls, but the effectiveness of monitoring and reporting controls in particular instances.’” The trial court held that this theory did not state a claim under Caremark.
The Supreme Court Finds a Substantial Likelihood of Caremark Liability
Despite the onerous difficulty of pleading and proving a Caremark claim, the Supreme Court held that the complaint alleged specific facts sufficient to support a claim that the Blue Bell board failed in its duty of oversight.
The standard for pleading a Caremark claim is well-settled. Directors fail their duty of oversight when they “ completely fail to implement any reporting or information system or controls, or  having implemented such a system or controls, consciously fail to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” Consistent with the business judgment rule, directors have broad discretion to design and to implement a reporting system, taking into consideration the “context- and industry-specific approaches tailored to their companies’ business and resources.” Nonetheless, the fundamental rule of Caremark remains that, to act in good faith, a board must at least try to put in place a reasonable, board-level system for monitoring and reporting compliance risks.
The Supreme Court held that the plaintiff in Marchand pled sufficient facts permitting the pleading-stage inference under the first prong of Caremark that the board “made no effort to put in place a board-level compliance system.” The Court reached this conclusion despite the presence of safety procedures as part of the company’s day-to-day operations—e.g., employee safety manuals, occasional audits, and inspections by governmental regulators. But such day-to-day operational safeguards “do not imply that the board implemented a system to monitor food safety at the board level”—particularly because the complaint alleged the absence of evidence that any board-level attention had been given to food safety risks.
That the plaintiff focused on the failure by the board to put in place board-level information systems is itself surprising, as the trial court noted in its opinion. Many Caremark cases in Delaware and federal courts turn on whether a plaintiff has pled facts that the board learned of and ignored so-called “red flags” of corporate misconduct. But as the Delaware Supreme Court’s opinion shows, Caremark also requires both controls within the organization and the board informing itself of the operation of those controls. Otherwise, directors would be “disable[ed] . . . from being informed of risks or problems requiring their attention.” 
The Supreme Court thus did not credit defendants’ argument that they satisfied their duty of oversight because management reported to the board on “operational issues.” While the ability to plead a Caremark claim is high, the Court made clear it is not chimeric. A board must do more than have a routine discussion of operational issues. The board must give attention to the company’s “central compliance risks.” In this case, those risks were food safety. Given the specific factual allegations that the board failed to monitor the risks Blue Bell faced in its monoline business, the plaintiff was able to plead “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment”—that directors failed in their oversight responsibilities. 
Applying Marchand Going Forward
The Marchand decision provides guidance for companies and their boards as to how they should design their board-level oversight systems. The decision also leaves open a critical question that will likely be the subject of future litigation: what are the critical compliance risks that a board must oversee?
First, the Marchand decision re-emphasizes the need for board-level information reporting systems. For the critical risks to an organization, it will not be enough to have in place a compliance system at the operational level without affording a means for the board to be informed of the performance of that system. Thus, directors should ensure that policies exist to provide a means for regular reports to the board or its designated committees on mission-critical compliance risks.
Second, when the board receives compliance reports, that compliance reporting will need contemporaneous documentation, whether in board minutes or board-level presentations. Specificity and appropriate supporting detail is warranted. It is not enough to make vague references in a single line of the minutes that the board received reports on “operational issues” and that questions were asked and answered. In the event of an adverse corporate event that could draw future litigation, the absence of a sufficiently detailed written record will be used by plaintiffs to allege that the board failed in its oversight duties. In light of the need for detail, counsel drafting board minutes and materials also must be mindful of the risk that privileged communications could later be discoverable. Nonetheless, to protect against a claim that directors failed to implement an informational reporting system or disregarded their oversight of that system, boards should ensure that their records contain documentary evidence showing that such a system exists and is being monitored.
Third, while not expressly addressed in the decision, if presented with red or yellow flags revealing potential misconduct, directors will need to satisfy the other aspects of their duty of oversight. Directors will therefore need to understand whether the warning flags indicate an actual problem for the corporation, the scope of that potential problem, management’s proposed response, the need to assign accountability, and what follow-up will be necessary to ensure that any corrective actions taken by management are effective.
While reaffirming the guidelines for directors in exercising their oversight duties, the Marchand decision leaves open an area of uncertainty that will likely be a significant topic of future litigation. Specifically, what compliance risks are “central,” “essential,” or “mission critical” to an organization? A board cannot be expected to receive reports on every operational violation of compliance procedures. To impose such a requirement would clog board meetings with trivial details that do not require board attention. In Marchand, the Court was free not to address this issue because Blue Bell did one thing: manufacture ice cream and frozen yogurt sold throughout the south and southwest. Food safety was an obvious critical risk. But what actions should the board of directors for a company with global operations or a diverse business platform take? The Court was not asked to answer this question, though basic principles provide guidance.
Directors will need to exercise their business judgment to identify the organization’s critical risks. In endeavoring to do so, directors will necessarily rely on internal and external experts. By engaging with experts believed to be qualified for the tasks at hand, and documenting that engagement, directors should be able to obtain the protection of Section 141(e) of the Delaware General Corporation Code, which protects directors for their good faith reliance on a company’s internal records and the advice of knowledgeable employees and advisors. Practically, management and the board should focus on those risks that, whether due to scale or scope, pose an existential threat to the business. And for a public company, management and the board should consider whether there are reasonable board-level reporting procedures for the business risk factors identified in the company’s annual reports—at the very least, one can expect that plaintiffs seeking to invoke Marchand will look to those risk factors in the future.
The Marchand decision demonstrates that a Caremark claim is predicated on process and controls. Rather than focus on the process employed by directors in evaluating a business transaction, Caremark requires a court to focus on the steps directors take to inform themselves not only of problems or risks at the organization, but also on the organization’s underlying controls and compliance systems. In taking steps to inform themselves in good faith of compliance risks, and then applying their business judgment to any problems that actually arise, directors will protect the organization, its employees, customers, and community, and themselves from the risk of future harm or liability.
 698 A.2d 959 (Del. Ch. 1996).
 No. 533, 2018 (Del. June 19, 2019).
 Id., Slip Op. at 30-31.
 Marchand, Slip Op at 2-3.
 Marchand, Slip Op. at 30 (citations omitted) (alterations omitted).
 Id. at 32-34 (emphasis in original).
 See Melbourne Mun. Firefighters’ Pension Trust Fund v. Jacobs, 2016 Del. Ch. LEXIS 114, at *21-22 (Del. Ch. Aug. 1, 2016) (“In practice, plaintiffs often attempt to satisfy the elements of a Caremark claim by pleading that the board had knowledge of certain ‘red flags’ indicating corporate misconduct and acted in bad faith by consciously disregarding its duty to address that misconduct.”); accord, e.g., Wood v. Baum, 953 A.2d 136, 143 (Del. 2008) (affirming dismissal of Caremark claim because plaintiff failed to plead cognizable red flags that were ignored); Towers v. Iger, 912 F.3d 523 (9th Cir. 2018) (same).
 Marchand, Slip. Op. at 30.
 See Marchand, Slip Op. at 36.
 See Wal-Mart Stores, Inc. v. Ind. Elec. Workers Pension Trust Fund IBEW, 95 A.3d 1264, 1278 (Del. 2014) (recognizing a narrow exception permitting stockholders to obtain access to privileged communications in plenary actions or through a books and records action).