Back to Work: Protect Directors Too

William Regner and Jeffrey Rosen are partners at Debevoise & Plimpton LLP. This post is based on a Debevoise memorandum by Mr. Regner, Mr. Rosen, Sarah Jacobson and Chibundu Okwuosa. Related research from the Program on Corporate Governance includes Monetary Liability for Breach of the Duty of Care? by Holger Spamann (discussed on the Forum here).

As companies refine and implement their return-to-work plans, they must wrestle with complex legal compliance risks posed by the continuing threat of the COVID-19 pandemic. In addition to complying with established laws governing worker safety, accommodation of those with disabilities, and personal privacy, companies will need to ensure that their reopening plans comply with an evolving series of federal, state, and local orders issued in response to the pandemic. While back-to-work plans are necessarily prepared by management taking into account the different needs and regulatory postures of each individual business, the board of directors has an important oversight role.

Any business whose reopening results in sick employees, customers, or suppliers, or which otherwise faces COVID-19 related legal compliance problems, risks claims that attendant corporate losses were the product of failure of oversight—in Delaware, Caremark claims. Caremark claims are named after the Delaware Court of Chancery’s 1996 decision holding that directors are protected by the business judgment rule so long as they have implemented and monitored systems reasonably designed to provide the board and management with sufficient information to facilitate educated decisions about identified legal risks. If directors completely fail to implement any reporting or information system or controls, or, having implemented such controls, fail to monitor or exercise oversight, courts may question whether directors have complied with their duty of loyalty.

While Delaware corporations often include in their certificates of incorporation provisions eliminating monetary liability of directors for breaches of the duty of care, conduct not in good faith, and breaches of the duty of loyalty, cannot be exculpated. Because a Caremark duty is an attribute of the duty of loyalty, practically speaking, this means that a successful Caremark claim can result in personal liability for directors. Breaches of the duty of loyalty likewise may not be covered by indemnification.

While a breach of duty of oversight claim against directors of a Delaware corporation is “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment”, [1] a trio of recent cases has indicated an increased willingness on the part of Delaware courts to allow these claims beyond the pleading stage.

In Marchand v. Barnhill the Delaware Supreme Court reversed a dismissal of a claim that directors breached their duties by failing to adopt reporting and compliance systems. The case involved ice cream manufacturer Blue Bell Creameries, which in 2015 suffered a listeria outbreak causing three deaths. In its aftermath, the company recalled all of its products, shut down all of its plants, laid off over a third of its employees, and, in the ensuing liquidity crisis, accepted a dilutive private equity investment. The plaintiffs sued Blue Bell’s Chief Executive Officer, Vice President of Operations, and directors, claiming that the executives breached their duties of care and loyalty by knowingly disregarding contaminations risks and failing to oversee the safety of Blue Bell’s operations. They also claimed, more specifically, that the directors breached their duty of loyalty under Caremark.

The Court emphasized that it would not review the effectiveness of compliance and reporting systems; instead, Caremark requires that directors make a good faith effort to implement them. Still, the Court noted that food safety “has to be one of the most central issues at the company” given that its only product was ice cream. Plaintiffs alleged that no board committee addressed food safety; there were no protocols to keep the board apprised of compliance issues; there was no regularly scheduled board review of food safety issues; and that, despite numerous “red, or at least yellow flags” received by management, there was no evidence that the board discussed them. According to the Court, “Although Caremark is a tough standard for plaintiffs to meet, the plaintiff has met it here.”

In In re Clovis Oncology, Inc. Derivative Litigation, the Delaware Court of Chancery declined to dismiss claims that directors of Clovis Oncology, Inc. breached their Caremark duties by failing to oversee clinical trials of the company’s most promising drug and allowing the company to mislead the market regarding the drug’s efficacy. According to the court, Clovis’ directors “ignored red flags” that the company was failing to adhere to clinical trial protocols, putting FDA approval of the drug at risk. The court emphasized that “as fiduciaries, corporate managers must be informed of, and oversee compliance with, the regulatory environments in which their businesses operate.” That is “especially so when a monoline company operates in a highly regulated industry”—as was the case for Clovis and, in the Delaware Supreme Court’s decision in Marchand, for Blue Bell Creamery. In Clovis, the court was satisfied that plaintiffs had adequately pled that the directors “consciously disregarded red flags that revealed a mission-critical failure to comply” with clinical protocols and associated Food and Drug Administration regulations.

Most recently, in Hughes v. Hu, the Delaware Court of Chancery denied a motion to dismiss a Caremark claim that directors failed to implement monitor systems designed o ensure the integrity of financial statements. The Hughes case involved Kandi Technologies Group, Inc., a Nasdaq listed company that had “struggled persistently with its financial reporting and internal controls, encountering particular difficulties with related-party transactions” dating back to 2010. In 2014, Kandi Technologies disclosed a material weaknesses in its financial reporting and oversight system, including a lack of oversight by the audit committee and a lack of internal controls over related-party transactions. Three years later, in March 2017, Kandi Technologies announced it would restate its preceding three years of financial statements.

Prior to filing suit, plaintiff stockholder made a demand to inspect the books and records of the company under Section 220 of the Delaware General Corporation Law. While the company produced some audit committee meeting minutes, it failed to produce related-party agreements and review procedures referenced in those minutes. The stockholder then sued to recover damages from the three members of the audit committee, the company’s Chief Executive Officer, and the three Chief Financial Officers who served in quick succession during the years leading up to the restatement. The complaint alleged that the directors “consciously failed to establish a board-level system of oversight” and instead relied “blindly on management” while devoting “patently inadequate time to the necessary tasks.” The court’s finding that the company “conspicuously failed to produce” documents in response to the Section 220 demand led to a reasonable inference that exculpatory documents would have been provided if they existed. Ultimately, the court found a substantial likelihood of liability under Caremark for the failure of the defendant directors to maintain a reasonable system of monitoring and reporting.

We recommend that directors take a systematic approach to fulfilling their oversight duties relating to back-to-work plans.

  • Conduct Risk Assessment: Directors should identify and evaluate the risks posed by the coronavirus to the businesses they are charged with overseeing. Key issues to consider include:
    • Health and safety: risks faced by employees, customers, and suppliers, now and as the pandemic progresses, sanitation protocols, coronavirus testing and tracing, procurement and provision of personal protective equipment, office redesign, transportation, and work from home policies
    • Cybersecurity and privacy issues: security of the virtual environment in which the business operates, capacity of network systems
    • Continuity planning: disruptions experienced and anticipated to the workforce and the supply chain, alternate suppliers, contingency plans in the event of IT outages
    • Financial and business impact: ability to maintain compliance with financial covenants and contractual obligations, liquidity position, ability of the business to avail itself of governmental assistance programs
    • Succession plans: management and the board should have a succession plan at the ready in the event members of management are unable to carry out their duties
  • Information and Reporting Protocols: Directors and managers should consider forming a coronavirus response committee comprised of members of the board as well as management, or expanding the mandate of an existing committee to cover coronavirus response. The committee tasked with responding to the challenges presented by the coronavirus should:
    • Ensure awareness of rapidly evolving orders, rules, guidelines, and recommendations issued by federal, regional, state and local officials and agencies regarding health and safety issues
    • Study industry-specific best practices as they emerge
    • Review management’s plan to ensure compliance with orders, rules, guidelines, and recommendations, and adoption of best practices
  • Routinely Monitor Feedback: Implementing a system reasonably designed to provide directors and management with sufficient information to facilitate educated decisions about identified legal risks is not enough. Directors and managers face the prospect of personal liability under Caremark and its progeny if, after designing and implementing such a system, they ignore the feedback the system provides. Directors should focus on compliance issues as a regular agenda item and, between meetings, via an agreed method of communication, including by e-mail or board management software.
  • Maintain Good Corporate Records: Failing to document the board’s consideration of compliance issues creates a permissible inference that discussions about the risks did not occur. Board materials should reflect the fact that directors:
    • received information, opinions, reports and statements prepared or presented by officers, employees and outside advisors competent in the matters presented
    • asked questions and participated in discussions to ensure their adequate understanding of the issues
    • required follow-ups and action items, if appropriate
    • received additional information, if requested or warranted by changing events
    • reviewed changes to company disclosures bearing on compliance issues


1In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996).(go back)

Both comments and trackbacks are currently closed.