Boeing: Rejecting Early Dismissal of Claims Against Directors for Inadequate Risk Oversight

The Boeing Company Derivative Litigation (Sept. 7, 2021) is another in a series of cases in recent years in which the Delaware Court of Chancery has found, in the wake of a “corporate trauma” relating to product safety issues, that the company’s independent directors may have personal liability to the stockholders, under the “Caremark doctrine,” for a failure to have overseen management of the corporation’s core risks. In the Boeing opinion, Vice Chancellor Zurn echoes a number of themes from other recent cases involving so-called “Caremark claims,” and thus provides important guidance with respect to best practices for directors in fulfilling their oversight responsibilities (as discussed in “Practice Points” below).

Key Points

• In recent years, the Delaware courts, at the pleading stage of litigation, have more frequently rejected dismissal of Caremark claims against directors. The express articulation of the standard for pleading a valid Caremark claim has not changed and the courts continue to characterize these claims as among the most difficult upon which a plaintiff might hope to succeed. Also, importantly, each of the recent cases has presented a particularly egregious factual context. Nonetheless, directors should be mindful that, unlike in the past, there is now a trend of decisions in which the court has rejected early dismissal of Caremark
• Plaintiffs’ increased success in Caremark claims surviving the pleading stage is attributable to their more frequent use of books and records demands. With the courts more often granting stockholders’ demands under DGCL Section 220 for inspection of the corporate books and records, and the courts more often granting expansive access to the corporate books and records, stockholder-plaintiffs have been able to uncover information that has helped them craft more particularized pleadings substantiating their claims of lack of board oversight.
• Recent Delaware decisions provide specific guidance for directors in fulfilling their Caremark duties.  Most critically, directors should understand that there is a board-level responsibility to oversee legal and regulatory compliance and other risks relating to the company’s “mission-critical” operations. It is not sufficient to delegate management of these critical risks to senior officers of the company. The oversight process with respect to these types of risks should be formally established and the board’s monitoring of the process should be well documented.

Background. In each of 2017 and 2019, an AIRMAX 737 airplane newly designed and manufactured by Boeing crashed, apparently due to the malfunctioning of an onboard sensor which forced the airplane downward. Moreover, the pilot training provided by Boeing apparently was insufficient to permit pilots to identify and counteract the malfunction. The crashes resulted in the death of all the people on board both flights; the grounding of Boeing’s entire 737 MAX fleet for about two years after the second crash; billions of dollars in fines and other costs; and attendant financial and reputational harm to the company. The commercial airline segment of Boeing went from generating about 62% of the company’s revenue in 2017 to about 45% in 2019. Certain stockholders brought a derivative suit, claiming that the crashes brought to light that Boeing’s directors had failed to oversee and monitor the safety and airworthiness of the company’s aircraft and thus had severely harmed the company and its stockholders. The court, at the pleading stage, found that it was reasonably conceivable that the directors had failed to fulfill their Caremark duties and so rejected the defendants’ motion to dismiss the claims.

Discussion

The Caremark doctrine. “Caremark claims” are claims that directors breached their fiduciary duty of loyalty by not making “a good faith effort to oversee the company’s operations.” These claims, which if successful can result in personal liability for directors, are known to be (as the Delaware Supreme Court has reiterated in other cases) “among the most difficult of corporate claims” to pursue successfully— because a required element of a claim for breach of the duty of loyalty is “bad faith” (i.e., intentional wrongdoing) by directors. The Delaware courts have established that, with respect to a board’s oversight obligation, only a “sustained or systematic failure of the board to exercise oversight— such as an utter failure to attempt to assure a reasonable information and reporting system exists—will establish the lack of good faith that is a necessary condition to [personal] liability [of directors].” As set forth in a series of Delaware decisions, directors have liability under Caremark only if they either (i) completely failed to establish a system of reporting to the board with respect to the company’s “mission-critical” risks, or (ii) having established such a system, failed to monitor it, including, for example, if they knew of, and consciously ignored, “red flags” indicating that there were problems. Caremark claims most often arise in the wake of a “corporate trauma” relating to fraudulent accounting or noncompliance with laws and regulations relating to safety of a company’s key product.

Recent trend of plaintiff success in Caremark claims surviving the pleading stage of litigation. While in the past Caremark claims almost invariably were dismissed at the pleading stage, in recent years plaintiffs have prevailed in a number of cases in having the court reject pleading stage dismissal of these claims. These cases include the following:

• Clovis (2019): The directors of a biotech drug development company allegedly failed to monitor the development of the company’s only promising experimental drug and allowed the company to publish inflated performance results. The company allegedly engaged in “serial noncompliance” with the FDA’s well-established protocols for a clinical trial to test the drug, most crucially by falsely reporting the drug’s “Objective Response Rate” (which measured the percentage of patients experiencing meaningful tumor shrinkage as verified by confirmation scans), following which the company’s stock price plummeted and the company was liable for securities fraud and significant regulatory settlements and penalties. The board allegedly had received reports that the Objective Response Rate reported to the FDA and publicly was inflated because it included responses not verified by confirmation scans. Citing the vast discrepancies between the company’s public statements and the information the board of directors had received, the court characterized the directors as having approved an annual report “with hands on their ears to muffle the alarms.”
• Marchand (“Blue Bell”) (2019): The directors of an ice cream manufacturer allegedly failed to oversee and monitor the company’s food safety operations. An outbreak of listeria contamination in the company’s plants and ice cream led to the sickening and (in three cases) the death of consumers who ate the ice cream, as well as the recall of all of the company’s products, the shuttering of all of the company’s plants, and, ultimately, a liquidity crisis that led the company to accept a dilutive private equity deal. Even after learning of the listeria contamination problem and consumer deaths, the directors allegedly delegated all authority to management for a response, without any obligation to report back to the board.
• Chou (“Amerisource-Bergen”) (2020): The directors of a drug development company allegedly failed to oversee and monitor the safety of the company’s only drug product. The company allegedly retained “overfill” amounts of the drug in syringes and pooled the excess amounts to fill additional syringes. The pooling process led to contamination of the drug in the additional syringes, which the company apparently knew about and tried to hide. The company was assessed about $900 million in civil and criminal penalties for what the court characterized as allegedly “a criminal enterprise.”
• Hu (2020): The directors on the audit committee of a company based in China allegedly failed to oversee and monitor the company’s critical risks. The committee met only once a year and only for a matter of minutes, notwithstanding that it knew (including from its independent auditor) about material weaknesses in the company’s internal controls, which required a restatement of the company’s financials and resulted in reputational damage.

The court found it reasonably conceivable that the Boeing directors completely failed to establish a process for board-level monitoring of product safety. According to the court, when the AIRMAX 737 was developed, no directors asked anything about product safety. Instead, the board’s “primary concern was how quickly and inexpensively the Company could develop the MAX 737 to compete with Airbus’s [new model].” The board delegated to the CEO “all authority over the multi-year effort to approve the MAX 737’s final specifications, and deliver and build it, without having to return to the Board.” In developing and marketing the MAX 737, Boeing adopted a “frenetic pace” and prioritized expediting regulatory approval and limiting expensive pilot training required to fly a new model. No board committee was specifically tasked with overseeing airplane safety (in contrast to many other companies in the aviation space). While the Audit Committee was tasked generally with overseeing risk and compliance matters, “it did not take on airplane safety specifically.” The Audit Committee knew that Boeing engineers and others raised concerns about the sensor, but, over the several years of the airplane’s design and production, the Audit Committee never asked for information about it. Rather, to the extent the Audit Committee considered safety issues at all, it “primarily focused on financial risks to the Company.” Further, the Audit Committee’s annual updates to the board on the compliance risk management process did not address airplane safety. In addition, the board had no process for receiving internal complaints about airplane safety. The company’s principal internal safety reporting process (the “whistle-blower” process) “had no link to the Board and no Board reporting mechanism.” Thus, the engineers’ and other employees’ safety concerns (relating to issues that apparently directly caused the crashes) “never reached the Board.”

The court also found it reasonably conceivable that, even assuming the Boeing board had established a process for board-level monitoring of airplane safety issues, the board failed to monitor that process, as evidenced by its ignoring red flags that there were serious safety problems. Even after the 2017 crash occurred, the board did not specifically address the safety issues relating to the MAX 737’s. The chief compliance officer’s risk management update to the Audit Committee did not identify product safety as a “compliance risk” for that year. Airplane safety risks were not a regular, set agenda item at board meetings. Management’s occasional communications to the board that related to airplane safety issues continued to focus primarily on “the business impact of airplane safety crises and risks.” Moreover, management did not even notify the board about the crash until a week after it occurred; and, when it called a board meeting, management told the directors that their attendance at the meeting was voluntary to the extent they wanted to obtain information about the crash. Management did not mention to the board what it knew about the causes of the crash or that Boeing had known about the particular vulnerabilities that caused it. The CEO’s response and communications with the board focused on the public relations aspects of the crash, put blame for the crash on the airplane crew, and emphasized that the MAX 737 was safe. There were no minutes for the first meeting of the board after the crash. Even after the second crash occurred, the board received only “sporadic updates” about the MAX 737 from management. These issues were compounded by an apparent long history of regulatory noncompliance and lack of attention to product safety issues at the company, with previous airplane crashes, grounding of airplanes, fines assessed, and so on, over many years.

The case underscores the continuing impact of expanded use of books and records demands. Demands under DGCL 220 to inspect corporate books and records have become a widely used tool for stockholders seeking to substantiate corporate wrongdoing. The court, in a footnote in the Boeing opinion, observed that, prior to the plaintiffs filing this lawsuit, they had pursued and received from Boeing, under a Section 220 demand, over 44,100 documents, totaling more than 630,000 pages. Importantly, the court stated that it was reasonable for it to infer that “exculpatory information not reflected in the document production does not exist.” Thus, for example, where there were no minutes for a meeting, or the minutes did not reflect that airplane safety was discussed, the court concluded that nothing on that topic was discussed at that meeting. Further, the court noted that, at the defendants’ urging, the court considered the defendants’ proffered exhibits to determine if they showed, as the defendants contended, that the plaintiffs had “misrepresented their contents”—but found that the defendants’ exhibits “in fact…support[ed] Plaintiffs’ allegations.”

The court dismissed the claims against Boeing’s officers. The plaintiffs claimed that Boeing’s officers also had liability for a failure to oversee airplane safety. The court dismissed these claims because the plaintiffs had not made demand on the board to bring these claims derivatively. With respect to the claims made against the directors, the court held that, because there was a substantial likelihood of liability for the directors, demand on them to bring the litigation would have been futile (therefore demand was excused and the claims were not dismissed). However, with respect to the claims made against the officers, the court indicated that the plaintiffs did not address the issue of failure to make demand. (For example, they did not allege that the directors were beholden to or dominated by the officers such that the directors could not objectively evaluate a demand to bring litigation against the officers). The court held that demand therefore was not excused (and dismissed the claims against the officers).

Practice Points

• Boards must establish and monitor a system for board-level oversight of the critical risks facing the company. The system should include processes and protocols for reporting to and monitoring by the board, with emphasis on those issues that are central to the company’s business (such as airplane safety for an airplane manufacturing company). The system need not prove to be full-proof or even effective—but it must reflect a good faith effort by the board to be informed on an ongoing basis about the company’s “mission-critical” risks. The court has indicated in other cases that even a company’s actual compliance with applicable regulations does not in and of itself necessarily establish that Caremark duties were fulfilled—rather, these duties require that the board establish and monitor a process for board-level oversight.
• Product safety, material regulatory issues, and financial integrity are issues that merit board-level attention. Particularly once the board becomes aware of a material issue, and certainly in the wake of a “traumatic” corporate event, relating to product safety, regulatory compliance or financial integrity, the board should be involved and informed. The board: (i) should focus on seeking to ensure the safety of its product rather than being solely or primarily preoccupied with the financial, public relations, or litigation risks associated with an event; and (ii) should not delegate all authority to management for product safety without a corresponding obligation to return to the board for approval and oversight.
• Board minutes should reflect the board’s monitoring and oversight efforts. Board minutes should reflect the board’s efforts to establish, implement and maintain oversight systems; the board’s regular discussion of key compliance and other issues; and management’s disclosure to the board of compliance and other key risks and developments. As noted above, in Boeing, the court concluded that product safety was not discussed at any board or committee meeting for which the minutes did not specify that it was discussed.
• It is important that appropriate processes be in place before a corporate crisis relating to mission-critical risks. Of note, in Boeing, after the second crash, one of the directors suggested to the board that the board should be taking a more serious approach toward airplane safety issues. He outlined the procedures he was familiar with at another company (such as annual presentations to the board on product safety issues). The court cited this director’s comments as evidence of the board’s bad faith in that at least some of them knew that the board was not fulfilling its Caremark duties.
•  The recent Caremark decisions underscore the following relating to best practices:
  • A board should identify what the company’s “mission-critical” risks are and the board or a board committee should be specifically tasked with oversight of those risks. The board should formally delegate oversight of the specified mission-critical risks (such as airplane safety for an airplane manufacturer) in the corporate books and records (such as, in the case of delegation to a board committee, in the committee’s charter). A more specific delegation is preferable to relying on the typical delegation to the Audit Committee to oversee compliance generally. A board should be aware of the practices of other companies in its industry with respect to oversight of mission-critical risks and ensure that its own practices are at least as robust. (For example, if others in the airplane manufacturing industry all have an “Aviation Safety” board committee, such a committee should be considered rather than relying on the Audit Committee.)
  • A board should be proactive in ensuring that it receives regular presentations, and all appropriate information, relating to mission-critical risks. Presentations to the board on mission-critical risks should be made by management and the board committee tasked with the oversight responsibility. At least an annual, regularly scheduled presentation should be made, with additional presentations as appropriate. Directors should be proactive in seeking out information if they are not receiving it, both on a regular basis and as required due to developments. Directors should ask questions, request additional information when appropriate, seek information from experts and/or engage outside advisors when appropriate, and so on. After receiving information, they should follow-up on what actions have been taken and the results of those actions and should consider whether more should be done.
  • A board should not ignore “red flags” (or “yellow flags”) about mission-critical risks. Where the board has information, from whatever source, indicating that there is or may be a problem relating to a mission-critical risk, the directors should proactively seek out all relevant information. While management can be tasked with implementing the company’s response to such a problem, the board should determine what the response should be and should monitor the results. Also, the company’s whistle-blower process should include the board. It is not sufficient that whistle-blower complaints go to management without the board being informed. The board should consider expressly tasking a specific board committee with reviewing whistle-blower complaints.