2024 Caremark Developments: Has the Court’s Approach Shifted?

Historically, Caremark claims—that is, claims of breach of directors’ duties of oversight over key risks facing the company—were among the least likely types of claims to lead to director liability; and the Court of Chancery almost always dismissed such claims at the pleading stage. However, in the past few years, the Caremark cases brought by the plaintiffs’ bar have been met with increased receptivity, and the court has found in several cases, at the pleading stage, that it was reasonably conceivable (the Delaware standard to survive a motion to dismiss) that directors or officers may have breached their Caremark duties. Notably, in the most recent Caremark cases, decided in late 2023 and early 2024—Walgreens, Skechers, ProAssurance and Segway (discussed below)—the court has re-emphasized a very high bar to success on Caremark claims.

In our view, however, the facts in these most recent cases arguably were not so egregious as to present a real test of the court’s overall approach to Caremark cases—and, as such, there is no indication that the court would be unlikely to find potential Caremark liability in cases involving egregious facts following the occurrence of an extreme corporate trauma. Indeed, in that very context, recently, the Delaware Supreme Court, in AmerisourceBergen (discussed below), overturned the Court of Chancery’s pleading-stage dismissal of Caremark claims in connection with that company’s role in the national opioid crisis.

Caremark oversight duties. Under Caremark, directors face liability for breach of their oversight duties if, with respect to the key compliance risks facing the company, they have: (i) “utterly failed to implement any reporting or information system or controls” (Prong One); or (ii) “having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention” (Prong Two). Corporate officers also have a duty of oversight under Caremark (as recently established in McDonald’s)—which essentially requires that they report “red flags” suggesting improper oversight up the chain of responsibility (particularly with respect to issues within the officer’s areas of responsibility, but also possibly issues outside those areas if there is an especially “egregious red flag”).

Greater receptivity to Caremark claims in the past few years. Traditionally, the court has stressed that “a Caremark claim is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” The very high bar to plaintiff success on Caremark claims has been primarily due to the necessary element of “bad faith” by the directors (i.e., knowing and intentional violation of oversight duties) and the need to establish demand futility to bring the derivative claim. However, in the past few years, the court has let a few Caremark claims survive the pleading stage. Notably, these cases generally involved egregious facts following an extreme corporate trauma (usually involving the loss of human life and/or health). Further, in the past few years, the court has seemingly expanded the circumstances in which Caremark applies. For example, the court has: considered employment-related issues (such as sexual harassment and, more generally, employees’ safety and welfare) to be “mission-critical risks” to which Caremark duties apply (McDonald’s); considered cybersecurity to be a “mission-critical risk” for all online companies (Bingle/SolarWinds); stated that Caremark duties apply to “key compliance risks” even if not rising to the level of “mission-critical risks” (McDonald’s); and held that Caremark oversight duties apply not only to directors but also to officers (McDonald’s).

In the most recent cases, the court has emphasized the high bar to success on Caremark claims. In Caremark decisions issued in recent months—Walgreens, Skechers, ProAssurance, and Segway—the Court of Chancery has re-emphasized the high bar to success on Caremark claims. Further, noting the proliferation of Caremark cases in recent years (“once rarities,…in recent years [they have] bloomed like dandelions after a warm spring rain,” Vice Chancellor Laster wrote in one decision), the court has reiterated the narrow circumstances in which Caremark would apply and has expressly discouraged the bringing of Caremark claims absent extreme circumstances. In these decisions, the court has stressed that:

• bad faith is a necessary element of a Caremark claim under either prong of the Caremark test;
• generally, only extreme circumstances will substantiate a claim of bad faith; and
• Caremark liability generally applies only to legal compliance risks and not to business risks.

We note, however, at the same time, in the recent AmerisourceBergen decision (discussed below), the Delaware Supreme Court reversed the Court of Chancery’s pleading-stage dismissal of Caremark claims in that case. Although the reversal was based on somewhat technical grounds, it is notable that the Supreme Court permitted Caremark claims relating to legal noncompliance to proceed notwithstanding a federal court’s post-trial finding of legal compliance by the company. In our view, the decision thus confirms that, notwithstanding the other recent court opinions discussed below, the Delaware courts will still be receptive to Caremark claims in the context of egregious facts following an extreme corporate trauma.

Walgreens

In Clem v. Skinner (“Walgreens”) (Feb. 19, 2024), the plaintiff-stockholders claimed that the board of Walgreens Boots Alliance, Inc. (one of the largest retail pharmacy chains in the U.S.) breached Caremark duties by ignoring red flags of an alleged scheme relating to overfilling of, and then overbilling for, prescription insulin pens.

Facts. Walgreens allegedly had programmed its software to dispense five insulin pens (the maximum per box dispensed by the insulin manufacturer) even if fewer pens had been prescribed for the patient. The allegations first arose in 2015 in a whistleblower action in the S.D.N.Y. In October 2016, the U.S. Department of Justice opened an investigation. In January 2017, Walgreens’ Audit Committee and board were informed of the problem. From April through October 2017, the Audit Committee convened six times, and at each meeting received updates from Walgreens’ internal compliance, legal and audit management groups on the investigation and Walgreens’ response to it. In each case, the following day, updates were provided to the full board. The whistleblower action was also discussed at several meetings between October 2017 and January 2018, which included review of a report from the chief compliance officer. In April 2018, Walgreens remedied the problem by reprogramming its system to eliminate the default setting of five pens per box. In November 2018, the DOJ moved to intervene in the whistleblower suit; and, in January 2019, the DOJ and Walgreens announced a $209.2 million settlement, which included Walgreens entering into a corporate integrity agreement with the federal government, mandating various compliance practices.

Holdings. The court dismissed the Caremark claims for failure to plead demand futility, after finding it was not substantially likely that the directors faced liability under Caremark.

Prong One. The court found that the board made a good faith effort to establish an oversight system and monitor it. The plaintiffs’ Complaint itself acknowledged that: the Audit Committee was tasked with overseeing the company’s compliance with legal and regulatory requirements; there were regular discussions of legal and regulatory compliance risks at Audit Committee and board meetings; the Chief Compliance Officer, among others, regularly presented to the Audit Committee on compliance matters and risks; and compliance programs were implemented throughout the relevant periods. The court rejected the plaintiffs’ argument that was based on the oversight systems in place allegedly being ineffective and/or inferior compared to alternative measures. The court stressed that it was in the board’s discretion how to create oversight controls.

Prong Two. The court found that the plaintiffs had not sufficiently plead that the board consciously ignored red flags of company noncompliance. First, the court rejected the plaintiffs’ attempt to use examples of other noncompliance at the company to establish that the board ignored red flags relating to the insulin pens issue. “Knowledge of illegality in one corner of a vast business does not mean that directors were on notice of a distinct problem in another.” Second, the court rejected the plaintiffs’ argument that the board’s knowledge of the DOJ investigation had put it on notice of the non-compliance with respect to the insulin pens. “Whether an investigation becomes a red flag depends on the circumstances. One brought amid strong factual allegations of board knowledge of ongoing legal violations in the wake of federal government enforcement proceedings may present a red flag. The obverse is also true.”

Bad faith. The court stressed that the plaintiffs had not sufficiently plead bad faith by the directors. The court noted that: Walgreens “maintain[ed] a multi-layered compliance infrastructure” (as it is in an industry subject to “a mass of laws and regulations”); the Audit Committee routinely received reports on compliance, legal and regulatory matters; and the Committee and the board were kept apprised of the developments relating to the whistle-blower action, the governmental investigation, and the company’s response. Further, the corporate trauma complained of concerned “an issue well beneath the board’s typical purview”—i.e., “billing practices for a single pharmaceutical product.” Also, the fact that the company ultimately actually remediated the alleged noncompliance was evidence of a lack of bad faith. “The plaintiffs’ grievance that the board’s response came too late and did too little is incompatible with bad faith.”

Key Points.

• Bad faith is a necessary element of a Caremark claim under either of the two Caremark prongs. Bad faith—i.e., a “conscious,” and “sustained or systemic failure” to exercise oversight—is required for Caremark liability, even where a board has put into place allegedly ineffective or suboptimal compliance controls and/or may have ignored red flags of noncompliance.
• Caremark has limited applicability. The court suggested that valid Caremark claims are limited to circumstances where there has been a corporate “calamity” and the injury is not just “financial.”
• Most Caremark claims are invalid. The court stressed that Caremark claims have proliferated; and acknowledged that there have been some cases in recent years in which the court has found potential Caremark liability at the pleading stage. These cases, however, the court noted, concerned “severe corporate trauma and rel[ied] on board records suggesting a complete failure to oversee related core risks.” Most Caremark claims, the court stated, including in this case, have been “[f]ueled by hindsight bias,” improperly seeking “to hold directors personally liable for imperfect efforts, operational struggles, business decisions, and even when the corporation is the victim of a crime.” The court wrote: “In the rare event that directors cross the red line of bad faith and trauma occurs, liability can arise [under Caremark]. But more harm than good comes about if Caremark claims are reflexively filed whenever a government investigation is announced, a class action lawsuit succeeds, or a big-dollar settlement is reached. From a doctrinal perspective, this expansion risks weakening the core protections of the business judgment rule. From a practical standpoint, it drains resources from the very corporations that derivative plaintiffs purport to represent.” The court stated that the plaintiffs, by bringing this case, had “compounded [the financial injury complained of, as the case] impose[d] years of costly litigation on Walgreens.”

Skechers

In Conte v. Greenberg (“Skechers”), the plaintiff-stockholder claimed that the board of Skechers U.S.A., Inc. (a casual shoe company) breached Caremark duties by failing to impose meaningful restraints on the personal use of the company’s two corporate airplanes by three company executives (including the controlling stockholders), allegedly causing harm to the corporation through excessive compensation to the executives and loss of tax benefits by the company.

Facts. The executives’ employment agreements granted them “reasonable” personal use of the aircraft as a perquisite. The executives allegedly used the aircraft for personal travel at least 52 times from 2019 to 2021—with such travel, at its peak (during the pandemic), accounting for more than 50% of each airplane’s use—which allegedly caused the company to lose certain favorable tax treatment and demonstrated that the second airplane was not needed. The executives paid taxes on the value of the flights they took, and, under their employment agreements, the company reimbursed them for the taxes and certain fight-related expenses, totaling $5.3 million. This airplane perquisite compensation generally represented about 0.5% to 4.9% of each executive’s total compensation. (By comparison, the median value in 2015 of such perquisites to executives at S&P 500 companies allegedly was just $54,000.)

Since at least 2018, the Committee had requested information about the executives’ personal use of the corporate airplanes. In March 2018, the Committee requested and received from management data and updates with respect to the executives’ perquisite compensation. In April 2018, the Committee asked the CFO to provide recommendations to curtail airplane usage—but the CFO did not do so. In November 2019, the Committee asked management to draft an airplane usage policy for the Committee’s review—but management did not do so. In 2021, a compensation consultant (engaged by the company for unrelated reasons) recommended that, as matter of good practice, the practice of tax gross-ups for personal use of the corporate airplanes be eliminated.

Holdings. The court dismissed the Caremark claims for failure to plead demand futility, after finding it was not substantially likely that the directors faced liability under Caremark.

Bad faith. The court held that the plaintiff had not sufficiently plead bad faith. The court rejected the plaintiff’s argument that bad faith was established based on the Committee’s having delegated drafting of a policy on executives’ use of the corporate airplanes to management, as management was conflicted given that they relied on the three executives for their continued employment. “[D]elegating the initial drafting of the policy to potentially conflicted individuals d[id] not demonstrate bad faith because the Committee retained oversight over the process and the policy’s contents.” Also, the court rejected the plaintiff’s argument that bad faith was established based on the Committee’s ultimately not having produced a policy restricting personal use of the airplanes. The excessive personal use of the airplanes, even if in violation of the executives’ employment agreements, was not “of such a scope, magnitude, or questionable legality that the only good faith response was to create a policy.” The court stressed that the issue the company faced was “contained” (limited to “the use of two corporate assets by a discrete group of individuals.”

Key Points.

• How a board responds to red flags is within the board’s judgment. Even where Caremark requires that a board respond to red flags, how it responds is within the board’s business judgment. When a board has acted in response to red flags, criticism of the manner and timing of the response is insufficient to establish bad faith for Caremark purposes.
• “Doing nothing” does not necessarily evidence bad faith. Some risks are of such a magnitude that inaction alone can support an inference of bad faith—in such cases “there is only one right answer: to take tangible action addressing that risk.” But as the magnitude of the risk decreases, inaction (even if intentional) may not alone support a finding of bad faith. Here, the risk was “contained” (i.e., did not involve a “widespread operational deficiency” nor a violation of an internal policy or any regulations) and the financial amounts involved were of “a relatively minimal magnitude” in the context of the company’s $3 billion in annual profits and $2.5 billion in annual operating expenses.

ProAssurance

In ProAssurance Deriv. Litig. (Oct. 2, 2023), the plaintiff-stockholder claimed that the directors of ProAssurance Corp. (a healthcare professional liability insurance provider) breached their Caremark duties by taking on increased risk without creating sufficient loss reserves.

Facts. In 2015, following industry trends, ProAssurance decided to insure a larger healthcare institution than was typical for it in the past—thus taking on greater exposure to high-severity claims. By 2018, the new insured’s claims had grown more frequent. By 2020, ProAssurance announced that its loss reserves had been inadequate.

Holdings. The court dismissed the Caremark claims for failure to plead demand futility, after finding it was not substantially likely that the directors faced liability under Caremark.

The court found that the plaintiffs’ allegations failed to establish that the company was engaged in illegal activity as opposed to simply having made a business judgment to take on more risk. The court wrote: “[T]he only so-called red flags were of business risks—not illegality”—therefore, “[h]ow(and whether) to respond was entirely within the directors’ discretion.” The court also found that, even if there had been a failure to monitor business risk, there were no allegations supporting a reasonable inference of bad faith by the directors. The court wrote: “For liability to arise, the directors’ oversight failures must be so egregious that they amount to bad faith.” In this case, the court noted, the board regularly received updates on the company’s underwriting practices and reserves; properly delegated these tasks to management; and was guided by actuaries and auditors.

Key Points.

• Caremark generally applies to legal compliance risks but not business risks. In a few Caremark cases (e.g., Bingle/SolarWinds), the court has suggested that, at least in extreme cases, directors may face Caremark liability not only for a failure to oversee key legal and regulatory compliance risks, but also for key business risks. In ProAssurance, however, the court emphasized that a board’s business-risk decisions generally are subject to the board’s business judgment and Caremark duties are not applicable. The court observed that the events in this case “quite obviously, involve[d] a commercial decision that went poorly—the stuff that business judgment is made of.” The court viewed the plaintiffs’ allegations as reflecting “hindsight-second-guessing of a business decision that turned out poorly,” without evidence of bad faith. The court wrote: “So long as the challenged conduct is lawful, directors have broad discretion to advance the corporation’s interests as they see fit”; and Caremark liability is applicable only if “the directors utterly failed to implement a reporting system or consciously disregarded a violation of positive law” (emphasis added). The court wrote: “[I]nsurance underwriting is, by its very nature, uncertain and risky,…[and] the Board was consistently—even painfully—involved in monitoring the Company’s underwriting and reserves. The plaintiffs’ belief that the Company’s practices were not sufficiently conservative is a quibble with the Board’s judgment.”
• Caremark relates to extreme events. The court stated that Caremark oversight claims “should be reserved for extreme events” (with liability arising only when the oversight failures have been so egregious that they amount to bad faith).

Segway

In Segway v. Cai (Dec. 14, 2023), Segway Inc. asserted Caremark claims against its former CEO for an alleged failure of her oversight with respect to financial accounts after discrepancies were discovered.

Facts. Segway Inc. (a personal transportation devices company) was acquired in 2015 by a company that produced similar vehicles. After the merger, Segway sold its products alongside the acquiror’s, but otherwise continued to operate separately, with its own board, officers, employees, and financial and accounting systems. Cai was hired as Segway’s Vice President of Finance, and soon became President. When Segway experienced a significant decline in sales, shrinking of its customer base, and rise in its accounts receivable, it responded by turning away from selling its branded products and focused instead on selling the acquiror’s products, while significantly downsizing its own operations. Segway’s main facility was closed and Cai’s employment was terminated. It then became evident that the information Cai had been providing to the acquiror about shrinkage of customers and sales did not match the actual numbers in Segway’s financial records, and that a significant portion of the accounts receivable had been improperly recorded or not booked. When the acquiror could not reconcile the discrepancies (and Cai declined the acquiror’s request to help in that effort), the company commenced this action against Cai, alleging breach of her Caremark oversight duties.

Holdings. The court dismissed the Caremark claims at the pleading stage, after finding that, although Cai allegedly had “consciously disregarded” financial discrepancies in her reports to the acquiror, there were no allegations supporting a reasonable inference that she had done so in bad faith.

The court rejected Cai’s contention that—as Caremark duties applicable to officers (as opposed to directors) are “context-specific” and generally limited to the scope of the officer’s corporate responsibilities—bad faith is not a prerequisite for officer liability. The court, addressing officer liability under Caremark for the first time since the McDonald’s decision established that officers have Caremark duties—confirmed that the same high bar to pleading a Caremark claim against a director, including the prerequisite of adequate pleading of bad faith, also applies to pleading a Caremark claim against an officer. The court found that the allegations that Cai ignored red flags with respect to problems with the company’s customer base, revenues, and other financial metrics did not support an inference of bad faith for Caremark purposes. The plaintiff would have had to plead that Cai had “consciously failed to act after learning about evidence of illegality—the proverbial ‘red flag’” (emphasis added).

Key Points.

• Caremark generally applies to legal risks, not business risks. The court viewed Cai as having made “classic business decisions”—noting that the allegations were not that she had overlooked fraud, accounting improprieties or material legal violations, but rather that she had consciously ignored issues relating to customers, sales, revenues, and accounts receivable that had come to her attention, which, the court stated, were “generic financial matters [that] are far from the sort of red flags that could give rise to Caremark liability.”
• Bad faith is a predicate to Caremark liability—for directors and officers.
• There remains a high bar to success on a Caremark claim. The court emphasized that a Caremark claim still “is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”

AmerisourceBergen

In Lebanon Cty. Empl. Rtrmt. Fd. v. Collis (“AmerisourceBergen”) (Dec. 18, 2023), the Delaware Supreme Court reversed the Court of Chancery’s dismissal of Caremark claims against the directors of AmerisourceBergen Corp. (one of the nation’s “big three” opioid distributors).

Facts. The company had paid $6 billion to resolve claims brought by state and local governments relating to the company’s role in the national opioid crisis. The plaintiffs claimed that the directors intentionally failed to cause the company to comply with regulatory requirements relating to opioid distribution. The plaintiffs alleged that the company had adopted a culture of non-compliance that prioritized profits over legal compliance and that the board had consciously and continually ignored red flags of the company’s blatant noncompliance with the federal Controlled Substances Act.

Holdings. The Court of Chancery had concluded that the “avalanche of investigations without any apparent response” by the board for years, and the board’s leaving in place an allegedly defective monitoring program for years, would support a red flags claim under Caremark. But the Court of Chancery dismissed the case, holding that it was “not possible” to infer that the directors and officers had knowingly ignored red flags and failed to cause the company to comply with the CSA given that, while the case was pending in the Court of Chancery, a federal court in West Virginia had issued a post-trial determination that the company had complied with the CSA. The Court of Chancery viewed that determination as “persuasive” (although “not preclusive”). The Supreme Court reversed, holding that the Court of Chancery should have evaluated the plaintiff’s allegations without giving effectively decisive weight to the federal court’s findings. Th Supreme Court held that, although a Delaware court can take judicial notice of questions of law from other courts, it cannot, at the pleading stage, adopt another court’s factual findings through judicial notice. The Supreme Court agreed with the Court of Chancery that, without taking the federal court’s findings into account, the plaintiff’s allegations were sufficient to support a Caremark claim.

Key Points.

• Delaware courts can be expected to permit Caremark claims to survive in certain circumstances. While the Supreme Court’s reversal of the Court of Chancery’s dismissal of Caremark claims in AmerisourceBergen was based on narrow, even technical grounds, in our view the decision supports an expectation that, notwithstanding the most recent emphasis on the high bar to success on Caremark claims, Caremark claims may well survive pleading-stage dismissal in cases involving egregious facts following an extreme corporate trauma.

Practice points arising from Caremark decisions.

• Boards. Boards—supported by management, the audit committee, the company’s outside auditors, and legal counsel—should stay focused on, and apprised of key developments with respect to, legal compliance and other risks (such as cybersecurity risks and employee-welfare risks) that are central to the business and should seek to anticipate key areas of risk that may develop in the future. Boards should seek to: identify the “mission-critical” or key risks facing the company and delegate responsibility for oversight of these risks to specific board committees; be active in establishing effective management of key risks as a corporate priority; consider setting a regular schedule for reporting from management on key risks and be proactive in seeking out additional reports when appropriate; not simply delegate to senior officers of the company the management of critical risks, but become informed about and consider how those risks are managed; not ignore (but, rather, proactively address) “red flags” (or “yellow flags”) about key risks; and, importantly, create a record (such as in board minutes) of its risk monitoring and oversight efforts.

• Management. Corporate management should seek to: establish regular processes and protocols such that the board is kept apprised of key regulatory compliance and other practices, risks, reports and responses; inform the board when it learns of “red flags” (or “yellow flags”) about key risks (including, for example, complaints or reports from regulators or whistleblowers); include the board in the company’s whistle-blower process; tailor risk management strategies to the company’s specific circumstances and risk profile; inform the board of the practices of other companies in its industry or peer companies with respect to oversight of mission-critical risks; and integrate risk management considerations into the company’s corporate strategies and decision-making generally.

• Legal compliance. Violation of “positive law” clearly heightens the risk of Caremark liability, although there have been several cases (NiSource, LendingClub, and MoneyGram, for example) in which the court has dismissed Caremark claims at the pleading stage that were based on governmental investigations finding the company had a history of regulatory noncompliance. Successful defenses in these cases (that supported a lack of bad faith by directors) included that: the board was not aware of the regulatory noncompliance; the noncompliance was not sufficiently related to the corporate trauma that occurred; the noncompliance occurred at a different subsidiary of the company; and/or the board had taken steps to remediate the noncompliance.