Corporate directors are justifiably concerned about their potential liability when agreeing to serve on a board, particularly that of a public company. It would be naïve for a director to dismiss the possibility of litigation against directors for actions taken by the board, and most well-functioning boards have adopted measures (including insurance, indemnification agreements, and charter and bylaw provisions) to try to mitigate this risk. Adding to the challenges faced by directors is that they can be held liable not only for what the board has done, but also for what the board has failed to do. Recent Delaware cases have reemphasized the board’s duty of oversight, originally outlined by the 1996 case, In re Caremark International Inc. Derivative Litigation. In light of these cases, boards should make sure their annual agenda includes the identification or reevaluation of the company’s critical functions, particularly those with a regulatory or legal component, and that the directors evaluate the reporting structures that are in place to ensure they are adequately monitoring any company-specific and mission critical compliance risks.
The Delaware Court of Chancery’s landmark Caremark opinion set a new and heightened standard for board oversight of a company’s legal and regulatory compliance programs. In response, boards implemented more robust compliance programs, along with reporting procedures and monitoring systems. These programs and procedures have, by and large, allowed directors to avoid liability under “Caremark claims” — shareholder derivative suits alleging that directors’ oversight failures caused serious corporate harm. The recent Delaware Supreme Court ruling in Marchand v. Barnhill, and a subsequent application of this ruling by the chancery court makes plain, however, that merely having a robust compliance program and reporting procedures designed to help the board monitor compliance may not be sufficient to shield directors from Caremark liability.
In Marchand v. Barnhill, a stockholder of Blue Bell Creameries USA, Inc., a major ice cream manufacturer, brought a derivative suit after a listeria outbreak in Blue Bell’s ice cream led to a full recall of all ice cream products. The suit included a Caremark claim alleging that the directors breached their duty of loyalty by “utterly” failing to “adopt or implement any reporting and compliance systems” to oversee food safety controls and compliance. The consequences were fatal for three consumers who ultimately died as a result of complications from listeria infections.
In the case of In re Clovis Oncology, Inc. Derivative Litigation, shareholders of a biopharmaceutical company asserted a Caremark claim alleging that the directors breached their duty of loyalty by failing to adequately monitor clinical trials for Clovis’s primary drug under development to ensure compliance with FDA standards. As a result of this failure, Clovis continued to publicly disclose trial results that did not conform to FDA standards, creating the false impression among investors and the market that the drug trials were showing better “objective response rates” than they were.
Under the existing Caremark line of cases, directors were required to make a good faith effort to oversee the company’s operations and legal compliance, and only a failure to do so would breach their duty of loyalty. Guided by this standard, the lower court in Marchand had rejected the Caremark claim, noting that a strong food safety compliance program had been in place, and that senior management had provided regular reports on Blue Bell’s operations to the board. The Delaware Supreme Court reversed, taking a broader view of what it means to “utterly” fail to “adopt or implement any reporting and compliance systems,” which had been the standard in place after Caremark. The Supreme Court emphasized that food safety — in particular the safety of its ice cream, Blue Bell’s only product, was a “central compliance risk,” and “essential and mission critical” to Blue Bell’s business. Therefore, despite the existence of general monitoring and reporting controls relating to Blue Bell’s operations generally, the board had failed to put in place a monitoring system that would keep it reasonably informed of this essential and mission critical function. The court then held that the complaint alleged facts supporting a reasonable inference that the Blue Bell “…board failed to implement any system to monitor Blue Bell’s food safety performance or compliance.” Applying this standard, the court in Clovis denied defendant’s motion to dismiss — as in light of the “mission critical” nature of the drug trials to Clovis’ business — the board’s failure to adequately monitor those trials could potentially constitute a breach of their duty of loyalty.
Boards should carefully consider what company activities could fairly be considered “mission critical” to their business, particularly where those activities are subject to a regulatory regime. Then, the board should evaluate whether there are compliance risks associated with these mission critical activities, and that there are appropriate reporting systems in place to enable the board to adequately monitor those activities and the associated risks. Finally, the board should periodically revisit this analysis, perhaps annually, or more frequently depending on the risks presented. By proactively taking these steps, directors can protect themselves from a claim that they failed in their oversight responsibilities.
Doug Raymond is a partner in the law firm of Drinker Biddle & Reath LLP (www. Drinkerbiddle.com). He can be reached at Douglas.Raymond@dbr.com. Kyle Loder, an associate, assisted in preparation of this column.