In last Thursday’s post, I noted recent case law developments in which federal court breach of the duty of oversight claims against the boards of Wells Fargo and Abbott Laboratories had survived motions to dismiss, at least in part. I also noted that these decisions have important implications for board governance processes and documentation. As I have continued to consider the implications of these recent decisions and other developments concerning the so-called Caremark duties relating to board members’ fiduciary duties of oversight, I developed further thoughts on the steps well-advised boards will want to take to put themselves in a better position to defend themselves against these kinds of claims. I have set out my thought below.

Background

First, by way of background, it is worth noting that so-called Caremark claims based on alleged breaches of the duty of oversight or duty to monitor have been around since at least the Delaware Court of Chancery’s 1996 decision. For many years, Delaware’s courts emphasized that duty of oversight claims involve “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” 

However, in a line of cases beginning with the Delaware Supreme Court’s 2019 decision in Marchand v. Barnhill, Delaware courts have sustained various plaintiffs’ assertion of breaches of the duty of oversight. The high water mark for these kinds of cases arguably was the Boeing 737 Max air crash case, which survived a motion to dismiss and ultimately settled for $237.5 million. As I noted in last week’s post, federal courts, applying Delaware law, recently sustained at least in part breach of the duty of oversight claims against the boards of Wells Fargo and Abbott Laboratories.

As case law has developed, the Delaware courts have identified two “prongs” that characterize the requirements of the duty of oversight. The first prong has to do with companies’ “mission critical” operations and functions, for which boards should have reporting mechanisms enabling the directors to monitor these critical operations. The second prong has to with “red flags” that should alert the boards that there are key developments that boards should be monitoring.

Risk Management

These developments have important implications for corporate boards. At a minimum, boards will want to consider what steps they should take in order to make sure that if they are hit with one of these kinds of breach of the duty of oversight claims, that they are in a position to defend themselves and to attempt to refute the claims. Even more importantly, well-advised and well-intentioned boards will want to ensure that they have mechanisms in place to monitor their companies’ “mission critical” operations and functions and to oversee their companies’ responses to “red flags” that emerge.

Based on these considerations there are important steps that well-advised boards will want to consider.

First, the boards should undertake a risk assessment process, in order to make sure the board has identified the most important risks the company faces, as well as how those risks are being monitored, by management and by the board. The boards will also want to understand what processes are in place to identify emerging risks, including regulatory developments and industry changes, as well as how frequently the emerging risks are being evaluated and assessed. Timeliness and regular reporting are key considerations.

Second, boards should identify and assess the systems that are in place to collect and report information related to key compliance areas, and in particular the board will want to understand the procedures for escalating important issues to the board. Relatedly, the board will want to understand the internal processes for addressing audit findings or whistleblower reports, particularly how these items are communicated to the board.

Third, the board will want to understand how critical business functions and operational issues are being overseen by the board and relevant committees. The board will want to understand where the ongoing responsibilities for monitoring these key business functions and operational issues reside, and in particular, determine whether there are dedicated committees responsible for overseeing key areas, as well as how frequently these committees are reporting to the full board. (With respect to this latter point, it is important to note that in both the Wells Fargo and Abbott Laboratories cases, the court considered it highly significant that the respective boards lacked specialized committees to oversee mission critical operations and functions.)

Fourth, in light of the fact that the board is dependent on management’s actions in elevating issues and reporting on key developments, the board will want to understand the standards in place for elevating issues, as well as how frequently management will provide the board with updates on critical issues and potential concerns. Along those same lines, the board will want to assess the management’s response to key issues and developments. By the same token, the board will want to set expectations for management to escalate to the board considerations relevant to critical issues.

Fifth, in order to be able to substantiate the board’s efforts, directors will want to ensure that board discussion and decisions on the key risk issues are well documented in board and committee minutes. In addition, from a board governance perspective, directors should regularly review its oversight and monitoring practices and procedures, and make adjustments as necessary. The ultimate question is how the board makes sure that the directors are adequately informed about the company’s critical operations and risks.

Sixth, boards should be particularly aware of and sensitive to “red flags” that may arise and that could indicate serious concerns and that could require additional investigation. Relatedly, the board will want to understand management’s protocols for elevating potential red flags to the board.

Finally, and as a general matter, it is important for directors to keep in mind that, no matter what, potential claimants may later emerge, who, armed with the benefit of hindsight, may seek to question both the board’s actions and motivations. Boards will want to be in a position to demonstrate that they made good faith efforts to monitor and respond to developments involving the company’s key operations and functions.

No risk management can ever ensure that lawsuits will not arise. However, well-advised companies will take steps to try to ensure that if they do attract the unwanted attention of the plaintiffs’ lawyers, they are in the best position to try and defend themselves.