By Nick Gravante, Sam Kleiner, and Andrew Chesley
Five years before the COVID-19 outbreak, Blue Bell Creameries LP was forced to shut down its ice cream plants and lay off over a third of its workforce due to the outbreak of another disease, listeria.
Alleging that Blue Bell's board of directors had failed to properly monitor the food safety issues, shareholders brought a duty to monitor claim in Delaware court. A duty to monitor claim has traditionally been incredibly difficult to bring, but in 2019 the Delaware Supreme Court found that the complaint made sufficient allegations to survive a motion to dismiss.
The decision, Marchand v. Barnhill, showed that a board's failure to properly execute its duty to monitor could result in actionable claims under Delaware law. In the months that followed Marchand, three Delaware courts have found that duty to monitor claims may be viable, possibly giving new life to duty to monitor claims.
Today, as directors try to navigate how their companies should respond to the COVID-19 outbreak and the myriad of related legal issues, they need to carefully heed the warning from Marchand — the board must directly involve itself with decision-making on the company's core compliance risks.
Though the particular way that the COVID-19 risk is manifested will be unique to each company's line of business, nearly every company faces substantial compliance risks associated with COVID-19. As many companies contemplate reopening, which could carry substantial risks, it is important for boards to ensure that they are sufficiently involved in the details of their companies' plans.
We expect that there will be a wave of duty to monitor claims against boards in the months and years ahead in Delaware courts. This article (1) provides a brief overview of the case law establishing the obligations of a board of a Delaware corporation to monitor key compliance risks, and (2) applies this to the compliance risks associated with COVID-19.
By taking steps today to ensure that they are sufficiently involved with the decision-making around COVID-19, directors of Delaware corporations will not only be helping their corporations navigate this difficult period, they will also be laying the factual foundation to defeat potential future duty to monitor claims.
The primary case establishing the scope of a board's duty to monitor under Delaware law is In re: Caremark International Derivative Litigation. In Caremark, Chancellor William Allen held that a director's duty:
includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.
The scope of that duty was reinterpreted by the Delaware Supreme Court in Stone ex rel. AmSouth Bancorporation v. Ritter, which found that directors only violated their duties of loyalty where they failed "to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith."
At that time, the court noted that Caremark liability is "'possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.'"
Against that background, the Delaware Supreme Court's recent decision in Marchand was significant in that it held directors responsible for their failure to properly oversee a core compliance risk. Former Delaware Chief Justice Leo Strine ruled that the complaint sufficiently alleged a breach of the board's duty of loyalty because directors failed to "undertake good faith efforts to put a board-level system of monitoring and reporting" for food safety issues in place.
The Marchand court reasoned that a board must "make a good faith effort to put in place a reasonable system of monitoring and reporting about the corporation's central compliance risks. In Blue Bell's case, food safety was essential and mission critical."
Following Marchand, the Delaware Chancery Court has focused its Caremark analysis on whether the company in question was "operating in the midst of 'mission critical' regulatory compliance risk." Where the risk is related to the company's "'mission critical' operations, the board's oversight function must be more rigorously exercised."
Similarly, in a second case, Vice Chancellor J. Travis Laster noted that the duty to monitor can be violated where the board "fail[ed] to monitor a mission-critical source of regulatory risk. ... If directors learn of information that would put them on notice of a threatened corporate trauma — the proverbial red flag — then they must take action in good faith to address it."
Vice Chancellor Laster made clear in a third, more recent decision that the board cannot expect to defeat Caremark claims by simply pointing to the "trappings of oversight," including written policies and officers in place to monitor compliance issues. Instead, "Caremark envisions some degree of board-level monitoring system, not blind deference to and complete dependence on management."
What should a director of a Delaware corporation make of the recent support that Caremark claims have in terms of how Delaware courts are construing Caremark claims? Referencing the number of recent Caremark decisions favorable to plaintiffs, professor Stephen Bainbridge opined: "One is reminded of the aphorism that once is a happenstance, two is a coincidence, and three is enemy action."
It remains to be seen just how far the Delaware courts go in reinvigorating Caremark claims, but without a doubt there will be more coming, especially in the aftermath of the COVID-19 pandemic.
Right now, directors are no doubt engaged in their companies' responses to COVID-19 and myriad related issues. While COVID-19 may present an array of challenges to the company, it is important for directors to review their Caremark duties and to ensure that they are actively looking to identify and monitor the company's mission-critical compliance risks.
Caremark does not require micromanagement, but it does require that boards set up systems to facilitate board-level monitoring of operations with mission-critical compliance risks. Directors need to affirmatively seek to identify these core mission-critical compliance risks posed by COVID-19.
As directors navigate their firms' responses to COVID-19, they need to be actively supervising core compliance risks and cannot blindly defer to nor completely depend on management to navigate Delaware corporations through these difficult times.
The COVID-19 pandemic goes straight to the core of some business's operations, and directors of these companies will need to ensure that they are carefully monitoring the entirety of the company's COVID-19 response plan and implementation.
Companies in industries from hospitality to meat manufacturing have been in the headlines because COVID-19 has fundamentally disrupted their core business model. As they seek to reopen or continue operations, boards of these companies will need to carefully supervise COVID-19 response, just as the board of Blue Bell needed to monitor mission-critical food safety risks.
For other companies, there may be a more limited number of issues related to COVID-19 that create mission-critical compliance risks. Boards need to carefully investigate where these risks might lurk — they could be far afield from the disease itself. For instance:
- If a company deals with sensitive or highly regulated information (i.e., a defense contractor, a company handling private medical information, or a company with valuable trade secrets), then the capacity of the company's IT system to protect that information while the company's employees are working from home could be a critical compliance risk.
- If a manufacturing company found that they were unable to obtain a crucial input from a vendor in China and had to switch to find a new vendor, the company's due diligence review of the new vendor could become a critical compliance risk.
- If a company finds that its compliance team is weakened because the company's employees are all working remotely, then the company's capacity to adapt its compliance program would itself be a critical compliance risk. In addition, if companies decide that budget cuts to compliance programs are needed, boards should ensure that the cuts do not sacrifice their firms' ability to address core compliance risks and should carefully document the decision-making process for how those cuts are made. Directors should remember that government enforcement is not taking a recess because of the pandemic.
The examples illustrate the broader point; the mission-critical risks from COVID-19 that a board needs to supervise may be distant from the disease itself. Boards need to be carefully looking for mission-critical compliance risks as their companies respond to COVID-19.
In the months and years ahead, we expect that there will be many Caremark claims against boards based on the COVID-19 response. Boards are increasingly on notice of the issues presented by the pandemic and courts will expect that they appropriately exercised their Caremark duties to monitor.
In the COVID-19 pandemic, directors should be inquisitive, communicate with an array of management, including the chief compliance officer, probe management about the steps they are taking to identify the mission-critical compliance risks that the company is facing, and seek to identify any new mission-critical risks that have emerged in the pandemic.
It is important for directors to avoid excessive deference to management in charting the company's response to COVID-19.
Practical Steps for Boards
Practically, directors should consider taking steps including:
Regular Meetings on COVID-19
Boards should hold weekly or semimonthly meetings to discuss COVID-19 issues. Boards should ensure that these discussions are reflected in minutes. One of the key issues in Marchand was that the board's minutes lacked any discussion of food safety.
Documentation of Execution of the Duty to Monitor
Directors need to carefully document their steps to monitor the mission-critical risks (i.e., ensuring that communications are memorialized).
Standing Committee on COVID-19 Compliance Risks
Directors should consider establishing a standing committee of the board that would be responsible for monitoring the mission-critical compliance issues presented by the COVID-19 pandemic.
Ultimately, carefully examining and adhering to Caremark duties can help remind directors of their core responsibilities and provide a framework for them to ensure that they are giving sufficient attention to the mission-critical compliance issues.
Directors who take these responsibilities seriously now will stand a strong chance of prevailing in the event shareholders bring a Caremark lawsuit in the months or years ahead.