Five Steps For Directors To Consider About Risk Governance

• Jurisdiction: United States,Federal,Delaware
• Law Firm: Mayer Brown
• Subject Matter: Corporate/Commercial Law, Compliance, Corporate and Company Law, Directors and Officers, Securities
• Author: Mr Matthew Bisanz, Andrew J. Noreuil, Jodi Simala, William Kucera and Megan S. Webster
• Published date: 22 February 2023

Historically, directors have been protected from personal liability in connection with risk management by the high standard set in the seminal 1996 Caremark¹ case. In recent years, however, courts have held that certain plaintiffs have pled facts sufficient to avoid dismissal of suits seeking to hold directors liable for failing to discharge their oversight duties. In addition, the staff of the Securities and Exchange Commission has recently made written requests to some public companies regarding their disclosure of risk oversight. In this article, we provide background on these developments and identify five steps that directors may want to consider as they develop risk governance frameworks.

Background

Under Delaware corporate law, directors owe fiduciary duties of care and loyalty to the corporation that they serve.² Since the Caremark case, these duties have included an obligation for directors to exercise oversight by making a good faith effort to implement and monitor reasonable information and reporting systems and controls.³ A director who (i) utterly fails to implement any reporting or information system or controls (a "prong 1" failure); or (ii) having implemented such a system or controls, consciously fails to monitor or oversee its operations (a "prong 2" failure), may be liable for a breach of the duty of loyalty.⁴ While the Delaware General Corporation Law ("DGCL") permits a corporation to include in its certificate of incorporation a provision eliminating or limiting the personal liability of directors for monetary damages for breach of fiduciary duty, such exculpation does not apply to, among other things, a breach of the duty of loyalty.⁵

For many years, the Delaware courts have observed that a claim that directors have breached their fiduciary duties by failing to monitor corporate affairs is "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment."⁶ In particular, Delaware courts generally rejected claims that directors violated their oversight duties either because the company took on business risk and suffered losses or because the directors failed to properly evaluate business risk.⁷ Furthermore, while Delaware courts were willing to entertain claims that directors violated their oversight duties by failing to implement or monitor reasonable information and reporting systems that would put them on notice of fraudulent or criminal conduct within the company or other legal compliance issues intrinsically critical to the company's business operation, plaintiffs were generally not able to successfully advance such claims.⁸

However, in 2019, with Marchand v. Barnhill, the Delaware Supreme Court held that the plaintiff had pled facts supporting a reasonable inference that the directors of an ice cream company had "consciously failed to attempt to assure a reasonable information and reporting system existed"⁹ to enable directors to monitor the company's compliance with food safety laws. Since the Marchand decision, the number and frequency of Caremark claims brought in Delaware courts has significantly increased, and Delaware courts have focused on the existence and operation of reasonable approaches to risk governance with respect to "mission critical"¹⁰ corporate risks as the key factor for determining whether directors should or should not face liability.

For example, in 2020, the Delaware Court of Chancery addressed both prongs of Caremark in the Teamsters v. Chou derivative litigation.¹¹ The plaintiff alleged that the board had (i) failed to implement adequate reporting or information systems or controls and (ii) ignored red flags about safety of its process for filling syringes with medication and other...