Delaware court interpretations of the Caremark (PDF: 72 KB) standard provide a daunting pleading barrier to derivative actions based on alleged breach of compliance oversight responsibilities. The Chancery Court’s October 18 decision in Reiter v. Fairbank (PDF: 509 KB) is particularly notable for its thoughtful analysis of the duty of oversight. But corporate leadership should recognize that these decisions may not provide impenetrable protection to them, and to the corporation, from compliance-based liability exposure, especially in the current individual accountability environment.
Reiter is the latest in a long series of Delaware decisions to describe a Caremark-based derivative challenge as “possibly the most difficult theory in corporation law on which a plaintiff might hope to win a judgment”. But boards should be careful not to place unjustified reliance on this judiciary perspective. The compliance oversight conduct of a corporate officer or director can come under scrutiny in ways apart from the derivative environment. And they can serve as a powerful boardroom motivation for continued vigorous and fully informed oversight over, and decision-making with respect to, the corporation’s compliance function.
As most governance lawyers know, the original 1996 Caremark decision is interpreted, in shorthand, as ascribing to corporate directors an affirmative duty to establish, and exercise oversight over, some form of internal compliance activity (e.g., an organizational corporate compliance program). This oversight obligation is subsumed under the core duty of care. Caremark and its progeny have defined the standard for breach of this oversight obligation as bad faith; i.e., that the directors knew that they were not discharging their fiduciary obligations. Subsequent decisions have drawn a distinction between an inadequate or flawed effort to effect fiduciary obligations, and a conscious disregard for those duties.
Reiter involved allegations that the board of a financial services company ignored critical warning signs regarding the company’s exposure to certain regulatory enforcement trends. The Chancery Court dismissed the plaintiff’s complaint because the alleged board conduct did not relate to “red flags of illegal conduct” (e.g., that someone within the company was engaging in illegal conduct) but rather related to “yellow signs of caution” (e.g., information regarding the company’s escalating compliance risk coupled with increasing regulatory scrutiny of the industry). To find Caremark-required bad faith would have required a demonstration that the directors knew they were violating a fiduciary duty by tolerating a climate in which the company was conducting its business in defiance of applicable law. A tall order, indeed.
However, the Caremark “bad faith” standard may not be the same lens through which a board’s compliance oversight responsibilities are evaluated outside of the derivative litigation scenario. For example, state or federal regulators may apply a more demanding expectation of director conduct when evaluating the effectiveness of a company’s compliance plan, for purposes of making a civil or criminal prosecution decision.
In particular, regulators may be less inclined than the Delaware courts to tolerate “inadequate or flawed” compliance oversight. As has been well chronicled, the Department of Justice’s Fraud Division employs a full time compliance expert, whose responsibilities include advising prosecutors on the effectiveness of any compliance program that a company had in place at the time of the conduct giving rise to the prospect of criminal charges.
It is conceivable that, in certain situations, allegations of director oversight conduct that would not have been sufficient to withstand a motion to dismiss in the Caremark “bad faith/conscious disregard” context, would nevertheless be enough for the DOJ expert to argue that the company’s compliance program was ineffective (because of inadequate board oversight), and for government attorneys to persist in an investigation of potential individual or organizational liability. This could have dramatic implications for both the corporation and for individuals who may be implicated in the investigation. It could also focus unwanted attention on the allegations of lax director compliance oversight, with corresponding distraction, and possible reputational harm, to the directors.
Questions regarding compliance oversight conduct can pose particularly unique problems for the governing boards of sophisticated nonprofit corporations, such as those in health care, disease prevention and higher education. At a basic level, there is a death of case law that serves to apply Caremark to nonprofit corporations, whose governance structure lacks the oversight mechanism provided by the market function.
A state attorney general, pursuing compliance program breach of oversight duty claims, similarly may not be deterred by a defense based on a “bad faith” pleading standard arising from shareholder derivative actions in the public company context. This is especially the case when the attorney general applies broad theories of director liability under unique state charitable trust laws that attribute trustee responsibilities to directors.
Claims of inattentive or flawed director oversight could also affect the availability of “D&O” coverage and indemnification protection to the extent that alleged a common law breach of the duties of loyalty or care.
Given these factors, the board may be well served to focus less on various thresholds for liability exposure—let the general counsel worry about that–and more on conduct traditionally associated with effective compliance oversight. Fundamental to this is a basic appreciation for the types of information and activity that might reasonably be perceived as a “red flag”. And, as recent developments suggest, increasingly important is an awareness of the extent to which corporate ethics are embraced across employee tiers. Attentive boards and their compliance committees may wish to confirm whether the company’s ethics and culture are having a favorable impact on employee conduct, and whether executive incentive compensation arrangements are motivating factors for compliant behavior.
In this regard, recent Caremark cases provide some examples of potentially problematic board conduct, that help define “bad faith” in the context of compliance oversight, and can help frame the outer boundaries of acceptable oversight activity. These include the failure to meaningfully respond to a “troubling, continuing pattern of noncompliance” by the company and its management team; the knowing approval of a business strategy that specifically incorporated illegal actions; and other actions suggesting that the board was tolerant of company operations it knew to be in defiance of applicable law.
The benefits of enhanced focus on compliance oversight can be seen in the application of Yates Memorandum principles of individual accountability to recent health care industry False Claims Act settlements involving the Department of Justice. In one notable settlement, the DOJ contended that the board chair “contributed” to the allegedly illegal conduct by reinforcing the underlying, allegedly problematic strategy to company facilities. As part of that settlement, the board chairman agreed to pay a fine of $1 million. Given the “incubation period” often associated with FCA-based investigations, it is conceivable that more complaints and settlements involving senior corporate leaders may be in the offing.
This is not intended to be a “sky is falling” message, because in terms of director oversight liability, it is not. Rather, it is a note of caution, to interpret with balance the Caremark decisions coming from the Delaware courts, and a reminder that a heightened pleading standard is not the same as a lowered compliance program oversight standard. There can be consequences to the corporation, and to individual directors, by assuming that regulatory compliance plan effectiveness standards assume only the lowest level of board engagement: the avoidance of bad faith.
To the contrary, these cases can be a prompt to engage in more rigorous boardroom discussion of appropriate compliance program oversight, and of new measures to motivate ethical and responsible behavior within the company.
Michael W. Peregrine, a partner at McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer-director liability issues. His views do not necessarily represent the views of McDermott Will & Emery or its clients.
Disclaimer
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.