Director Liability—“Caremark Protection”

by Martin Lipton and William Savitt

Since the 1996 Caremark (PDF: 1.16 MB) decision, authored by the revered late Chancellor William Allen of the Delaware Court of Chancery, we have called the case to the attention of boards of directors to ease concern about personal liability resulting from derivative litigation claiming a board was negligent in failing to prevent a defective product or otherwise causing or failing to prevent the corporation to be liable for damages to a third party.

 Caremark held that a board would be protected by the business judgment rule so long as it had implemented and monitored a system designed to identify risks and then deal with them.  Emphasizing that it was a doctrine that would only rarely be invoked, Caremark, and cases following it, held that directors could face exposure only if their company “utterly failed” to implement a system for risk identification or if they intentionally “ignored a red flag”—that is, declined to deal with an identified risk.

Two recent Delaware cases, Marchand v. Barnhill (PDF: 44 KB) and In re Clovis Oncology (PDF: 27 KB), have revived concern regarding directors’ potential personal liability under Caremark.  There is no need for such concern.  Those cases survived dismissal only because of well-pleaded facts indicating that at least one prong of Caremark had been ignored.  In Marchand, an ice cream manufacturer failed to implement any board-level monitoring of food safety risks.  In Clovis, the pleaded facts alleged that the board failed to monitor a system for drug development and disclosure.  Neither case has advanced beyond the pleading stage.  As it should, Caremark liability remains exceedingly rare.

To be sure of “Caremark protection,” in addition to the two prongs of Caremark, boards should:

  1. Ensure the company has an appropriate enterprise risk management system that is reviewed at the board level;
  2. Ensure the company has an appropriate legal and regulatory compliance system that is reviewed at the board level;
  3. Ensure the company and the board pays special attention to “hot button” matters like customer privacy, cybersecurity, liquidity, employee safety, product safety, bribery and money laundering;
  4. Consider a risk management and compliance committee tasked with ensuring regular review and updating.

We periodically issue a comprehensive memorandum, Risk Management and the Board of Directors.  It is worth using as a guide.  The current edition is available here (PDF: 168 KB).

Martin Lipton and William Savitt are partners at Wachtell, Lipton, Rosen & Katz.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.