Stephen F. Arcano and Jenness E. Parker are Partners, and Matthew P. Majarian is an Associate at Skadden, Arps, Slate, Meagher & Flom LLP. This post is based on their Skadden memorandum.
Takeaways
- Delaware courts have become more willing to allow stockholders to pursue claims that directors breached their duty to oversee risk management and compliance.
- Directors are most vulnerable to suits where they have not established oversight processes for monitoring risks in “mission critical” aspects of the business or where “red flags” arguably should have alerted the board to looming problems.
- Boards need to ensure that they are devoting enough attention to risks and compliance and carefully document their oversight efforts.
Directors’ fiduciary duty of loyalty to the company and its stockholders includes a duty to oversee the company’s operations. That, in turn, includes an obligation to take reasonable measures to implement and oversee risk management and compliance controls. Where a board fails to do this, directors may be vulnerable to lawsuits by stockholders. In Delaware, whose law governs most large American corporations, these are known as Caremark claims.
Historically, these kinds of suits have been very difficult to maintain because they require that plaintiffs show bad faith on the board’s part. And a bad outcome does not suffice to show bad faith.
Nonetheless, over the past several years, Delaware courts have allowed an increasing number of Caremark claims to survive a motion to dismiss and proceed to discovery. In these cases, the stockholder plaintiff adequately alleged a lack of corporate control systems or the existence of “red flags” suggesting improper oversight. As a recent decision put it, Caremark claims, “once rarities … have in recent years bloomed like dandelions after a warm spring rain.”
Boards need to take these recent rulings into account in considering how to oversee their companies’ risk management and compliance.
This content was originally published here.