Director Oversight: Seeking the Holy Grail
ATTORNEY: GUSTAVO F. BRUCKNER | POMERANTZ MONITOR | MAY/JUNE 2020
Under Delaware law, corporate directors and officers are duty-bound to adopt internal control and reporting systems that are reasonably designed to provide them with timely, accurate information sufficient to make informed decisions. Directors and officers face a substantial threat of liability if they knowingly or systemically fail to (1) implement reporting policies or a system of controls; or (2) monitor or oversee the company’s operations. If the oversight failures result in losses to the company, the directors and officers responsible could be held personally liable. This claim is commonly referred to as a “Caremark” claim, in reference to the 1996 Delaware case that set out the legal standard governing a board of directors’ oversight obligations.
A Caremark claim is possibly the most difficult type to pursue in corporate law, as most do not even survive the pleading stage. To survive a motion to dismiss, the complaint must plead specific facts demonstrating that the board totally abdicated its oversight responsibilities. Even the court in Caremark, a case which involved indictments for Medicaid and Medicare fraud, could not conclude that such a breach had occurred in that case.
Later decisions further constrained Caremark’s applicability to preclude a claim of director liability based solely on ignorance of corporate wrongdoing. Rather, only a sustained or systematic failure of the board to exercise oversight—such as an utter failure to attempt to assure that a reasonable information and reporting system exists—will establish the lack of good faith that is a necessary condition to liability under Caremark.
Commentators have characterized the successful pursuit of a Caremark claim as the Holy Grail of corporate law. Yet, just in the past year alone, Delaware courts have thrice allowed a Caremark claim to proceed. The first two of these cases, previously cited in the Monitor, Marchand v. Barnhill (Blue Bell) and In re Clovis Oncology, were examples of fiduciary duty breaches that resulted in extreme repercussions.
In Blue Bell, a listeria outbreak at one of the largest ice cream manufacturers in the country had resulted in three customer deaths. The court held, among other things, that the complaint fairly alleged that no board committee that addressed food safety existed; no regular process or protocols that required management to keep the board apprised of food safety compliance practices, risks, or reports existed; no schedule existed for the board to consider food safety risks on a regular basis; and the board meetings were devoid of any suggestion that there was any regular discussion of food safety issues. The Blue Bell court was focused primarily on the alleged failure of the board to have made a good faith effort to establish appropriate oversight systems in connection with a “mission critical” regulatory compliance issue.
In Clovis, by contrast, the focus was not on the failure to have an oversight system, but the alleged failure to pay attention to reports generated by that system. Clovis, a bio-pharmaceutical start-up, initiated clinical trials for its lung cancer drug, committing to a well-known clinical trial protocol and FDA regulations. The company consistently stated to the public and regulators that the drug achieved certain objective response rates in shrinking tumors. The Clovis board, however, had received internal reports that these rates were inflated. The Clovis court found that plaintiffs had successfully pled that the board had abdicated its responsibility by consciously ignoring red flags when it failed to correct the company’s reporting related to the success of its drug.
Most recently, in William Hughes Jr. v. Xiaoming Hu, et al. (Kandi Technologies), the court allowed a Caremark claim to proceed against several directors of Kandi Technologies Group, Inc., a Chinese auto parts manufacturer. Unlike in Blue Bell and Clovis, the breaches by the Kandi board did not have life or death implications. The claim in Kandi was that defendants “breached their fiduciary duties by willfully failing to maintain an adequate system of oversight disclosure controls and procedures, and internal controls over financial reporting.”
In 2014, Kandi publicly announced the existence of material weaknesses in its financial reporting and oversight system, including a lack of oversight by its Audit Committee and lack of internal controls for related-party transactions. The company pledged at the time to remedy these problems. Instead, in 2017, the company disclosed that it needed to restate the preceding three years of financial statements. In connection with this restatement, Kandi also disclosed that it lacked sufficient expertise relating to US GAAP requirements and SEC disclosure regulations, proper disclosure of related-party transactions, effective controls over proper classification of accounts receivables and payables; and the accuracy of income tax accounting and reporting.
Plaintiff made a request for production of books and records pursuant to Delaware General Corporation Law Section 220. In response, Kandi produced some documents and stipulated that “any remaining materials requested by Plaintiff either do not exist or had been withheld on privilege grounds.”
Plaintiff then brought an action claiming that the board’s actions were a Caremark violation. The books and records that were produced revealed that the Audit Committee of the Kandi board met only once every year, for less than an hour at a time. The Court concluded that it was reasonable to infer that during these short, infrequent meetings, the Audit Committee could not have fulfilled its responsibilities under its charter for a year’s worth of transactions. Additionally, during those short meetings, the Audit Committee purportedly reviewed new agreements governing the company’s related party transactions and approved a new policy that management had prepared governing related party transactions.
However, because these agreements and new policy were never produced to plaintiff in response to its inspection demand, the Court concluded that, pursuant to the stipulation, it was reasonable to infer that they neither existed nor imposed meaningful restrictions on company insiders. Furthermore, the Audit Committee, by unanimous written consent, replaced its auditor and attributed the decision to management’s determination that it was in the company’s best interest to change its independent auditors.
The Court concluded that these chronic deficiencies supported a reasonable inference that the Kandi board, acting through its Audit Committee, failed to provide meaningful oversight over the company’s financial statements and system of financial controls. The Court noted that, under Caremark, while an audit committee may rely in good faith upon reports by management and other experts, there must be some degree of board-level monitoring and not blind deference and complete dependence on management.
Lastly, defendants argued that, even if they failed to fulfill their oversight duties, they should not be subject to liability because the company did not suffer harm as a result. The Court found that argument misplaced. Even though there were no quantifiable damages to net income, defendants were still liable for damages incidental to the breach, including the costs and expenses incurred with the restatements, the reputational harm in the market, and the defense of the various stockholder litigations.
For plaintiffs’ lawyers, the Kandi decision reiterated the importance of seeking pre-suit books and records to bolster a litigation. It also provided a roadmap for inquiry as to the proper functioning of an audit committee. For corporate boards, Kandi evidenced that merely going through the motions will not be sufficient. The absolute minimum is simply not enough to avoid liability, even absent quantifiable damages. It may have also revealed that reaching the Holy Grail of corporate law need not be a matter of life and death.