An Expansion Of 'Caremark'? Recent Delaware Chancery Decision May Suggest That

In 1996, the Delaware Supreme Court decided a case, In re Caremark International, Inc., where, for the first time, it recognized what is now called a Caremark claim. In that case, the Delaware Supreme Court recognized a scenario where the directors of a corporation, having failed in some aspect of their oversight duties, might be guilty of a breach of the fiduciary duty of loyalty rather than a breach of the fiduciary duty of care, because that failure of oversight was so egregious that it amounted to bad faith on the part of those directors. This represented a significant decision, because corporations almost universally exculpate their directors from monetary liability for breaches of the fiduciary duty of care.

Over time, the Delaware courts defined a Caremark claim as one where directors fail to implement any kind of system of internal controls or oversight or, where the directors did put such a system in place, “consciously failed to monitor or oversee” the system, and by doing so caused themselves to be unable to see any risks or problems within the corporation. These are referred to respectively as “information systems” and “red flag” theories.

Up until recently, Caremark claims were difficult to bring because of the high threshold needed to bring allegations to satisfy one of those two theories. A recent case in the Delaware Chancery Court, however, seems to have made bringing a claim under the red flag theory somewhat easier. Typically, to bring a claim under the red flag theory, a plaintiff shareholder sufficiently alleges with “particularized facts” that directors consciously disregarded, in bad faith, red flags that were connected to some corporate trauma that caused the corporation great damage. In other words, the directors ignored a red flag that was a proximate cause of corporate trauma.

Typically, a red flag claim is only viable in the face of allegations that directors were aware of a red flag, failed to investigate or do anything about it, and that inaction caused, at least in part, a corporate trauma. In the recent case of Brewer v. Turner, the Delaware Chancery Court found that allegations that directors of a large bank holding company, even in the face of taking some action to look into red flags brought to their attention, could nevertheless rise to the level of bad faith failure to prevent a corporate trauma.

In that case, the bank had instituted certain overdraft practices in 2018. In November 2019, the bank's former deputy general counsel sent a whistleblower letter to the holding company's board of directors alleging that those overdraft policies violated federal regulations and that the board was aware of that, but instead of stopping the practice, it sought ways to replace the revenue coming from the alleged illegal overdraft fees.

In response to that letter, the board engaged a law firm to conduct an inquiry into the allegations. About a month after the board engaged the law firm, the firm provided a confidential report to the board's Audit Committee setting forth its conclusions. There was otherwise no record in the board or committee minutes of the findings of the law firm or any recommendations it may have made. It was not until July 2020 that the meeting minutes of the Board's Risk and Audit committees even mentioned that the bank had hired a law firm and that the law firm had issued a report. Those minutes contained no mention of the contents of the report or the law firm's recommendations.

The bank did not change its overdraft practices until July 2021, or more than 18 months after that report was issued.

Shortly after the law firm provided its report, the Consumer Financial Protection Bureau (CFPB) sent the bank a civil investigation demand over the practices, which ultimately ended up with the bank settling with the CFPB in 2022 for a $50 million monetary penalty and agreeing to pay its customers $141 million in restitution.

Here, while the company took some of the right steps to respond to credible allegations of a red flag, the totality of the circumstances led the Chancery Court to find that the allegations were sufficient to allege the directors acted in bad faith. The board hired a law firm to look into the allegations, but there was no record of their findings or recommendations, and the bank did not cease its practices until more than 18 months after that report was issued. In addition, the shareholder alleged that the board did not cease those practices sooner because it was looking for ways to replace the revenue rather than continue an inquiry into the propriety of its overdraft policies. The Chancery Court then found that all of this, if true, was sufficiently connected to what it found was a corporate trauma of having to pay $191 million in fines and restitution and that the board could be liable for breach of the fiduciary duty of loyalty.

This example leads to a number of best practices a board must keep in mind when confronted with red flags that may lead to significant trauma for a company. First, it must take whistleblower complaints seriously, particularly those coming from insiders with significant legal and compliance duties. In light of those complaints, boards should consider forming special committees to look into serious allegations that might cause corporate harm. At the very least, the board should consider bringing in outside advisers to conduct an inquiry. Then, if an inquiry is conducted, the board must document in some form the findings and recommendations of that committee or those advisers and act on them timely, if necessary. Courts will allow corporations time to look into red flags, but there does come a point where too much time has elapsed than is reasonable to run the issue to ground, particularly if that delay can be partly attributable to some motive other than giving the investigators time to get to the bottom of the issues raised. In that case, a court is more likely to find that directors have acted in bad faith, even in light of evidence of them having taken some action to look into a red flag.

In addition to those reactionary best practices, companies will want to look at their indemnification policies and directors and officers (D&O) liability insurance policies. A company's indemnification policies may exclude indemnification of directors for bad faith actions. In addition, its D&O policies may contain exclusions for bad faith conduct. Companies will want to ensure their directors do not become personally liable for defending claims made against them for acting in bad faith.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.