The Board’s Role in Compliance and Risk Management: Lessons From Recent Decisions Revisiting ‘Caremark’ and its Progeny
By Lisa R. Stark, Delaware Counsel Group LLP
In the past year, a number of corporate scandals involving allegations that employees and managers of major corporations ignored internal policies and regulatory requirements, and even engaged in flagrant violations of the law to increase corporate profits, have unfolded in the media. Many of the scandals involved actions by employees and executives in one particular division or business unit of a global company.
In subsequent derivative litigation, the question has arisen as to what the board of directors of the corporation actually knew or should have known about the illegal activities. Whether the board knew or should have known of violations of law often comes down to whether (1) the board ignored “red flags,” or (2) there was a systemic failure in the corporation’s information and reporting system and of the board’s performance of its oversight function. If the plaintiff is able to show that the board possessed the requisite scienter or that the board completely abdicated its duty to monitor the corporation’s legal compliance, a court may hold the board liable for monetary damages for breach of fiduciary duty.
Anatomy of a ‘Caremark’ Claim
A breach of fiduciary duty claim that seeks to hold directors of a Delaware corporation liable for either knowingly causing the corporation to violate the law or for failing to establish an effective system for monitoring the corporation’s compliance with the law is known colloquially as a Caremark claim, after the landmark decision by the Delaware Court of Chancery in In re Caremark International Inc. Derivative Litigation.1 As evidenced by subsequent Chancery Court opinions and the Delaware Supreme Court’s decision in Stone v. Ritter, a Delaware court rarely will impose liability on directors under Caremark, because plaintiffs seldom establish the necessary linkage between the illegal activity and the board.2 In Caremark, the Court noted that: “the theory here advanced is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” 3
Unlike directors that have merely acted without due care, directors that have acted in bad faith are not entitled to be exculpated for monetary damages … . Thus, if successful, an action premised on a ‘Caremark’ theory of liability presents a substantial risk of liability for the board.
Because directors do not typically admit to knowing violations of the law, a plaintiff must effectively plead facts sufficient for the court to infer that the members of the board consciously transgressed positive law.
If the plaintiff cannot point to a particular board decision in which the board chose to violate the law, the next alternative is to plead that the board deliberately failed to act after learning about incidents or occasions of possible illegalities—the proverbial red flag. For example, a plaintiff might plead that the board received emails or other communications from auditors or counsel warning of possible illegality, but failed to investigate the matters.
If the plaintiff cannot point to red flags, then the plaintiff can try to establish that the illegality occurred because the board made no attempt to ensure that the corporation possessed an information and reporting system designed to maintain compliance with corporate policies, regulatory requirements, and positive law. For example, a plaintiff might be successful in showing a systemic failure of the board to perform its oversight function if the board did not create an audit or other compliance committee.
If the plaintiff is successful in establishing a claim for breach of fiduciary duty under a Caremark theory of liability, then the plaintiff has effectively shown that the board failed to act in good faith under Stone v. Ritter. Unlike directors that have merely acted without due care, directors that have acted in bad faith are not entitled to be exculpated for monetary damages under a charter provision adopted pursuant to Section 102(b)(7) of the General Corporation Law of the State of Delaware. Thus, if successful, an action premised on a Caremark theory of liability presents a substantial risk of liability for the board.
Recently, the Delaware Court of Chancery ruled on Caremark claims in two separate actions. These decisions illustrate a board of directors’ central role in compliance and risk management and highlight a number of practical lessons for boards and their advisors.
Claim Against Allergan Survives
In Louisiana Municipal Police Employees Retirement System v. Pyott, the Delaware Court of Chancery held that plaintiffs’ allegations that the board of directors of Allergan, Inc. (“Allergan”) knowingly approved and oversaw a business plan that required company employees to market Allergan’s Botox product for uses that were not approved by the Food and Drug Administration (the “FDA”) stated a Caremark claim for breach of fiduciary duty.4
The court found that the particularized allegations in the complaint, which were supported by internal documents obtained through a DGCL Section 220 demand, supported a reasonable inference that the Allergan board knowingly oversaw a business plan that required illegal off-label marketing of Botox.
Allergan is a Delaware corporation that develops and commercializes specialty pharmaceuticals, biologics, and medical devices, including the popular Botox cosmetic product. Prior to 2010, the FDA had approved the use of Botox for therapeutic purposes (i.e., non-cosmetic uses) in only two areas: the treatment of eye muscle disorders and excessive sweating. However, Allergan believed that there was a huge, untapped market for applications of Botox for non-approved uses, including the treatment of migraines. Doctors could prescribe Botox for “off-label” uses; however, FDA regulations prohibited Allergan from directly marketing Botox for applications that had not received FDA approval.
From at least 1997, Allergan aggressively campaigned to increase off-label sales of Botox. Specifically, Allergan sponsored seminars and presentations for doctors on off-label uses, funded and financed organizations that promoted off-label uses, and provided support services for doctors seeking reimbursement from healthcare programs for off-label prescriptions. In 2001, the FDA warned Allergan about its activities relating to off-label uses of Botox, but Allergan continued to drive Botox sales for off-label uses. In 2010, Allergan entered into a $600 million settlement with the U.S. Department of Justice (“DOJ”) following a three-year DOJ investigation into its promotion of off-label uses for Botox.
Following the announcement of Allergan’s settlement with the DOJ, a number of plaintiffs’ firms filed lawsuits on behalf of Allergan’s stockholders. In this derivative action, plaintiffs alleged that the Allergan board breached its fiduciary duties by knowingly causing the company to violate the law to increase profits.
Unlike most plaintiffs bringing Caremark-style claims, the plaintiffs alleged a direct connection between the board and illegal actively. Specifically, the plaintiffs alleged that from 1997 onward, the Allergan board approved strategic plans that contemplated dramatic increases in sales of Botox for off-label uses and that were dependent on aggressive marketing activities. According to plaintiffs, the board kept this business plan in place after (1) Allergan’s general counsel alerted the board that Allergan’s marketing of Botox for off-label uses was likely to garner scrutiny from regulators, and (2) Allergan received a warning letter from the FDA requesting that the company take prompt action to correct ongoing violations of the law regarding off-label marketing of Botox.
Accordingly, when defendants moved to dismiss plaintiffs’ complaint for failure to make a demand or plead demand futility under Delaware Court of Chancery Rule 23.1, the court denied defendants’ motion. The court found that the particularized allegations in the complaint, which were supported by internal documents obtained through a DGCL Section 220 demand, supported a reasonable inference that the Allergan board knowingly oversaw a business plan that required illegal off-label marketing of Botox. At the pleadings stage, a complaint creating such an inference establishes futility of a demand under Caremark and its progeny, because it presents a substantial threat of liability for the board. In conclusion, the court stated: a Caremark theory “is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment. But difficult does not mean impossible, and win a judgment does not mean survive a motion to dismiss.” 5
Claim Against Hecla Dismissed
Several months later, the Delaware Court of Chancery again ruled on a motion to dismiss a complaint seeking to hold directors liable under a Caremark theory of liability. In South v. Baker, the court dismissed a complaint alleging that the board of directors of Hecla Mining Company (“Hecla”) knowingly caused or consciously permitted the corporation to violate federal safety regulations applicable to mining companies.6
Ruling on plaintiffs’ motion to dismiss, the court noted that the complaint failed to cite any connection between the Hecla board and Hecla’s violation of health and safety laws.
Hecla is a publicly traded corporation engaged in the discovery, mining, and marketing of metals such as silver, gold, lead, and zinc. In 2011, Hecla experienced a series of accidents involving injury of its miners. The U.S. Mine Safety and Health Administration (“MSHA”) investigated the incidents and issued a report and over 59 citations for violation of federal safety regulations. A number of derivative lawsuits ensued, including this action.
Ruling on plaintiffs’ motion to dismiss, the court noted that the complaint failed to cite any connection between the Hecla board and Hecla’s violation of health and safety laws. Specifically, the complaint did not allege any facts from which a decision by the Hecla board to knowingly violate the law could be inferred. Plaintiffs relied on MSHA’s report to make their case; however, the report blamed the accidents on day-to-day operational issues, not board-level decisions. Although the complaint alleged that the board knew of and ignored the accidents, it did not specify what the board was told about the incidents and what action the board took (if any) following receipt of information about the incidents.
Further, according to the court, the complaint did not contain allegations from which it could infer a systemic failure of the board’s oversight function. To the contrary, the plaintiffs affirmatively pled that the Hecla board established a safety committee and charged it with monitoring the company’s health and safety performance. Accordingly, the court dismissed the complaint for failure to establish futility of demand and admonished future plaintiffs to use a Section 220 action to investigate potential Caremark claims before filing a derivative action based on a Caremark theory of liability.
The lessons from South and Pyott are clear: Delaware corporations operating in heavily-regulated industries must possess a system for ensuring compliance with all regulatory regimes applicable to the company. Although the audit committee has traditionally overseen and monitored financial reporting and disclosure processes, many audit committees also have oversight of regulatory compliance and risk management.
Depending on the nature and scope of the regulatory regime applicable to the corporation, the board should consider creating a separate compliance committee that is designed to oversee the corporation’s adherence to laws unrelated to the financial reporting and disclosure process.
Depending on the nature and scope of the regulatory regime applicable to the corporation, the board should consider creating a separate compliance committee that is designed to oversee the corporation’s adherence to laws unrelated to the financial reporting and disclosure process. For example, in South, the board had established a safety committee and charged it with (i) reviewing health, safety, and environmental policies; (ii) overseeing an annual audit of the company’s performance in health and safety; (iii) reviewing and discussing with management any material noncompliance with health or safety laws; and (iv) reviewing updates from management regarding the corporation’s health and safety performance. The members of the board comprising the safety committee possessed the most relevant industry experience.
Beyond the board’s performance of its oversight function, the corporation must establish compliance standards and procedures that are to be followed by its employees and other agents and that are designed to prevent violations of the law at all levels of the organization.
While the efficacy of such a committee ultimately depends on the board’s commitment to its compliance program, the creation of the committee is a step in the right direction. The board also might consider constituting the committee with members of the board who are unaffiliated with management if there is a substantial risk that any of the directors on the committee will not be able to act independently of senior management. The expertise of potential members of the committee also should be explored at the outset.
Once constituted, the board should ensure that the compliance committee receives timely, accurate, and complete information with respect to the corporation’s business operations and internal controls. To this end, the board might vest the committee with the authority to appoint one or more compliance officers to coordinate the committee’s activities and the corporation’s compliance program. It may be preferable to have a senior compliance officer report directly to the committee as opposed to members of senior management. Finally, the committee must keep the board informed on a regular basis of its activities.
The board’s oversight function does not dissipate simply because it has appointed a compliance committee. Beyond the board’s performance of its oversight function, the corporation must establish compliance standards and procedures that are to be followed by its employees and other agents and that are designed to prevent violations of the law at all levels of the organization.
Having policies in place may prove to be ineffective unless management effectively communicates to employees and agents what compliance entails by requiring participation in training programs or by disseminating materials that explain in simple language what is required. The training programs and materials should be targeted and focused so that any given segment of the employee population receives the information that is most relevant to it.
All employees should have access to a system which enables them to report potential wrongdoing anonymously and without fear of retaliation, and to ask questions about the company’s compliance policies and internal controls. A telephone hotline may serve this purpose. Finally, the effectiveness of the policies should be evaluated internally on a monthly basis and by outside counsel on an annual basis.
Training programs and materials should be targeted and focused so that any given segment of the employee population receives the information that is most relevant to it.
* * *
The direct consequences of criminal conviction of the corporation for violation of federal regulations can be quite severe. The $600 million in civil and criminal fines paid by Allergan in 2010 equaled 96 percent of the company’s reported net income in 2009 and exceeded both its 2007 and 2008 net income. The costs of noncompliance serve as powerful incentives for a board of directors to assume an active role in the corporation’s compliance program.
Lisa R. Stark is Of Counsel with the Delaware Counsel Group LLP in Wilmington, Del., and practices in the areas of corporate and mergers and acquisitions law. The views expressed herein are solely those of the author.
This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. Bloomberg Finance L.P. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.
© 2012 Bloomberg Finance L.P. All rights reserved. Bloomberg Law Reports ® is a registered trademark and service mark of Bloomberg Finance L.P.