Several weeks ago we asked whether directors of public companies face potential liability for not preventing cyber attacks. But what about liability for other acts of oversight? Can directors be held personally liable for money damages when they have done nothing affirmatively wrong?
Generally, the answer is no. Many states, like Delaware, allow corporate charters to include provisions that protect directors (and sometimes officers) from money damages for certain breaches of fiduciary duty. Acts that are not protected include breaches of the duty of loyalty, intentional misconduct, knowing violations of the law or receiving an improper personal benefit. But where plaintiffs seek money damages for breaches of the duty of care, exculpatory provisions in corporate charters typically provide directors a defense to the claims.
Practically speaking, these provisions protect directors against claims of negligence, and some courts have held the provisions even go so far as to protect against “reckless indifference.” The protection stops, however, when a director consciously disregards his or her duties. For example, and with reference to the earlier discussion on cyber attacks, an exculpatory provision might not shield a director from money damages where (i) a damaging cyber attack occurred, and (ii) it could be proven that the director exhibited a “sustained or systematic failure to exercise reasonable oversight” over the company’s cybersecurity, such that it evidenced the director’s conscious disregard of cybersecurity.
Of course, that would be very difficult to prove, and in most cases the director would enjoy the protections of a exculpatory provision. On the other hand, certain acts are universally outside the scope of an exculpatory provision, including:
- Committing self-dealing
- Concealing a personal benefit from a corporate transaction
- Selling the company at a price deemed to be not entirely fair
At bottom, it is important to remember: even where a corporate charter offers protection from money damages, a director may still face equitable remedies such as an injunction or recission. To put that another way: directors still always owe a duty of care to the corporation and its shareholders.