The Delaware Supreme Court recently sounded a warning bell for directors, reminding that as part of their duty of loyalty, they “must make a good faith effort to implement an oversight system and then monitor it.”1 The case stems from the heavily publicized 2015 listeria outbreak involving Blue Bell Creameries, one of the nation’s largest ice cream manufacturers. The outbreak resulted in three deaths and caused the company to recall all of its products, cease production at all plants and dismiss over one-third of its employees. In a derivative suit brought against the Blue Bell directors, a stockholder alleged that the directors breached their duty of loyalty by failing to exercise their duty of oversight.
Delaware’s seminal Caremark decision establishes the conditions for director oversight liability: “(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”2 Successfully pleading a Caremark claim is no small feat. Indeed, it has been described as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”3 A plaintiff must show that directors “knew that they were not discharging their fiduciary obligations.”4 The stockholder in this case managed to properly plead such a claim, with the Delaware Supreme Court highlighting the following allegations in the complaint:
- no board committee that addressed food safety existed;
- no regular process or protocols that required management to keep the board apprised of food safety compliance practices, risks, or reports existed;
- no schedule for the board to consider on a regular basis, such as quarterly or biannually, any key food safety risks existed;
- during a key period leading up to the deaths of three customers, management received reports that contained what could be considered red, or at least yellow, flags, and the board minutes of the relevant period revealed no evidence that these were disclosed to the board;
- For example, some of the “red, or at least yellow, flags” mentioned in the case included over 20 food safety compliance failures at Blue Bell plants identified by three separate state regulators from 2009-2013 and 10 positive tests for listeria at Blue Bell plants over the course of 2014, followed by notification from state regulators in 2015 as to positive tests for listeria in Blue Bell samples.
- the board was given certain favorable information about food safety by management, but was not given important reports that presented a much different picture; and
- the board meetings are devoid of any suggestion that there was any regular discussion of food safety issues.5
These relatively detailed allegations were bolstered by information obtained by the stockholder from a DGCL § 220 books and records demand. The Blue Bell directors defended by pointing to:
- laws requiring Blue Bell to meet FDA and state regulatory food safety requirements;
- manuals for employees regarding safety practices;
- regulatory compliance audits commissioned by the company from time to time; and
- regular government inspections of Blue Bell facilities, the results of which were provided to management.6
Though the directors’ arguments gained traction with the Delaware Court of Chancery, the Delaware Supreme Court was unmoved and reversed the Delaware Court of Chancery’s dismissal, finding that the stockholder’s complaint pleaded “particularized facts that support a reasonable inference that the Blue Bell board failed to implement any system to monitor Blue Bell’s food safety performance or compliance.”7
While the Blue Bell case is somewhat unique in light of the company’s monoline business model (ice cream), and the associated health risks that even a layman could appreciate, the holding offers several significant takeaways for directors of all Delaware corporations. Discharging the duty of oversight requires directors to do more than rely on significant government regulation of a company’s industry or general discussions of “operational issues” at board meetings with management.8 Rather, directors must demonstrate that they have used good faith efforts—that is, they “tried”—to put in place at the board level “a reasonable system of monitoring and reporting about the corporation’s central compliance risks.”9 There is no one-size-fits-all approach. Boards have discretion to implement context- and industry-specific approaches to risk oversight that are tailored to the activities and resources of the businesses they oversee. The Delaware Supreme Court suggested that such a system would have needed to monitor and report, in Blue Bell’s circumstances, on risks related to food safety – “a compliance issue intrinsically critical to the company’s business operation.”10
Helpfully, the Blue Bell case illustrates that Delaware courts “are not examining the effectiveness of a board-level compliance and reporting system after the fact.”11 As the Delaware Supreme Court acknowledges, “case law gives deference to boards and has dismissed Caremark cases even when illegal or harmful company activities escaped detection, when the plaintiffs have been unable to plead that the board failed to make the required good faith effort to put a reasonable compliance and reporting system in place.”12
Practically speaking, directors need to be able to demonstrate that they have been proactive in discharging their risk oversight responsibilities. Internal board policies (e.g., governance guidelines or policies requiring board-level reports about key risks), detailed meeting calendars and agendas and committee charters can each document the compliance and reporting system in place for monitoring and reporting risks, while meeting minutes can be used to demonstrate that periodic monitoring has taken place. Tasking a board committee with oversight of specific market or industry risks may be appropriate to help demonstrate the board’s due care in monitoring such risks, though a separate committee is not required if oversight is handled by the full board.
As it relates to meeting minutes, the Blue Bell case illustrates the importance of drafting minutes with sufficiently detailed references to relevant risk-related discussions. Such references should include both good and bad risk-related reports delivered to the board or committee. Vague references to “operational issues” likely will not suffice in and of themselves. A good practice would also include attaching or referencing presentations and other risk-related materials that are provided to directors in an effort to further strengthen the evidentiary record.