For the second time in three months, a Delaware court held last week that directors faced potential liability for a breach of their duty of oversight pursuant to In re Caremark International Inc. Derivative Litigation and its progeny. In In re Clovis Oncology, Inc. Derivative Litigation, the Court of Chancery allowed plaintiffs to proceed on their claim that the board of directors was aware of and ignored “red flags” evidencing that Clovis misrepresented the performance of its core cancer drug in clinical trials. The Clovis decision follows the June 2019 opinion from the Delaware Supreme Court in Marchand v. Barnhill holding that the directors of Blue Bell Creameries allegedly failed to institute board-level reporting systems for food safety, the critical compliance risk for the company. While an oversight claim is “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” the quick succession of these decisions confirms that Delaware courts take seriously directors’ oversight duties.
New Life for Caremark Claims?
Over ten years ago the Delaware Supreme Court in Stone v. Ritter articulated the standard for pleading a Caremark claim for a failure of oversight. Stone holds that directors abandon their duty of oversight when they “(1) utterly fail to implement any reporting or information system or controls; or (2) having implemented such a system or controls, consciously fail to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”
Grounded in scienter, the Stone test imposes a significant pleading burden on plaintiffs. For many years it has been far more likely that an oversight claim would be dismissed at the pleading stage rather than proceed into discovery, as was the case in Stone and the overwhelming majority of oversight cases filed across the country.
For the first time, the Delaware Supreme Court found in June that a plaintiff pled an oversight claim. In Marchand, the Supreme Court applied the first prong of the Stone test to hold Blue Bell’s directors allegedly “made no effort to put in place a board-level compliance system” for food safety, the primary compliance risk for a company like Blue Bell focused almost exclusively on ice cream production.
The decision in Clovis likewise involves a company focused on a specific product and operating in a heavily regulated industry. Clovis’s flagship product was a promising cancer treatment drug, Rociletinib (“Roci”). For Roci’s clinical trials, Clovis adopted the industry-standard RECIST protocol that measures the efficacy of a drug based on its confirmed tumor shrinkage. In reporting Roci’s clinical trial results to investors, however, Clovis management allegedly deviated from the RECIST protocol and inappropriately used both confirmed and unconfirmed shrinkage rates.
After the FDA insisted the company comply with the RECIST protocol, Clovis informed the public that Roci was less effective than previously thought. The company lost over $1 billion in market value. A securities class action complaint, regulatory enforcement, and the Clovis derivative action followed.
The Court of Chancery held the Clovis complaint did not survive the first prong of the Stone test because, in part, the board “reviewed detailed information regarding [Roci’s clinical trial] at each board meeting.”
The Court did hold, however, that the board allegedly failed to monitor the company’s existing compliance systems as required by the second prong of the Stone test. In so holding, the Court reiterated the principle from Marchand that when “externally imposed regulations govern [a company’s] ‘mission critical’ operations, the board’s oversight function must be more rigorously exercised.” The Court held that plaintiffs sufficiently pled the Clovis board, which included experts in the drug approval process, knew of and failed to act on management’s allegedly improper use of unconfirmed responses in reporting Roci’s efficacy.
What Should Boards Do?
The Marchand and Clovis decisions indicate that Delaware courts will not hesitate to scrutinize whether directors have fulfilled their oversight obligations. As Chief Justice Strine wrote in Marchand, directors must at least “try.” And while each of these decisions concerns a company with effectively one line of business, there is no reason to believe that Delaware courts would decline to extend their holdings to more diverse companies.
Directors must do more than rely on compliance programs operating within the organization or trust that management has everything running smoothly. Directors must instead understand the organization’s critical compliance risks, receive reports on those risks, and act on any red flags presented to the board.
In-house counsel should take the opportunity presented by Marchand and Clovis to refresh their board-level controls and risk oversight. Steps could include:
- Identify the company’s “mission critical” risks, taking into account its regulatory environment and public disclosures.
- Ensure there are appropriate board-level reporting systems for each critical risk.
- Assess whether there are enough directors with the expertise to engage with management on these critical risks.
- Determine whether each critical risk can be managed by the board or an existing board committee, or if a new standing committee would aid the board in performing its oversight function.
- Remind directors of their obligation to question management if the directors perceive even “yellow flags” of potential misconduct.
- Document the board’s response to warning flags and its follow-up with management.
- In preparing such documentation, weigh the risk that, even if privileged, the record could be reviewed in a later stockholder action.
- Reexamine the company’s director and officer liability insurance coverage needs.
- Reassess the utility of a Delaware forum bylaw provision that would govern internal corporate claims.
With experienced counsel, many companies would likely find that updating their board-level controls and risk oversight could result in meaningful protections for directors and, ultimately, benefit the company’s shareholders.