It is an all-too familiar accusation to many directors: If only you had done something more, the corporation could have avoided an injury or loss. Since the mid-1990s, Delaware courts have repeatedly recognized that attempting to pin personal liability on directors for their alleged inaction is “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” as in In re Caremark International Derivative Litigation, 698 A.2d 959, 967 (Del. Ch. 1996). Yet the playbook of many plaintiffs has not changed; when corporations experience trauma, plaintiffs take aim at their directors and officers, reflexively claiming that they are liable for failing to predict and prevent corporate losses. These claims are variously referred to as “failure-to-monitor,” “oversight liability,” or “Caremark” claims, and Delaware courts have looked on them with healthy skepticism. In 2017, two cases illustrated that Delaware courts continue to impose exacting pleading burdens on Caremark claims, especially when plaintiffs claim that they are excused from making a demand on the board before suing derivatively.

First, in Horman v. Abney, C.A. No. 12290-VCS (Del. Ch., Jan. 19), stockholders of United Parcel Service brought a derivative action claiming that the company's board breached its duty of loyalty by failing to monitor UPS's compliance with laws regarding the transportation and delivery of cigarettes. The New York Attorney General had previously investigated UPS's cigarette shipping practices, and UPS resolved that investigation by entering into an agreement “to comply with applicable laws and establish effective monitoring systems going forward.” Any violation of the agreement subjected UPS to a $1,000 penalty and further liability under federal and state law. When the city and state of New York later sued UPS for violating the agreement, the plaintiffs filed the derivative action.

The plaintiffs contended that UPS's directors were personally liable for subjecting the company to damages and penalties by ignoring the requirements of the settlement agreement. Under the standard articulated in Caremark, the directors could be liable only if they “utterly failed to implement any reporting or information system or controls;” or “consciously failed to monitor or oversee” such a system or controls that were implemented, “thus disabling themselves from being informed of risks or problems requiring their attention,” as in Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006). The plaintiffs asserted arguments under both prongs of the Caremark test and further argued that they were excused from making a pre-suit demand because the directors faced a substantial likelihood of liability.

The Delaware Court of Chancery rejected these claims and granted dismissal with prejudice. The court observed that the arguments under the first prong of Caremark were “perplexing” given that the complaint itself acknowledged that the settlement agreement called for new reporting and compliance systems, which UPS successfully implemented. Directors cannot be liable, the court explained, merely because “the reporting systems they implemented and relied upon, without reason to suspect they were not working, did not ultimately detect corporate wrongdoing or bring it to their attention.”

Turning to the second prong of Caremark, the court also rejected the plaintiffs' arguments that the board consciously disregarded “red flags” of corporate misconduct. First, the plaintiffs insisted that the settlement agreement with the state of New York itself constituted a red flag. The court disagreed, noting that UPS had complied with the settlement agreement and established compliance controls that functioned well initially. Second, the plaintiffs cited a report to the audit committee by the officer who was designated as the point of contact for any notices related to New York's enforcement of the settlement agreement. Based on the officer's position and responsibilities, the plaintiffs urged the court to assume that he told the audit committee that the company was violating the agreement. But the court declined to credit the plaintiffs' “inferential leaps” because they had failed to plead any particularized facts about what the officer knew, when he learned it, or what he actually said at the audit committee meeting. Third, the plaintiffs relied on an internal memorandum indicating that federal and state authorities were investigating UPS for violating the settlement agreement. The plaintiffs argued that the court should infer that the same officer, “based solely on his position at UPS,” must have alerted the audit committee to the violations. The court rejected that argument, noting the lack of any allegations that the officer ever received the information in the memorandum, much less reported it to any directors. Finally, the plaintiffs contended that presentations a different employee made to the audit committee years later raised red flags. Although the defendants did not argue otherwise, the court reasoned that the committee's meeting minutes demonstrated that the directors took appropriate action in response to the red flags. The directors could not face a substantial likelihood of liability, the court concluded, for ignoring flags that they actually addressed.

The second illustrative case is In re Qualcomm FCPA Stockholder Derivative Litigation, C.A. No. 11152-VCMR (Del. Ch. June 16). In Qualcomm, the Court of Chancery dismissed Caremark claims asserting that Qualcomm Inc.'s directors and former CFO disregarded red flags warning that the company may be violating the Foreign Corrupt Practices Act. In 2016, the SEC concluded that the company had violated the FCPA by providing meals, gifts, and entertainment to Chinese officials; hiring their relatives; insufficiently accounting for the gifts; and failing to implement adequate FCPA compliance controls. Anticipating legal action, Qualcomm settled with the SEC, agreeing to pay a $7.5 million penalty and provide periodic reports to the SEC for two years. The plaintiffs then sued, seeking to hold the directors liable to Qualcomm for not preventing the company's violations. They, too, argued they were excused from making a pre-suit demand because their claims imposed liability on the board.

The court dismissed the case, holding that the plaintiffs failed to plead a substantial likelihood of liability for the Caremark claims or any other claims. Although the plaintiffs claimed that the Audit Committee of Qualcomm's board received internal reports indicating possible FCPA violations, the complaint also cited a host of documents showing that the company planned to take remedial actions. “These responses,” the court concluded, “show that the board did not act in bad faith.” Moreover, the court rejected the plaintiffs' attempts to “second-guess the timing and manner of the board's response to the red flags,” noting that they categorically fail to state a claim under Caremark.

Together, these cases confirm that the Delaware Court of Chancery has continued to reinforce the high bar for pleading oversight liability. They also show that several formulaic pleading tactics are insufficient to clear that bar. First, plaintiffs cannot plead that directors are on notice of corporate risk indefinitely simply because their companies faced a risk in the past. After a red flag has been addressed, it generally should not subject directors and officers to further liability. Second, plaintiffs cannot rely merely on the positions and responsibilities of corporate officers to manufacture inferences about what they knew, did, or said to directors. Pleading roles is no substitute for specific allegations that red flags were actually waved before the defendants. Third, even specific allegations of red flags will not suffice to state a claim if the defendants took corrective action. Caremark liability is not just about seeing red flags; it is about ignoring them. And Delaware courts will not hesitate to examine the documents incorporated into a complaint for indications that the defendants pursued remedial measures.

Rigorous scrutiny of Caremark claims is an encouraging trend that is both faithful to Delaware precedent and salutary in fostering a willingness by top business leaders to serve as directors and officers of U.S. corporations.

Jason J. Mendro is a litigation partner in Gibson, Dunn & Crutcher's Washington, D.C. office and a member of the firm's securities litigation steering committee.

Jeffrey S. Rosenberg is a litigation associate in the firm's Washington, D.C. office.

Gibson Dunn & Crutcher

It is an all-too familiar accusation to many directors: If only you had done something more, the corporation could have avoided an injury or loss. Since the mid-1990s, Delaware courts have repeatedly recognized that attempting to pin personal liability on directors for their alleged inaction is “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” as in In re Caremark International Derivative Litigation, 698 A.2d 959, 967 (Del. Ch. 1996). Yet the playbook of many plaintiffs has not changed; when corporations experience trauma, plaintiffs take aim at their directors and officers, reflexively claiming that they are liable for failing to predict and prevent corporate losses. These claims are variously referred to as “failure-to-monitor,” “oversight liability,” or “Caremark” claims, and Delaware courts have looked on them with healthy skepticism. In 2017, two cases illustrated that Delaware courts continue to impose exacting pleading burdens on Caremark claims, especially when plaintiffs claim that they are excused from making a demand on the board before suing derivatively.

First, in Horman v. Abney, C.A. No. 12290-VCS (Del. Ch., Jan. 19), stockholders of United Parcel Service brought a derivative action claiming that the company's board breached its duty of loyalty by failing to monitor UPS's compliance with laws regarding the transportation and delivery of cigarettes. The New York Attorney General had previously investigated UPS's cigarette shipping practices, and UPS resolved that investigation by entering into an agreement “to comply with applicable laws and establish effective monitoring systems going forward.” Any violation of the agreement subjected UPS to a $1,000 penalty and further liability under federal and state law. When the city and state of New York later sued UPS for violating the agreement, the plaintiffs filed the derivative action.

The plaintiffs contended that UPS's directors were personally liable for subjecting the company to damages and penalties by ignoring the requirements of the settlement agreement. Under the standard articulated in Caremark , the directors could be liable only if they “utterly failed to implement any reporting or information system or controls;” or “consciously failed to monitor or oversee” such a system or controls that were implemented, “thus disabling themselves from being informed of risks or problems requiring their attention,” as in Stone v. Ritter , 911 A.2d 362, 370 (Del. 2006). The plaintiffs asserted arguments under both prongs of the Caremark test and further argued that they were excused from making a pre-suit demand because the directors faced a substantial likelihood of liability.

The Delaware Court of Chancery rejected these claims and granted dismissal with prejudice. The court observed that the arguments under the first prong of Caremark were “perplexing” given that the complaint itself acknowledged that the settlement agreement called for new reporting and compliance systems, which UPS successfully implemented. Directors cannot be liable, the court explained, merely because “the reporting systems they implemented and relied upon, without reason to suspect they were not working, did not ultimately detect corporate wrongdoing or bring it to their attention.”

Turning to the second prong of Caremark, the court also rejected the plaintiffs' arguments that the board consciously disregarded “red flags” of corporate misconduct. First, the plaintiffs insisted that the settlement agreement with the state of New York itself constituted a red flag. The court disagreed, noting that UPS had complied with the settlement agreement and established compliance controls that functioned well initially. Second, the plaintiffs cited a report to the audit committee by the officer who was designated as the point of contact for any notices related to New York's enforcement of the settlement agreement. Based on the officer's position and responsibilities, the plaintiffs urged the court to assume that he told the audit committee that the company was violating the agreement. But the court declined to credit the plaintiffs' “inferential leaps” because they had failed to plead any particularized facts about what the officer knew, when he learned it, or what he actually said at the audit committee meeting. Third, the plaintiffs relied on an internal memorandum indicating that federal and state authorities were investigating UPS for violating the settlement agreement. The plaintiffs argued that the court should infer that the same officer, “based solely on his position at UPS,” must have alerted the audit committee to the violations. The court rejected that argument, noting the lack of any allegations that the officer ever received the information in the memorandum, much less reported it to any directors. Finally, the plaintiffs contended that presentations a different employee made to the audit committee years later raised red flags. Although the defendants did not argue otherwise, the court reasoned that the committee's meeting minutes demonstrated that the directors took appropriate action in response to the red flags. The directors could not face a substantial likelihood of liability, the court concluded, for ignoring flags that they actually addressed.

The second illustrative case is In re Qualcomm FCPA Stockholder Derivative Litigation, C.A. No. 11152-VCMR (Del. Ch. June 16). In Qualcomm, the Court of Chancery dismissed Caremark claims asserting that Qualcomm Inc.'s directors and former CFO disregarded red flags warning that the company may be violating the Foreign Corrupt Practices Act. In 2016, the SEC concluded that the company had violated the FCPA by providing meals, gifts, and entertainment to Chinese officials; hiring their relatives; insufficiently accounting for the gifts; and failing to implement adequate FCPA compliance controls. Anticipating legal action, Qualcomm settled with the SEC, agreeing to pay a $7.5 million penalty and provide periodic reports to the SEC for two years. The plaintiffs then sued, seeking to hold the directors liable to Qualcomm for not preventing the company's violations. They, too, argued they were excused from making a pre-suit demand because their claims imposed liability on the board.

The court dismissed the case, holding that the plaintiffs failed to plead a substantial likelihood of liability for the Caremark claims or any other claims. Although the plaintiffs claimed that the Audit Committee of Qualcomm's board received internal reports indicating possible FCPA violations, the complaint also cited a host of documents showing that the company planned to take remedial actions. “These responses,” the court concluded, “show that the board did not act in bad faith.” Moreover, the court rejected the plaintiffs' attempts to “second-guess the timing and manner of the board's response to the red flags,” noting that they categorically fail to state a claim under Caremark.

Together, these cases confirm that the Delaware Court of Chancery has continued to reinforce the high bar for pleading oversight liability. They also show that several formulaic pleading tactics are insufficient to clear that bar. First, plaintiffs cannot plead that directors are on notice of corporate risk indefinitely simply because their companies faced a risk in the past. After a red flag has been addressed, it generally should not subject directors and officers to further liability. Second, plaintiffs cannot rely merely on the positions and responsibilities of corporate officers to manufacture inferences about what they knew, did, or said to directors. Pleading roles is no substitute for specific allegations that red flags were actually waved before the defendants. Third, even specific allegations of red flags will not suffice to state a claim if the defendants took corrective action. Caremark liability is not just about seeing red flags; it is about ignoring them. And Delaware courts will not hesitate to examine the documents incorporated into a complaint for indications that the defendants pursued remedial measures.

Rigorous scrutiny of Caremark claims is an encouraging trend that is both faithful to Delaware precedent and salutary in fostering a willingness by top business leaders to serve as directors and officers of U.S. corporations.

Jason J. Mendro is a litigation partner in Gibson, Dunn & Crutcher's Washington, D.C. office and a member of the firm's securities litigation steering committee.

Jeffrey S. Rosenberg is a litigation associate in the firm's Washington, D.C. office.