Under Delaware law, the fiduciary duty of oversight imposes several obligations on boards of directors, including the responsibility to oversee companies and their employees by implementing compliance systems designed to detect and report corporate misconduct. Courts have uniformly held that a claim for breach of the duty of oversight is “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”
In Caremark and Stone v. Ritter, the Delaware Supreme Court held that to state a claim for breach of the duty of oversight, plaintiffs must allege one of two scenarios: (1) that a board completely failed to implement any reporting system or controls, or (2) that a board, having implemented such systems or controls, consciously failed to monitor or oversee operations and disabled itself from becoming informed of risks or problems that would require its attention. In either scenario, plaintiffs must further allege that a board knew it was not discharging its fiduciary responsibilities, i.e., that directors acted in bad faith.
This challenging pleading standard was reaffirmed by the Delaware Court of Chancery’s recent decision in Reiter v. Fairbank, where Chancellor Bouchard dismissed a claim for breach of the duty of oversight in the demand excusal context, holding that the “plaintiff has failed to plead with particularity that a majority of [the Company’s] ten-member board acted in such an egregious manner that they would face a substantial likelihood of liability for breaching their fiduciary duty of loyalty so as to disqualify them from applying disinterested and independent consideration to a demand.” The Court held that “the standard under Delaware law for imposing oversight liability on a director is an exacting one that requires evidence of bad faith, meaning that ‘the directors knew that they were not discharging their fiduciary obligations.’”
In Reiter, the plaintiff, a stockholder of Capital One Financial Corporation (the “Company”), alleged that the Company’s directors breached their fiduciary duty of oversight by failing to adequately monitor both the Company’s check-cashing service and compliance with Bank Secrecy Act and anti-money laundering regulations (“BSA/AML”). The Bank Secrecy Act of 1970 “requires financial institutions in the United States to assist government agencies to detect and prevent money laundering activities” by, for example, “maintaining a system of internal controls to ensure ongoing BSA/AML compliance and independent testing for compliance.”
Between June 2011 and January 2015, the Company’s Audit and Risk Committee received reports from management discussing its BSA/AML compliance system and regulatory developments. Through 2013 and 2014, the Company internally audited its BSA/AML compliance regime. Internal reports initially described the Company’s compliance program as “needs strengthening,” and later as “inadequate.”
In late 2013-early 2014, the Company discontinued its check-cashing business following a New York State investigation “concerning the Company’s [BSA/AML] controls and check cashing clients.” During the New York State investigation and a subsequent investigation by the United States Department of Justice, “it was found that [the Company] had ‘failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements due to an inadequate system of internal controls and ineffective independent testing.’”
Before the Court of Chancery, the plaintiff alleged that “defendants breached their fiduciary duty of loyalty as members of [the Company’s] board by ‘purposefully, knowingly, or recklessly causing or allowing the Company to violate the BSA/AML, as well as other applicable law.’” “More specifically, plaintiff contends that, despite the Company’s statutory obligation to maintain BSA/AML controls and procedures, its directors consciously ignored ‘numerous red flags demonstrating the statutory inadequacy of those controls and procedures.’”
The Court considered each of the red flags, but ultimately found that because nothing indicated that “the Company’s BSA/AML controls and procedures actually had been found to violate statutory requirements at any time or that anyone within [the Company] had engaged in fraudulent or criminal conduct[,]” plaintiff’s “core factual allegations . . . do not amount to red flags of illegal conduct.” The Court stated that there is a difference between “an inadequate or flawed effort to carry out fiduciary duties and a conscious disregard for those duties.” Chancellor Bouchard described “red flags” as incidents that should put directors on notice of misconduct or a weaknesses within the corporation through its implemented compliance system. Nonetheless, a “red flag” is only useful when it is “waived in one’s face” or displayed so visibly that the directors must have had notice—either actually or constructively—of misconduct. Here, the “red flags” were visible to the Company and its board. The Company received at least twenty-five reports that not only explained its compliance risk but also explained the initiatives that management was taking to ameliorate that risk.
Moreover, the Court noted that these “red flags” would be better referred to as “yellow flags of caution,” as the plaintiff failed to present evidence that would illustrate that the Company engaged in illegal behavior or that “the directors must have known they were breaching their fiduciary duties by tolerating a climate in which the Company was operating part of its business in defiance of the law.” The Court reasoned that the reports that were delivered to the board ultimately led to the company taking responsive action: exiting the check-cashing business, which was the root of the company’s compliance issues. This exploit stands in stark contrast to a claim of “inaction” or that the directors were not discharging their duty of oversight.
In sum, the Court’s reasoning in Reiter reaffirms the stringent threshold that plaintiffs must meet in order to prove an oversight breach: claims must be supported with sufficient evidence that a board consciously failed to discharge its fiduciary duties. The Court’s opinion clarified the concept of “red flags” which provide notice of problems that must be addressed at the board level. If a board is aware of red flag incidents and consciously chooses to ignore them and take no further action, it has likely breached its duty of oversight. If, however, the board affirmatively acts in responding to red flags—even if that response fails to entirely limit liability—it is unlikely that the board will have breached its duty of oversight.
Sarah is a second year student at Widener University Delaware Law School and a Staff Member on the Delaware Journal of Corporate Law.
Suggested Citation: Sarah Baker, “Red Flags” and the Duty of Oversight, Del. J. Corp. L (Mar. 15, 2017), www.djcl.org/blog.