June 04, 2020

Complying with Oversight Fiduciary Duty Obligations in Response to COVID-19

16 min

As America begins to restart its economy in the midst of the novel coronavirus (COVID-19) pandemic, businesses that are reopening and/or ramping up their operations will need to take measures reasonably designed to protect the health of their employees and customers, including the implementation of practices and procedures that comply with state and local public health regulations. Additionally, business entities of all types—publicly traded and privately owned corporations and limited liability companies alike—will need to have board-level monitoring and compliance systems in place to ensure their directors and managers are able to comply with fiduciary duties regarding oversight of the business in the COVID-19 era. In exercising these oversight fiduciary duties, directors and managers should take the following actions:

  • Identify risks relating to COVID-19 that are critical to the business;
  • Ensure the board has in place appropriate reporting and monitoring systems and policies to deliver material information to directors and managers;
  • Engage in a proactive review and consideration of information and issues regarding COVID-19's impact on the company; and
  • Document contemporaneously the board's actions in monitoring and responding to COVID-19 issues and risks.

Fiduciary Duties of Directors and Managers and the Oversight Function

The board of directors is charged by statute with overseeing the business and affairs of a corporation, and although the board appoints officers to run the day-to-day operations, the directors ultimately are responsible for the management of the corporation and have certain fiduciary obligations to the corporation and its stockholders. Fiduciary standards of conduct that apply to a corporation and its directors will depend in the first instance on the statutory and case law of the state in which the corporation is incorporated, but the two principal fiduciary duties under corporate law in most states are the duty of care and the duty of loyalty. Compliance with the duty of care generally requires directors to fully inform themselves of all material information reasonably available to them and to act with care in the discharge of their duties. The duty of loyalty generally requires directors to have the interest of the corporation and its stockholders ahead of their own personal interests.

Limited liability companies have become the preferred form of entity for many businesses, particularly privately held entities, and understanding the fiduciary obligations of managers and members of a limited liability company can be complicated, for a variety of reasons. For instance, there may be a lack of statutory guidance in the applicable jurisdiction or there may be a lack of well-defined case law, given that LLCs are relatively new, at least compared to corporations. Also, governance of these entities, including the scope of fiduciary obligations, generally is a matter of contract law, as set forth in the operating agreement. While state law can vary on the nature of these fiduciary duties, managers of an LLC generally owe certain fiduciary obligations to the entity and possibly its members, and the analysis of these fiduciary obligations will be similar to that for directors of a corporation.

Oversight Function and Judicial Standard of Review

A board of directors of a corporation or board of managers of an LLC1 generally has two principal functions: (1) decision-making and (2) oversight. The decision-making function typically entails approving or rejecting certain material actions, for instance, transactions involving the sale of the company or an equity or debt financing. Oversight involves supervising the business and affairs of the company, such as identifying and overseeing major risks to which the company is or may be exposed, establishing policies and practices to foster the company's compliance with legal requirements, and implementing internal controls to ensure the board receives adequate and timely information.

If shareholders or members of a company challenge an action, or failure to act, by the board of directors or managers, courts most likely will review such challenge under the business judgment rule, which is a presumption that the board members were informed and acted in good faith and in the best interests of the company. This standard generally is deferential to the decision of the board, and the policy underlying the business judgment rule is that a court will not second-guess the valid business judgment of an informed board.

Delaware Law on Oversight Fiduciary Duties

There is relatively limited guidance for complying with fiduciary duties in connection with the exercise of the oversight function. The In re Caremark Int'l Inc. Derv. Litig. decision in 1996 was the first case in which a Delaware court articulated the fiduciary duties of directors in an oversight context.2 Although directors and managers will need to understand the law on fiduciary duties in the state of the company's incorporation or formation, Delaware case law can be an important resource for understanding fiduciary duties for companies incorporated or formed in other states, because Delaware has a well-developed body of corporate law and its courts are sophisticated on corporate matters.3

In Caremark, the Delaware court of chancery held that only a sustained or systematic failure of the board to exercise oversight will establish the lack of good faith that is a necessary condition to liability. The court stated that establishing a breach of a fiduciary duty in the oversight context is "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment."4 In 2006, the Delaware Supreme Court further articulated the Caremark standard for oversight liability, holding that in order to prevail on an oversight claim, the plaintiff must establish one of the following conditions: either "(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, [the directors] consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention."5 Accordingly, Delaware courts have consistently set a high bar for imposing liability on directors for an oversight claim, making clear that Caremark-type duties are not designed to impose oversight liability for business risk and that directors will have significant latitude in carrying out their oversight function.6

Delaware courts issued several decisions in 2019 providing additional clarity on fiduciary obligations with respect to the oversight function. In the June 2019 Marchand v. Barnhill case, the Delaware Supreme Court unanimously reversed the lower court's dismissal of a stockholder derivative suit alleging Caremark claims.7 The Supreme Court recognized the very high bar Caremark established for oversight claims but noted that a board has a "bottom-line requirement" to "make a good faith effort – i.e., try – to put in place a reasonable board-level system of monitoring and reporting."8

The Marchand case arose from a 2015 Listeria outbreak in production plants of Blue Bell Creameries USA Inc., a privately held ice cream producer, which resulted in the death of three Blue Bell customers, a recall of all of Blue Bell's products, a lengthy production shutdown, and a liquidity crunch requiring Blue Bell to obtain financing that was highly dilutive to its stockholders. According to the complaint, in the years prior to the outbreak, the Food and Drug Administration, state regulators, and the company's own internal testing had identified food safety and contamination issues at the company's plants, but the company's records and board minutes did not reflect that these issues were reported to or considered by the board of directors. The Delaware Supreme Court considered the following allegations by the plaintiffs in rendering its decision: (1) Blue Bell did not have a board committee overseeing food safety; (2) there was no process or protocol for management to advise the board of food safety compliance practices, risks or reports, and there was no evidence the board had received negative food safety and compliance reports delivered to management; and (3) the board minutes did not reflect discussions or consideration by the directors of food safety issues and risks.

The Court in Marchand noted that Blue Bell's primary compliance issue was "ensuring that the only product it makes—ice cream—is safe to eat" and that the plaintiff's allegations demonstrated that although management was aware of the food safety and contamination issues, "this information never made its way to the board, and the board continued to be uninformed (and thus unaware of) the problem."9 Accordingly, the Court found that the allegations supported "an inference that no system of board-level compliance monitoring and reporting existed at Blue Bell" and that the board had "not made the good faith effort that Caremark requires."10 The Court further observed that if "Caremark means anything, it is that a corporate board must make a good faith effort to exercise its duty of care. A failure to make that effort constitutes a breach of the duty of loyalty."11

In the months following the Marchand decision, additional Delaware cases have addressed Caremark claims The court of chancery dismissed oversight claims against the board of directors in two of those cases; in each of those cases, the court found evidence that the directors had received information regarding the misconduct at issue and had taken certain actions to address the misconduct.12 In the In re Clovis Oncology, Inc. Derivative Litig.13 case, however, the court denied a motion to dismiss a Caremark oversight claim regarding an early-stage biopharmaceutical company in a highly regulated industry that was dependent on a single drug in its pipeline and suffered a significant drop in its stock value as a result of poor clinical trial results for this drug. The plaintiffs alleged that the company had deviated from industry-standard protocols for reporting clinical trials of the drug's efficacy and that the directors had failed to heed warnings related to these deviations and take steps to fix the problem. Although the company had reporting systems to advise the directors of the drug development process, management's reporting was alleged to be misleading and inaccurate, and the court described the reports as being received by the directors "[w]ith hands on their ears to muffle the alarms."14 In denying the motion to dismiss, the court noted that the board of directors was "comprised of experts" who understood the reporting and regulatory requirements of the company's industry but "consciously ignored red flags that revealed a mission critical failure to comply with" reporting and regulatory requirements.15

The Marchand and other 2019 oversight decisions do not change Delaware law regarding oversight claims, but provide guidance on factors boards must consider in carrying out their oversight function and underscore the fact-intensive nature of an oversight claim analysis. There is a high bar to clear for imposing liability on directors for an oversight claim, and directors will have significant latitude in carrying out their oversight function, but Marchand and Clovis reaffirm that directors have an obligation to make a good faith effort to implement and oversee a board-level monitoring system reasonably designed to identify, monitor, and mitigate fundamental risks to the company.

Complying with Oversight Duties in Response to the COVID-19 Crisis

There are a number of actions a board of directors or managers should take in carrying out its oversight function, including identifying the "mission critical" risks to the company, designing board-level monitoring and compliance systems to address the risks, being proactive in monitoring and discussing the risks, and ensuring the contemporaneous drafting of appropriate documentation evidencing the board's exercise of its oversight function. Businesses face a number of serious risks as a result of the COVID-19 crisis, including not only economic risks resulting from government restrictions on operations and resulting negative impacts on revenue and liquidity, but also risks to the health and safety of employees and customers. Directors and managers must understand the implications of COVID-19 with respect to their fiduciary obligations to oversee the business of the entity they serve.

Identifying the Mission Critical Risks

In order to exercise its oversight function, a board needs to identify the fundamental and "mission critical" risks to the company and design internal control systems to monitor and address those risks. The Marchand and Clovis decisions underscore that this exercise is especially critical if the company operates in a highly regulated industry and/or is substantially dependent on a single product. For instance, the court in Marchand indicated that the board must make an effort to be "informed of a compliance issue intrinsically critical to the company's business operation,"16 whereas in Clovis the court noted that in determining Caremark liability it is appropriate to distinguish director oversight of general "management of business risk" from oversight of "compliance with positive law-including regulatory mandates."17

The COVID-19 crisis arguably has imposed, at least for the time being, a "mission critical regulatory compliance risk" on almost any retail, manufacturing, or other business that has a physical location in which employees interact with other employees and/or customers. As businesses begin to reopen and/or ramp up their operations, they will need to ensure they are complying with government requirements on physical distancing, enhanced cleaning, and other operational matters and would be well advised to implement best practices, to the extent practicable, for protecting employees and customers. Boards of directors and managers will need to proactively monitor these risks, as the failure to comply with government requirements or to implement best practices for protecting employees and customers could have a catastrophic impact on the company's performance, reputation, and brand.

Implementing Reporting and Monitoring Systems

In connection with identifying the mission critical risks for the company, a board also must ensure that reasonable and effective reporting and monitoring systems are in place to deliver material information about the risks to the board. The board will have broad discretion to design the systems based on the circumstances of the company's business and resources, but it does have to make a good faith effort to implement such systems. These systems should include regular management reports to the board on COVID-19 compliance measures and issues, as well as the impact on business operations and liquidity. Additionally, the board should receive prompt notification and disclosure of any material compliance failures, developments, or incidents—such as infections and/or deaths of employees or customers, additional restrictions on operations, or liquidity issues—that could have an adverse impact on the business. Other mechanisms boards might consider include a board committee established specifically for monitoring COVID-19 issues and whistleblower protections and policies designed to encourage employees to freely communicate issues and concerns to directors and managers and to guard against management restricting the delivery of material information to the board.

Proactively Reviewing Information and Responding to Issues

The Delaware court in the Clovis case allowed an oversight claim to proceed even though the company had reporting systems in place to advise the directors of regulatory issues impacting the company, because alleged facts indicated that the directors did not actively review and consider the information available to them and, as the court described in its opinion, received reports "[w]ith hands on their ears to muffle the alarms." Alternatively, recent decisions that dismissed oversight claims emphasized not only that the minutes of board deliberations revealed that directors received information about certain issues negatively impacting the company, but also implemented or oversaw measures to remediate the problem and/or enhance compliance. These cases highlight that having monitoring and reporting systems in place is not, in and of itself, enough for a board to be deemed in compliance with its oversight responsibilities. Directors and managers need to be proactive in monitoring and discussing information regarding material risks and compliance issues, and when problems or issues arise, should direct and oversee remedial action in a timely manner. Additionally, the board should review and evaluate on a regular basis the effectiveness of the company's internal controls and board-level monitoring systems and modify such controls and systems as appropriate.

Documenting Board Action and Providing Necessary Resources and Support

The Delaware cases on Caremark oversight claims underscore the importance of appropriately documenting the monitoring and oversight systems and policies in place and preparing contemporaneous meeting agendas, exhibits and minutes that evidence the topics discussed, questions raised, and actions taken at board and committee meetings. Although courts will not second-guess the business judgment of an informed board, the board will need to be able to demonstrate it made a good faith effort to establish and oversee reasonable board-level systems of reporting and monitoring, and well-drafted, contemporaneous board minutes can be the most effective tool for evidencing the board's compliance with its fiduciary obligations. The board minutes should not be transcripts of meetings, but should identify the issues and information reported to and discussed by the board, questions raised by board members, and actions taken.

Directors and managers also must ensure they have sufficient support and resources, including access to outside counsel and third-party experts, to comply with their oversight responsibilities. Privately held companies in particular may have unique challenges, as they generally do not have the same resources and experience as public companies in dealing with oversight issues. Publicly traded companies must comply with SEC and exchange listing requirements regarding audit committees and other governance and compliance matters; accordingly, these companies have reporting and monitoring systems in place and resources available to apply to board-level oversight obligations. Boards of private companies have the same fiduciary duties as boards of public companies, but most private companies do not have the same monitoring systems and resources as public companies, and private company board members likely do not have the same level of experience as their public company counterparts in dealing with monitoring and compliance issues.

Additional Information

Venable is available to offer guidance and support to boards of directors and managers in complying with their fiduciary obligations as we collectively navigate these challenging times.

[1] There is significant flexibility to structure the management of an LLC pursuant to the terms of the operating agreement, and various structures may include management by the members, by one or more managers responsible for the day-to-day operations of the company, or by a board of managers that oversees the business and affairs of the company but does not directly manage the operations, similar to a board of directors of a corporation. The board of managers structure in an LLC is the most relevant for purposes of this discussion of the oversight obligations of managers.

[2] In re Caremark Int'l Inc. Derv. Litig., 698 A.2d 959 (Del. Ch. 1996).

[3] Virginia, for instance, has limited case law on fiduciary duties in the oversight context, but Virginia courts have referenced the standards outlined in Caremark in discussing the oversight duties of directors. See Dellastatious v. Williams, 242 F.3d 191, 196-197 (4th Cir. 2001); In re LandAmerica Financial Group, Inc., 470 B.R. 759, 798 (Bankr. E.D. Va. 2012).

[4] In re Caremark, 698 A.2d at 967.

[5] Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006).

[6] See In re Citigroup Shareholder Derivative Litigation, 964 A.2d 106, 126 (Del Ch. 2009) (stating that "[b]usiness decision-makers must operate in the real world, with imperfect information, limited resources, and uncertain future. To impose liability on directors for making a 'wrong' business decision would cripple their ability to earn returns for investors by taking business risks.").

[7] Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).

[8] Marchand, 212 A.3d at 821.

[9] Id. at 822.

[10] Id.

[11] Marchand, 212 A.3d at 824.

[12] Rojas v. Ellison, 2019 Del Ch. LEXIS 281 (Ch. July 29, 2019) (dismissing Caremark claims brought against the directors of J.C. Penny Company for allegations that the directors consciously failed to oversee the company's compliance with state laws governing price-comparison advertising, and finding that reports provided to the audit committee and minutes of the deliberations of the committee regarding the matter, as well as policies the company implemented to ensure compliance with price-comparison laws, did not demonstrate that the directors had "utterly" failed to implement a board-level reporting system to monitor compliance with laws and regulation); In re LendingClub Corp. Derivative Litig., 2019 Del Ch. LEXIS 1347 (Ch. Oct. 31, 2019) (dismissing Caremark claims relating to securities litigation and other damages arising from non-conforming loan sales, failure to disclose certain related party transactions, and improper accounting practices regarding certain asset valuations, and finding that the pre-existing internal controls and prompt self-remediation by the company did not support a finding of utter failure to implement a meaningful reporting system or bad faith conduct in failing to monitor compliance).

[13] In re Clovis Oncology, Inc. Derivative Litig., No. CV 2017-0222-JRS, 2019 Del Ch. LEXIS 1293 (Ch. Oct. 1, 2019).

[14] Clovis, No. CV 2017-0222-JRS at 17.

[15] Id. at 42.

[16] Marchand, 212 A.3d at 822.

[17] Id. at 34-35.