Categories
Blog

Caremark Claims: A Compliance Professional’s Guide to the Shifting Landscape

For decades, Delaware courts famously described Caremark claims alleging breaches of the duty of oversight as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” Yet recent legal developments have shown that while Caremark claims remain challenging, they are no longer insurmountable. Cases like Marchand v. Barnhill) and the Boeing 737 Max shareholder derivative lawsuit have demonstrated that boards of directors are not immune from liability when they fail to fulfill their oversight responsibilities.

As we head into 2025, compliance professionals must stay attuned to the evolving dynamics of oversight duty claims. Today, we consider the current state of Caremark litigation, the implications of recent case law, and emerging areas such as cybersecurity, ESG, and AI that could generate oversight liability in the future.

A Historical Shift: From Rare Wins to Increased Viability

Historically, Caremark claims were long shots for plaintiffs. Courts typically set an extremely high bar, requiring claimants to demonstrate that directors acted in bad faith by consciously ignoring red flags or failing to implement compliance systems. However, recent decisions have opened the door for such claims, particularly in cases involving egregious governance failures.

The Boeing case was one of the most striking examples of a Caremark claim. It involved the two Boeing 737 Max plane crashes, which were catastrophic crashes tied to governance and oversight failures. The case survived a motion to dismiss and eventually settled for $237.5 million, funded entirely by D&O insurance. Next was Walmart’s Opioid case, which was also resolved in 2024. In this matter, Walmart’s Board of Directors faced a shareholder derivative claim, alleging breaches of the duty of oversight about the opioid crisis. The case settled for $123 million, showing that courts will entertain Caremark claims when systemic failures result in significant harm. These high-profile cases have emboldened plaintiffs and raised alarms in Delaware courts, leading to a noticeable backlash in recent decisions.

A Backlash Emerges: Delaware Courts Reassert a High Bar 

The Delaware Chancery Court, which has long been a guardian of corporate governance law, has recently pushed back against what it views as an overextension of Caremark claims. Since 2023, we have seen three notable cases that highlight this skepticism. The first was the Segway case from 2023. In this decision, the Court dismissed claims against the board, emphasizing that liability requires a “red line” of bad faith—an extremely high standard that most claims fail to meet.

Next was the Walgreens Boots Alliance matter from 2024. In this decision, the Court criticized the “proliferation” of oversight lawsuits, warning that every time a company experiences an adverse event, reflexive filings could do more harm than good. Finally, there was the Centene matter, also from 2024: In Bricklayers Pension Fund v. Brinkley, Vice Chancellor Morgan Zurn dismissed oversight claims, finding no evidence that the board consciously disregarded compliance risks. Zurn underscored that “a bad outcome, without more, does not equate to bad faith.” These decisions signal a clear message from Delaware courts: that Caremark claims must meet an exacting standard and that not every adverse outcome shows a breach of oversight duties.

The Federal Courts Enter the Fray  

While Delaware courts tighten their standards, federal courts applying Delaware law have shown a greater willingness to let Caremark claims proceed. Two notable cases from 2024 illustrated this trend. The first was a piece of the long-running Wells Fargo litigation for various actions. In this matter, a federal district court in California allowed claims against Wells Fargo’s board to move forward, citing allegations that directors failed to address discriminatory lending practices. Similarly, a federal court in Illinois sustained claims against Abbott Labs’ Board of Directors for failing to oversee the safety of its infant formula products.

These rulings suggest federal courts may be more receptive to Caremark claims, particularly in cases involving systemic misconduct or significant public harm. While these cases do not have precedential value in Delaware, they can be seen as a roadmap for successful Caremark claims outside the jurisdiction of these two district courts.

The Compliance Implications of Recent Trends

What do all these decisions mean for compliance professionals? In the ever-evolving landscape of oversight liability, the compliance professional has challenges and opportunities. Compliance professionals should proactively identify and address these risks at the board level. There are five areas compliance professionals should focus on.

  1. Active Oversight. The common thread in successful Caremark claims is the board’s failure to actively monitor compliance risks. Compliance officers should ensure that boards are regularly informed about key risks through detailed reports and actively engaged in oversight of high-risk areas, such as product safety, regulatory compliance, and ethical conduct.
  2. Document Document Document. Your Board’s efforts to oversee compliance systems and address red flags that rise to the Board level. Boeing shows that the absence of documented board actions can be devastating in litigation. Compliance teams should work with corporate secretaries to: a.) Ensure board minutes reflect meaningful discussions about compliance risks. b.) Record follow-ups on identified issues to demonstrate a proactive approach.
  3. Emerging Risks. There are a variety of areas that are ripe for future Caremark claims. These areas include cybersecurity, as Boards that fail to oversee cyber risk management could face liability after a data breach. ESG is still a business imperative, even if the incoming Administration is antithetical to it. Environmental and social failures, such as ignoring climate risks or fostering discriminatory practices, may trigger oversight claims. Finally, AI governance will be at the forefront of many compliance professionals’ minds. As AI adoption accelerates, Boards must ensure compliance with developing regulations and ethical standards.
  4. Federal Courts. The divergence between Delaware and federal courts applying Delaware law complicates the oversight liability landscape. Compliance teams should monitor cases in both jurisdictions and adapt their strategies accordingly.
  5. Insurance and Indemnification. Given the financial stakes in Caremark litigation, robust Directors and Officers (D&O) insurance is essential. Compliance teams should work on reviewing D&O policies to ensure they provide adequate coverage for oversight claims. You should also collaborate with legal and risk management teams to understand policy exclusions and coverage limits.

A Call to Action for Compliance Professionals  

The shifting dynamics of Caremark claims underscore the critical role compliance professionals play in supporting board oversight. To strengthen your organization’s oversight framework:

  1. Educate the Board by providing regular training on directors’ fiduciary duties, focusing on their oversight obligations.
  2. Enhance reporting by developing dashboards and reports that give the board a clear view of compliance risks and mitigation efforts.
  3. Promote a culture of accountability by working with senior leadership to embed compliance into the organization’s culture and ensure that issues are addressed at every level.

While recent Delaware decisions have reaffirmed the difficulty prevailing in Caremark cases, high-profile settlements and federal court rulings indicate that oversight liability remains a growing risk. Compliance professionals must stay vigilant, ensuring their boards are well-equipped to meet their oversight responsibilities.

By focusing on proactive risk management, thorough documentation, and emerging risks like cybersecurity and AI, compliance teams can help their organizations navigate the complex oversight landscape. The stakes are high, but so are the opportunities to build stronger, more resilient governance frameworks.

As Kevin LaCroix has noted, “The bottom line is that notwithstanding recent Delaware Chancery Court skepticism toward a breach of the duty of oversight claims, there is life for these kinds of suits, at least in some cases—including in cases filed outside of the Delaware state courts.”

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Compliance Obligation for Boards

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we begin considering Board obligations around compliance.

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids, on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: TD Bank Lessons Learned: The Board and It’s Duty of Oversight

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Under the Caremark Doctrine, the Board of Directors has clear duties not to put their head in the sand and engage in conscious indifference.

Categories
Everything Compliance

Everything Compliance: Episode 143, The North to South Episode

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows.

In this episode, we have the quartet of Matt Kelly, Jonathan Marks, and Karen Moore; with host Tom Fox wearing a double hat as a commentator as well. We take up Root Cause Analysis, DEI questions in the Boeing monitorship, failures at TD Bank and a possible Caremark claim.

1. Matt Kelly takes a look into the commercial strategies which led to the compliance failures at TD Banks.  He rants about the Boston’s National Women’s Soccer League team (now deleted) advertising campaign announcing the new team with the tagline ‘too many balls’.

2. Jonathan Marks explains the differences in a Root Cause Analysis and investigations. He shouts out the WNBA and the person who solved the Golden Owl puzzle.

3. Karen Moore takes a deep dive into the district court’s request for more information on the impact of DEI on the Boeing monitorship. She rants about non-civility in the Supermarkets of America’s Parking Lots.

4. Tom Fox takes a look at the potential Caremark claim against TD Bank for both Directors and Officers failures in their duties. He shouts out to GOP dominated Texas Legislature for subpoenaing Robert Roberson for an appearance before the House, one day before his scheduled execution and the Texas Supreme Court for staying his execution until he could appear.

The members of the Everything Compliance are:

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Additional Resources:

1.     Jonathan Marks on Root Cause Analysis on LinkedIn.

2.     Matt Kelly on TD Bank’s Enforcement Action on Radical Compliance.

3.     Tom Fox on the potential Caremark claims in the TD Bank case on the Compliance Podcast Network blog.

 

Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending September 28, 2024

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week.

Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • DOJ releases a 2024 Update to the Evaluation of Corporate Compliance Programs. (FCPA Compliance & Ethics Blog)
  • China probes PVH. (Reuters)
  • Wells Fargo must face Caremark claim. (Reuters)
  • Wagner Group used HSBC and JPMorgan for payments. (FT)
  • Caroline Ellison sentenced to 2 years in prison and forfeits $11bn (NYT)
  • How Binance found that old time ‘compliance’ religion. (WSJ)
  • New York City Mayor Adams indicted on bribery and corruption charges. (NYT)
  • SEC fines 12 more firms for failures in messaging apps. (SEC Press Release)
  • S. Iswaran was convicted for corruption in Singapore. (BBC)
  • Ex-CEO of Skael faces criminal fraud charges. (WSJ)

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Everything Compliance

Everything Compliance: Episode 138, The AI in The EU Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. We have a plethora of topics for this episode, including the DOJ Whistleblower Incentive Program, a look at Solar Winds, a new Caremark decision, an effective internal audit and the new AI law in the EU, which we slice and dice from a variety of perspectives.

We have the full quintet of Matt Kelly, Jonathan Armstrong, Karen Woody, Jonathan Marks, and our newest panelist, Karen Moore, all hosted by Tom Fox.

1. Jonathan Armstrong takes a look at the new EU Low regarding AI. He shouts out to Sir Andy Murray for a great career and life.

2. Matt Kelly asks multiple questions about the form of the guilty plea and what it may mean for compliance professionals going forward. He rants about Wyoming Senator Cynthia Lummis and her legislation for a Strategic Bitcoin Reserve.

3. Karen Moore considers the Centene case, which denied a Caremark claim. She rants about German TV only showing German competitors in their Olympic coverage and she shouts out to the perseverance of Ukrainians, where students attending class at the Kyiv School of Economics will stop class during an air raid and start class again when the All Clear is given.

4. Tom Fox shouts out to Simone Biles and the beauty, power, and grace of women’s gymnastics at the Olympics, going back to Olga Korbut.

5. Karen Woody takes a deep dive into the district court’s recent dismissal of the SEC complaint against SolarWinds. She shouts out to President Biden for bringing hostages home from Russia and a job well done.

6. Jonathan Marks reviews what makes internal controls effective.

The members of Everything Compliance are:

The host, producer, rantor (and sometimes panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Categories
Everything Compliance

Everything Compliance: Episode 136 – The Great Women in Compliance Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. In this episode, we have a very special group of guest panelists and one special guest host—some of the great women in compliance.

In this special episode, Everything Compliance is by Kristy Grant-Hart, and the guest panelists include Karen Woody, Karen Moore, Lisa Fine, and Hemma Lomax.

1. Karen Woody takes a deep dive into the current evolution of Caremark in Delaware. She raves about her alma mater, UVA, making the college baseball World Series and about this special GWIC-inspired edition of Everything Compliance.

2. Host Kristy Grant-Hart shouts out to Rachel Rodgers, author of We Should All Be Millionaires, and her call to action for women to lead more in politics, business, and entrepreneurship.

3. Karen Moore explores whether Boeing will be prosecuted under its current DPA. She sends sympathies to the family of John Barnett, the Boeing whistleblower who died.

4. Lisa Fine takes a deep dive into the recent acquittal of Mike Lynch in his criminal case for the sale of Autonomy to HP. In her Raves and Rants segment, she has two raves. First to all the Dads out there, Happy Father’s Day!  Her second is Compliance Week, retiring EIC Kyle Brasseur for his tenure at Compliance Week.

5. Hemma Lomax goes into a deep rant about compliance training. She raves about Everything Compliance for its first Great Women podcast and Jiminy Cricket, whose signature phrase is “Let your conscience be your guide.”

 

The members of this special episode of Everything Compliance are:

Karen Woody is one of the top academic experts on the SEC. She is also the co-host of the award-winning podcast, The Woody Report.

Karen Moore is an Adjunct Law professor at the Fordham School of Law.

Lisa Fine is a co-host of the award-winning Great Women in Compliance.

Hemma Lomax is a co-host of the award-winning Great Women in Compliance.

The host of this special episode of Everything Compliance is Kristy Grant-Hart, founder of Spark Compliance and co-host of the award-winning podcast 2 Gurus Talk Compliance.

Categories
Great Women in Compliance

Great Women in Compliance: GWIC and Everything Compliance

Welcome to the Great Women in Compliance podcast on the Compliance Podcast Network, sponsored by Corporate Compliance Insights.

In today’s episode, we have a special episode which is cross-posted with Everything Compliance, which we call Ladies Night: Exploring Compliance in All-Female Podcast Takeover.

In this special Ladies Night edition of the Everything Compliance Podcast, guest host Christy Grant Hart is joined by notable women in compliance as guest panelists,  Karen Woody, Karen Moore, Lisa Fine, and Hema Lomax, for an in-depth discussion.

Topics covered include the complexities of Caremark duties and its recent interpretations, Boeing’s ongoing compliance issues, the implications of the Mike Lynch acquittal on due diligence, and ways to enhance the effectiveness of compliance training. The episode wraps up with each guest sharing their raves, offering insights and reflections on the state of compliance today.

  • Karen Woody on Caremark Duties Explained
  • Karen Moore on Boeing’s Compliance Issues
  • Lisa Fine on the Mike Lynch acquittal and HP’s Acquisition of Autonomy
  • Hemma Lomax on Effective Compliance Training
  • Rants and Raves

You can join the LinkedIn podcast community.
Join the Great Women in Compliance podcast community here.

Categories
All Things Investigations

All Things Investigations – Huneke and Carlson on Directors’ Accountability for Compliance and Risk Management

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. In this podcast, I was joined by HughesHubbardReed partner Mike Huneke and Brent Carlson, Director at BRG, to discuss the concepts around their recent paper, Boards of Directors Lovin’ It after McDonald’s? A Fresh Look at Directors’ Duty of Oversight in the New Era of Sanctions & Export Control Corporate Enforcement.

Mike Huneke and Brent Carlson are seasoned professionals specializing in fraud compliance, corruption issues, sanctions, and export control enforcement. Huneke’s perspective on the duties of directors in sanctions and export controls is that boards need to be proactive and engaged in understanding and addressing these risks, emphasizing the importance of caution, skepticism, and diligence in overseeing these critical areas of compliance. His views are shaped by his experience in investigating, litigating, remediating, and preventing fraud, as well as his belief in the importance of good corporate governance and risk management. Carlson emphasizes the significance of understanding geopolitics in the context of company operations and advocates for a return to fundamental principles amidst rapid regulatory changes. His perspective is shaped by his experience in assisting companies navigate the complexities of sanctions and export controls, and his belief in the importance of boards actively engaging with management, asking questions, and ensuring thorough investigations are conducted.

Key Highlights:

  • Directors’ Role in Export Control Compliance
  • McDonald’s Case: Duty of Oversight Emphasis
  • Dynamic Compliance Monitoring for Export Controls
  • Directors’ Accountability for Compliance and Risk Management
  • Proactive Board Oversight for Compliance Excellence

Resources:

Hughes Hubbard & Reed website

Brent Carlson on Linkedin

This podcast is based on: 

Brent & Mike’s blog post on directors’ duty of oversight can be found here: Boards of Directors Lovin’ It after McDonald’s? A Fresh Look at Directors’ Duty of Oversight in the New Era of Sanctions & Export Control Corporate Enforcement (Jan. 12, 2024).

For more on sanctions and export control compliance in the new era of FCPA-like corporate enforcement, see Brent’s and Mike’s prior posts here:

— Brent’s piece that launched the seriesWhen Loopholes Create Liability Pitfalls: A Fresh Look at Export Controls (Aug. 25, 2023).

— How can you assess your risk of sanctions violations?  Know Your Customer, But Also Yourself: A Fresh Look at Sanctions & Export Controls Risk Assessments in the Era of the “New FCPA” (Sept. 28, 2023).

— If you discover a sanctions problem, how can you efficiently investigate and remediate it?  Slow is Smooth, Smooth is Fast: A Fresh Look at Planning and Executing Internal Investigations into Allegations of Sanctions or Export Controls Evasion (Oct. 30, 2023).

— What does that mean for future fines and penalties for export control evasion?  From Peanuts to Prison Time – A Fresh Look at the Evolution of Export Controls Penalties (Nov. 14, 2023).

— Why is an FCPA “mindset” required for sanctions and export control compliance, and how to apply one?  The Blind Men and the Elephant (Dec. 18, 2023).

Categories
Blog

Boards of Directors in the Era of Sanctions Enforcement

In a recent episode of the podcast ‘All Things Investigations, the discussion centered around directors’ critical role in ensuring legal compliance, particularly in sanctions and export controls. I was joined in this exploration by Mike Huneke, partner at HughesHubbardReed, and Brent Carlson, Director at BRG. Our discussion was based on their blog post on directors’ duty of oversight, which can be found here:  Boards of Directors Lovin’ It after McDonald’s? A Fresh Look at Directors’ Duty of Oversight in the New Era of Sanctions & Export Control Corporate Enforcement.

Our discussion highlighted McDonald’s case from the Delaware Court of Chancery, where the company officers faced lawsuits for neglecting their duties, emphasizing the importance of a dynamic approach from boards and compliance officers to evaluate and enhance compliance programs in response to the evolving geopolitical landscape and increased regulatory enforcement.

While many compliance professionals reviewed McDonald’s for the new duty of oversight created for corporate officers, including Chief Compliance Officers, Huneke and Carlson focused on the duties owed by Directors. For companies engaged in international trade, these actions engage directors’ fiduciary duties. Looking to bellwether Delaware corporate law, Delaware’s Chancery Court recently reiterated in the McDonald’s shareholder litigation that directors’ Caremark duty of oversight is a function of their duty of loyalty.

According to Huneke and Carlson’s article, this case “reinforced the limits of the protections directors would otherwise have if it were instead a function of the duty of care—under both the business judgment rule and “exculpation,” which is the option corporations have to excuse in their articles of incorporation directors’ liability for breaches of their duty of care (but not of loyalty).” Directors’ duty of oversight further requires ensuring that they receive information regarding any “central compliance risks,” not just “mission critical” risks, and that there is an appropriate response to red flags.”

The decision in McDonald’s case underscored the significance of information systems and controls for compliance. It stressed the need for companies to adopt a broader, qualitative view in monitoring export control compliance, with the Department of Justice’s heightened involvement signaling a shift towards a more proactive approach. Key aspects such as oversight, duty of care, and the business judgment rule were highlighted as essential components of board responsibilities and liability.

Board directors were urged to engage with compliance issues actively, ask critical questions, and conduct thorough investigations to fulfill their fiduciary duties. It was emphasized that boards should exercise caution when relying on management reports, proactively address risks, and take necessary actions to prevent potential legal and reputational damage.

From the Board’s perspective, we emphasized the importance of being cautiously skeptical of management’s information, seeking external advice, and taking preventive measures to avoid compliance issues. We also discussed the significance of the duty of oversight, which stems from the duty of loyalty and requires directors to ensure the presence of information systems and controls for informed decision-making and an effective response to red flags.

There is a clear need for board directors, corporate officers, and compliance professionals to stay abreast of the changing landscape of sanctions and export controls. With the Department of Justice’s increased focus on enforcement in this area, organizations must prioritize compliance efforts, seek external guidance, and take proactive steps to mitigate risks and ensure legal adherence.

Huneke and Carlson noted that the court ultimately dismissed plaintiffs’ claims against the directors because, after learning of the red flags, the directors:

  • Obtained detailed oral and written reports from management throughout several meetings dedicated to the red flag identified;
  • Made enhancements to the compliance program, including training and communication;
  • Retained external advisors;
  • Ensured that affiliates (here, franchisees) were included in the enhancements made;
  • Assessed and improved corporate culture and
  • Management involved in the conduct was eventually terminated.

These serve as a road map for the sanctions and export control boards.

Huneke and Carlson concluded their article with the following suggestions:

1) Understand how the world is changing and how those changes impact your business 

Geopolitical risks impact companies in different ways. Analyze potential impact scenarios to arrive at effective oversight approaches. Seek input from a variety of experts. Challenge commonly held assumptions, especially concerning the sufficiency of traditional screening.

2) Continuously ensure that the compliance program identifies and addresses evolving risks

Effective compliance programs evolve as risks change. Make sure management considers the changed enforcement environment when assessing risk. Do not just ask questions—ensure you receive good answers. Avoid solutions that are too clever by half, which can ultimately expose the company to greater risks.

3) Don’t sit on any red flags, and don’t let the management team sit on them either

All kinds of red flags can indeed come out of the blue. Our prior posts provide suggestions for responding to potential evasion effectively and efficiently. Politics (global and domestic) drive regulatory enforcement, and 2024 will be no exception. Now is the time to get ahead of what’s coming. An ounce of prevention is worth a pound of cure.

We concluded the podcast by noting that directors’ duties in sanctions and export controls are paramount in today’s regulatory environment. The pressure will only increase. Boards must be vigilant, proactive, and thorough in their oversight of compliance programs to uphold their fiduciary responsibilities and safeguard their organizations from potential legal and reputational harm. By staying informed, engaging with compliance issues, and taking decisive actions, directors can navigate the complexities of sanctions and export controls effectively.