Compliance in the boardroom: failure to monitor red flags and take tangible action could result in problems for board members

Duty of oversight

The Delaware Chancery Court is continuing its trend of permitting Caremark claims against corporate board members who fail to exercise proper oversight and monitoring of compliance programs. The Boeing board has recently been called out for its failure to conduct proper oversight of the 737 MAX safety scandal. This matter has raised the stakes on board member accountability and should be a wake-up call for all boards to evaluate their governance framework and processes critically.

Background

Caremark defines a director’s duty of care in the context of compliance oversight and is at the very least a label attached to what all now agree is a necessary and proper subject of attention for every board of directors: corporate compliance as a function within the broader task of enterprise risk management. Caremark defined duty of care as “the care an ordinarily prudent person in a like position would exercise under similar circumstances.”

In re Caremark International Inc. built a high wall for plaintiffs to scale in asserting a board’s failure to comply with the duty of care and loyalty standards. A landmark case before the Delaware courts in 1996, the Court of Chancery of Delaware decision clarifies the board’s duties concerning its oversight activities. The court outlined what plaintiffs must prove when claiming that directors breached their duties, notably that:

• Either the directors knew or should have known that violations of the law were occurring; and,
• The directors took no steps in good faith to prevent or remedy that situation; and
• Such failure resulted in the losses alleged in the complaint.

Recent cases

You may recall that not too long ago, the Delaware Supreme Court overturned and remanded a decision by the Chancery Court, ruling that a plaintiff had indeed scaled the Caremark standard in their complaint. The case, Marchand v. Barnhill, No. 533, 2018 (Del. June 18, 2019), involved the directors and officers of Blue Bell Creameries (“Blue Bell”). Founded in 1907, the creamery produces a product lineup that includes Blue Bell Ice Cream, light ice cream, no sugar added ice cream, sherbet and frozen snacks that are manufactured and distributed to supermarkets and food stores through Blue Bell’s direct store delivery program.

It’s likely that board oversight and responsibility were lacking at Boeing, which resulted in passenger deaths and the grounding of Boeing’s 737 MAX. The Boeing case stems from two crashes: the Lion Air Flight 610 crash in October 2018 shortly after takeoff into the Java Sea near Indonesia and the Ethiopian Airlines Flight 302 crash in March 2019 that also crashed shortly after takeoff near Ejere, Ethiopia. Both crashes directly resulted from a lack of pilot training on the Maneuvering Characteristics Augmentation System (“MCAS”), a software feature designed to automatically push the airplane’s nose down in certain conditions. The $2.5 billion settlement is worth noting, as well as a criminal case against a chief technical pilot, and continuing safety and technical problems, which have created a real mess.

The implications of Boeing, Blue Bell, Clovis, and Hughes have to be discussed. The Delaware court is not altering the well-ingrained Caremark standard. Instead, the court is applying the Caremark standard to reject motions to dismiss, thereby allowing cases to proceed to discovery and litigation. The risks for corporate board members are increasing, and the Delaware court is sending a message – board members must be active, engaged, and attend to compliance programs and relevant key risks or face personal liability.

In the Delaware Chancery Court, several plaintiffs made books and records demands and filed derivative lawsuits in 2019. Plaintiffs asserted breach of fiduciary duty claims against Boeing’s directors, specifically:

• Boeing did not implement a reporting system to monitor the safety of Boeing’s airplanes;
• Boeing ignored red flags and its duty to investigate; and
• The board terminated the CEO and allowed the CEO to keep $80.7 million in pay and benefits, which dwarfs the $50 million set aside for the families of the 346 crash victims.

The Caremark standard requires plaintiffs to allege facts that either:

• The directors utterly failed to implement any reporting or information system or controls; or
• Having implemented such a system or controls, [the directors] consciously failed to monitor or oversee its operations, thus disabling themselves from being informed of risks or problems requiring their attention.

On the first prong, board oversight for “mission-critical” issues must be “rigorously exercised,” which involves “sensitivity to compliance issues intrinsically critical to the company.” The court ruled that the plaintiffs had adequately alleged claims against the director defendants.

In support of its finding, the court cited the fact that the board had no committee charged with direct responsibility to monitor airplane safety, and the board at large was not formally monitoring or discussing safety regularly. The court cited that after the Lion Air crash, the board meeting agenda did not include a specific safety discussion but instead focused on restoring profits and efficiency. In particular, the court cited that board discussions of 737 MAX issues were “passive invocations of quality and safety . . . [that] fall short of the rigorous oversight [Caremark] contemplates.”

Second, the court explained that the board did not require management to deliver regular reports on safety issues. Specifically, the court cited Boeing’s defective reporting structure and management’s weak communications with the board concerning safety issues. The court noted that the board was “passively accepting management’s assurances and opinions.”

Finally, the court noted documentary evidence indicating that board members were aware of the importance of safety issues and that the board knew that its safety oversight procedures needed to be improved.

The court also ruled that the plaintiffs stated a claim under prong two of Caremark, based on allegations that the board “passively accepted” management’s assurances that the 737 Max was safe and that it did not take action in the face of red flags – most significantly, the Lion Air crash of the 737 MAX.

DOJ’s response

On January 7, 2021, Boeing entered into a Deferred Prosecution Agreement (“DPA”) with the Department of Justice (DOJ) to resolve a criminal charge related to a conspiracy to defraud the Federal Aviation Administration’s Aircraft Evaluation Group (FAA AEG) in connection with the FAA AEG’s evaluation of Boeing’s 737 MAX airplane.

Per the DPA, Boeing agreed to ensure that its directors and senior management provide strong, explicit, and visible support and commitment to its corporate policy against violations of U.S. fraud laws and its compliance codes and demonstrate rigorous adherence by example. Boeing will also ensure that middle management, in turn, reinforces those standards and encourages employees to abide by them. Boeing will create and foster a culture of ethics and compliance with the law in its day-to-day operations.

On October 14, 2021, the chief technical pilot was indicted for fraud – abusing his position of trust by intentionally withholding critical information about MCAS during the FAA evaluation and certification of the 737 MAX and from Boeing’s U.S. based airline customers. Specifically, the chief technical pilot provided materially false, inaccurate and incomplete information about the MCAS. If convicted, the chief technical pilot potentially faces decades in prison.

Key takeaways

The Boeing decision underscores the need for corporate boards to take an active role in implementing reasonable information and reporting systems that monitor “mission-critical” matters — rather than leave such tasks in the hands of management. These efforts should include:

• A board that is actively engaged in monitoring key corporate risk factors, including appropriate use of board committees;
• Risk management policies and procedures designed and implemented by the company’s senior leadership team consistent with the company’s strategy and risk appetite;
• Board meeting time allocated to meaningfully discussing and monitoring mission-critical matters regularly, with input from executives operationally involved in these matters;
• If appropriate, a committee charged with direct responsibility for the matter;
• A protocol by which the board receives updates from management on a “consistent and mandatory basis” and engages with and challenges this information especially in times of crisis; and
• The contemporaneous documentation of these efforts in board and committee meeting minutes, agendas, and other books and records.

Additionally, boards should ask questions and use that feedback to identify new or emerging risks facing the company that might require systematic oversight and redouble their efforts to contemporaneously ensure meeting minutes and other board documents reflect that attention.

Moving towards an Enterprise Risk Resilient Model is the new standard!

Note: Compliance, Internal Audit, and Legal do not sit between each other.

Closing

Board engagement is critical. Understanding board composition is key. Being asked to serve as a director is, of course, an honor, but, unlike awards for good citizenship, it requires a continuing commitment of time. No one should undertake a directorship unless he or she is confident of having sufficient time to do the best job possible.

For more information on this topic, or to learn how Baker Tilly specialists can help assist, contact our team.