In October 2016, the Delaware Court of Chancery rejected a shareholder derivative lawsuit premised on an alleged lack of oversight by the directors of Capital One Financial Corp., Reiter v. Fairbank, C.A. No. 11693-CB, 2016 WL 6081823 (Del. Ch. Oct. 18, 2016). In so doing, the court not only provided a helpful summary of the law governing fiduciary duty claims grounded on a lack of oversight but also made clear the obstacles plaintiffs must overcome to succeed on those claims.

Caremark, Stone, and the Oversight Claim under Delaware Law

The oversight claim has become a preferred tool of plaintiffs' counsel seeking to hold directors responsible for misfortune that befalls a company. In In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), the seminal decision outlining that claim, the Court of Chancery explained that directors must attempt "in good faith" to ensure that a "corporate information and reporting system" exists to enable the directors to provide adequate oversight of the company's compliance with applicable laws and regulations. The court added in Caremark that this claim was "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment."

Ten years after Caremark, the Delaware Supreme Court explained that, for an oversight claim to succeed, at least one of the following must be present:

the directors utterly failed to implement any reporting Web or information system or controls [or] having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.

Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006).

For liability in either scenario, there must be a showing that "the directors knew that they were not discharging their fiduciary obligations." (Emphasis added.)

Despite these exacting standards, shareholders have persisted in asserting oversight claims against directors. This has likely been driven, at least in part, by the fact that the duty to oversee a company's compliance in good faith is part of the duty of loyalty, a point made in Stone. As a result, corporate fiduciaries facing an oversight claim are not protected by any exculpatory provision contained in the articles of incorporation. Accordingly, an oversight claim might assist a plaintiff in demonstrating demand futility in a derivative suit against the board. See Rates v. 8/asband, 634 A.2d 927, 936 (Del. 1993).

Reiter v. Fairbank

It was against this backdrop that the plaintiff shareholder in Reiter v. Fairbank brought a derivative action against Capital One's directors. The plaintiff maintained that the directors breached their duty of loyalty in failing to oversee the company's compliance with the Bank Secrecy Act (BSA) and other anti-money-laundering laws (AMLs). According to the plaintiff, the directors disregarded red flags that Capital One's BSA/AML compliance program did not fulfill legal requirements governing the company's check-cashing business. The plaintiff asserted that this lack of oversight ultimately resulted in the company becoming subject to various investigations and entering into a consent order with the Office of the Comptroller of Currency. The plaintiff did not make a pre-suit demand on the board because the plaintiff believed such demand would have been futile.

The defendants moved to dismiss, among other reasons, because of the plaintiff's failure to make a demand on the board. The Court of Chancery agreed and dismissed the suit. In its opinion, the court found that a demand would not have been futile. Specifically, the court determined that the plaintiff had not alleged facts from which it could be inferred that the directors "consciously allowed Capital One to violate BSA/AML statutory requirements so as to demonstrate that they acted in bad faith." Thus, there was not a reasonable doubt under the Ra/es test that the directors could have exercised their independent and disinterested business judgment-a demand in this case would not have exposed a majority of the board to "a substantial likelihood" of personal liability.

In reaching that decision, the court reviewed Caremark and its progeny, with a particular focus on the state of mind required under those cases. The court noted that directors' good-faith discharge of their oversight responsibility may not always prevent employees' violations of the law, and, therefore, a plaintiff must plead with particularity a connection between the directors' action or inaction and the injury suffered by the corporation. One way to demonstrate that connection would be for the plaintiff to plead that the directors "consciously disregard[ed]" corporate misconduct-i.e., the "proverbial 'red flag."'

In this case, the plaintiff alleged that the board ignored a litany of red flags-in the form of at least 25 reports to the directors over a multiyear period-showing that Capital One's BSA/AML controls and procedures were inadequate. To assess the claims, the court focused on the handful of reports that served as the plaintiff's most compelling "red flags." In the court's view, however, those reports were no more than "yellow flags" that showed Capital One's increasing compliance risk as well as added regulatory interest in AML compliance. None of those reports indicated that any employee had engaged in fraudulent or criminal conduct. Rather, those reports showed that management had been engaged in an effort to address these issues and reduce the company's risk profile, and had gone so far as to exit the check-cashing business, a prominent focus of BSA/AML compliance. These factual allegations enabled the court to distinguish this case from cases in which boards knowingly tolerated-if not participated in-illegal conduct. In reaching its conclusion to dismiss the case, the court cited Stone for the proposition that an oversight claim has merit only when "the directors knew that they were not discharging their fiduciary obligations."

The Significance of Reiter v. Fairbank

Reiter is important for its thorough review of the law in Delaware attendant to an oversight claim, especially the reminder that the "core inquiry" in any such claim is whether the directors "intentionally disregarded their fiduciary duties in bad faith." Toward the conclusion of the opinion, the court emphasized a principle that runs throughout Caremark and its progeny-namely, that "[g]ood faith, not a good result, is what is required of the board."

In that regard, directors, and those who advise them, would be well served to remember that perfection need not be the enemy of the good when it comes to fulfilling their oversight obligation. A board that institutes and then monitors a reasonable reporting system tailored to the company's compliance risks should be insulated from Caremark liability, even if that system fails to prevent those risks from being realized. This has proven to be the case, for example, in the cybersecurity arena, where shareholders have experienced a string of defeats in derivative litigation that followed data breaches at Wyndham, Target, and Home Depot.  Like Reiter, those cases teach generally that a board's good-faith attention to a company's most pressing compliance risks should help the directors avoid personal liability if a shareholder later seeks to hold them responsible for corporate harm.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.