Despite increasing political and media focus on and criticism of risk assessment and risk management efforts by corporate boards, yesterday’s In Re Citigroup Inc. Shareholder Derivative Litigation, No. 3338-CC (Feb. 24, 2009), decision by the Delaware Court of Chancery is a welcome indication that the business judgment rule will survive the financial crisis intact.
The plaintiffs in the case alleged, among other things, that the defendants had breached their fiduciary duties by not properly monitoring and managing the business risks that Citigroup faced from subprime mortgages and securities, and by ignoring alleged “red flags” that consisted primarily of press reports and events indicating worsening conditions in the subprime and credit markets. Declaring that “oversight duties under Delaware law are not designed to subject directors, even expert directors, to personal liability for failure to predict the future and to properly evaluate business risk,” Chancellor Chandler dismissed these claims on the ground of failure to adequately plead demand futility. The only claim the court did not dismiss was an allegation that the defendants had engaged in waste by approving a multimillion dollar payment and benefit package for Citigroup’s former CEO upon his retirement.
The decision reaffirms and clarifies several key features of Delaware law, established by the Caremark decision and its progeny, with respect to oversight responsibilities. First, that plaintiffs face “an extremely high burden” in bringing a claim for personal director liability for a failure to monitor business risk. Second, that while directors could be liable for a failure of board oversight, “only a sustained or systemic failure of the board to exercise oversight – such as an utter failure to attempt to assure a reasonable information and reporting system exists – will establish the lack of good faith that is a necessary condition to liability.” Third, that a bad business decision is not evidence of the bad faith necessary to establish oversight liability. Notably, the court drew an important distinction between oversight liability with respect to business risks and oversight liability with respect to illegal conduct, emphasizing that courts will not permit oversight jurisprudence to be distorted by “attempts to hold director defendants personally liable for making (or allowing to be made) business decisions that, in hindsight, turned out poorly.”
As boards of directors review the risk oversight and management programs of their companies (see our November 2008 memorandum entitled “Risk Management and the Board of Directors”), this week’s decision in Citigroup should provide some comfort that, even in the current environment, the Delaware courts will continue to protect informed business judgments made by corporate boards in good faith.