In a significant recent decision, the Delaware Court of Chancery denied a motion to dismiss a derivative action against the directors of The Boeing Company stemming from the 2018 and 2019 crashes of two Boeing 737 MAX airplanes — thus underscoring the importance of, and focus on, risk oversight at the corporate board level. The court based its decision on the alleged failure of Boeing’s board of directors to establish a board-level reporting system for “mission-critical” airplane safety, and for “turn[ing] a blind eye to a red flag representing airplane safety problems.”[1] This, the court held, was sufficient to allege that the board faced a “substantial likelihood of liability for Boeing’s losses.”[2]

This decision is the latest in the recent line of so-called “Caremark claims,” named after In re Caremark Inc. Derivative Litigation, infra, which have survived motions to dismiss based on courts’ findings that a board’s “sustained or systemic failure … to exercise oversight” constituted a lack of good faith for purposes of establishing liability.[3] Although the Boeing court reiterated that these so-called “Caremark claims” are still “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgement,”[4] this continuing trend of decisions certainly implies that the bar has been raised on the requirements for early dismissal of Caremark claims.

The Caremark Framework

Generally speaking, under the Caremark line of cases, to survive a motion to dismiss at the pleading stage, a claim seeking to establish director liability must allege facts that support that one of the following two conditions exists:

• Directors utterly failed to implement any reporting or information system or controls; or
• Having implemented such a system or controls, directors consciously failed to monitor or oversee company operations thus disabling themselves from being informed of risks or problems requiring their attention.

In addition, a claim alleging director oversight liability requires a showing that directors acted in bad faith. Accordingly, the allegations in a Caremark claim must support a reasonable inference that the directors acted with scienter — that is, not only did the directors act inconsistently with their fiduciary duties, but they did so knowingly.

The Boeing Decision

In issuing its decision, the Delaware Court of Chancery concluded that the plaintiffs’ complaint successfully stated a claim under both prongs of Caremark, and support an “explicit finding” of scienter. In doing so, the court highlighted the following, among other things:

• An absence of a specific board committee charged with safety responsibilities: An important factor in the court’s analysis was the board’s failure to designate a specific board committee focused on the company’s “mission critical” regulatory and safety-related risks. Although Boeing’s audit committee was charged with overall “risk oversight,” the court noted that it “did not regularly or meaningfully address airplane safety.”[5] Instead, the audit committee focused primarily on financial and production risks. 
• Board minutes showing a lack of regular board-level discussions concerning safety issues: The court pointed to board meeting minutes and agendas which did not reflect regular allocation of time for safety discussions. When the subject of the 737 Max crashes came up, the board minutes showed a focus on a “restoration of profitability and efficiency, but not product safety.”[6]
• A lack of protocols for receiving regular safety updates from management: The court found that Boeing lacked any protocol for company management to submit safety reports “on a consistent and mandatory basis.”[7] Any mentions of safety were “in name” only.[8] Moreover, Boeing lacked any internal reporting system for employee whistleblowers to raise complaints about safety.
•  Ignoring red flags: The court noted that the crashes were widely reported in the media, so the board could not help but become aware of the first crash. Even with this knowledge, minutes showed that the board treated the crash as a public relations problem and a litigation risk, opting to delay an internal investigation and not requesting additional information from management.
• Communications suggesting directors knew of oversight deficiencies: The Court referenced internal board emails that belatedly advocated for an initial meeting dedicated to airplane safety . The court reasoned that this correspondence demonstrated the board’s knowledge of its shortcomings.

Key Takeaways

The recent Boeing decision and preceding Caremark claims highlight the critical need for boards to take an active role in overseeing compliance and monitoring risks that could be viewed as “mission critical.” Drawing from the court’s analysis in this case and its predecessors, this board-level oversight and monitoring should include:

• Periodic comprehensive business reviews to identify key operations and risks that may qualify as “mission-critical.”
• A good-faith effort to implement appropriate processes for board-level regulatory compliance and enterprise risk monitoring and reporting, designed to ensure that developments regarding mission-critical risks are consistently brought to the board’s attention in a manner that is not unduly dependent on management discretion.
•  Consideration of whether an existing, or separate, board committee should bear responsibility for board-level regulatory and compliance risk oversight.
•  Careful documentation of the board’s involvement in oversight procedures, including mission-critical risk and compliance areas, in meeting minutes, ag endas, and other books and records available to stockholders.
•  Implementation of timely response protocols for identified emerging risks.

The Caremark line of cases clearly present critical near-term discussion and decision points for public company boards regarding their risk and compliance oversight processes. There is no “one size fits all” approach to proactive risk oversight, and boards should be working closely with management and appropriate outside advisers on a regular basis to assess and update their risk oversight processes as their businesses change and grow. We invite you to contact us directly if you have any questions regarding this rapidly evolving and important area of corporate governance.