With shareholders, regulators, and special interest groups increasingly holding directors accountable for overseeing their companies’ major risks, the Delaware Supreme Court has now enacted a requirement that directors document in writing their oversight with its recent “Blue Bell” decision, Marchand v. Barnhill. In a shareholder derivative action against Blue Bell Creameries, its board, and its executives concerning a deadly listeria outbreak leading to a product recall, the Delaware Supreme Court clarified that there must be written evidence of a board’s risk oversight system and its ongoing operation at the board-level for boards to be immune from claims that they failed to adequately oversee major risks. While it is uncertain how this case will ultimately be decided on remand, written evidence of a board-level oversight system would have ended the inquiry.

In the landmark In re Caremark International Inc. Derivative Litigation, the Delaware Chancery Court held that “a director’s obligation includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists.” In the aftermath of the 2008 financial crisis, subsequent cases have largely held that the existence of a monitoring system alone is sufficient to insulate boards from liability for risk oversight. In those cases, the Court relied on the business judgment rule to hold that shareholders could not question the effectiveness of the system, provided one existed. In the “Blue Bell” decision, the Court articulated a different standard – evidence of board-level risk monitoring and oversight systems and their implementation must be well-documented in the company’s books and records to prevent shareholder litigation from moving forward to trial.

The practical challenge for directors is assuring they are aware of the major risks facing their companies, that sufficient systems have been installed to permit the board to effectively oversee their management, and that written documentation is in place evidencing the systems and their functioning. At a minimum, an effective board-level oversight system requires the following written documentation:

1. Written assignment to a board committee of the on-going monitoring of each major risk, which can be accomplished through the committee charter or a board resolution, plus minutes documenting the monitoring.
2. A written protocol for periodic board-level reviews of the management system for major risks.
3. A written policy detailing risk-related occurrences that will be brought to the board’s attention immediately (not at the next board meeting).
4. A written policy providing for the periodic engagement of third-party risk governance experts by the board to conduct reviews of the company’s risk management practices. Ideally, advisors will be engaged under the attorney-client privilege.
5. Board-level risk management should be carefully documented in a way that protects the board and the entity. The written records should emphasize the process used, the reports required, and the type of items reviewed, with the goal of ensuring that the documentation shows that the board received adequate information to make informed and thoughtful decisions about the risks facing the company. However, records should not create a detailed account of the specific matters that were discussed – which would expose what was not discussed and create an unintended road-map for plaintiff’s attorneys.

Given the recent Blue Bell decision, it is likely that litigation in this area will increase, making it prudent for boards to consider directly engaging a board governance expert to review their current risk management processes to ensure that optimal policies and procedures for board oversight are in place and working effectively. This exercise will serve to mitigate any previously unaddressed risks and set an expectation for how risk oversight will be handled by the board in the future. Careful record keeping and privileged investigations are now crucial.

In summary, a shareholder derivative action seeks to hold the board members individually liable. The business judgement doctrine protects board members, but if they wantonly neglect to oversee the management of risks, they can be held liable. Blue Bell sets a new standard that there must be documentation to prevent having to go to trial for factual determinations. No director will want to go to trial.