Risk Oversight On The Director’s Plate

The Caremark decision in the Delaware Court of Chancery Court (1996) set a high bar for assigning personal liability to directors with regard to their oversight of risk management, but, warn attorneys from law firm Mayer Brown, that bar is not necessarily insurmountable.  At the same time, the SEC has been signaling increasing interest in how directors are addressing the risk management function.

The frequency of Caremark claims increased significantly, the writers note, following a 2019 holding by the Delaware Supreme Court in Marchand v. Barnhill. Plaintiffs in that case, the court held, had pled facts supporting the inference that directors of the defendant company had “‘consciously failed to attempt to assure a reasonable information and reporting system existed’ to enable directors to monitor the company’s compliance with food safety laws.”

The upshot is that risk management should now be considered a board responsibility. The writers note there is no formal checklist of requirements a board must satisfy to fulfill its risk governance oversight obligation, but in this post they propose one in the form of five steps for directors to consider. All five rest on the first, which says make sure the board is in the loop. This means that risk and compliance issues are escalated to the board’s attention and its feedback is incorporated into “the risk-reporting ecosystem.”