Oklahoma Firefighters Pension & Retirement System v. Corbat: Court of Chancery Highlights Difficulty of Successfully Alleging Caremark Claims
March 8, 2018
In Oklahoma Firefighters Pension & Retirement System v. Corbat, 2017 WL 5484125 (Del. Ch. Nov. 15, 2017), the Delaware Court of Chancery dismissed a claim against current and former directors of Citigroup, Inc. for failing to exercise appropriate oversight with regard to the corporation’s operations, which allegedly resulted in violations of law by employees and large fines and penalties being assessed against Citigroup. In the detailed opinion, the Court explained the challenges that plaintiffs face in alleging lack of oversight claims against directors when an exculpation clause applies, including the need to allege facts suggesting not merely inattention, but actual scienter.
The plaintiffs alleged that Citigroup’s directors had failed to develop, implement, and enforce effective internal controls throughout the corporation and its subsidiaries, resulting in four distinct corporate traumas: (1) violations of anti-money-laundering rules that resulted in a $140 million fine; (2) falling victim to a $400 million fraud at its Mexican subsidiary, which led to a $2.5 million fine; (3) wrongful manipulation of benchmark foreign exchange rates, resulting in $2.2 billion in fines; and (4) deceptive credit card practices, resulting in $35 million in fines and $700 million in restitution payments.
At the outset, the Court noted that lack of oversight claims, commonly known as “Caremark” claims named for the seminal opinion In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), are among the most difficult claims to establish under Delaware corporate law. Directors may be liable for violation of their oversight duties if they utterly fail to establish a system of controls to monitor the corporation’s conduct or, having established a system of controls, nonetheless fail to act in response to “red flags” putting the directors on notice of wrongdoing in the corporation. There was no question that Citigroup had implemented various controls to monitor the corporation. Accordingly, the plaintiffs’ Caremark claim focused on the directors’ alleged failure to act in the face of facts suggesting violations of applicable law. However, because Citigroup’s certificate of incorporation contained an exculpation clause protecting directors from liability for violations of the duty of care, the plaintiffs were required to allege that the directors’ failure to act constituted bad faith, i.e., knowing failure to act in the corporation’s best interest.
With regard to the anti-money-laundering violations, the plaintiffs alleged that Citigroup had received a number of regulatory warnings and orders that should have placed the directors on notice of the corporation’s weak anti-money-laundering controls. Nonetheless, the plaintiffs asserted that the directors “sat like stones growing moss” and took no steps to strengthen Citigroup’s controls. The Court found that if the complaint actually supported this rhetoric, it would state a Caremark claim. However, in reviewing the documents on which the complaint was based, the Court found that those documents revealed that the directors did take actions to address the various red flags identified by the plaintiffs. The fact that those actions were ineffective in actually preventing employees from violating the law was insufficient to state a claim for breach of the duty of loyalty. As the Court noted, “a board’s efforts can be ineffective, its actions obtuse, its results harmful to the corporate weal, without implicating bad faith.”
Turning next to the $400 million fraud at Citigroup’s Mexican subsidiary, the Court noted that Caremark claims typically seek to hold directors liable for harms arising from wrongdoing by the corporation’s employees. Yet the plaintiffs’ theory appeared to be that Citigroup’s weak controls caused the corporation to fall victim to illegal conduct by a third party. The Court characterized this as a failure to monitor or properly limit “business risk.” The Court noted that Delaware has never “definitively accepted” such a theory of liability. Thus, the Court suggested that the plaintiffs’ claim was limited to the $2.5 million fine that resulted from the fraud, not the damages Citigroup suffered from the fraud itself. Regardless of the scope of the claim, however, the Court concluded that the red flags that the plaintiffs identified were insufficiently related to the fraud that ultimately occurred to put the directors on notice of a need to take action. Moreover, the Court again noted that the documents on which the complaint relied revealed that the directors did take action in response to the red flags. The fact that those actions proved insufficient to prevent the fraud is not a basis for oversight liability.
With regard to the manipulation of benchmark foreign exchange rates by Citigroup traders, the plaintiffs identified several risk management reports and prior incidents of employee misconduct that they alleged should have put the directors on notice of the likelihood of a scheme to manipulate exchange rates. Again dismissing this claim, the Court found that Citigroup took action in response to the red flags and, more significantly, the plaintiffs failed to plead that those red flags were actually known by the board. The Court explained that if the red flags are not waved in front of the directors, they cannot establish a lack of oversight liability.
Similarly, with regard to deceptive credit card practices, the Court found that the directors did not simply brush aside red flags suggesting potential wrongdoing, but were informed that the corporation was taking active measures to improve controls and train employees appropriately. That these measures were ineffective in preventing violations of law was insufficient to raise a reasonable inference of bad faith.
Finally, the Court addressed the plaintiffs’ argument that the Court must consider the allegations “holistically, not in isolation,” as suggestive of a board that had failed to comply with its oversight obligations. While the Court acknowledged that a series of actions or inactions may be helpful in determining whether a board acted with scienter, the Court found that Caremark liability requires a separate examination of each corporate trauma, whether the directors had knowledge of specific red flags that should have put them on notice of the likelihood of that trauma, and their actual responses to those red flags. The plaintiffs had failed to satisfy this standard.
Notably, the decision was appealed to the Delaware Supreme Court, but remanded back to the Court of Chancery for consideration of the plaintiffs’ Rule 60(b) motion, which asserted that the trial court should consider a new $70 million fine levied against Citigroup less than two weeks after the opinion was issued.