Directors’ Duties: The US Perspective

10.1 Introduction

Directors of public companies face increasing challenges in navigating their duties and responsibilities to a company and its shareholders. Although a board of directors is primarily responsible for overseeing the company’s business and affairs, increasingly directors are being called on to address new and evolving issues of importance, such as environmental, social and governance (ESG) initiatives, cybersecurity risk, workplace misconduct allegations against executives and use of social media by executives, to name a few recent examples. Further, as companies face new and unforeseen challenges to their business – including those resulting from a global pandemic, supply chain issues, and unpredictable economic and market forces – directors must continue to proactively address those challenges when navigating their fiduciary duties, or risk mounting litigation and regulatory exposure. In this chapter, we discuss the fiduciary duties owed by directors in the context of contemporary legal concerns, and strategic considerations to assist directors in satisfying their fiduciary duties.

10.2 Directors’ fiduciary duties

In the United States, the fiduciary duties and responsibilities of board members arise primarily from state corporate law, both state statutes and evolving court decisions.[2] Delaware law has particular relevance for directors’ obligations: more publicly traded companies are incorporated in Delaware than any other US state, including approximately 67 per cent of all Fortune 500 companies, resulting in a uniquely mature and sophisticated body of jurisprudence on corporate governance issues.[3] Fundamentally, across all states, directors owe fiduciary duties of care and loyalty to the corporation, and are expected to carry out their obligations in good faith.[4] These duties largely govern a director’s oversight and stewardship responsibilities to the corporation.

10.2.1 Duty of care

The duty of care requires directors to exercise sufficient care as they make business decisions on behalf of their corporation. Directors must act with that amount of care that ordinarily careful and prudent people would use in similar circumstances, and consider all material information reasonably available in making business decisions.[5] To fulfil their duty of care, directors must (among other things): be knowledgeable about the corporation, its business, its industry and relevant risks, including by regularly reviewing financial statements and inquiring into corporate affairs; remain informed about decisions faced by the board; and engage in meaningful deliberation of issues that arise.[6] Directors generally are not held to a higher standard based on their special knowledge or expertise.[7] If a director ‘feels that he has not had sufficient business experience to qualify him to perform the duties of a director, he should either acquire the knowledge by inquiry, or refuse to act [as a director]’.[8]

Director liability for breaching the duty of care typically arises in two contexts: (1) grossly negligent board decisions resulting in a loss for the corporation; and (2) a loss arising from an ‘unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss’.[9] Directors are only liable for breach if their conduct is grossly negligent, meaning a ‘reckless indifference to or a deliberate disregard of the whole body of stockholders or actions which are without the bounds of reason’.[10] For instance, in Smith v. Van Gorkom, the Delaware Supreme Court found that directors had breached their duty of care by acting with gross negligence in failing to make an informed decision regarding the company’s sale without reviewing any term sheet or other documentation to support the adequacy of the sales price, instead relying on a director’s uninformed and unsupported statements regarding the proposed agreement.[11] Courts have found that ‘directors’ actions need not achieve perfection to avoid liability’, and that directors do not breach a legal duty simply because they ‘failed to act as a model director might have acted’.[12] Directors who rely in good faith on reports from officers or experts are also protected from liability under Section 141(e) of Delaware’s General Corporation Law.[13]

In general, monetary damages are unavailable to plaintiffs alleging breach of the duty of care, even if they can demonstrate gross negligence, since many states (in response to Van Gorkom,[14] which in effect made it difficult for corporations to obtain liability insurance at reasonable premiums) enacted statutes permitting corporations to eliminate or limit directors’ personal liability for monetary damages for breaches of their duty of care, which many corporations now do.[15] Significantly, these state laws do not authorise corporations to eliminate or limit directors’ personal liability for breaches of their duty of loyalty or good-faith obligations, and monetary damages remain available to plaintiffs for such breaches.[16]

10.2.2 Duty of loyalty

The duty of loyalty mandates that a director act in ‘the best interest of the corporation and its shareholders [and not] any interest possessed by a director, officer or controlling shareholder and not shared by the stockholders generally’.[17] Directors also are prohibited from using their positions of trust and confidence to further their private interests.[18]

Intrinsic to the duty of loyalty is directors’ obligation to carry out their duties in ‘good faith’.[19] A director cannot act loyally towards the corporation ‘unless she acts with the good faith belief that her actions are in the corporation’s best interest’.[20] Directors fail to act in good faith where they ‘intentionally act[] with a purpose other than that of advancing the best interests of the corporation, . . . act[] with the intent to violate applicable positive law, or . . . intentionally fail[] to act in the face of a known duty to act, demonstrating a conscious disregard for [their] duties’.[21] A classic example implicating the duty of loyalty arises when a substantial investor, or its agent, sits on the board of its corporate investment. In these circumstances, the investor is a fiduciary obligated to act in the best interests of the corporation and all of its shareholders – even if they conflict with the investor’s own interest.[22] Delaware law is clear that a director’s duty of loyalty is not ‘diluted’ or waived if the director ‘holds dual or multiple’ fiduciary obligations.[23]

10.2.3 Duty of oversight Caremark and subsequent case law

Courts have interpreted the duty of loyalty to give rise to a duty of oversight,[24] likewise anchored in directors’ obligation to act in good faith. The duty of oversight recognises that directors cannot satisfy their corporate governance responsibilities in good faith without independent access to and consideration of timely information sufficient to assess the corporation’s business operations, risks and mitigation activities.[25] A director is required to oversee and monitor corporations’ business operations and compliance with laws.

The seminal case establishing the standard for directors’ oversight and monitoring obligations is In re Caremark International Inc Derivative Litigation, decided by the Delaware Court of Chancery. According to Caremark and its successor cases, the duty of oversight requires directors to obtain reasonable assurance that a corporation has systems and controls in place, including at the board level, such that the board receives and appropriately considers whatever information it needs to make independently informed decisions regarding the company’s business operations, risks and risk mitigation efforts.[26] In practice, this means ensuring there exist (1) ‘information and reporting systems . . . reasonably designed’ to provide the board with timely and accurate information, (2) internal compliance controls sufficient to capture and promptly relay to the board, in the ordinary course, appropriate information on the corporation’s business and compliance with key applicable laws, and (3) a board-level compliance system to ensure the board is considering the information it receives and monitoring key compliance risks.[27] Directors must monitor and oversee the operation of systems and controls, and appropriately consider the information they generate.[28]

Historically, Caremark claims have been notoriously difficult for plaintiffs to prove, and surviving a motion to dismiss is still an uphill battle. However, since the Delaware Supreme Court’s decision in Marchand v. Barnhill in 2019,[29] an increasing number of claims have survived dismissal.[30] Courts in those cases rely on the traditional construct articulated by the Delaware Supreme Court in Stone v. Ritter, which finds breach of the duty of oversight only when the directors (1) ‘utterly failed to implement any reporting or information system or controls’, or (2) ‘consciously failed to monitor or oversee [their] operations . . . , thus disabling themselves from being informed of risks or problems requiring their attention’.[31] In either case, directors must have breached their duty of good faith by knowingly violating their fiduciary obligations; that is, they must have been ‘conscious of the fact that they were not doing their jobs’.[32] Most of the cases that succeed at this stage involve allegations, for instance, that the board had no system in place for its own monitoring of the company’s most critical risks (as in Marchand)[33] or failed to respond to substantial red flags known within and outside the company (as in Wells Fargo & Co Shareholder Derivative Litigation).[34]

Separately, a company’s failure to govern management may lead to liability for corporate governance failures, an issue that recently got significant attention following a series of tweets by Elon Musk, then Tesla’s chief executive officer and chairman of the board, in August 2018. Those tweets culminated in an allegedly false representation that Musk ‘could take Tesla private at $420 per share’ with a shareholder vote as ‘the only remaining uncertainty’, which quickly prompted securities charges by the US Securities and Exchange Commission (SEC) against both Musk and Tesla.[35] The charges against Tesla alleged failures in oversight and controls, namely that Tesla failed ‘to have required disclosure controls and procedures relating to Musk’s tweets’, including sufficient processes to ensure that Musk’s tweets were ‘accurate or complete’. Tesla quickly settled, agreeing to a significant financial penalty and substantial corporate governance reforms, including replacing Musk with an independent chair; appointing two new independent directors; and establishing a new committee of independent directors responsible for putting in place ‘additional controls and procedures to oversee Musk’s communications’. The SEC described the settlement as ‘specifically designed to address the misconduct at issue by strengthening Tesla’s corporate governance and oversight in order to protect investors’. Tesla has since received additional regulatory subpoenas and faces ongoing shareholder litigation in connection with Musk’s tweets. Obligations for public company audit committees

Public company audit committees (and the independent directors who serve on them) are subject to additional oversight obligations under US securities laws, in particular the Sarbanes-Oxley Act of 2002. This requires public company audit committees and committee members to oversee aspects of the company’s accounting, internal controls and auditing matters. Responsibilities include overseeing the company’s independent auditors, reviewing audit reports, and establishing procedures to address complaints regarding the company’s accounting and financial reporting.[36] Audit committees may also hire independent counsel to assist them in fulfilling their responsibilities, including in independent audit committee investigations and compliance assessments.[37] Directors’ responsibility to investigate

Directors are expected to and do play a key role in identifying and appropriately addressing potential misconduct. As directors, they have robust access to information on the corporation’s compliance environment and internal controls. This uniquely positions them to identify and manage issues, and subjects their responses to enhanced scrutiny by regulators and shareholders.

As reflected by Wells Fargo, board liability for breaching the duty of oversight can arise from a board’s alleged failure to respond adequately to indications of corporate misconduct. Red flags sufficient to put a director on notice of a potential issue may take many forms;[38] they may come from internal or external audit reports, an internal investigation suggesting a broader problem, internal monitoring activities, hotline reports or other complaints, news reports, or regulatory inquiries and civil complaints. When faced with information that may indicate wrongdoing, and particularly repeated indicators of potential misconduct, directors must conduct a good-faith inquiry to determine the nature and scope of the issue, if any, and decide how to proceed. Directors that fail to act when faced with red flags or notice of serious misconduct will likely be viewed by courts and regulators as consciously disregarding their oversight obligations ‘in defiance of their duties’.[39]

Directors are likewise crucial in overseeing corporate investigations, and must be cognisant of their good-faith oversight and monitoring obligations from the investigation’s inception through resolution and remediation. At each stage, the duty of oversight requires directors to ask relevant questions, obtain sufficient information, and engage in meaningful deliberation sufficient to satisfy themselves that their ultimate decision is in the corporation’s best interests. Likewise, directors ultimately must oversee remediation efforts and be ultimately satisfied that the company’s enhanced compliance processes and controls are designed and implemented to effectively mitigate risk, including the risk that a similar issue will recur.

A director’s oversight responsibilities can also result in substantial media attention, as has been the case with the #MeToo movement. As the movement has gained momentum in recent years, companies across multiple industries – and their boards of directors – have faced backlash and potential liability for failing to take appropriate action when faced with allegations of sexual misconduct at senior levels within their organisation. In these circumstances, shareholders will put board supervision under a microscope, looking for indicia that directors were on notice of risky corporate conduct – for example, sexual harassment allegations – and failed to exercise the board’s duty of oversight, exposing the company to financial risk. Despite the difficulty of prevailing on a Caremark claim, many speculate that the facts underlying many high-profile cases would warrant Caremark liability for directors of any associated entity, who may be accused of having ignored allegations of an executive’s sexual misconduct – essentially a ‘sustained and systemic failure’ to oversee or address red flags that ‘are either waived [sic] in one’s face or displayed so that they are visible to the careful observer’.[40]

10.3 Judicial review and regulatory enforcement of director acts

Directors’ acts or omissions may be challenged in court or investigated by regulators. Directors increasingly face securities class actions, derivative litigation (where a shareholder brings a claim on behalf of the company), and enforcement proceedings. In the majority of US states, the remedy for breach of a fiduciary duty can be ‘[a]ny form of equitable and monetary relief’[41] that the court finds ‘appropriate’.[42] Further, the SEC, which often views directors as gatekeepers,[43] can seek a court order permanently or temporarily barring an individual from serving as an officer or director of a public company in response to violations of the anti-fraud provisions of the US securities laws. Directors, however, can help protect against personal liability (civil or criminal) by ensuring that certain processes and safeguards are in place. Among other things, directors should confirm the company has appropriate systems in place to ensure that the board and management are fully informed as to the risks facing the company and that there are processes in place to effectively understand, monitor and address them.

10.3.1 Judicial review of director action

Directors who allegedly breach their fiduciary duties may be subject to civil action in their personal capacity by shareholders of the corporation, both directly and in derivative lawsuits on behalf of the corporation. When directors are sued for breach of fiduciary duty, Delaware courts generally apply three standards of review when reviewing board decisions: (1) the business judgement rule; (2) entire fairness; and (3) enhanced scrutiny.[44] Directors’ actions are generally shielded by the default ‘business judgement rule’, which presumes that independent and disinterested directors made an informed, good-faith decision.[45] However, if a plaintiff shows that the board was uninformed, lacked independence, or acted in bad faith or with gross negligence, the presumption may be overcome, and courts will instead apply the more onerous ‘entire fairness’ doctrine. The standard of review a court applies when evaluating a particular board decision may depend on whether the directors took steps to address any potential or actual conflicts, such as by creating an independent committee or requiring approval by disinterested stockholders.

10.3.2 The business judgement rule

The business judgement rule protects directors from personal civil liability for their decisions to the extent that the directors ‘acted on an informed basis, in good faith, and in the honest belief that the action was in the best interest of the company’.[46] Absent evidence to the contrary, the board’s ‘decision will be upheld unless it cannot be attributed to any rational business purpose’.[47] When applying the business judgement rule, the court will not substitute its own judgement for the directors’.

For example, if directors are alerted to a potential violation of law or corporate policy, conduct a proper internal investigation and ultimately determine in good faith that further action is not necessary, that decision – supported by an informed process carried out in good faith – will likely be protected by the business judgement rule.

The rule, however, will not protect directors’ ‘unintelligent or unadvised’ judgement.[48] Furthermore, the protections of the business judgement rule will not apply in the event of director inaction, absent a conscious decision not to act.[49] If a board is alerted to possible wrongdoing and fails to address or respond to the situation, the protections of the business judgement rule likely will not apply to protect the directors.[50] Accordingly, a board of directors should work with management to develop a process that (1) enables the board to obtain the information it needs to evaluate and decide a course of action, (2) facilitates careful consideration and debate at the board level consistent with directors’ fiduciary obligations and (3) results in a record that illustrates the board’s execution of its responsibilities.

10.3.3 The entire fairness doctrine

If a plaintiff can show that the board lacked independence, a conflict of interest existed or that the board did not act on an informed basis or in good faith, courts will apply the stricter entire fairness standard. Under this standard, the burden is on the board to demonstrate that ‘the challenged act or trans­action was entirely fair to the corporation and its stockholders’.[51] To show entire fairness, the board must prove two elements: (1) procedural fairness – that the decision-making process (how the transaction was initiated, structured and negotiated) was fair; and (2) substantive fairness – that the price of the transaction was fair.[52] If a transaction or challenged board action that involves an inherent conflict is approved by a special committee of independent and disinterested directors or a majority of disinterested shareholders, however, the burden of proving entire fairness shifts to the party challenging the act or transaction.[53] Further, recent case law demonstrates that courts may apply the business judgement rule – rather than the strict entire fairness standard – if both a special committee is used and the board action is approved by a majority of minority (disinterested) shareholders.[54] Another safeguard a board should consider to protect the fairness of the challenged act or transaction is to retain independent legal and financial advisers, or obtain a fairness opinion demonstrating that the act or transaction is fair to the company or minority shareholders. Boards are encouraged to implement such safeguards to comply with their fiduciary duties to best protect against liability.

10.3.4 Enhanced scrutiny for defensive measures or change in control

Delaware courts apply an intermediate standard of review – enhanced scrutiny – in certain situations where there is an inherent conflict of interest, such as when a board adopts defensive measures to protect against a hostile takeover (e.g., poison pill, golden parachute, stock repurchase, leveraged buyout) or seeks to sell the company. In these circumstances, courts will scrutinise: (1) the board’s decision-making process; (2) the information on which the decision was based; and (3) the reasonableness of the board’s actions. In Unocal v. Mesa Petroleum, the Delaware court held that when a board unilaterally adopts defensive measures in response to an alleged threat to corporate control or policy, it must establish that it had reasonable grounds for believing that a danger to corporate policy and effectiveness existed, and that its response to that threat was reasonable.[55] Where there is a change or pending sale of control, Revlon requires that the board take efforts to achieve the highest value reasonably attainable for the stockholders.[56] It is important that directors keep these duties in mind and follow appropriate procedures when taking defensive action or entering into a transaction resulting in a change of control.

10.3.5 Regulatory enforcement

In recent years, government agencies such as the US Department of Justice (DOJ) and the SEC have openly stated their intention to focus on white-collar and regulatory enforcement in the area of corporate governance.[57] Recently, they have been vocal about their focus on director’s duties to exercise reasonable oversight over company affairs.[58]

Directors of public companies should be especially mindful of potential ‘control person’ liability following recent SEC regulatory enforcement actions.[59] Section 20(a) of the Securities Exchange Act of 1934 (the Exchange Act) provides that every person who indirectly or directly controls another person found liable for a securities violation under the Exchange Act is jointly and severally liable for that same conduct, ‘unless the controlling person acted in good faith and did not directly or indirectly induce’ the act or acts constituting the violation.[60] For ‘control person’ liability to attach, most courts take a broad view, requiring only that the person exercised control over the general operations of the business that included the primary violation and possessed the power to exercise control over the transaction that gave rise to the violation.[61]

Additionally, directors must be mindful of regulators’ continuing efforts to encourage whistleblowers to provide information to the government. One well-established example is the SEC Whistleblower Program, which offers monetary incentives to individuals who report possible violations of the federal securities laws, to identify new investigations.[62] Since Congress established the Whistleblower Program pursuant to the Dodd-Frank Act in 2010, the SEC has imposed almost US$5 billion in total monetary sanctions in enforcement matters brought with information from meritorious whistleblowers.[63] Under SEC Rule 21F-4, compliance personnel, auditors, directors and other employees can submit tips anonymously to the SEC and be eligible for a whistleblower award if certain conditions are met. Also under this rule, it is likely that directors who fail to exercise their oversight responsibilities could increasingly become the target of SEC whistleblower complaints brought anonymously by senior executives, legal personnel, compliance or internal audit personnel. Following the SEC’s success, other regulators have established their own whistleblower programmes. In 2021, for example, Congress passed the Anti-Money Laundering Act, which, in part, awards individuals (in certain circumstances) up to 30 per cent of the monetary sanctions collected when information they provide to their employer, the US Department of the Treasury or the DOJ leads to a judicial or administration action under the Bank Secrecy Act resulting in more than US$1 million in damages.[64]

10.4 Emerging areas of board focus and responsibility

As legal, regulatory and societal priorities evolve, boards of directors must similarly amend their focus and understanding of the scope of their duties and responsibilities, and consider whether and how these evolving priorities impact their fiduciary duties. This section addresses select areas where recent developments may have implications for board activities and oversight.

10.4.1 ESG and directors’ duties

ESG issues continue to gain substantial attention from regulators, investors, consumers and society writ large. An amorphous umbrella designation, the term ‘ESG’ encompasses such disparate areas as climate change, diversity and inclusion, cybersecurity and human trafficking. Having emerged as both a regulatory and business priority, ESG indisputably has board-level significance, and directors must engage with ESG considerations in fulfilling their fiduciary obligations to their companies.

First, pursuant to their fiduciary duty of care, directors must include ESG among the mass of material information they consider as part of their informed decision-making. This obligation derives from the current view of ESG as not just desirable, but essential for long-term profitability and success – and so inextricably linked to company strategy. Directors, as stewards charged with shepherding the company into the future, are responsible for identifying the ESG issues most impactful to the business and developing a long-term strategy informed by related ESG considerations and integrating key ESG achievements. Directors must remain sufficiently apprised of ESG-related developments, in and outside the organisation, to make informed decisions.

Directors are also responsible for overseeing key ESG risks to the organisation in connection with their duty of loyalty, particularly their oversight obligations under Caremark. In this capacity, directors must understand company-specific ESG risks and ensure that adequate systems are in place to detect and escalate related concerns. The expectation is that board members appropriately consider the information they receive on ESG, are able to identify red flags and adequately follow up on potential issues and the ­company’s response.

The director’s role in both ESG strategy and oversight is particularly crucial in view of the vastness and lack of consensus around what constitutes ESG, fluid government and shareholder ESG priorities, and unsettled regulatory landscape. From a strategic perspective, directors must help ensure their organisations remain ready to adapt to external changes in ESG priorities, expectations and legal obligations – and expect their own roles to evolve as well. For instance, in March 2022, the SEC proposed rules on corporate governance and board oversight relating to climate change.[65] As expected, those proposed rules have been subject to significant commentary.[66] While it remains to be seen what form the final rules might take, it is clear that this focus on board oversight concerning matters relating to the environment is here to stay. Additionally, in March 2022, the SEC also proposed rules ‘to enhance and standardise disclosures regarding cybersecurity risk management, strategy, governance and cybersecurity incident reporting by public companies’ with direct implications for boards of directors, namely disclosures relating to board expertise on cyber­security and oversight of cybersecurity risk.[67] As more ESG disclosure requirements and uniform standards emerge, directors can expect to be both the stewards helping their companies navigate the maturing ESG landscape, and potentially the subject of regulation (and liability) should boards ignore those obligations.

10.4.2 Special purpose acquisition companies and directors’ duties

Special purpose acquisition companies (SPACs) have gained recent notoriety as an attractive alternative to a traditional public offering. A SPAC is a publicly traded corporation with a two-year life span formed with the sole purpose of merging with a privately held business to enable it to go public.[68] When a SPAC proposes a merger, the SPAC’s shareholders often have the option to participate in the merger or redeem their shares. As with directors of other public companies, SPAC directors owe fiduciary duties of care and loyalty. Those responsibilities certainly come into question when regulators and shareholders question the accuracy of performance projections, corporate valuations and the viability of a company’s product or technology – all of which have been raised in the context of SPAC transactions.

Liability for SPAC directors can certainly arise when directors fail to disclose material information to shareholders regarding proposed mergers. For example, in In re MultiPlan Corp, SPAC shareholder plaintiffs filed a class action, claiming that the SPAC’s sponsors and directors breached their duties of care and loyalty by failing to disclose material information necessary for the shareholder plaintiffs to make informed choices regarding their redemption rights. The Delaware Chancery Court denied the defendants’ motion to dismiss, allowing the plaintiffs’ case to proceed.[69] Notably, the Delaware Chancery Court also stated that ‘[t]he entire fairness standard of review applies due to inherent conflicts between the SPAC’s fiduciaries and public stockholders in the context of a value-decreasing transaction’.[70]

10.4.3 Insider trading and directors’ duties

Directors of public companies are subject to numerous trading limits and reporting obligations with respect to the ownership of their company’s stock. As with corporate officers, directors must not engage in insider trading, or trading in the company’s securities (or causing others to do so) while possessing material non-public information.[71] They are also prohibited from tipping off others with the information.[72] Liability for violating these prohibitions can attach under federal securities law and potentially under state corporate law.

Directors must also publicly report their beneficial ownership of, and transactions in, a company’s securities.[73] In certain circumstances, directors and other insiders can use Rule 10b5-1 plans, which are passive investment schemes for corporate insiders that provide an affirmative defence for insiders transacting in a company’s securities.

Prosecuting insider trading cases has become a priority for the SEC and DOJ. In recent months, the DOJ has gone after directors accused of insider trading, even though the director received no monetary gain and despite thin evidence, in one instance resulting in complete dismissal of the criminal indictment filed against the director.[74] The SEC has also pursued action against an insider for trading in the security of a separate issuer, where the information was alleged to be material to the price movement of not only the issuer’s stock but also its competitor.[75] The SEC has signalled its continued interest in insider trading as a regulatory priority through proposed amendments to Exchange Act Rule 10b5-1.[76] The SEC’s amendments provide affirmative defences for corporate insiders and companies to buy and sell company stock pursuant to trading plans adopted in good faith and before becoming aware of material non-public information.

10.5 Strategic considerations for directors

While there is no effective one-size-fits-all approach to ensure directors satisfy their fiduciary duties, they can take certain steps and implement specific safeguards to meet the ongoing challenges and regulators’ and shareholders’ expectations. Although such measures may not fully eliminate the risk of director liability, they will demonstrate directors’ adherence to the core principles of their fiduciary duties.

  • Understand your role and responsibilities: Directors’ roles relate to oversight, not the everyday management of the company, which is squarely within the authority of the company’s executives and officers. Directors should receive periodic training to ensure they understand how to appropriately identify and respond to compliance risks consistent with their oversight responsibilities. They should also seek the assistance of advisers or expert consultants who can help the directors navigate some of the more difficult issues and responsibilities. Directors should also continue to reassess the risks facing the company and ensure that the information and reporting processes they have in place are up to date and working effectively.
  • Ensure a risk-based compliance framework: Directors should require that management demonstrate that the company has adopted an effective risk-based compliance programme to identify high-risk compliance issues. It is important that directors understand the risk profile of the business and are knowledgeable about the content and operation of the compliance programme to gain confidence in appropriately mitigating key risks.
  • Remain informed: Directors should implement a formal process that facilitates communication between the board and management regarding both the compliance programme and company performance. Directors should remain informed about ongoing and acute risks, as well as about the broader business environment and industries in which the company is operating. Directors must ensure sufficient processes are in place so they receive sufficient information to make informed and independent decisions. Diligence is key when evaluating significant transactions, contracts or responding to red flags.
  • Maximise director independence/independent board committees: Directors should understand and attend to any director conflicts, as conflicts of interest may lead to heightened scrutiny by the courts if director action is challenged. Directors should understand financial and other incentives directors may have that could cause them to advocate for a specific outcome. Boards should consider retaining independent counsel as necessary to ensure independent and informed decision-making and should retain experts as required to ensure the board has the information it needs to make decisions in the best interests of the company. The board should also ensure any process it follows is independent and should discuss with counsel whether the board should retain its own counsel to advise on the decision-making process, including whether a special committee should be appointed to evaluate a potential transaction.
  • Plan for independent investigations and compliance crises: Directors should develop a crisis-management strategy and establish an investigative protocol before such measures are needed, including a process for the board to respond if an independent investigation is necessary. This may include proactive delegation of oversight responsibility to the company’s audit committee or a special litigation or investigation committee. This also may include an annual presentation from management, including the legal and compliance functions, as to the company’s readiness if a government inquiry, whistleblower complaint or other event necessitates consideration of an independent investigation.
  • Document directors’ oversight work: A documented approach to corporate governance and adherence to fiduciary duties can mitigate directors’ risks in the event of litigation or an enforcement proceeding. Real-time documentation, including through clear minutes of board, audit committee or special investigative committee meetings, are critical evidence of directors’ fulfilment of their oversight obligations as a board evaluates issues involving investigations and compliance crises.
  • Focus on ESG governance: board members, in their strategic and oversight capacities, are expected to integrate ESG into a company’s long-term strategy, stay informed of company activities touching on ESG, oversee ESG risks and remain apprised of relevant changes to the regulatory landscape. Developing ESG governance at board level is the crucial first step in ensuring directors are positioned to perform these roles. As part of this, board members should consider a number of key questions: Does the board have sufficient competency and training to discharge its responsibilities? How will the board allocate responsibility for ESG issues and disclosures (e.g., is oversight tasked to the full board or a subcommittee or to be consolidated or dispersed among different subject-matter experts)? What other board-level mechanisms are needed to ensure appropriate consideration of key ESG risks by directors? With a deliberate governance structure in place, the board can understand the company’s ESG risk profile, focus on helping management establish systems to formally measure and monitor critical ESG factors, and concentrate on ESG disclosures and other crucial communications to stakeholders.
  • Incentivise compliance: Corporations can deter misconduct by implementing compensation structures that reward compliance and hold individuals personally accountable for their misconduct – specifically envisioned by the DOJ in its revised Corporate Enforcement Policy of September 2022. The Policy states that ‘prosecutors should consider whether the corporation’s compensation agreements, arrangements, and packages . . . incorporate elements – such as compensation clawback provisions – that enable penalties to be levied against current or former employees, executives, or directors whose direct or supervisory actions or omissions contributed to criminal conduct’.[77] Affirmative incentives may include compliance metrics in compensation calculations and performance reviews that emphasise compliant behaviour, and structures that are viewed to promote ethical corporate culture and strengthen board compliance.[78]

Effective board processes enable directors to carry out their responsibilities in accordance with their fiduciary duties and the expectations of regulators and the market. Adherence to sound principles of corporate governance protects directors and benefits the company in several forms, including through heightened investor confidence and corporate reputation; increased efficiency and avoidance of costly investigation due to spotting issues early on and risk mitigation; and higher levels of customer and employee retention.


[1] Avi Weitzman and John Nowak are partners, Jena Sold is of counsel and Amanda Pober is an associate at Paul Hastings. The authors would also like to acknowledge assistance from Paul Hastings associates Rachel Ofori and Ben Gilberg, as well as the work of Timothy P O’Toole, William P Barry, Margot Laporte, Daniel L Stein, Jason Linder, Glenn K Vanzura and Bradley A Cohen for past editions of this volume, on which portions of this present chapter are based.

[2] While civil liability for breaches of fiduciary duties arises under state law, public company directors separately may face federal criminal and civil liability for violations of the federal securities laws. For example, among other violations, public company directors may be held liable for financial reporting and disclosure violations, and insider trading and other fraud violations, under the Securities Act of 1933 (Securities Act) and the Securities Exchange Act of 1934 (Exchange Act). The Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley) and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 also enhanced director liability under federal law for self-dealing and compensation-related violations, among others.

[3] Delaware Division of Corporations: 2021 Annual Report, available at -2021-Annual-Report.pdf.

[4] In re Walt Disney Co. Derivative Litig., 907 A.2d 693, 745 (Del. Ch. 2005) (Disney I), aff’d, 906 A.2d 27 (Del. 2006) (Disney II).

[5] Id. at 749 (internal quotation marks omitted). See also United Food & Commercial Workers Union & Participating Food Indus. Employers Tristate Pension Fund v. Zuckerberg, 262 A.3d 1034, 1049–50 (Del. 2021) (quoting Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984)) (‘“[P]redicated upon concepts of gross negligence,” the duty of care requires that fiduciaries inform themselves of material information before making a business decision and act prudently in carrying out their duties.’).

[6] See Francis v. United Jersey Bank, 432 A.2d 814, 822 (N.J. 1981) (finding a duty to conduct regular review of financial statements) (Francis); Barnes v. Andrews, 298 F. 614, 615 (S.D.N.Y. 1924) (finding a duty to enquire into the corporate business).

[7] Metro Storage Int’l LLC v. Harron, 275 A.3d 810, 844 (Del. Ch. 2022).

[8] Francis, 432 A.2d at 822 (internal quotation marks omitted).

[9] Disney I, 907 A.2d at 749 (quoting In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 967 (Del. Ch. 1996) (Caremark) (alterations omitted)).

[10] Disney I, 907 A.2d at 750 (internal quotations marks omitted).

[11] Smith v. Van Gorkom, 488 A.2d 858, 874, 881 (Del. 1985), overruled on other grounds by Gantler v. Stephens, 965 A.2d 695 (Del. 2009) (finding directors ‘grossly negligent in approving the “sale” of the Company upon two hours’ consideration, without prior notice, and without the exigency of a crisis or emergency’).

[12] In re Digex, Inc. S’holders, 789 A.2d 1176, 1194 (Del. Ch. 2000).

[13] 8 Del. C. § 141(e) (‘[A director may] be fully protected in relying in good faith upon the records of the corporation and upon such information, opinions, reports or statements presented to the corporation by any of the corporation’s officers or employees, or committees of the board of directors, or by any other person as to matters the member reasonably believes are within such other person’s professional or expert competence and who has been selected with reasonable care by or on behalf of the corporation.’).

[14] Disney I, 907 A.2d at 751.

[15] See, e.g., Del. Code Ann. tit. 8, § 102(b)(7). In states that have enacted statutes in response to Van Gorkom, plaintiffs may still seek equitable remedies such as injunctive relief; in those states, however, directors may be protected from monetary liability where their corporation, in its by-laws or otherwise, has eliminated or limited its directors’ personal liability for monetary damages for breaches of their duty of care. See, e.g., Arnold v. Society for Sav. Bancorp, Inc., 678 A.2d 533 (Del. 1996).

[16] See, e.g., Del. Code Ann. tit. 8, § 102(b)(7). Section 102(b)(7) was amended this year to permit corporations to protect officers, in addition to directors, from personal liability for breach of the duty of care, but this is limited to direct claims by stockholders.

[17] Disney I, 907 A.2d at 751 (internal quotation marks and alteration omitted).

[18] Guth v. Loft, Inc., 5 A.2d 503, 510 (Del. 1939).

[19] Stone v. Ritter, 911 A.2d 362, 369–70 (Del. 2006) (Stone) (quoting Guttman v. Huang, 823 A.2d 492, 506 n.34 (Del. Ch. 2003)).

[20] Id. at 370 (quoting Guttman, 823 A.2d at 506 n.34).

[21] Id. at 369 (quoting Disney, 906 A.2d at 67).

[22] See Summa Corp. v. Trans World Airlines, Inc., 540 A.2d 403, 406 (Del. 1988) (affirming that a majority shareholder breached its duty of loyalty by acting ‘for its sole benefit at the expense of its fiduciary duties to [the corporation’s] minority shareholders’).

[23] Weinberger v. UOP, Inc., 457 A.2d 701, 710 (Del. 1983) (Weinberger).

[24] See Caremark, 698 A.2d at 970 (‘But it is important that the board exercise a good faith judgment that the corporation’s information and reporting system is in concept and design adequate to assure the board that appropriate information will come to its attention in a timely manner as a matter of ordinary operations, so that it may satisfy its responsibility.’).

[25] Id.

[26] Id.

[27] Stone, 911 A.2d at 370; Marchand v. Barnhill, 212 A.3d 805, 820–24 (Del. 2019).

[28] Stone, 911 A.2d at 370.

[29] Marchand, 212 A.3d at 805.

[30] See, e.g., Garfield on behalf of ODP Corp. v. Allen, 277 A.3d 296 (Del. Ch. 2022); In re Boeing Co. Derivative Litig., No. CV 2019-0907-MTZ, 2021 WL 4059934 (Del. Ch. 7 Sept. 2021); Hughes v. Hu, No. 2019-0112-JTL, 2020 WL 1987029 (Del. Ch. 27 Apr. 2020); Teamsters Loc. 443 Health Servs. & Ins. Plan v. Chou, No. 2019-0816-SG, 2020 WL 5028065 (Del. Ch. 24 Aug. 2020).

[31] Stone, 911 A.2d at 370.

[32] Guttman v. Huang, 823 A.2d 492, 506 (Del. Ch. 2003).

[33] See Marchand, 212 A.3d at 820–24 (allowing claims against directors to proceed based on allegations that the board ‘made no effort to put in place a board-level compliance system’ for monitoring the most key compliance risks); In re Wells Fargo & Co. S’holder Derivative Litig., 282 F. Supp. 3d 1074, 1082 (N.D. Cal. 2017) (Wells Fargo) (resulting in settlement of claims against directors for personal liability after court denied motion to dismiss based on reasonable inferences that directors knew the company’s systems were inadequate at identifying and addressing sales integrity issues and took no action in response to numerous red flags). See also, e.g., In re Boeing Co. Derivative Litig., 2021 WL 4059934, at *27 (denying motion to dismiss for failure of oversight where board ‘had no committee charged with direct responsibility to monitor airplane safety’, which it did not monitor or discuss on a regular basis, nor any regular process for management to apprise board members of the same); Hughes v. Hu, 2020 WL 1987029, at *15 (inferring failure of board oversight from ‘chronic deficiencies’ in internal controls over financial reporting); Teamsters Loc. 443 Health Servs. & Ins. Plan, 2020 WL 5028065, at *2 (finding board ignored red flags and ‘permitted a woefully inadequate reporting system’ with respect to relevant subsidiary).

[34] Wells Fargo, 282 F. Supp. 3d at 1082, 1088; see also id. at 1107–09 (finding a court may infer directors have ‘consciously disregarded an obligation to be reasonably informed about the business and its risk or [its] duty to monitor and oversee the business’); Marchand, 212 A.3d at 820–24.

[35] Press Release, Sec. & Exch. Comm’n, Elon Musk Settles SEC Fraud Charges; Tesla Charged With and Resolves Securities Law Charge (29 September 2019),

[36] Sarbanes-Oxley, Pub. L. No. 107-204, 116 Stat. 745, § 301.

[37] Id.

[38] Wells Fargo, 282 F. Supp. 3d at 1107–09.

[39] David B. Shaev Profit Sharing Acct. v. Armstrong, No. 1449-N, 2006WL 391931, at *5 (Del. Ch. 13 February 2006).

[40] Id. (quoting In re Citigroup Inc. S’holder Litig., No. 19827, 2003 WL 21384599, at *2 (Del. Ch. 5 June 2003), aff’d sub nom. Rabinovitz v. Shapiro, 839 A.2d 666 (Del. 2003)).

[41] In re Tri-Star Pictures, Inc. Litig., 634 A.2d 319, 333 (Del. 1993) (internal quotation marks and citation omitted).

[42] Cinerama, Inc. v. Technicolor, Inc., 663 A.2d 1156, 1166 (Del. 1995) (internal quotation marks and citation omitted). Often, directors’ liability for monetary payments will be covered by directors’ and officers’ liability insurance.

[43] In a June 2014 speech at the Twentieth Annual Stanford Directors’ College, for instance, US Securities and Exchange Commission (SEC) Chair Mary Jo White stated that directors are ‘essential gatekeepers’ and ‘play a critically important role in overseeing what your company is doing, and by preventing, detecting, and stopping violations of the federal securities laws at your companies, and responding to any problems that do occur’. See Mary Jo White, A Few Things Directors Should Know About the SEC, available at

[44] Bamford v. Penfold, L.P., No. 2019-0005-JTL, 2022 WL 2278867, at *35 (Del. Ch. 24 June 2022), reargument granted in part, 2022 WL 3283869 (Del. Ch. 10 August 2022)

[45] Disney II, 906 A.2d 27 at 74; see also In re Match Grp., Inc. Derivative Litig., No. 2020-0505-MTZ, 2022 WL 3970159, at *17 (Del. Ch. 1 September 2022) (‘Our law presumes directors are independent.’).

[46] Disney II, 906 A.2d at 52 (quoting Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984)).

[47] Disney I, 907 A.2d at 747.

[48] Id. at 748 (internal quotation marks omitted).

[49] Id.

[50] See Lebanon Cnty. Emps.’ Ret. Fund v. AmerisourceBergen Corp., C.A. No. 2019-0527-JTL, at *43 (Del. Ch. 13 January 2020) (‘If directors learn of information that would put them on notice of a threatened corporate trauma – the proverbial red flag – then they must take action in good faith to address it. A claim that directors had notice of serious misconduct and simply brushed it off or otherwise failed to investigate states a claim for breach of duty.’).

[51] In re MultiPlan Corp. S’holders Litig., 268 A.3d 784, 815 (Del. Ch. 2022) (quoting Disney II, 906 A.2d at 52).

[52] See Weinberger, 457 A.2d at 711; see also ONTI, Inc. v. Integra Bank, 751 A.2d 904, 930 (Del. Ch. 1999), as revised (1 Jul. 1999); In re S. Peru Copper Corp. S’holder Derivative Litig., 52 A.3d 761, 788 (Del. Ch. 2011), aff’d sub nom. Americas Mining Corp. v. Theriault, 51 A.3d 1213 (Del. 2012).

[53] See In re MAXXAM, Inc./Federated Dev. S’holders Litig., No. CIV.A. 12111, 1997 WL 187317, at *13 (Del. Ch. 4 Apr. 1997), on reargument sub nom. In re Maxxam, Inc., No. CIV. A. 12111, 1997 WL 382983 (Del. Ch. 2 Jul. 1997) (citing Kahn v. Lynch Commc’n Sys., Inc., 638 A.2d 1110 (Del.1994)).

[54] See In re MFW S’holders Litig., 67 A.3d 496 (Del. Ch. 2013), aff’d sub nom., Kahn v. M&F Worldwide Corp., C.A. No. 6566, 2014 WL 996270 (Del. 14 Mar. 2014); see also Corwin v. KKR Financial Holdings LLC, 125 A.3d 304 (Del. 2015) (finding fully informed stockholder vote ‘cleansed the transaction thereby irrebuttably reinstating the business judgment rule’); Huff Energy Fund, L.P. v. Gershen, No. CV 11116-VCS, 2016 WL 5462958, at *15 (Del. Ch. 29 Sep. 2016) (same).

[55] Unocal v. Mesa Petroleum, 493 A.2d 946, 955 (Del. 1985).

[56] Revlon, Inc. v. MacAndrews & Forbes Holdings, Inc., 506 A.2d 173, 182, 184, n.16 (1986); Mills Acquisition Co. v. Macmillan, Inc., 559 A.2d 1261, 1264 (Del. 1989); Teamsters Loc. 237 Additional Sec. Benefit Fund v. Caruso, No. CV 2020-0620-PAF, 2021 WL 3883932, at *19 (Del. Ch. 31 Aug. 2021).

[57] Deputy Attorney General Lisa O Monaco, ‘Keynote Address at ABA’s 36th National Institute on White Collar Crime’, available at -general-lisa-o-monaco-gives-keynote-address-abas-36th-national-institute; Gurbir S Grewal, ‘Remarks at SEC Speaks 2021’, available at

[58] U.S. Dep’t of Justice Criminal Div., Evaluation of Corporate Compliance Programs (updated June 2020), available at; Transcript: Assistant Attorney General Kenneth Polite Jr, ‘Keynote Address at Compliance Week 2022’, available at

[59] Press Release, Sec. & Exch. Comm’n, SEC Shuts Down Fraudulent Mother-Son Offering Involving Purported Supercomputer (19 July 2021),

[60] See generally 15 U.S.C. § 78t(a).

[61] See, e.g., In re Mut. Funds Inv. Litig., 566 F.3d 111, 129–30 (4th Cir. 2009), rev’d on other grounds sub nom. Janus Capital Grp., Inc. v. First Derivative Traders, 564 U.S. 135 (2011); Laperriere v. Vesta Ins. Group, 526 F.3d 715, 723–25 (11th Cir. 2008).

[62] SEC Whistleblower Program, Frequently Asked Questions, available at

[63] SEC Whistleblower Program, 2021 Annual Report, available at

[64] See 31 USC § 5311 et seq.

[65] SEC Proposed Rule: The Enhancement and Standardization of Climate-Related Disclosures for Investors, available at

[66] See, e.g., Ten Thoughts on the SEC’s Proposed Climate Disclosure Rules, available at -disclosure-rules/; Securities and Exchange Commission or Securities and Environment Commission? The SEC Proposes New Rules for Climate-Related Disclosures, available at -and-environment-commission-sec.

[67] SEC Proposed Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, available at

[68] ‘SPACs: What You Need to Know’, available at -to-know.

[69] See MultiPlan Corp., 268 A.3d 784, 819 (Del. Ch. 2022).

[70] Id.

[71] 17 C.F.R. § 240.10b-5.

[72] Id.

[73] 15 U.S.C. § 78p.

[74] See, e.g., United States v. Sarshar, No. 1:21-cr-202-GHW, 2022 U.S. Dist. LEXIS 27520 (S.D.N.Y. 15 February 2022). Note that one of the authors of this chapter (Avi Weitzman) litigated this case.

[75] See SEC v. Panuwat, No. 21-cv-06322-WHO, 2022 U.S. Dist. LEXIS 39584 (N.D. Cal. 14 January 2022).

[76] Press Release, Sec. & Exch. Comm’n, ‘SEC Proposes Amendments Regarding Rule 10b5-1 Insider Trading Plans and Related Disclosures’ (15 December 2021), available at

[77] U.S. Dep’t of Justice, Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group, available at

[78] Id.

Unlock unlimited access to all Global Investigations Review content