Risk Management: Delaware Court Affirms Protection of Business Judgment Rule in Current Financial Crisis

The Delaware Court of Chancery recently dismissed multiple counts alleging directors of Citigroup breached their fiduciary duties by failing to properly monitor the company’s exposure to the subprime mortgage crisis (In re Citigroup Inc. Shareholder Derivative Litigation, Civ. Action 3338-CC (Del. Ch. Feb. 24, 2009)). In dismissing the claims, Chancellor Chandler reaffirmed Delaware law relating to the business judgment rule and clarified the application of the rule in the context of directors’ duty of oversight of business risks.

The plaintiffs alleged, among other things, that the directors breached their fiduciary duties by failing to properly monitor and manage the risks Citigroup faced from exposure to the subprime lending market. In particular, the plaintiffs claimed that the directors ignored numerous “red flags,” consisting primarily of press releases and other public documents showing worsening conditions in the subprime and financial markets, and, as a consequence, the company suffered massive losses. The plaintiffs sought to hold the directors personally liable for this alleged failure of oversight. Under Delaware law, oversight failure is a breach of the duty of loyalty for which directors cannot be protected by a charter provision exculpating directors from personal liability for violation of the duty of care. In dismissing these claims due to failure to adequately plead demand futility, the court expounded on several key principles:

  • The duty of oversight is not designed to subject directors to personal liability for failure to predict the future and to properly evaluate business risk. A claim for breach of the duty of care cannot be transformed into a duty of oversight claim simply by alleging that directors failed to properly appreciate business risks.
  • Plaintiffs face an “extremely high” burden when seeking to hold directors liable for failure to properly evaluate the extent of a company’s business risks.
  • To state a claim for director oversight liability, a plaintiff must plead particularized facts demonstrating that directors acted in bad faith.
  • To establish bad faith, there must be a showing either that the directors knew that they were not discharging their fiduciary obligations or that the directors demonstrated a conscious disregard for their responsibilities. The mere fact that a company takes on business risk and suffers losses—even catastrophic losses—does not establish bad faith.

The Duty of Oversight

Under Delaware law, directors have a duty to oversee a company’s liability creating activities. This responsibility, as enunciated in In re Caremark[1] and its progeny, is based on the concept of good faith, which is embedded in the duty of loyalty and does not constitute a freestanding fiduciary duty. Consequently, a showing of bad faith is a necessary condition to director oversight liability. As the Delaware Supreme Court explained in Stone v. Ritter:[2]

  • Caremark articulates the necessary conditions predicate for director oversight liability: (a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention. In either case, imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith.[3]

Consequently, to establish oversight liability, there must be a showing either that the directors knew they were not discharging their fiduciary obligations or that the directors demonstrated a conscious disregard for their responsibilities, such as by failing to act in the face of a known duty to act.[4]

Oversight of Business Risks

In Citigroup, a Delaware court addressed, for the first time, alleged failures by directors to properly oversee business risks, in contrast to the more typical Caremark claim alleging failure to properly monitor or oversee employee misconduct or violations of law. The court drew a fundamental distinction between these two types of risks:

  • Directors should, indeed must under Delaware law, ensure that reasonable information and reporting systems exist that would put them on notice of fraudulent or criminal conduct within the company. Such oversight programs allow directors to intervene and prevent frauds or other wrongdoing that could expose the company to risk of loss as a result of such conduct. While it may be tempting to say that directors have the same duties to monitor and oversee business risk, imposing Caremark-type duties on directors to monitor business risk is fundamentally different. Citigroup was in the business of taking on and managing investment and other business risks. To impose oversight liability on directors for failure to monitor “excessive” risk would involve courts in conducting hindsight evaluations of decisions at the heart of the business judgment of directors. Oversight duties under Delaware law are not designed to subject directors, even expert directors, to personal liability for failure to predict the future and to properly evaluate business risk.[5]

The court concluded that the plaintiffs’ claims, “dressed-up” in allegations of oversight failure, were simply attempts to hold the director defendants personally liable for business decisions that, in hindsight, turned out poorly. It is just this type of judicial second guessing, the court said, that the business judgment rule was designed to prevent.

While the court surmised that it “might be possible” under some set of facts for a plaintiff to state a Caremark claim for failure to monitor business risks, the court did not elaborate on what those facts would need to be. Given the presumption of the business judgment rule, the protection of an exculpatory charter provision and the difficulty of proving a Caremark claim, the court stated that a plaintiff carried “an extremely high burden to state a claim for personal director liability for a failure to see the extent of a company’s business risk.”[6]

As discussed above, under the traditional Caremark standard, oversight liability can be established only where (1) directors utterly failed to implement risk reporting or information systems or controls or (2) having implemented such a system or controls, directors consciously failed to monitor or oversee its operations. The court noted that the plaintiffs conceded that Citigroup had procedures and controls in place to monitor risk, including a board committee that was expressly charged with assisting the board in fulfilling its oversight responsibility with respect to risk assessment and risk management. The court also noted that this committee met at least 11 times a year during the period in question. In dismissing the claims, the court explained that the plaintiffs’ allegations “do not even specify how the board’s oversight mechanisms were inadequate or how the director defendants knew of these inadequacies and consciously ignored them.”[7] The court, thus, recharacterized plaintiffs’ claim as a claim that the directors must be held liable because they were charged with monitoring Citigroup’s risks, and Citigroup experienced losses as a result of exposure to subprime mortgage risks. However, the court emphasized, risk-taking is at the heart of business decision-making, and the mere fact that a company takes on business risk and suffers losses does not establish bad faith.

Other Claims

In addition to dismissing the lack of oversight allegations discussed above, the court also dismissed allegations that directors breached their duty of disclosure and committed certain actions constituting corporate waste. The court did, however, deny the motion to dismiss with respect to the corporate waste claim relating to executive compensation (as discussed below).

Plaintiffs’ Disclosure Allegations. Plaintiffs argued that the directors violated their duty of disclosure by failing to ensure that the company’s financial reporting and other disclosures were thorough and accurate, particularly regarding Citigroup’s exposure to subprime assets. A plaintiff can demonstrate a breach of the duty of disclosure by showing that the directors “deliberately misinformed shareholders about the business of the corporation, either directly or by a public statement.”[8] In Citigroup, however, the plaintiffs failed, among other things, to allege with sufficient specificity the actual misstatements or omissions that constituted a violation of the board’s duty of disclosure.[9]

Plaintiffs’ Corporate Waste Allegations. Plaintiffs also alleged that certain directors were liable for corporate waste for (1) approving a letter agreement between Citigroup and Charles Prince, its former CEO, (2) allowing Citigroup to purchase $2.7 billion in subprime loans, (3) approving a buyback of over $645 million of Citigroup shares at artificially inflated prices and (4) allowing Citigroup to invest in structured investment vehicles that were unable to pay off maturing debt. To prevail on a corporate waste claim, the plaintiff must overcome the general presumption of good faith by showing that the board’s decision was so egregious or irrational that it could not have been based on a valid assessment of the corporation’s best interests.[10] Applying this test, the court dismissed all corporate waste claims except for the claim relating to the board’s approval of the letter agreement, which granted Mr. Prince, among other things, $68 million upon his departure from Citigroup. Because the court is required to take the plaintiff’s allegations as true, the court denied the motion to dismiss this portion of the claim because there is a reasonable doubt as to whether the letter agreement was “so one sided” or awarded compensation so disproportionately large as to be unconscionable and constitute waste.[11]


Citigroup is a strong reaffirmation of the primacy of the business judgment rule in the midst of public outcry over the current financial crisis. While it is clear that Delaware courts will not second guess directors in assessing and taking business risks on behalf of the enterprise, directors should, nevertheless, remain vigilant in monitoring their company’s business risks. As the events of the subprime meltdown and ensuing financial crisis have unfolded, it is clear that many companies are facing risks that they never even knew they had, and risk management continues to receive heightened media and shareholder attention. For many companies in the current economic environment, more diligent risk management is not merely a “best” practice but also a necessary practice to ensure survival of the enterprise.


[1] In re Caremark Int’l Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).
[2] Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006).
[3] Id. (footnotes omitted).
[4] In re Citigroup at 23.
[5] Id. at 41.
[6] Id. at 29.
[7] Id. at 35.
[8] Id. at 43.
[9] Id. at 44.
[10] Id. at 51-52.
[11] Id. at 45.  



If you have questions regarding this alert, please contact—

Gemma L. Descoteaux gdescoteaux@akingump.com 214.969.4783 Dallas
Russell W. Parks Jr. rparks@akingump.com 202.887.4092 Washington, D.C.
C.N. Franklin Reddick III freddick@akingump.com  310.728.3204 Los Angeles
Adam K. Weinstein aweinstein@akingump.com 212.872.8112 New York