Jay Brown is displeased with Delaware Chancellor William Chandler's opinion in the Citigroup subprime mortgage mess.
Citigroup is a multinational financial services corporation. In the period prior to the financial crisis, Citigroup's Securities and Banking Unit began marketing collateralized debt obligations (CDOs). This form of derivative security consists of "repackaged pools of lower rated securities that Citigroup created by acquiring asset-backed securities, including residential mortgage backed securities ("RMBSs"), and then selling rights to the cash flows from the securities in classes, or tranches, with different levels of risk and return." In some cases, the CDO's terms included a so-called "liquidity put," which allowed the purchasers to resell the securities to Citigroup at their original cost.
Eventually Citigroup had some $55 billion in exposure to the subprime mortgage market via these CDOs and other investments. As a result, Citigroup faced all three types of enterprise risk. Market risk arose, for example, because changes in interest rates and housing prices could significantly affect the value of CDOs based on mortgage-backed securities. Credit risk arose, for example, because adverse changes in the credit quality of subprime mortgage-backed securities could lead to Citigroup's counterparties exercising their liquidity puts. Operational risk is pervasive in the context of derivative securities, potentially arising from "inadequate systems, management failure, faulty controls, fraud, and human error":
[In fact,] many of the large losses from derivative trading are the direct consequence of operational failures. Derivative trading is more prone to operational risk than cash transactions are because derivatives, by their nature, are leveraged transactions. The valuation of complex derivatives also creates considerable operational risk. Very tight controls are an absolute necessity if a firm is to avoid large losses.
When the financial crisis hit and the subprime mortgage market collapsed, Citigroup in fact suffered very serious financial losses.
The defendants were current and former directors and officers of Citigroup. Plaintiffs' claims against them included an argument "that the director defendants are personally liable under Caremark for failing to 'make a good faith attempt to follow the procedures put in place or fail[ing] to assure that adequate and proper corporate information and reporting systems existed that would enable them to be fully informed regarding Citigroup's risk to the subprime mortgage market.'"
Chandler dismissed: "While it may be tempting to say that directors have the same duties to monitor and oversee business risk, imposing Caremark-type duties on directors to monitor business risk is fundamentally different. … Oversight duties under Delaware law are not designed to subject directors … to personal liability for failure to … properly evaluate business risk."
Jay writes:
Its enough, apparently, to have [a reporting system], no matter how good or bad (the only standard is that it can't result in "a sustained or systematic failure of the board to exercise oversight." That standard is ridiculously high, effectively a waste standard for the duty to monitor. Once a company has a reporting system in place, a board can only be liable for failing to react to react to the information that it receives under the entirely inadequate reporting system. …
The Chancery Court, however, treated the case as simply sour grapes based on an after the fact dissatisfaction with the company's business decisions. "When one looks past the lofty allegations of duties of oversight and red flags used to dress up these claims, what is left appears to be plaintiff shareholders attempting to hold the director defendants personally liable for making (or allowing to be made) business decisions that, in hindsight, turned out poorly for the Company."
Even more surprisingly, the Chancery Court took the position that it would be a mistake to impose on directors the possibility of liability for failing to adequately assess risks within the company. …
In other words, the Chancery Court characterized the subprime mess and the near nationalization of Citigroup as an ordinary risk taking transaction that did not require oversight by the board of directors. When it comes to examining the standards set by the Delaware courts for directors (or lack of standards), this case typifies the wrong headed approach of the courts. Even in the middle of the worst financial crisis since the Great Depression, the Delaware courts cannot bring themselves to entertain even the possibility that the board might have had a role in supervising the excessive risk taking by Citigroup.
Perhaps not surprisingly, I come down on the same side as Chancellor Chandler. As I explain in my forthcoming article on Caremark and Enterprise Risk Management, in Caremark, Chancellor Allen opined that the oversight claims countenanced by that case would be perhaps the most difficult corporate law claim for plaintiffs to satisfy. Guttman likewise emphasized that Caremark claims are difficult to prove. Stone reiterated the same emphasis on creating a high liability bar.
Risk management does not differ in kind from the more typical law compliance and accounting control cases in which Caremark claims have been brought in the past. Because risk management does differ in degree from such claims, however, particularly because it is inextricably intertwined with risk taking, the bar needs to be set particularly high with respect to such claims. If Caremark is the most difficult theory of liability in corporate law, risk management needs to be the most difficult variant of Caremark claims.
Risk management necessarily overlaps with risk taking because the former entails making choices about how to select the optimal level of risk to maximize firm value. There are only four basic ways of managing risk: avoiding it by avoiding risky activities, transferring it through insurance or hedging, mitigating it, and accepting it as unavoidable. All of these overlap with risk taking. Operational risk management, for example, frequently entails making decisions about whether to engage in risky lines of business and, more generally, determining whether specific risks can be justified on a cost-benefit analysis basis. As a result, it is becoming increasingly "difficult to draw a line between corporate governance and risk management."
The fuzzy line between risk-taking and risk management is nicely illustrated by how corporations use derivatives. On the one hand, they can be used to hedge risk. On the other hand, they can be used as speculative investments. In many cases, they can be used as both simultaneously.
As the Chancellor Chandler correctly recognized in Citigroup, Caremark claims premised on risk management failures thus uniquely implicate the core concerns animating the business judgment rule in a way typical Caremark claims do not.
Citigroup thus presents us with an opportunity for reiterating the case for insulating director decisions from judicial review.
The business judgment rule is corporate law's central doctrine. It pervades every aspect of the state law of corporate governance; from negligence by directors, to self-dealing transactions, to termination of shareholder litigation and so on. Of particular relevance, it is the governing standard when shareholders complain that about allegedly excessive executive pay.
Corporate directors are subject to a fiduciary duty of care, which requires them to the sort of care that ordinarily careful and prudent people would use in similar circumstances. Because the corporate duty of care thus resembles the tort law concept of reasonable care, one might assume the duty of care is violated when directors act negligently. Yet, the one thing about the business judgment rule on which everyone agrees is that it insulates directors from liability for negligence.
The rule doesn't completely insulate directors from liability, of course. As the Delaware Supreme Court explained in an earlier appeal in the Disney litigation, the rule simply means that:
"...directors' decisions will be respected by courts unless the directors are interested or lack independence relative to the decision, do not act in good faith, act in a manner that cannot be attributed to a rational business purpose or reach their decision by a grossly negligent process that includes the failure to consider all material facts reasonably available.[1]
Yet, even with those qualifications, the rule provides directors with considerably greater protection from liability than most economic actors enjoy.
The business judgment rule's traditional justification is that courts are not business experts.[2] It is probably true that most judges do not have much expertise in business law matters, although that's hardly the case for Delaware's judiciary, which more-or-less specializes in corporation law. Moreover, business law is not the only context in which judges are called upon to review complex issues arising under conditions of uncertainty. Reviewing a board of directors' decision to pay Michael Ovitz $140 million for 14 months work, for example, seems no more technically demanding than reviewing medical or product design decisions. Yet, no "medical judgment" or "design judgment" rule precludes judicial review of malpractice or product liability cases.
Why then do directors of corporations get this special protection?
Justice Jackson famously observed of the U.S. Supreme Court: "We are not final because we are infallible, but we are infallible only because we are final." Neither courts nor boards of directors are infallible, but someone must be final. Otherwise we end up with a never-ending process of appellate review. The question then is a simple one: Who is better suited to be vested with the mantle of infallibility that comes by virtue of being final—directors or judges?
Judges necessarily have less information about the needs of a particular firm than do that firm's directors. A fortiori, judges will make poorer decisions than the firm's board. As one court decision put it:
"[C]ourts recognize that after-the-fact litigation is a most imperfect device to evaluate corporate business decisions. The circumstances surrounding a corporate decision are not easily reconstructed in a courtroom years later, since business imperatives often call for quick decisions, inevitably based on less than perfect information. The entrepreneur's function is to encounter risks and to confront uncertainty, and a reasoned decision at the time made may seem a wild hunch viewed years later against a background of perfect knowledge."[3]
Put another way, judges are no less subject to bounded rationality than any other decision makers. Just as the limits on cognitive competence impede the ability of market actors to write complete contracts, those same limits necessarily impede judicial review. Only with the benefit of hindsight will judges be able to make better decisions than boards, but we have already seen that hindsight review is problematic. While market forces work a sort of Darwinian selection on corporate decision makers, moreover, no such forces constrain erring judges. As such, rational shareholders will prefer the risk of managerial error to that of judicial error.
The posited preference for managerial error, however, only extends to decisions motivated by a desire to maximize shareholder wealth. Given that market forces encourage directors to make such decisions carefully, such a preference makes sense. Where the directors' decision was motivated by considerations other than shareholder wealth, as where the directors engaged in self-dealing or sought to defraud the shareholders, however, the question is no longer one of honest error but of intentional misconduct. Despite the limitations of judicial review, rational shareholders would prefer judicial intervention with respect to board decisions so tainted. As Delaware Chief Justice Veasey observes, "investors do not want self-dealing directors or those bent on entrenchment in office. ... Trust of directors is the key because of the self-governing nature of corporate law. Yet the law is strong enough to rein in directors who would flirt with an abuse of that trust."[4] The affirmative case for disregarding honest errors thus simply does not apply to intentional misconduct. To the contrary, given the heightened potential for self-dealing in an organization characterized by a separation of ownership and control, the risk of legal liability may be a necessary deterrent against such misconduct.
The function of the business judgment rule thus is to act as a filter for self-dealing and fraud. As long as the board made an informed decision untainted by conflicts of interest, the court will defer to the board's judgment. Directors are thus allowed to take business risks without fear that an error in judgment or even an act of God might result in liability being imposed on them. Conversely, however, the rule will not allow directors to cheat and self-deal.
Giving Michael Ovitz $140 million to go away after a mere 14 months on the job might not have been the smartest decision a board of directors made, but absent evidence that the board acted from conflicted interests, it is precisely the sort of decision that courts leave to the discretion of directors.
Precisely the same thing can be said of a board's decision to adopt and implement a risk management program. It is a core matter of business judgment and deserves the same respect any other business judgment would get.
[1] Brehm v. Eisner, 746 A.2d 244 (Del. 2000).
[2] See, e.g., Dodge v. Ford Motor Co., 170 N.W. 668, 684 (Mich. 1919).
[3] Joy v. North, 692 F.2d 880, 886 (2d Cir. 1982), cert. denied, 460 U.S. 1051 (1983).
[4] E. Norman Veasey, An Economic Rationale for Judicial Decisionmaking in Corporate Law, 53 Bus. Law. 681, 694 (1998).