Edward McNally ponders the oversight duties of directors with respect to natural disasters:
The recent events in Japan prompt the question of whether the members of a corporation's board of directors have any exposure to liability when a natural disaster strikes their company. The potential claim would be that as part of their duty to oversee the company's risk management that they should have better protected their company from losses resulting from a natural disaster. Of course, most people view such national disasters as Black Swans, events no one anticipates will happen. Surely directors are not responsible for future events no one anticipates. Or are they?
He concludes:
A large corporation may receive literally thousands of complaints each year from customers, employees or regulators. It is not reasonable to ask a board of directors to consider each of those complaints as red flags requiring their inquiry. The board would do nothing else if it had to look into a thousand complaints. Instead, what the board should do is have in place some process that is designed to catch wrongdoing, filter complaints and sends to the board only those few that warrant further action by the board of directors.
That same analysis applies to the board's duties concerning potential natural disasters. It is to be expected that some level of natural events may occur and lead to damages to a corporation's infrastructure. Storms are even classified by how often they are expected to occur, with a "10 years storm" expected at least once a decade. The board should have in place insurance and other measures it has been advised by experts are sufficient to protect their corporation from a natural disaster that was reasonably likely to occur. The board should periodically review the company's insurance and disaster avoidance plans, at least to be satisfied that appropriate steps have been taken by management to address that threat to the company. Not every potential disaster needs to be planned for, just those that are actual threats. If these basic steps are taken, directors should not be held liable if a natural disaster causes an anticipated harm to their company. We have not yet reached the point where the courts will expect directors to foresee Black Swans. Some risk is necessary for success. A properly functioning board is entitled and indeed expected by its investors to take such risks.
I think that's good advice as a matter of best corporate governance practices. The Delaware courts have consistently explained, however, that the fiduciary duties of directors do not not necessarily require best practices. To the contrary, conduct falling short of best practices has consistently been protected from liability.
As for Caremark liability in this context, I explained in my article Caremark and Enterprise Risk Management that:
Under Stone, the initial question is whether the board “utterly failed to implement any reporting or information system or controls.” Where a Caremark claim is premised on accounting control failures, liability would arise if “the company entirely lacked an audit committee or other important supervisory structures, or that a formally constituted audit committee failed to meet.” Note the emphasis that a mere failure is not enough; there must be an utter or entire failure. This requirement follows inexorably from Caremark’s dictum that “the level of detail that is appropriate for [the requisite] information system is a question of business judgment.” Courts are not to second-guess a board’s determination that the company’s risk management programs are adequate.
I further explained that:
This judicial reticence is appropriate because substantive analysis of board decisions with respect to the nature, scope, and content of risk management programs are themselves business decisions of the sort protected by the business judgment rule. The levers a board can pull when supervising the company’s risk management include, for example, the human capital resources devoted to the task. The board might ask such questions as: To whom do risk management officers report? How are they chosen? How much are they paid? How is their performance evaluated? Personnel decisions like these are core business judgments protected from judicial review by the business judgment rule. Likewise, managing operational risk by choosing among possible business activities is a basic business judgment that should be protected by the rule.
The same should be true of natural disaster preparation. And so I am not too worried about this issue. As my article concluded with reference to the three leading cases:
In Caremark, Chancellor Allen opined that the oversight claims countenanced by that case would be perhaps the most difficult corporate law claim for plaintiffs to satisfy. Guttman likewise emphasized that Caremark claims are difficult to prove. Stone reiterated the same emphasis on creating a high liability bar.
I'd be willing to be a fancy steak dinner that the odds of a tsunami hitting Delaware are higher than the odds of a Delaware court finding a Caremark violation triggered by the fall out (pun not intended) from a natural disaster.