Directors' Reliance on Internal Controls in Light of Caremark and W.R. Grace

Originally published in PLI Securities Law handbook Fall 1998



Imagine that you are a director of two public corporations. Both companies have experienced troubles. The first corporation has pleaded guilty to criminal charges involving fundamental business practices in its core business; paid over $250 million to settle those charges and related civil litigation; sold part of the business in question for $276 million less than it had paid for it eight years earlier, due to the controversy engendered by the matter; and been served with at least five derivative lawsuits. These problems arose as a consequence of certain employees' unethical interpretations of the company's business practices. You were aware (and your company disclosed) that the legality of these practices was under scrutiny, and that it was very important to prevent exactly that type of wrongdoing that eventually occurred.

The second corporation's SEC filings included a copy of the retiring's CEO compensation agreement. The agreement stated that the CEO would continue to enjoy the perquisites of his office, including the use of the corporation's airplanes. The SEC filings, however, did not reveal that the value of the perquisites was $3.6 million, $2.7 million of which resulted from the airplanes; and that a separate agreement in principal to sell a minor, unsuccessful line of business to another company headed by the retiring CEO's son had been signed but abandoned. Subsections of the SEC's regulations required disclosure of this information. You participated in the negotiation of both agreements, and reviewed the SEC filings. The disclosure deficiencies, however, resulted from the misrepresentations of the retiring CEO (who is now deceased) on an officers and directors' questionnaire, and from the drafting decisions of counsel.

As these facts demonstrate, there is an important difference between the experiences of your two corporations: the first corporation suffered staggeringly bad consequences of its employees' wrongful conduct, and the second corporation did not. There are also similarities between the cases. Although you were aware of the issues that led to the problems in both cases, you have not been charged with acting in bad faith or with disloyalty to the corporation. Moreover, in both cases, you relied on the advice or decisions of counsel in deciding to do (or not do) what you did (or did not do).

In which case is it more likely that you may be faulted for placing excessive reliance on the corporation's internal controls - neither of which had signaled the problem in question? According to two opinions announced in the last eighteen months, the answer is "the second case." In the first case, In re Caremark International, Inc. Derivative Litigation, 698 A.2d 959 (1996), Chancellor William Allen held that directors may rely on a corporation's internal controls and the bona fides of its employees. So long as there is not an utter absence of internal controls, even if severe consequences result from the circumvention of those controls, the directors may not be held liable for the breach of fiduciary duty of care or attention. In the majority opinion in the second case, In re W.R. Grace & Co.,1 the SEC ruled that directors may not rely on a corporation's internal procedures - including the decisions of counsel - in the drafting of proxy statements and periodic SEC filings, where the directors possess personal knowledge that suggests that the disclosures may be incomplete.

This article compares and contrasts Caremark and W.R. Grace to ascertain the implication of those cases on directors' ability to rely on a corporation's internal controls. As explained below, it is our opinion that Caremark will render it difficult to fault directors for relying on internal controls in the majority of cases involving challenges to directors arising from their alleged failure to police the wrongdoing of subordinate corporate employees. In contrast, it will be rare that directors will possess personal knowledge about the wrongful conduct that circumvented internal controls - as was the case of the directors in W.R. Grace, who were personally involved in the negotiations of the inadequately disclosed agreements.2 An interesting question left open by both cases is whether it matters that the malfeasance or misrepresentations that circumvented the corporation's internal controls were conducted by senior management, as distinguished from lower-level employees.


Caremark arose in the context of a proposed settlement of a consolidated derivative action. The derivative plaintiffs filed a series of complaints alleging that the directors of Caremark International, Inc. ("Caremark"), had breached their duty of care by failing to adequately supervise the wrongful conduct of the company's employees described below. 698 A.2d at 964. For those purposes of evaluating the fairness and reasonableness of the proposed settlement, Chancellor Allen accepted the underlying facts, elicited from a record that included "numerous documents and three depositions," id. at 970, as undisputed. As described in the Introduction, supra, those facts reveal a serious breach of internal controls, with dire consequences to the company.

Caremark was in the business of providing patient care and managed care services. A substantial portion of Caremark's revenue was derived from third party payments from insurers and Medicare and Medicaid reimbursement programs. Id. at 961. Those payments were subject to the federal Anti-Referral Payments Law ("ARPL"), a statute designed to prevent bribery of physicians in the referral of Medicare or Medicaid patients. Caremark and its corporate predecessors attempted to regulate its business to comply with the ARPL by issuing internal ethical guidelines, which were reviewed and updated annually by internal and outside counsel. Id. at 962, 963. Caremark nevertheless publicly asserted that in the absence of case law on ARPL, there was uncertainty concerning the company's interpretation of the law, and that if the company was found to be in violation of the law, it could have a material adverse effect. Id.

Caremark adopted additional internal control measures as the law appeared to change. It amended its standard form agreements to comply with new administrative interpretations of the ARPL. Id. at 962. Following the initiation of government investigations, Caremark's Board of Directors took additional steps to ensure compliance with its internal ethical guidelines. Among other measures, the Board required higher-level managers to approve each contract with a physician; created an internal audit plan to ensure compliance with ethical guidelines; adopted stricter internal audit guidelines, even after being advised by its external auditors that there were no material weaknesses in the company's control structure; and appointed the company's Chief Financial Officer as the compliance officer. Id. at 963. Caremark's president also sent a letter to all senior, district, and branch managers restating Caremark's policies, and informing them that deviation from official policies would result in immediate termination of employment. Id. at 963 n.5. At all relevant times, the Board was advised by counsel and informed of these efforts to assure compliance with the ARPL. Id. at 963.

Notwithstanding this vigilance, two of Caremark's officers were indicted for violating the ARPL, and another physician was indicted for accepting bribes from Caremark. Id. at 963-64. Following these revelations, five derivative lawsuits were filed against Caremark and its directors. Id. at 964. Caremark then sold the business involved in the second indictment for $310 million - $276 million less than its corporate predecessor had paid for the business eight years earlier. Id. at 964 n.8. The complaints alleged that the directors' breach of their duty of care to supervise the conduct of Caremark's employees, or to institute corrective measures, had exposed Caremark to the fines, liability, defense costs, and $276 million loss, arising from the criminal indictments. Id. at 964, 967.

The defendants moved to dismiss the consolidated derivative lawsuit, on the grounds that demand had not been excused and that Caremark's articles of incorporation precluded holding the directors personally liable for monetary damages. Id. at 965. During the pendency of that motion, Caremark agreed to pay over $250 million to settle the criminal charges and related civil lawsuits. Id. at 965-66 & n.10. In the agreement in which Caremark pleaded guilty, the government stipulated that no senior executive of Caremark had participated in, condoned, or was willfully ignorant of the wrongdoing in question. Id. at 965. Caremark then agreed to settle the derivative lawsuits. The settlement provided that Caremark would undertake various measures to prevent further occurrence of the wrongful business practices. Id. at 966. It did not include any monetary payment to the derivative plaintiffs or the corporation. Id. at 972.

In considering the settlement, Chancellor Allen noted that there was no evidence that the directors knew of underlying violations of law that had led to the indictments. Id. at 971. The directors knew that Caremark's business practices subjected the company to the ARPL, but they had been "informed by experts that the company's practices, while contestable, were lawful." Id. Thus, the only basis for liability was the directors' inattention to the violations. Chancellor Allen thus approved the settlement as fair and reasonable in light of the "very low probability that it would be determined that the directors of Caremark breached any duty to appropriately monitor and supervise the enterprise." Id. at 961.3

At the outset, Chancellor Allen commented that as the complaint had not alleged that the directors had engaged in self-dealing or breached any duty of loyalty, plaintiffs' theory "is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment." Id. at 967. The Court then stated that the first of the "two distinct contexts" in which such a claim "may, in theory, arise" was "from a board decision that results in a loss because it was 'ill advised' or 'negligent'." Id. (emphasis in original).4 Chancellor Allen explained that this situation "will typically be subject to review under the director-protective business judgment rule, assuming the decision made was the product of a process that was either deliberately considered in good faith or was otherwise rational." Id. (emphasis in original) (citing Aronson v. Lewis, 473 A.2d 805 (Del. 1984); Gagliardi v. Tri-Foods Int'l, Inc., 683 A.2d 1049 (Del. Ch. 1996)). Chancellor Allen could not have been more eloquent or forceful in foreclosing challenges to directors' decisions on any basis other than via the standards of the business judgment rule:

  1. What should be understood, but may not be widely understood by courts or commentators who are not often required to face such questions, is that compliance with a director's duty of care can never appropriately be judicially determined by reference to the content of the board decision that leads to a corporate loss, apart from consideration of the good faith or rationality of the process involved. . . Indeed, one wonders on what moral ground might shareholders attack a good faith business decision of a director as 'unreasonable' or 'irrational'. When a director exercises a good faith effort to be informed and to exercise appropriate judgment, he or she should be deemed to satisfy fully the duty of attention.

Id. at 967, 968 (emphasis in original). As the Court concluded, "the core element of any corporate law duty of care inquiry" is "whether there was good faith effort to be informed and exercise judgment." Id. at 968.

The most significant portion of Caremark concerns the second set of circumstances in which a breach of the duty of care theoretically could arise: from "an unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss." Id. at 967. Referring to notorious financial scandals at Kidder, Peabody, Prudential Securities, and other companies; and to the increasing tendency to subject corporate behavior to the criminal law; Chancellor Allen noted that while corporate boards are "required only to authorize the most significant corporate acts or transactions," business decisions by lower-level employees can have a major impact on the corporation. Id. at 968-69. These circumstances raised the relevant inquiry, "what is the board's responsibility with respect to the organization and monitoring of the enterprise to assure that the corporation functions within the law to achieve its purposes?" Id.

In answering this question, Caremark acknowledged that directors have a duty to monitor compliance with the law. Chancellor Allen noted that Graham v. Allis-Chalmers Mfg. Co., 188 A.2d 125 (Del. 1963), had rejected a claim that the directors of a corporation that had violated the antitrust laws had breached a duty to be informed of the ongoing operations of the firm. The Court, however, rejected a reading of Graham that would impose no duty on directors "to assure that information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation's compliance with the law and its business performance." 698 A.2d at 970. Such an interpretation would conflict with "the seriousness with which the corporation law views the role of the corporate board," the need for timely information in order to exercise the board's supervisory and management functions, and the increasing scope of the criminal law as applied to corporations. Id.

At the same time, Caremark set forth several severe barriers plaintiffs face in alleging the breach of the duty of care. First, Chancellor Allen held that the directors' discharge of their duty to monitor corporate compliance with the law by assuring themselves that adequate information systems exist is itself judged by the business judgment rule. Id. at 970 ("Obviously the level of detail that is appropriate for such an information system is a question of business judgment."). Second, Chancellor Allen held that in the discharge of their duty of care, directors may rely on the integrity of the corporation's employees. Thus, he interpreted Graham as "standing for the proposition that, absent grounds to suspect deception, neither corporate boards nor senior officers can be charged with wrongdoing simply for assuming the integrity of employees and the honesty of their dealings on the company's behalf." Id. at 969 (citing Graham, 188 A.2d at 130-31). Third, Chancellor Allen noted that a breach of duty cannot be assumed from the fact that internal controls were circumvented. As he explained, "no rationally designed information and reporting system will remove the possibility that the corporation will violate laws or regulations, or that senior officers or directors may nevertheless sometimes be misled or otherwise fail reasonably to detect acts material to the corporation's compliance with the law." 698 A.2d at 970.

In summarizing and applying these standards, the Court held that:

  1. Generally where a claim of directorial liability for corporate loss is predicated upon ignorance of liability creating activities within the corporation . . . in my opinion only a sustained or systematic failure of the board to exercise oversight - such as an utter failure to attempt to assure a reasonable information and reporting system exists - will establish the lack of good faith that is a necessary condition to liability. Such a test of liability - lack of good faith as evidenced by sustained or systematic failure to exercise reasonable oversight - is quite high.

Id. at 971. In the case at bar, the record showed that the corporation's information systems "appear to have represented a good faith attempt to be informed of relevant facts." Id. In those circumstances, the Court concluded that even though "[t]he liability that eventuated in this instance was huge, "[i]f the directors did not know the specifics of the activities that lead to indictments, they cannot be faulted." Id. at 971-72.


The W.R. Grace opinion, like Caremark, arose in the context of a settlement. In this case, W.R. Grace & Co. ("WRG") consented to a decree enjoining it from further violations of the securities laws. The violations arose from allegedly incomplete disclosures in two Form 10-Ks and proxy statements of two agreements: a retirement compensation agreement with the company's long-time Chief Executive Officer, J. Peter Grace, Jr. ("Grace, Jr."); and a related party agreement in principal to sell a portion of WRG's businesses to Grace, Jr.'s son, J. Peter Grace III.

The retirement agreement was negotiated by Grace, Jr. and the company's outside directors; the inside directors, and the company's chief disclosure counsel, were asked to leave the Board of Directors and Compensation Committee meetings at which the agreement was discussed. 1997 SEC LEXIS at 2038, at *11. Another director, who was also WRG's Chief Executive Officer, also learned of the substance of the agreement. Id. at *13. The agreement, which was drafted by WRG's legal counsel, id. at *9 n.8, stated that Grace, Jr. would continue to receive "[a]ll other benefits and arrangements currently provided to you [Grace, Jr.] as chief executive officer (including, but not limited to, the use of office space and corporate aircraft)." Id. at *10.

WRG's problem with the retirement agreement arose in the course of preparing its 1992 Form 10-K and 1993 proxy statement. The complete text of the agreement was attached as an exhibit to the 10-K. Id. at *12. Following internal procedures, the Form 10-K and proxy statement were drafted by the company's disclosure counsel, after officers and directors' questionnaires were circulated. The counsel's drafts disclosed that Grace, Jr. would receive "certain other benefits" as a result of the agreement. Id. at *11. Grace, Jr., however, answered "no" in his officers and directors' questionnaire as to whether he was continuing to receive the perquisites of his office. Id. at *12. As the disclosure counsel had been excluded from the negotiation of the agreement, counsel arranged for two of the outside directors who had been involved therein to review the applicable section of the disclosure documents. Id. at *13.5 Those directors (one of which who signed the 10-K), and the Chief Executive Officer (who also signed the 10-K), did not question the manner in which the retirement package was disclosed.

As WRG later disclosed, the value of the perquisites provided to the retiring CEO was $3.6 million, $2.7 million of which accrued from the continued use of corporate aircraft. Id. at *13 n.10. As a result, according to the majority of the Commissioners, the disclosure that Grace, Jr. would receive "certain other benefits" did not comply with Item 402(h) of Regulation S-K, which requires that a registrant "describe each of the terms and conditions of any compensatory arrangement which results from the retirement of an executive officer if the aggregate amount exceeds $100,000." 1997 SEC LEXIS 2077, at *16. WRG's 10-K thus violated Securities Exchange Act Section 13(a) and the accompanying Rule 13a-1, id. at *14; and WRG's proxy statement violated Securities Exchange Act Section 14(a) and the accompanying Rules 14a-3 and 14a-9. Id.

WRG's problem with the agreement in principle was similar in nature. WRG's Chief Executive Officer and one of its outside directors were aware of the status of the negotiations of the agreement, 1997 SEC LEXIS 2038, at *16; and WRG's legal counsel participating in its drafting. Id. at *18 n.14. The agreement in principle provided that WRG would sell its GHSC line of business for $1.3 million to a group of investors formed by J. Peter Grace III, at that time the chairman of GHSC. Grace III, however, was unable to secure the needed financing for the transaction, and the agreement expired on its own terms. Id. at *16.6 In preparing the company's 1993 Form 10-K and 1994 proxy statement, Grace, Jr., answered "no" to a question in his officers and directors' questionnaire asking if the company was a party to any transactions in which he or his family had an interest. The agreement was not disclosed in the draft documents; and, again, the outside director and the Chief Executive Officer involved in the negotiations did not question the nondisclosure of the agreement. The SEC found that the disclosure of the proposed related party transaction was required by Item 404(a) of Regulation S-K, and Item 7 of Schedule 14A, which require disclosure of related party transactions in excess of $60,000. As a result, the Form 10-K and proxy statement again violated Securities Exchange Act Section 13(a) and the accompanying Rule 13a-1, and Securities Exchange Act Section 14(a) and the accompanying Rules 14a-3 and 14a-9. 1997 SEC LEXIS 2077, at *17-18.

The principal legal issue involved in the case was the extent to which the directors had relied on the company's disclosure drafting procedures. Two of the three directors involved in the retirement agreement stated that they had assumed that the agreement would "receive full consideration in [WRG's] disclosure process," because it had been drafted by WRG's legal counsel. 1997 SEC LEXIS 2038, at *9 n.8. Likewise, the two directors involved in the agreement in principle stated that they had relied on WRG's counsel with respect to the nondisclosure of that agreement. Id. at *18.

The SEC stated that it had not found that the directors had acted in bad faith. Id. at *5. The majority of the Commissioners, however, rejected the directors' reliance on the company's internal procedures. Making clear that it was acting Ato emphasize the affirmative responsibilities of corporate officers and directors to ensure that the shareholders whom they serve receive accurate and complete disclosure of information required by the proxy solicitation and periodic reporting provisions of the federal securities laws," id. at *3, the SEC held that "[i]f an officer or director knows or should know that his or her company's statements concerning particular issues are inadequate or incomplete, he or she has an obligation to correct that failure." Id. at *19. Thus, an officer or director may "rely on the company's procedures for determining that disclosure is required only if he or she has a reasonable basis for believing that those procedures have resulted in full consideration of those issues." Id.7

Applying these rules to the case at bar, the SEC held that given the directors' personal knowledge of the agreements in question, they could not "assume[] that WRG's internal mechanisms for preparing the relevant disclosure documents, including the review of counsel, would address these issues." Id. at *20 n.17. Rather, the directors should have "inquired as to whether the securities laws required disclosure of this information," id. at *20, and pursued the issues with the company's disclosure counsel. Id. at *14, 18. Such inquiries might have revealed that the disclosure counsel were unaware of the terms of the retirement agreement, id. at *14 n.11, and\or that Grace, Jr. had incorrectly answered his officers and directors' questionnaire. Id. at *18 & n.15. If the directors were not reasonably satisfied as to the answers they received upon further inquiry, "they should have insisted that the documents be corrected before they were filed with the Commission." Id. at *20.

Commissioner Wallman dissented from the Report of Investigation. In his view, the majority had applied an incorrect legal standard in stating that officers and directors "must 'ensure' the accuracy and completeness of company disclosures." Id. at *22. He further contended that, applying the proper standard, the three WRG directors in question had not breached their duties under the federal securities law; and the majority's opinion to the contrary had "impose[d] strict liability for a disclosure failure - which is simply not the law." Id. at *23.

Commissioner Wallman's dissent arose, in part, from his opinion that "[t]he two questioned disclosures in this case both turn on fine legal interpretations." Id. at *26.8 He noted, for example, that as WRG's previous SEC filings had not disclosed the details of the perquisites given to Grace, Jr., "I would suspect that most securities lawyers would believe that less, not more, disclosure would be required upon" Grace, Jr.'s retirement. Id. at *29. He also characterized the agreement in principle as only "a non-binding letter of intent," and opined that legal minds might differ as to whether it had been a "currently proposed" transaction requiring disclosure. Id. at *31.

With the difficulty of the disclosure issues in mind, Commissioner Wallman supported the directors' reliance on internal procedures. In his view, the directors were "not in a position to second-guess" the disclosures, and "had every right to rely on a system designed to produce appropriate disclosure." Id. at *26.9 In judging that system, Commissioner Wallman stated that the issue was simple: "did legal counsel have the necessary facts to do the job that was required - and if not, did these three individuals know (or, perhaps, should these three individuals have known) that the counsel did not have the necessary facts." Id. at *27. He concluded that the lawyers clearly possessed the relevant information regarding the retirement agreement; and that, while the issue was less clear, the same probably was true for the agreement in principle. Moreover, in any case, if there was a lack of a clear understanding of the relevant agreements, it was up to the disclosure counsel, and not the directors, to inquire further. Id. at *28 n.4. As to the directors, they simply did not "appear to have had any reason whatsoever to believe that the appropriate legal distinctions were not being made by [WRG's] attorneys," id. at *26; and there had not been any "'red flags' or warnings to indicate that the system - which included the employment of respected and competent securities counsel - was breaking down, or was inadequate to produce documents that would comply with the federal securities laws." Id. at *24.


Caremark and W.R. Grace appear to reach different - and, given the materiality of the corporate disasters involved in the cases, counterintuitive - outcomes on the ability of directors to rely on internal controls. Is there a manner in which the cases may be reconciled so as to articulate a clear rule on the issue, or at least distinguished so that one case or the other does not apply in a particular context?

Arguably, W.R. Grace may be distinguished because the only issue at stake therein was the corporation's disclosures. Clearly, the Commission wished to emphasize the personal responsibility of directors and officers to ensure accurate SEC filings. Indeed, the majority was so intent on emphasizing this point that it stated that both of the outside directors involved in the case had breached their duty to ensure the accuracy of WRG's filings - even though one of the directors had only reviewed, and not signed, the filings. 1997 SEC LEXIS 2038, at *5. One would expect that directors would be less likely to be able to rely on internal controls in fulfilling their personal disclosure requirements imposed by the government. Still, it would be too hasty to dismiss W.R. Grace as only a disclosure case, in light of the decision's discussion of the topic of internal controls. Moreover, the Commission analogized W.R. Grace to earlier opinions discussing the responsibility of directors to "act effectively when confronted with evidence of management's possible involvement in securities fraud." Id. at *3 n.4. This suggests that the Commission believes that the principles involved in W.R. Grace are applicable to the more general set of circumstances in which directors are charged with guiding the corporation's response to internal problems within the company; in other words, the context presented in Caremark.

Another way to distinguish W.R. Grace is to note the special definition of "materiality" applied therein. In the majority's opinion (but not, as we have seen, in Commissioner Wallman's view), the disclosure requirements were clear-cut: disclosure was required of perquisites valued over $100,000, and related party transactions valued over $60,000. When WRG's SEC filings did not meet these objective standards, there was, for the purpose of the administrative proceeding, a material violation of the applicable statutes and regulations; and scienter was not required to state a claim. 1997 WL SEC LEXIS 2077, at *14-15. It is not clear whether the outcome of the case would have been the same had the issue been whether the same disclosures had been materially misleading in the context of a private 10b-5 lawsuit, or even in a private Section 14(a) lawsuit challenging the directors elected by the proxy statements in question. Indeed, in the context of a 10b-5 claim, a securities defense lawyer would not hesitate in defending the adequacy of disclosure in a Form 10-K that, like WRG's Form 10-K, disclosed the full text of the agreement in question. Thus, W.R. Grace best applies to a narrow set of cases in which the directors' failed reliance on internal controls concerns highly technical disclosure issues that, in another context, may not present significant problems.

Notwithstanding the latter distinction between the cases, the best manner of applying Caremark and W.R. Grace to the issue of directors' reliance on internal controls is to consider which set of circumstances is more likely to arise in the derivative context. In our opinion, Caremark will render it difficult to fault directors for relying on internal controls in the majority of cases involving challenges to directors arising from their failure to police the alleged wrongdoing of corporate employees. Our belief arises in part from the expected characteristics of those cases. By definition, derivative cases alleging the breach of the duty of care generally involve the alleged failure to police the actions of subordinate employees - and not, as Caremark itself illustrates, the directors' direct involvement in the underlying wrongdoing giving rise to the injury to the corporation. Thus, it will only be in those minority of cases in which the directors possess personal knowledge of the underlying wrongdoing at issue that the directors, as in W.R. Grace, will not be able to rely on the company's internal controls in defending their action (or inaction) against an allegation of the breach of duty of care.

Caremark's applicability also flows from the types of corporate wrongdoing that are likely to give rise to derivative claims. As Caremark illustrates and explains, the wrongful actions of subordinate employees may have dire consequences for a company. If the wrongdoing, however, involves an issue that is so important that the failure to follow proper rules would result in severe consequences and a derivative lawsuit, it is likely that the directors would have been aware of the issue, and discussed it with management and independent experts.10 According to Caremark, the result of these deliberations - directors' informed decisions to set and rely on a particular system and level of internal controls - are protected by the business judgment rule. As Chancellor Allen stated, this will render it extremely difficult for derivative plaintiffs to second-guess the directors; i.e., to opine that the directors should have instituted even stricter controls or been even more vigilant in policing subordinate employees. Thus, even if, as in Caremark, the internal controls were subverted (at great cost) by the dishonesty of subordinate employees, the directors should not be faulted for trusting in those employees and the company's internal controls.

A good application of this reasoning from Caremark is to derivative suits challenging directors' supervision of a corporation's revenue recognition policies. It certainly is true that revenue recognition rules may be subverted by subordinate employees (e.g., by sales persons that enter into secret "side letters" undermining the finality of a sales transaction). It is also the case that the consequences of the subversion of these rules can be dire, up to and including a financial restatement. In those circumstances, directors may be served with derivative suits alleging that they breached their duty of care by failing to stop the wrongdoing.11 Revenue recognition issues, however, generally occupy an important place in the purview of the board of directors. Indeed, most (if not all) corporate boards have a separate Audit Committee devoted precisely to revenue recognition and other accounting issues. Those boards and committees regularly seek the expert advice of independent auditors. Moreover, given the significance of those issues, most (if not all) of those boards and committees also insist that the company establish internal audit systems, to ensure compliance with revenue recognition laws. Thus, as in Caremark, it is likely that the directors would have been aware and informed of revenue recognition issues, and have taken steps to ensure compliance with the law, by the time the directors are named in a derivative suit. The business judgment rule will thus protect the directors' reliance on those controls, and on the integrity of the company's employees, even when the controls are circumvented and a restatement results.12

Notwithstanding Caremark's likely predominance in affirming directors' reliance on internal controls, W.R. Grace may be significant in suggesting another manner in which to challenge directors' reliance on internal controls. At the end of his dissent in that case, Commissioner Wallman suggested two examples of "red flags" that, had they existed, might have alerted the directors in that case to the fact that the disclosure process was not working: (1) "knowing that Grace, Jr. had intentionally or otherwise not completed his [officers and directors'] questionnaire properly"; and (2) "the presence of past mistakes or omissions in the Company's disclosure documents." 1997 SEC LEXIS 2038, at *32. Derivative plaintiffs can be expected to cite these examples in attempting to plead around the directors' reliance on internal controls. Plaintiffs, however, still must overcome Caremark's grant of business judgment rule protection for directors' decision to set a particular level of controls - including, as directors undoubtedly would contend, their decision to set a particular level of controls sufficient to address any past wrongdoing or circumvention of controls that had occurred.13 Caremark itself may be cited as in support of the directors' contention. Following the initial challenges to and government investigations of the company's business practices, the Caremark directors tightened controls, and continued to seek the advice of counsel. See pp. 2-3, supra. Their decisions were accorded the protections of the business judgment rule, as against any assertion that the internal controls were inadequate in light of the past challenges to Caremark's practices.


In conclusion, while Caremark recognizes a duty to assure adequate internal controls, and W.R. Grace suggests the limits of relying on such controls in every factual context, the most significant implication of the two cases is Caremark's recognition that once internal controls have been instituted - a factual circumstance that we predict will exist in the majority of derivative cases - corporate directors' reliance on those controls will be judged by the "director-protective" business judgment rule. As Chancellor Allen aptly reasoned, a derivative plaintiff's challenge to the directors' reliance on internal controls thus presents "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment."

New questions undoubtedly will be answered regarding the principles governing directors' reliance on internal controls as more cases of the Caremark ilk arise from lower-level employees' involvement in wrongdoing detrimental to the company. For example, both Caremark and W.R. Grace leave open the question of whether it matters that the malfeasance or misrepresentations that circumvented the corporation's internal controls were conducted by senior management, as distinguished from lower-level employees. It is possible to read Caremark to suggest that the reliance on internal controls is weaker in the former situation: Chancellor Allen, who set forth in his opinion the facts that he found material to his decision, 698 A.2d at 961, not only noted that Caremark's senior management had not been involved in the underlying criminal conduct, but emphasized that fact in italics. Id. at 965. Moreover, in W.R. Grace, it was the company's retiring CEO whose inaccurate answers to the directors and officers' questionnaire helped vitiate the directors' reliance on the internal procedures for drafting the SEC disclosures.

Notwithstanding these indications in Caremark and W.R. Grace, the better answer is that directors' reliance on internal controls should not depend on the rank in the hierarchy of the employees circumventing those controls. In Caremark, Chancellor Allen found that notwithstanding the serious harm lower-level employees had done to the company, the directors could not be faulted for relying on those employees' honesty and integrity. There is no evident reason why directors should be able to rely only on unknown employees in far-flung outposts of the corporation, and not on the honesty and integrity of the members of senior management with whom the directors have most closely worked. Indeed, two of the steps mentioned by Chancellor Allen in connection with the monitoring of the company's compliance with its ethical rules involved the participation of senior management: the Board appointed the company's Chief Financial Officer as the compliance officer, and the company's president sent a letter reinforcing the need to comply with the rules. See p. 3, supra. Had those senior managers circumvented their own internal controls and lied to the Board of Directors about their compliance with the law, as long as "the directors did not know the specifics of the activities" of those senior managers, "they cannot be faulted." Caremark, 698 A.2d at 971-72.


1. The SEC issued two releases on the same day to memorialize its investigation, analysis, and disposition of the W.R. Grace matter. In re W.R. Grace & Co., Securities Exchange Act of 1934 Release No. 39156, 1997 SEC LEXIS 2077 (Sept. 30, 1997), sets forth the order instituting the proceedings against W.R. Grace, the consent of W.R. Grace and three directors to a cease and desist order, and the Commission's legal analysis of the applicable statutes and regulations. In re W.R. Grace & Co., Securities Exchange Act of 1934 Release No. 39157, 1997 SEC LEXIS 2038 (Sept. 30, 1997), presents the Commission's Report of Investigation pursuant to Securities Exchange Act Section 21(a). This latter release also contains the dissent of Commissioner Steven M.H. Wallman to the standard of care enunciated by the majority of the Commissioners. While both releases present the pertinent facts, the latter release articulates them with additional particularity, in part due to the perspective offered by Commissioner Wallman.

2. Moreover, W.R. Grace's refusal to sanctify directors' reliance on internal controls also reflects that case's focus on a narrower issue: compliance with what the Commission regarded as objective disclosure requirements. The directors' duty to ensure compliance with those regulations is so strict that reliance on internal corporate procedures (even on attorneys expert in such matters) is not a defense to a failure to comply.

3. Significantly, although Chancellor Allen also found that the derivative claims "quite likely were susceptible to a motion to dismiss" on the grounds proffered by the defendants, he discussed that finding only in a footnote. 698 A.2d at 971 & n.28.

4. Notwithstanding his recitation of the word "negligence," Chancellor Allen commented that "[t]he vocabulary of negligence, while often employed, . . . is not well-suited to judicial review of board attentiveness, . . . , especially if one attempts to look to the substance of the decision as any evidence of possible 'negligence.'" 698 A.2d at 967 n.16 (citations omitted). Chancellor Allen further explained that the "reasonable person" test for negligence liability is not well suited to the decisions of corporate directors: if compelled to authorize decisions only "on a basis of a substantive judgment based on what . . . persons of ordinary or average judgment and average risk assessment talent regard as 'prudent', 'sensible', or even 'rational'," directors might avoid riskier investment projects desired by shareholders. Id.

5. These directors were Eben Pyne and Charles Erhart; the Chief Executive Officer, who also was a director, was J.P. Bolduc. The Commission decided that due to "the unique circumstances presented here (including the death of Grace, Jr.)," it had decided not to take any action against Pyne, Erhart, or Bolduc personally. Id. at *21. Note that by the time the Commission issued the release, Bolduc had resigned as Chief Executive Officer, and Pyne and Erhart had left WRG's board. Id. at *7-8. The Commission also found that Bolduc had recognized and attempted to reduce the influence of Grace, Jr. on the company. Id. at *21 n.18.

6. It undoubtedly was significant to the Commission's findings that Grace III proposed to pay for GHSC with a $1.3 million note. Approximately one year later, WRG alleged that Grace III and his proposed acquisition company had misappropriated approximately $1.3 million from WRG. Pursuant to an arbitration agreement and stipulation, Grace III repaid substantially all of the money claimed by WRG. 1997 SEC LEXIS 2038, at *16 n.12.

7. As the Commission further noted, the W.R. Grace case demonstrated that "corporate disclosure mechanisms cannot compensate for the failures of individuals," e.g., for Grace, Jr.'s inaccurate answers to the officers and directors questionnaire. 1997 SEC LEXIS 2038, at *5 n.5.

8. See also 1997 SEC LEXIS 2038, at *31-32 (stating that the question of whether WRG's disclosures had been accurate is "not open and shut on these facts").

9. As Commissioner Wallman later expressed with respect to the question of whether the agreement in principle was a "currently proposed" transaction that required disclosure, "it is lawyers that make these decisions. CEOs and outside directors do not." 1997 SEC LEXIS 2038, at *31.

10. In other words, it is unlikely that, with respect to any issue that is so significant and fraught with peril to threaten the company, there would exist the "utter failure to attempt to assure a reasonable information and reporting system exists" required by Chancellor Allen to support a breach of duty of care claim, Caremark, 698 A.2d at 971; or that the directors would have failed to inform themselves of the relevant issues.

11. Wilson Sonsini Goodrich & Rosati currently is defending two such derivative lawsuits. The opinions and hypothetical factual circumstances expressed herein are not taken from, and may or may not apply to, either of these lawsuits.

12. The revenue recognition example also illustrates the general inapplicability of W.R. Grace's exception to the directors' reliance on internal controls. It is unlikely that directors would have been personally involved in the surreptitious transactions wrongly recorded as revenue; directors usually act as directors, and not as sales persons.

13. Of course, plaintiffs also would face the difficulty of pleading the circumstances of the breach of duty with particularity. See, e.g., Allison ex rel. General Motors Corp. v. General Motors Corp., 604 F. Supp. 1106, 1122 (D.Del.), aff'd 782 F.2d 1026 (3rd Cir. 1985); Aronson, 473 A.2d at 81