Introduction

Oversight and disclosure by directors of carbon risks is now being guided by courts, regulators, and institutional investors. Similarly, in the ongoing litigation relating to the AIRMAX 737 jets, the courts are considering whether Boeing’s independent directors may have personal liability for failing to oversee management of the corporation’s core risks1. What are the best risk oversight practices which directors should follow to protect themselves and their companies from liability?

What is the board’s role in overseeing risks?

What is the role of directors in overseeing their company’s risks? Should directors ensure that their organizations implement formal Enterprise Risk Management programs to facilitate risk oversight at the board level? 

For years, boards have relied on the business judgment rule which shields liability for bad decisions provided that a careful and diligent review of the relevant factors was undertaken by directors acting reasonably. However, as noted by Carol Hansell, Canadian lawyer and writer on board matters, if directors have made an unintelligent or unadvised judgment, or have been unduly passive, the courts will not defer to the judgment of the directors. Protection under the business judgement rule requires directors to inform themselves about the material facts relating to those decisions and, where circumstances warrant, make inquiries to evaluate and seek advice about the information presented to them. Boards must engage in a reasoned analysis before making decisions. Hansell also notes that directors should also be aware that decisions concerning matters such as forecasting are protected by the business judgment rule, but decisions concerning disclosure are a legal obligation. 2 

Boards must engage in a reasoned analysis before making decisions

On Monday March 21, 2022, the U.S. Securities Exchange Commission proposed requiring that U.S. listed companies disclose a range of climate related risks. Companies would be required to disclose the “actual or material impacts” that climate related risks will have on their business, strategy and outlook, including physical risks, as well as new regulations.3  Institutional investors are now urging companies to consider climate change risk in every investment decision. Canadian securities regulators have for years advised companies that climate change and environmental issues comprise disclosure obligations for issuers. 

In 2018, the Canadian Coalition for Good Governance (CCGG) issued The Directors’ E&S Guidebook which states: “The oversight of all significant risk factors, including those related to E&S, is a core function of the board. Organizations should have an enterprise risk management (ERM), or equivalent, system that enables an organization to identify and assess E&S risks as a fully integrated aspect of the management of material risks, and not treated discreetly.” CCGG also advises that: “A robust ERM framework, in which E&S is fully integrated, ensures that all top organizational risks are equally identified, prioritized, mitigated, and monitored. The board and management should agree on the assessment of E&S risks within the ERM framework, including underlying assumptions.”4

As noted by Hansell, the Ontario Teachers’ Pension Plan (“OTPP”) has called out the accountability of boards of directors with respect to climate change risk, noting that where a company’s climate change risks are material, it is the responsibility of the whole board to oversee these risks. 5

Per Hansell, in 2019, Canadian securities regulators acknowledged that climate change-related risks are a mainstream business issue and directed board and management to take appropriate steps to understand and assess the materiality of these risks to their business.6

Take appropriate steps to understand and assess the materiality of these risks to their business

This brings us to the on-going Boeing litigation. In their Harvard Law School forum article post, Lawyers Gail Weinstein, Steven Epstein, and Mark H. Lucas of Fried, Frank, Harris, Shriver & Jacobson LLP point to the Boeing Company Derivative Litigation (Sept. 7, 2021) as another example in a series of cases in recent years in which the Delaware Courts have found that the company’s independent directors may have personal liability to the stockholders for a failure to have overseen management of the corporation’s core risks.1 In Boeing, certain stockholders brought a derivative suit, claiming that the company directors had failed to oversee and monitor the safety and airworthiness of the company’s aircraft and thus had severely harmed the company and its stockholders. 

(Boeing) directors had failed to oversee and monitor the safety and airworthiness of the company’s aircraft

While the courts to date have not yet implicated the Boeing directors, protection for the board under “Caremark claims” has been rejected by the courts. Boeing reflects a recent trend in which U.S. courts have rejected early dismissal of claims at the pleading stage which have been seeking protection citing Caremark. 

In the Boeing opinion, Zurn, Vice Chancellor of the Delaware Chancery Court, provided important guidance with respect to best practices for directors in fulfilling their oversight responsibilities, as discussed in “Practice Points” below:

Best Practices for Directors

Practice Points from the Harvard Law School Forum on Corporate Governance, “Boeing: Rejecting Early Dismissal of Claims Against Directors for Inadequate Risk Oversight”.1

  • Boards must establish and monitor a system for board-level oversight of the critical risks facing the company. 
    The system should include processes and protocols for reporting to and monitoring by the board, with emphasis on those issues that are central to the company’s business (such as airplane safety for an airplane manufacturing company). The system need not prove to be full-proof or even effective—but it must reflect a good faith effort by the board to be informed on an ongoing basis about the company’s “mission-critical” risks. The court has indicated in other cases that even a company’s actual compliance with applicable regulations does not in and of itself necessarily establish that Caremark duties were fulfilled—rather, these duties require that the board establish and monitor a process for board-level oversight.
  • Product safety, material regulatory issues, and financial integrity are issues that merit board-level attention. 
    Particularly once the board becomes aware of a material issue, and certainly in the wake of a “traumatic” corporate event, relating to product safety, regulatory compliance or financial integrity, the board should be involved and informed. The board: (i) should focus on seeking to ensure the safety of its product rather than being solely or primarily preoccupied with the financial, public relations, or litigation risks associated with an event; and (ii) should not delegate all authority to management for product safety without a corresponding obligation to return to the board for approval and oversight.
  • Board minutes should reflect the board’s monitoring and oversight efforts. 
    Board minutes should reflect the board’s efforts to establish, implement and maintain oversight systems; the board’s regular discussion of key compliance and other issues; and management’s disclosure to the board of compliance and other key risks and developments. As noted above, in Boeing, the court concluded that product safety was not discussed at any board or committee meeting as the minutes did not specify that it was discussed.
  • It is important that appropriate processes be in place before a corporate crisis relating to mission-critical risks. 
    Of note, in Boeing, after the second crash, one of the directors suggested to the board that the board should be taking a more serious approach toward airplane safety issues. He outlined the procedures he was familiar with at another company (such as annual presentations to the board on product safety issues). The court cited this director’s comments as evidence of the board’s bad faith in that at least some of them knew that the board was not fulfilling its Caremark duties.
  •  The recent Caremark decisions underscore the following relating to best practices:
    • A board should identify what the company’s “mission-critical” risks are and the board or a board committee should be specifically tasked with oversight of those risks. 
      The board should formally delegate oversight of the specified mission-critical risks (such as airplane safety for an airplane manufacturer) and record these delegations in the corporate books and records (such as, in the case of delegation to a board committee, in the committee’s charter). A more specific delegation is preferable to relying on the typical delegation to the Audit Committee to oversee compliance generally. A board should be aware of the practices of other companies in its industry with respect to oversight of mission-critical risks and ensure that its own practices are at least as robust. (For example, if others in the airplane manufacturing industry all have an “Aviation Safety” board committee, such a committee should be considered rather than relying on the Audit Committee.)
    • A board should be proactive in ensuring that it receives regular presentations, and all appropriate information, relating to mission-critical risks. 
      Presentations to the board on mission-critical risks should be made by management and the board committee (if applicable) tasked with the oversight responsibility. At least an annual, regularly scheduled presentation should be made, with additional presentations as appropriate. Directors should be proactive in seeking out information if they are not receiving it, both on a regular basis and as required due to developments. Directors should ask questions, request additional information when appropriate, seek information from experts and/or engage outside advisors when appropriate, and so on. After receiving information, they should follow-up on what actions have been taken and the results of those actions and should consider whether more should be done.
    • A board should not ignore “red flags” (or “yellow flags”) about mission-critical risks. 
      Where the board has information, from whatever source, indicating that there is or may be a problem relating to a mission-critical risk, the directors should proactively seek out all relevant information. While management can be tasked with implementing the company’s response to such a problem, the board should determine what the response should be and should monitor the results. Also, the company’s whistle-blower process should include the board. It is not sufficient that whistle-blower complaints go to management without the board being informed. The board should consider expressly tasking a specific board committee with reviewing whistle-blower complaints.

Footnotes:

  1. Harvard Law School Forum on Corporate Governance, “Boeing: Rejecting Early Dismissal of Claims Against Directors for Inadequate Risk Oversight”, https://corpgov.law.harvard.edu/2021/10/21/boeing-rejecting-early-dismissal-of-claims-against-directors-for-inadequate-risk-oversight/
  2. PUTTING CLIMATE CHANGE RISK ON THE BOARDROOM TABLE Author, Caroll Hansell, https://law-ccli-2019.sites.olt.ubc.ca/files/2020/06/Hansell-Climate-Change-Opinion.pdf
  3. Globe and Mail, “SEC Proposes Climate Disclosure Rules”, Author Katanga Johnson, March 21, 2022
  4. The Directors’ E&S Guidebook. 2018. Canadian Coalition for Good Governance.
  5. Ontario Teachers’ Pension Plan. 2020. Corporate Governance Principles and Proxy Voting Guidelines
  6. CSA (Canadian Securities Advisors) Staff Notice 51-358, Reporting of Climate Change-related Risks, (1 August 2019)