Overview
Protecting the safety of employees and customers is critical to both the short-term productivity and long-term health of a business. While a company’s executive team is responsible for managing safety risks on a daily basis, the COVID-19 pandemic has raised important questions about a governing board’s role in protecting the employees, customers and other constituents of a business. Recent case law offers guidance to directors (or LLC managers) in navigating this unprecedented pandemic.
Fiduciary Duties: Directors have two core fiduciary duties, from which their other fiduciary duties stem: (1) The duty of care, which requires directors to make decisions based on all material information reasonably available to them; and (2) The duty of loyalty, which requires directors to act in good faith for the benefit of the company and its shareholders. Directors of nonprofits have an additional duty of obedience, which requires them to know and act within the framework of the nonprofit organization’s governing documents and applicable law.
Case Law: In a recent case, Marchand v. Barnhill et al., 212 A.3d 805 (Del. June 19, 2019), a shareholder sued the directors of an ice cream manufacturer following a listeria outbreak which resulted in three consumer deaths, recalls, shutdowns and layoffs. The Delaware Supreme Court held that failure to make a good-faith effort to implement and monitor systems and controls in response to a crisis constitutes a breach of directors’ fiduciary duty of loyalty. Hence, directors could be held liable for failing to properly supervise management’s response to crises.
In 2018, a Federal court in California approved a $29 million settlement of a lawsuit brought by shareholders against the directors and officers of Yahoo! Inc. alleging that they failed to adequately respond to a series of data breaches (In re Yahoo! Inc. Shareholder Derivative Litigation, Lead Case No. 5:17-cv-00787-LHK (N.D. Cal. 2018). In contrast to the Yahoo! case, the board of Wyndham Worldwide Corp. successfully defended against a similar complaint in Palkon v. Holmes et al., No. 14-cv-1234, 2014 WL 5341880 (D. N.J. Oct. 20, 2014). In ruling for the Wyndham directors, the court noted that the board had convened several times to discuss the data security breaches, and that Wyndham’s general counsel made presentations regarding the company’s data security at quarterly board meetings for nearly four years after the company’s first data-security incident.
Action Items: These cases illustrate the critical importance of directors making good-faith efforts to obtain and analyze information about material business risks. Measures that directors can take to satisfy their fiduciary duties include:
- Call a special meeting of the board via telephone or video conference. The COVID-19 pandemic will impact nearly every company. Directors should make good-faith efforts to identify key risks facing their company and its shareholders, as well as its employees, customers, and other constituents.
- Consider forming a COVID-19 working group to support management and collect information. A working group that includes select directors, senior management and possibly consultants with relevant expertise could both provide support to executives and permit the board to monitor their actions.
- Keep appropriate minutes and records. Board minutes should reflect – at an appropriate level of detail – specific agenda items, the board’s deliberation on identified risks, and the information requested and received by the board. The company’s books and records should include all relevant written materials.
- Considerations for nonprofits. Responding to the COVID-19 pandemic may require a nonprofit to interrupt its services and to make significant unplanned expenditures. To defend against claims alleging a breach of the duty of obedience, directors of a nonprofit should make sure that its records clearly tie its responses to the organization’s specific objectives.
- Hire experts. The COVID-19 pandemic will impact each company differently. Accordingly, boards should consult with appropriate technical experts and qualified counsel to ensure that their company takes appropriate actions and complies with applicable laws in doing so.