The Situation: Directors of a biopharmaceutical company face potential liability where they knew—or should have known—that the company was not complying with regulations governing a matter of critical importance to the company. In re Clovis Oncology, Inc. Derivative Litig., C.A. No. 2017-0222-JRS (Del. Ch. Oct. 1, 2019).

The Result: Applying the Delaware Supreme Court's recent guidance in Marchand, the Delaware Court of Chancery refused to dismiss claims that the board had failed to monitor "mission critical regulatory issues."

Looking Ahead: When a company suffers an adverse event, directors should expect challenges to their oversight of the company. Directors should remain vigilant in the exercise of their oversight function, particularly with respect to "mission critical" issues.

A so-called Caremark challenge to a board's oversight function presents a notoriously high hurdle for a plaintiff. Plaintiffs in two recent cases have cleared that hurdle. We previously reported on the Marchand case, where the Delaware Supreme Court greenlighted claims that the board of a "monoline" business failed to implement reasonable monitoring systems on "mission critical" regulatory issues.

Last week, the Delaware Court of Chancery allowed oversight claims of another sort to proceed against directors of a biopharmaceutical company. Unlike Marchard, the issue in Clovis was not implementation of a reporting and monitoring system. Instead, the issue was the board's oversight of that system, and whether the board reacted appropriately to information it received through the system.

A Product "Intrinsically Critical" to the "Monoline" Company's Business

In Clovis, a biopharmaceutical company was conducting a clinical trial of a new drug that was "intrinsically critical" to the company's future prospects. Using internal company documents, the plaintiffs argued that the directors knew of but ignored "red flags" that indicated a "mission critical" failure to comply with the regulations governing the clinical trial, which ultimately doomed regulatory approval of the drug. The board also supposedly allowed the company to make misstatements about the drug trial to regulators and the market.

The defendants disputed the plaintiffs' interpretation of the internal documents and pointed to documents that they said were inconsistent with the plaintiffs' assertions. Unable to resolve factual issues at an early stage of the lawsuit, the court found that it was reasonable to assume that the board knew—or should have known—that the company was incorrectly reporting the clinical trial results. The court thus refused to dismiss claims that the directors knowingly breached their fiduciary duties, based on allegations about the expertise of the directors, recognized industry criteria, and the company's familiarity with clinical trial issues.

A Multifront Battle Stemming From Compliance Issues, Not Business Decisions

Companies and their boards should continue to expect a multifront battle when a company experiences severe negative news, as Clovis illustrates. The company's stock price dropped 70% when the "true" data about the drug's efficacy was reported, and it dropped further when the regulator delayed review of the drug. Eventually, the company ceased ongoing studies of the new drug. The company and its officers ultimately paid significant civil penalties to the U.S. Securities and Exchange Commission and were forced to enter into "an onerous consent decree," and settled a federal securities class action for a sizable sum. After stockholders obtained books and records from the company, they used that information to assert Caremark claims against the directors for breach of fiduciary duty. Companies, particularly those in highly regulated industries, should expect this sort of multifront battle in cases of corporate trauma, with stockholders seeking to hold directors liable for a supposed failure to oversee the company's regulatory compliance.

Clovis underscores the difference between board oversight of a company's business risks and of its compliance with positive law. The court acknowledged that holding directors liable for making a "wrong" business decision would cripple their ability to take business risks for the benefit of stockholders. On the other hand, the court noted that noncompliance with critical regulatory mandates is more likely to give rise to oversight liability. The court acknowledged that omniscience is not required. However, citing Marchand, the Clovis court instructed that, "when a company operates in an environment where externally imposed regulations govern its 'mission critical' operations, the board's oversight function must be more rigorously exercised." The court, however, left open what is required to satisfy that standard.

Three Key Takeaways

  1. The Caremark standard has not changed, but boards should expect plaintiffs to assert oversight claims more often, particularly after an adverse regulatory event.
  2. Boards of companies, especially those in highly regulated industries, should be sure to create a record of exercising consistent and careful oversight of the company's compliance with its principal regulatory requirements. Boards must follow through when something goes awry, and the record must reflect the board's continued monitoring and oversight as to "mission critical" issues.
  3. Courts remain reluctant to impose liability based on miscalculations of business risk, but they may be more willing—on a relative basis—to consider liability based on demonstrated noncompliance with regulatory obligations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.