Corporations are facing increased scrutiny over how they treat their stakeholders and society at large. Failing to address key environmental, social, and governance (ESG) concerns may generate significant blowback, making it harder for corporations to attract talent, access capital, and sell products. ESG concerns have thus become a major source of reputational and financial risk for companies and their shareholders. One way for shareholders to hold managers personally accountable for being inattentive to critical ESG risks is by filing a derivative action on behalf of the company, claiming that managers breached their oversight duties (Caremark duties). Until recently, corporate legal scholars have dismissed this possibility, reasoning that oversight duties are generally unenforceable. That reasoning is no longer valid. In the past two years, Delaware courts have revamped their Caremark framework. The courts are now increasingly willing to apply heightened scrutiny to directors’ efforts, and increasingly willing to grant shareholders access to internal company documents in order to investigate failure-of-oversight claims. There can no longer be any question about Caremark’s relevance, but there remains a question about Caremark’s scope. Would the courts be as willing to apply heightened scrutiny and provide access to pre-suit discovery when the case concerns nonlegal risks? In other words, do directors face personal liability for how their companies treat the environment, diversity, and privacy, even when such behaviors are not punishable by law?
 This Article examines the evolving scope of director oversight duties and makes three contributions. First, the Article synthesizes the caselaw to clarify that the relevant question when determining Caremark’s scope is not whether a risk is “legal” or “reputational,” but rather whether the risk is “critical” to the company’s success. The Article’s second contribution is to build an analytical framework for distinguishing between ESG risks that are critical (and thus subject to a realistic Caremark liability threat) and those that are not. The Article then applies the framework to concrete ESG concerns, such as cybersecurity, climate change, and sexual misconduct. Finally, the Article evaluates the social desirability of extending Caremark to oversight of nonlegal risks. The key disadvantage of doing so is that it increases the costs of judicial hindsight bias, while the key advantage is that it counterbalances the flaws of other ESG enforcement mechanisms. The Article concludes that courts should adopt a more judiciable approach when scrutinizing board oversight of nonlegal risks.
Read full abstract