Delaware Issues a Warning on the Scope of Audit Committee Risk Oversight
On September 7, the Delaware Court of Chancery denied a motion to dismiss a shareholder derivative action alleging that the board of The Boeing Company breached its duty of oversight by failing to implement any airplane safety oversight procedures prior to two fatal crashes of 737 MAX aircraft and by ignoring safety red flags following the crashes. The opinion notes that suits alleging director liability for breach of the duty of oversight are “possibly the most difficult theory in corporation law upon which plaintiff might hope to win a judgment.” However, the Boeing decision suggests that Delaware may be becoming more open to such claims, especially in the case of companies engaged in activities that could potentially cause injury or death.
The Boeing decision may be significant for audit committees because they are frequently charged with broad responsibility for oversight of risk and compliance. At Boeing, no board committee had responsibility for airplane safety, although the audit committee had risk oversight responsibility. Despite that responsibility, the committee allegedly did nothing to focus on safety risks. The court states:
“Although the Audit Committee was tasked with handling risk generally, it did not take on airplane safety specifically. Its yearly updates regarding the Company’s compliance risk management process did not address airplane safety. For example, when the Board discussed audit plans in 2014 and 2017, respectively, it did not mention or address airplane safety. Specifically as to the 737 MAX, from its development through its grounding in 2019, the Audit Committee never mentioned “safety.” Nor did it address product safety issues related to the design, development, or production of the 737 MAX, or ask for presentations on the topic.
“Rather, consistent with Boeing’s emphasis on rapid production and revenue, the Audit Committee primarily focused on financial risks to the Company. * * * “Even after the Lion Air Crash in 2018, [the chief compliance officer’s] risk management update to the Audit Committee in December 2018 did not identify product safety as a ‘compliance risk’ for 2018.”
The overall lesson of Boeing is that boards should have oversight and reporting processes for all core corporate activities. For audit committees, the decision is a warning that, although the committee may view its responsibilities as focused on financial risks and legal compliance, a court may read a committee charter provision that refers generally to oversight of risk and compliance broadly, particularly after the occurrence of a catastrophic event. Audit committees with charters that assign general risk and compliance oversight to the committee should either implement (and document) oversight processes for all risks associated with critical corporate functions or ensure that the board has expressly assigned all such risks to another committee or to the full board.