Tag: Caremark’s decisions

Responsabilità degli amministratori societari: il dovere di controllo nei confronti dei cybersecurity risks

Interessante pronuncia della corte del Delaware sull’oggetto (esito infausto per gli attori): COURT OF CHANCERY OF THE STATE OF DELAWARE  , C.A. No. 2021-0940-SG , del 6 settembre 2022, CONSTRUCTION INDUSTRY LABORERS PENSION FUND ed altri c. Bingle ed altri (v.la nel sito delle corti Delaware).

La negligenza addebitata era di non aver prevenuto attacchi da hacker russi, nonostante alcune red flags di deficenza del sistema. L’azienda forniva supporto informatico a clienti importanti e tramite questa sua omissione permise la diffuse di virus nei loro server.

Conclusione del giudice Glasscock, p. 35/6: <<To recapitulate, a subpar reporting system between a Board subcommittee and the fuller Board is not equivalent to an “utter failure to attempt to assure” that a reporting system exists.138 The short time period here between the IPO and the trauma suffered, together with the fact that the Board apparently did not request a report on cybersecurity in that period, is not sufficient for me to infer an intentional “sustained or systematic failure” of oversight,139 particularly given directors are presumed to act in good faith.140 And again, the Complaint is silent as to what the Committees should in good faith have reported, and how it could have mitigated corporate trauma. Carelessness absent scienter is not bad faith. In sum, the Complaint has not pled sufficient particularized facts to support a reasonable inference of scienter and therefore actions taken in bad faith by the Board. Without a satisfactorily particularized pleading allowing reasonably conceivable inference of scienter, a bad faith claim cannot survive a motion to dismiss. Because the Caremark claim is not viable, there is no substantial likelihood of liability attaching to a majority of the directors on the demand Board. Therefore, demand on the Board would not have been futile>>.

Va richiamato anche un precedente 2021 sempre del Delaware e sempre in tema di responsabilità per cybersecurity risks: Firemen’s Retirement System of St. Louis v. Arne M. Sorenson, et al. (Marriott International, Inc.) del 05 ottobre 2021,  C.A. No. 2019-0965-LWW .

E a questo punto pure uno del 2020 seppur non da cyber risks mna pur sempre sul dovere di oversight degli amminisratori: Richardson v. Clark ad altri 31.12.2020, C.A. No. 2019-1015-SG ,

Responsabilità organizzativa per gli ammninistratori di società: utile sentenza statunitense (il caso Boeing)

Istruttiva sentenza statunitense nel caso Boeing circa i deficit organizzativi della Boeing , che non permisero agli amministratori di cogliere  i difetti del velivolo  <A 737 MAX>, causa di due disastri aerei nel 2018 e nel 2019.

Si tratta della corte del Delaware 07.09.2021, C.A. No. 20190907MTZ , IN RE THE BOEING COMPANY DERIVATIVE LITIGATION. giudice Zurn.

Negligenze rilevate, p. 74 ss:

  • The Board had no committee charged with direct responsibility to monitor airplane safety
  • The Board did not monitor, discuss, or address airplane safety on a regular basis.
  • The Board had no regular process or protocols requiring management to apprise the Board of airplane safety; instead, the Board only received ad hoc management reports that conveyed only favorable or strategic information
  • Management saw red, or at least yellow, flags, but that information never reached the Board.
  • the pleadingstage record supports an explicit finding of scienter.

La corte ricorda (p. 73) le analoghe negligenze  rilevate dalla corte suprema del Delaware in  Marchand v. Barnhill nel 2019, allorchè un azienda alimentare mise in circolazione cibo affetto da batteri:

  • no board committee that addressed food safety existed;
  • no regular process or protocols that required management to keep the board apprised of food safety compliance practices, risks, or reports existed;
  • no schedule for the board to consider on a regular basis, such as quarterly or biannually, any key food safety risks existed;
  • during a key period leading up to the deaths of three customers, management received reports that contained what could be considered red, or at least yellow, flags, and the board minutes of the relevant period revealed no evidence that these were disclosed to the board;
  • the board was given certain favorable information about food safety by management, but was not given important reports that presented a much different picture; and
  • the board meetings are devoid of any suggestion that there was any regular discussion of food safety issues.

Inoltre, punto importante nel diritto USA, i due aspetti posti dalla basilare sentenz aCaremark del 1996 sulla resposanbilit organizzativa (nessun sistema di controllo; mancato controllo di coretto funzionameton del sistema essitent) , possono coesistgere: <<classic prong two claim acknowledges the board had a reporting system,
but alleges that system brought information to the board that the board then
ignored.320 In this case, Plaintiffs prong two claim overlaps and coexists with their prong one claim; Plaintiffs assert the Board ignored red flags at the same time they utterly failed to establish a reporting system>>, p. 93

I guai alla Boeing non sono però terminati lì: evidentemente c’è ancora una carenza strutturale organizzativa . All’inizio del 2024 da un Boeing 737 Max in volo  si è staccato uno sportellone laterale, gettando i passeggeri nel panico.-