Caremark and Enterprise Risk Management
33 Pages Posted: 19 Mar 2009
Date Written: March, 18 2009
The financial crisis of 2008 revealed serious and widespread risk management failures throughout the business community. Shareholder losses attributable to absent or poorly implemented risk management programs are enormous.
Efforts to hold corporate boards of directors accountable for these failures likely will focus on so-called Caremark claims. The Caremark decision asserted that a board of directors has a duty to ensure that appropriate "information and reporting systems" are in place to provide the board and top management with "timely and accurate information." Although post-Caremark opinions and commentary have focused on law compliance programs, risk management programs do not differ in kind from the types of conduct that traditionally have been at issue in Caremark-type litigation.
Risk management failures do differ in degree from law violations or accounting irregularities. In particular, risk taking and risk management are inextricably intertwined. Efforts to hold directors accountable for risk management failures thus threaten to morph into holding directors liable for bad business outcomes. Caremark claims premised on risk management failures thus uniquely implicate the concerns that animate the business judgment rule's prohibition of judicial review of business decisions. As Caremark is the most difficult theory of liability in corporate law, risk management is the most difficult variant of Caremark claims.
Keywords: board of directors, risk management, enterprise risk management, oversight, Caremark
JEL Classification: K22
Suggested Citation: Suggested Citation