Michael Reiter v. Richard D. Fairbank, et al. (Capital One Financial Corp.)

Annotate this Case
Download PDF
IN THE COURT OF CHANCERY OF THE STATE OF DELAWARE MICHAEL REITER, Derivatively on ) Behalf of CAPITAL ONE FINANCIAL ) CORPORATION, ) ) Plaintiff, ) ) v. ) RICHARD D. FAIRBANK, PATRICK ) W. GROSS, LEWIS HAY, III, MAYO ) A. SHATTUCK III, ANN FRITZ ) HACKETT, PIERRE E. LEROY, ) BRADFORD H. WARNER, PETER E. ) RASKIND, BENJAMIN P. JENKINS, ) III, and CATHERINE G. WEST, ) ) Defendants, ) ) and ) CAPITAL ONE FINANCIAL ) CORPORATION, a Delaware ) corporation, ) ) Nominal Defendant. ) C.A. No. 11693-CB MEMORANDUM OPINION Date Submitted: July 22, 2016 Date Decided: October 18, 2016 Blake A. Bennett, COOCH AND TAYLOR, P.A., Wilmington, Delaware; Brian J. Robbins, George C. Aguilar and Jay N. Razzouk, ROBBINS ARROYO LLP, San Diego, California, Attorneys for Plaintiff. S. Mark Hurd, Richard Li and Dean J. Shauger, MORRIS, NICHOLS, ARSHT & TUNNELL LLP, Wilmington, Delaware; Maeve L. O’Connor, DEBEVOISE & PLIMPTON LLP, New York, New York; Jonathan R. Tuttle and Anna A. Moody, DEBEVOISE & PLIMPTON LLP, Washington, District of Columbia, Attorneys for Defendants and Nominal Defendant. BOUCHARD, C. In this derivative action, a stockholder of Capital One Financial Corporation asserts that its directors breached their fiduciary duty of loyalty and unjustly enriched themselves by consciously disregarding their responsibility to oversee Capital One’s compliance with the Bank Secrecy Act and other anti-money laundering laws (“BSA/AML”). Plaintiff’s central allegation is that the directors ignored red flags that Capital One’s BSA/AML compliance program failed to satisfy statutory requirements relating to services Capital One provided to clients engaged in check cashing, a business that poses an inherent risk for money laundering. Before filing this action, plaintiff prudently sought and obtained books and records from Capital One under 8 Del. C. § 220. Those documents, which are incorporated into the complaint, show that the board’s Audit and Risk Committee and its successor committees received at least twenty-five reports over a three-anda-half-year period explaining the company’s BSA/AML compliance risk, which escalated from “low” in early 2011 to “high” in early 2013, where it remained in 2014. Significantly, those same reports explained to the directors in meaningful detail on a regular basis the initiatives management was taking to ameliorate Capital One’s BSA/AML compliance risk, including management’s decision in early 2014 to exit the check cashing business altogether, and none of those reports reflected that the Company’s BSA/AML controls and procedures had been found 1 to violate statutory requirements or that anyone within Capital One had engaged in fraudulent or illegal conduct. Defendants have moved to dismiss the complaint under Court of Chancery Rule 12(b)(6) for failure to state a claim for relief, and under Rule 23.1 for failure to make a demand on the board before filing suit. As to the latter issue, plaintiff contends that demand would have been futile because all ten members of Capital One’s board when suit was filed, including nine outside directors whose independence is unquestioned, face a substantial likelihood of personal liability for the underlying claims. The standard under Delaware law for imposing oversight liability on a director is an exacting one that requires evidence of bad faith, meaning that “the directors knew that they were not discharging their fiduciary obligations.” 1 For the reasons explained below, I conclude after carefully reviewing the allegations of the complaint and the documents incorporated therein, that plaintiff has failed to allege facts from which it reasonably may be inferred that the defendants consciously allowed Capital One to violate BSA/AML statutory requirements so as to demonstrate that they acted in bad faith. Plaintiff thus has failed to plead with particularity that a majority of Capital One’s directors face a substantial likelihood 1 Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006). 2 of liability for the claims asserted in this case. Accordingly, demand would not have been futile and the complaint will be dismissed with prejudice. I. BACKGROUND Unless noted otherwise, the facts recited in this opinion are based on the allegations in the Verified Stockholder Derivative Complaint (the “Complaint”) and the documents incorporated therein.2 A. The Parties Capital One Financial Corporation (“Capital One” or the “Company”) is a Delaware corporation headquartered in Virginia. It offers a broad spectrum of financial products and services through its banking and non-banking subsidiaries. The defendants were the ten members of Capital One’s board of directors when plaintiff filed this action: Richard D. Fairbank, Patrick W. Gross, Lewis Hay, III, Mayo A. Shattuck III, Ann Fritz Hackett, Pierre E. Leroy, Bradford H. Warner, Peter E. Raskind, Benjamin P. Jenkins, III, and Catherine G. West. Fairbank, the President and Chief Executive Officer of Capital One, was the only employee director on the board. In May 2013, the Audit and Risk Committee of Capital One’s board of directors was split into two separate committees: the Risk Committee and the 2 I consider these documents in accordance with the incorporation-by-reference doctrine discussed below. See Part II.A.1. 3 Audit Committee. All defendants except Fairbank served on Capital One’s Audit and Risk Committee or at least one of its two successor committees at some point between June 2011 and January 2015, the time period relevant to this case.3 Plaintiff Michael Reiter alleges he was a stockholder of Capital One at the time of the “wrongdoing complained of” and has been a stockholder continuously since then.4 B. Capital One Begins Servicing Check Cashing Businesses In December 2006, Capital One acquired North Fork Bancorporation, Inc. and began providing banking services to check cashing and related money services businesses in New York and New Jersey. The year before the acquisition, North Fork entered into a memorandum of understanding with the Federal Deposit Insurance Corporation and the New York State Banking Department concerning weaknesses in North Fork’s program to comply with anti-money laundering laws and the Bank Secrecy Act of 1970. As a result of the acquisition, Capital One assumed North Fork’s obligations under the memorandum of understanding. According to a 2014 report, Capital One considered exiting the business of serving check cashers after the North Fork acquisition, but the New York State Department of Financial Services encouraged the Company “to keep the business 3 Compl. ¶¶ 12-21. 4 Id. ¶ 10. 4 to serve the unbanked and underbanked.” 5 Capital One continued to serve check cashing businesses in the decade following its acquisition of North Fork. C. Regulatory Scrutiny of Check Cashing Businesses Check cashing businesses are a significant focus of anti-money laundering laws and regulations (“AML”), including the Bank Secrecy Act of 1970 (“BSA”) (together, as defined above, the “BSA/AML”). The Bank Secrecy Act of 1970, 6 as amended, requires financial institutions in the United States to assist government agencies to detect and prevent money laundering activities. It “establishes program, recordkeeping, and reporting requirements for national banks, federal savings associations, federal branches, and agencies of foreign banks.”7 The implementing regulations of the BSA impose various requirements on financial institutions, including: • Maintaining a system of internal controls to ensure ongoing BSA/AML compliance and independent testing for compliance; • Designating an individual responsible for coordinating and monitoring day-to-day compliance; • Providing training for appropriate personnel; 5 Id. ¶ 46 (quoting Capital One’s Commercial Banking: Compliance and Reputation Risk Management report to the Risk Committee, dated June 11, 2014). 6 31 U.S.C. 5311 et seq. 7 Compl. ¶ 33. 5 • Filing Suspicious Activity Reports (“SARs”) when certain suspected violations of federal law or regulation are detected; and • Implementing a written Customer Identification Program appropriate for the bank’s size and risk profile. In 2005, six regulatory agencies issued the Interagency Interpretive Guidance on Providing Banking Services to Money Services Businesses Operating in the United States setting forth guidelines for financial institutions, such as Capital One, to incorporate into their BSA/AML programs. Those guidelines include certain minimum internal policies, procedures, and controls relating to providing banking services to check cashing businesses. In 2010, regulators jointly released guidance concerning BSA/AML compliance stating that: The cornerstone of a strong Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program is the adoption and implementation of internal controls . . . . The requirement that a financial institution know its customers, and the risks presented by its customers, is basic and fundamental to the development and implementation of an effective BSA/AML compliance program. 8 According to the Complaint, to comply with United States anti-money laundering laws and regulations, Capital One’s BSA/AML program must include standards and guidelines, approved by the board, regarding “whether to close a suspicious account and when to report suspicious activity, or activity known by the 8 Id. ¶ 49. 6 Company to be under investigation or in violation of the U.S. anti-money laundering regime, via SARs.”9 The Complaint further alleges that Capital One must establish an internal control system that ensures the board “is informed of compliance deficiencies, BSA/AML program deficiencies, corrective action taken, and SARs filed related to all of the foregoing.”10 As new BSA/AML regulations and guidance have been issued, regulators have stepped up their enforcement efforts. In 2005, the Financial Crimes Enforcement Network (“FinCEN”) fined ABN Amro $40 million “because ABN’s New York branch failed to set up an adequate Bank Secrecy Act program, including an anti-money laundering system.” 11 Several months later, FinCEN fined BankAtlantic $10 million for similar violations. In 2007, The Wall Street Journal reported that BSA/AML-related fines over the preceding two years totaled at least $87 million, compared to $1 million in 2001 and 2002. D. Capital One’s Directors Receive Regular Reports on the Company’s BSA/AML Program Providing commercial banking services to check cashing businesses, particularly in New York’s urban area, presents an inherent risk for violating antimoney laundering laws and regulations. As stated in a June 2011 report to the 9 Id. ¶ 42. 10 Id. 11 Id. ¶ 48. 7 Audit and Risk Committee, the Company’s “Bank Segment . . . features high risk products and services, a large branch network located in high intensity drug trafficking and metropolitan areas, and a high risk customer base that includes most large New York check cashing businesses.”12 Capital One’s Audit and Risk Committee, and later its separate Audit Committee and Risk Committee, received regular reports from management regarding the Company’s BSA/AML compliance program from June 2011 to January 2015, the time period relevant to this action. 13 The Complaint cites to and quotes extensively from at least twenty-five such reports, which include quarterly Enterprise State of Compliance reports,14 Enterprise Risk Profile reports,15 periodic Compliance Risk Updates,16 and various other AML program assessments and updates. 17 The committee members also received updates on regulatory 12 Id. ¶ 51 (quoting Capital One’s 1Q 2011 Enterprise State of Compliance report dated June 2011). 13 Id. ¶ 95. 14 See id. ¶¶ 51, 52, 55, 57, 61, 63, 68, 70, 77. 15 See id. ¶¶ 62, 66, 71, 74, 76. 16 See id. ¶¶ 53, 56. 17 E.g., Chief Risk Officer Report, id. ¶ 54; AML and OFAC Compliance Risk Assessment, id. ¶ 58; Anti-Money Laundering (AML) Assessment, id. ¶ 64; and Independent Compliance Transaction Testing Program Update, id. 8 movements and discussed BSA/AML compliance issues during their committee meetings. 18 Capital One performed periodic internal audits of its risk compliance programs, the results of which were reported to the Audit and Risk Committee, and after May 2013, to the Audit Committee. In a July 2013 report to the Audit Committee, the internal auditors rated Capital One’s AML program as “Needs Strengthening;”19 in two later audits, covering the first and fourth quarters of 2014, the auditors rated the Company’s AML program as “Inadequate.” 20 E. Capital One Becomes the Subject of Regulatory Investigations and Decides to Exit the Check Cashing Business On December 3, 2013, Capital One received a grand jury subpoena from the New York District Attorney requesting information concerning the Company’s AML controls and check cashing clients. It was reported to the Audit Committee the next month, on January 23, 2014, that “management has decided to exit the business of banking check cashers” in parallel with the “ongoing investigation into potential violations of anti-money laundering laws by several of the company’s 18 See id. ¶¶ 59, 60, 65, 67. 19 Id. ¶ 67. 20 Id. ¶¶ 73, 80. 9 commercial clients.” 21 Later in 2014, Capital One received another four grand jury subpoenas from the New York District Attorney requesting additional information concerning the Company’s AML controls and check cashing clients.22 On February 6, 2015, Capital One received a grand jury subpoena from the United States Department of Justice requesting, among other things, all documents previously produced in response to the New York District Attorney’s subpoenas, Capital One’s BSA/AML policies and procedures, related board and committee meeting minutes, compliance audits and testing reports, and details on specific customers and clients. 23 On July 10, 2015, Capital One consented to the entry of an order issued by the Office of the Comptroller of Currency (“OCC”) concerning the Company’s BSA/AML controls (the “Consent Order”). 24 In the Consent Order, the OCC found that Capital One had “failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements due to an 21 Id. ¶ 70 (quoting Capital One’s Compliance Report for the Fourth Quarter of 2013 dated January 23, 2014). 22 Id. ¶¶ 75, 79. 23 Id. ¶ 81. 24 Id. ¶ 8. The stipulation documenting Capital One’s consent reflects that it did so “without admitting or denying any wrongdoing.” Bennett Aff. Ex. 12 (Stipulation and Consent to the Issuance of a Consent Order) at 2. 10 inadequate system of internal controls and ineffective independent testing.” 25 The OCC thus ordered Capital One to adopt a series of remedial actions. The OCC proceeding against Capital One has concluded, but the investigations of the New York District Attorney and the Department of Justice remain open, along with another investigation by the FinCEN. These investigations pertain to “certain check casher clients of the Commercial Banking business and Capital One’s antimoney laundering (“AML”) program.” 26 F. Procedural History On November 10, 2015, after obtaining books and records from the Company under 8 Del. C. § 220, plaintiff filed the Complaint, which asserts two derivative claims on behalf of Capital One. Count I asserts an oversight claim for breach of the fiduciary duty of loyalty against all defendants. Count II asserts a claim of unjust enrichment against all defendants concerning their receipt of compensation and director remuneration. On January 29, 2016, defendants filed a motion (1) to dismiss the Complaint under Court of Chancery Rule 23.1 for failure to make a pre-suit demand and under Court of Chancery Rule 12(b)(6) for failure to state a claim upon which 25 Compl. ¶ 83 (quoting Consent Order). 26 Id. ¶ 85 (quoting the Company’s Quarterly Report on Form 10-Q filed with the SEC on August 3, 2015). 11 relief can be granted, and (2) in the alternative, to stay the action pending the resolution of the ongoing regulatory investigations. II. ANALYSIS For the reasons explained below, I conclude that demand was not excused under Rule 23.1 for either of the claims asserted in the Complaint. Accordingly, I do not reach defendants’ arguments under Rule 12(b)(6) or for a stay. A. Legal Standards 1. Pleading Principles under Rule 23.1 Under Court of Chancery Rule 23.1, a plaintiff in a derivative action must “allege with particularity the efforts, if any, made by the plaintiff to obtain the action the plaintiff desires from the directors or comparable authority and the reasons for the plaintiff’s failure to obtain the action or for not making the effort.”27 The rationale behind this rule is that “directors are entitled to a presumption that they were faithful to their fiduciary duties,” and it is the plaintiff’s burden to overcome that presumption in the context of a pre-suit demand. 28 27 Ch. Ct. R. 23.1(a). 28 Beam ex rel. Martha Stewart Living Omnimedia, Inc. v. Stewart, 845 A.2d 1040, 104849 (Del. 2004). 12 “On a motion to dismiss pursuant to Rule 23.1, the Court considers the same documents, similarly accepts well-pled allegations as true, and makes reasonable inferences in favor of the plaintiff—all as it does in considering a motion to dismiss under Rule 12(b)(6).”29 Additionally, where a complaint quotes or characterizes some parts of a document but omits other parts of the same document, the Court may apply the incorporation-by-reference doctrine to guard against the cherry-picking of words in the document out of context. Under the incorporation-by-reference doctrine, “[a] plaintiff may not reference certain documents outside the complaint and at the same time prevent the court from considering those documents’ actual terms.” 30 Vice Chancellor Laster recently provided the following helpful summary of the doctrine: The incorporation-by-reference doctrine permits a court to review the actual document to ensure that the plaintiff has not misrepresented its contents and that any inference the plaintiff seeks to have drawn is a reasonable one. The doctrine limits the ability of the plaintiff to take language out of context, because the defendants can point the court to the entire document. The doctrine also enables courts to dispose of meritless complaints at the pleading stage. Without the ability to consider the document at issue in its entirety, complaints that quoted only selected and misleading portions of such documents could not be dismissed under Rule 12(b)(6) even though they would be doomed to failure. With the incorporation-by-reference doctrine, a complaint may, despite allegations to the contrary, be dismissed where the 29 Beam ex rel. Martha Stewart Living Omnimedia, Inc. v. Stewart, 833 A.2d 961, 976 (Del. Ch. 2003), aff’d, 845 A.2d 1040 (Del. 2004). 30 Winshall v. Viacom Int’l, Inc., 76 A.3d 808, 818 (Del. 2013). 13 unambiguous language of documents upon which the claims are based contradict the complaint’s allegations. Likewise, a claim may be dismissed if allegations in the complaint or in the exhibits incorporated into the complaint effectively negate the claim as a matter of law.31 The Complaint here extensively cites to and quotes from documents plaintiff obtained from the Company through a books and records inspection demand under 8 Del. C. § 220. Accordingly, I may apply the incorporation-by-reference doctrine with respect to the documents referenced in the Complaint in evaluating the sufficiency of the Complaint’s allegations to demonstrate demand futility. 2. The Demand Futility Standard Under Delaware law, the Court applies one of two tests to determine whether a plaintiff’s demand upon the board would be futile. The first test, established in Aronson v. Lewis, applies when a plaintiff is challenging a decision of the board of directors.32 The second test, established in Rales v. Blasband,33 applies when the derivative action is based on a board’s inaction or a violation of 31 Amalgamated Bank v. Yahoo! Inc., 132 A.3d 752, 797 (Del. Ch. 2016) (internal citations and quotations omitted). 32 Aronson v. Lewis, 473 A.2d 805, 814 (Del. 1984), overruled on other grounds by Brehm v. Eisner, 746 A.2d 244 (Del. 2000). 33 634 A.2d 927 (Del. 1993). 14 the board’s oversight duties. 34 Because plaintiff’s claims in this action are predicated upon an alleged failure of the board to act, the Rales test applies.35 Under the Rales test, the Court “must determine whether or not the particularized factual allegations of a derivative stockholder complaint create a reasonable doubt that, as of the time the complaint is filed, the board of directors could have properly exercised its independent and disinterested business judgment in responding to a demand.”36 A reasonable doubt as to the board’s independence and disinterestedness exists when plaintiff’s demand exposes a majority of the board of directors to “a substantial likelihood” of personal liability. 37 “[T]he mere threat of personal liability . . . is insufficient;”38 rather, the complained-of conduct must “be ‘so egregious on its face’ that the board could not have exercised its 34 See Wood v. Baum, 953 A.2d 136, 140 (Del. 2008) (“The [Rales] test applies where the subject of a derivative suit is not a business decision of the Board but rather a violation of the Board’s oversight duties.”). 35 Whether the Rales test or the Aronson test applies ultimately makes no substantive difference in my view because “the Rales test, in reality, folds the two-pronged Aronson test into one broader examination.” See Teamsters Union 25 Health Servs. & Ins. Plan v. Baiera, 119 A.3d 44, 67 n.131 (Del. Ch. 2015) (internal quotation omitted). 36 Rales, 634 A.2d at 934. 37 Id. at 936 (quoting Aronson, 473 A.2d at 815). 38 Aronson, 473 A.2d at 815. 15 business judgment in responding to a stockholder demand to pursue those claims.” 39 Courts assess demand futility on a claim-by-claim basis. 40 B. Demand Is Not Excused for the Caremark Claim In Count I of the Complaint, plaintiff asserts that defendants breached their fiduciary duty of loyalty as members of Capital One’s board by “purposefully, knowingly, or recklessly causing or allowing the Company to violate the BSA/AML, as well as other applicable law.” 41 Plaintiff further asserts that demand would be futile as to Count I because all ten defendants, including the nine outside directors whose independence is unquestioned, have a disqualifying interest in deciding whether the Company should pursue this claim because they each allegedly “face a substantial likelihood of liability for such breach.”42 This is a quintessential Caremark oversight claim. 43 39 Melbourne Municipal Firefighters’ Pension Trust Fund v. Jacobs, 2016 WL 4076369, at *6 (Del. Ch. Aug. 1, 2016) (citing Aronson, 473 A.2d at 815). 40 MCG Capital Corp. v. Maginn, 2010 WL 1782271, at *18 (Del. Ch. May 5, 2010) (“Demand futility must be determined on a claim-by-claim basis.”). 41 Compl. ¶¶ 105-6. The Complaint does not allege that defendants breached their duty of care. The defendants would be exculpated from such a claim in any event under Capital One’s Restated Certificate of Incorporation, which contains a Section 102(b)(7) provision. See Defs.’ Op. Br. 17. 42 Compl. ¶¶ 96, 98, 100, 102. 43 Although the Complaint and plaintiff’s answering brief assert that Capital One’s Code of Conduct and Code of Ethics impose additional duties on all defendants, and that Capital One’s charter imposes additional oversight duties on those defendants who served 16 1. The Caremark Liability Standard In 1996, Chancellor Allen famously reviewed the duties of directors to monitor corporate operations in Caremark, where it had been alleged that the company’s “directors allowed a situation to develop and continue which exposed the corporation to enormous legal liability.” 44 Commenting that the theory “is possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” 45 the Chancellor opined that to demonstrate that the directors had breached a fiduciary duty by failing to adequately control the company’s employees, “plaintiffs would have to show either (1) that the directors knew or (2) should have known that violations of law were occurring and, in either event, (3) that the directors took no steps in a good faith effort to prevent or remedy that situation, and (4) that such failure proximately resulted in the losses complained of.”46 on the Audit and Risk Committee or its successor committees, plaintiff has not sought relief based on those provisions. See Compl. ¶¶ 28-31, 103-112; Pl.’s Ans. Br. 39-40. 44 In re Caremark Int’l Inc. Derivative Litigation, 698 A.2d 959, 967 (Del. Ch. 1996). 45 Id. 46 Id. at 971. Chancellor Allen appeared to conceive of the claim as implicating the duty of care. The Delaware Supreme Court later clarified that the obligation to act in good faith, which was central to Caremark’s formulation of the standard for oversight liability, is a component of the duty of loyalty. Stone, 911 A.2d at 370. 17 Ten years later, the Delaware Supreme Court explained in Disney that “intentional dereliction of duty” or “a conscious disregard for one’s responsibilities,” which “is more culpable than simple inattention or failure to be informed of all facts material to the decision,” falls within the ambit of fiduciary misconduct that would violate the obligation to act in good faith. 47 Later that year, in Stone v. Ritter, the Delaware Supreme Court embraced the Caremark framework for director oversight liability and clarified, consistent with its decision in Disney, that to impose personal liability on a director for a failure of oversight requires evidence that “the directors knew that they were not discharging their fiduciary obligations.”48 Caremark articulates the necessary conditions predicate for director oversight liability: (a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention. In either case, imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith. 49 47 In re Walt Disney Co. Deriv. Litig., 906 A.2d 27, 66 (Del. 2006). 48 Stone, 911 A.2d at 370. 49 Id. 18 The need to demonstrate scienter to establish liability under an oversight theory follows not only from Caremark itself, but from the existence of charter provisions exculpating directors from liability for breaches of the duty of care that have become ubiquitous in corporate America. As then-Vice Chancellor Strine explained in the Massey case: The Massey charter also includes an exculpatory charter provision insulating the directors from claims of even gross negligence. As a result, in order to receive a monetary judgment against the Massey directors and officers, the plaintiffs will have to prove that the directors and officers acted with scienter. That reality also exists because of the Caremark decision itself, which our Supreme Court has embraced as setting the liability standard in this context. The Caremark liability standard is a high one, and requires proof that a director acted inconsistent with his fiduciary duties and, most importantly, that the director knew he was so acting. For obvious reasons, the motive of independent directors to put profits ahead of compliance with the law is weaker than for managers and thus the challenge for a plaintiff to convince a fact-finder of any specific independent director’s culpability has to be regarded as at best difficult.50 Because “directors’ good faith exercise of oversight responsibility may not invariably prevent employees from violating criminal laws, or from causing the corporation to incur significant financial liability, or both,”51 a plaintiff asserting a Caremark oversight claim must plead with particularity “a sufficient connection 50 In re Massey Energy Co., 2011 WL 2176479, at *22 (Del. Ch. May 31, 2011). 51 Stone, 911 A.2d at 373. 19 between the corporate trauma and the board.”52 To establish such a connection, a plaintiff may plead that the board knew of evidence of corporate misconduct—the proverbial “red flag”—yet acted in bad faith by consciously disregarding its duty to address that misconduct. 53 In applying the Caremark theory of liability, even in the face of alleged red flags, this Court has been careful to distinguish between failing to fulfill one’s oversight obligations with respect to fraudulent or criminal conduct as opposed to monitoring the business risk of the enterprise: There are significant differences between failing to oversee employee fraudulent or criminal conduct and failing to recognize the extent of a Company’s business risk. Directors should, indeed must under Delaware law, ensure that reasonable information and reporting systems exist that would put them on notice of fraudulent or criminal conduct within the company. Such oversight programs allow directors to intervene and prevent frauds or other wrongdoing that could expose the company to risk of loss as a result of such conduct.54 As this Court stated more recently, “imposing Caremark-type duties on directors to monitor business risk is fundamentally different from imposing on directors a duty to monitor fraud and illegal activity.” 55 52 Louisiana Mun. Police Empls.’ Ret. Sys. v. Pyott, 46 A.3d 313, 340 (Del. Ch. 2012), rev’d on other grounds, 74 A.3d 612 (Del. 2013). 53 Id. at 341. 54 In re Citigroup Inc. S’holder Deriv. Litig., 964 A.2d 106, 131 (Del. Ch. 2009). 55 In re The Goldman Sachs Group, Inc. S’holder Litig., 2011 WL 4826104, at *22 (Del. Ch. Oct. 12, 2011) (internal quotation omitted). 20 2. The Complaint Fails to Plead Particularized Facts from Which it Reasonably May be Inferred that Defendants Acted in Bad Faith In this case, plaintiff does not contend that Capital One’s directors failed to implement any reporting or information systems or controls with respect to BSA/AML compliance. 56 Plaintiff would be hard-pressed to advance such an argument given the numerous documents he obtained from the Company through his Section 220 demand that show the opposite. Those documents, which are referenced throughout the Complaint, show that the members of the Audit and Risk Committee and its successor committees received at least twenty-five reports on a regular basis during the three-and-a-half-year period in question (June 2011 to January 2015) explaining the Company’s AML risk exposure and detailing management’s plans to address the exposure,57 and that similar reports also were provided to the full board periodically. 58 Plaintiff instead contends that the Capital One board consciously failed to act after learning about “evidence of illegality.” 59 More specifically, plaintiff contends that, despite the Company’s statutory obligation to maintain BSA/AML 56 Pl.’s Ans. Br. 32-33. 57 See Compl. ¶¶ 51-68, 70-71, 73-74, 76-77, 80 (describing over twenty-five reports provided to the Audit and Risk Committee and its successor committees). 58 Id. ¶¶ 72, 78. 59 Pl.’s Ans. Br. 31 (internal quotation omitted). 21 controls and procedures, its directors consciously ignored “numerous red flags demonstrating the statutory inadequacy of those control and procedures.”60 The gravamen of the Complaint is that these alleged inadequacies concerned the Company’s provision of banking services to check cashing businesses, which exposed Capital One to liability for money-laundering activities they committed.61 Plaintiff does not identify a key event or particular document allegedly constituting a red flag, but instead advances a much more diffuse theory. Specifically, plaintiff contends that the numerous reports that were provided regularly to the Capital One directors from June 2011 to January 2015 constituted a series of red flags that should have triggered a duty for the board to act.62 According to plaintiff, armed with the information in these reports, the board should have intervened and independently conducted “some type of compliance check” at some point during this three-and-a-half-year period, 63 and the board’s failure to do so justifies a reasonable inference that the defendants “conscious[ly] 60 Id. 33-34. 61 See Compl. ¶¶ 2-3, 5-6, 105-6. 62 Tr. Oral Arg. at 23. 63 Tr. Oral Arg. at 30. 22 disregard[ed] . . . their duty to implement internal controls required by BSA/AML regulations” and therefore breached their fiduciary duty of loyalty. 64 When pressed to be more specific, plaintiff identified five reports, one for each year from 2011 to 2015, as his “best” evidence of red flags.65 Using that framework, I next review the allegations in the Complaint concerning these five reports along with other statements in them and from other reports referenced in the Complaint that I may consider under the incorporation-by-reference doctrine.66 In conducting this review, I do not rely on the truth of the matters asserted in the reports that are not repeated in the Complaint, but I consider those parts for the purpose of assessing what information was made available to the directors, which speaks to the directors’ states of mind and bears on whether it would be reasonable to infer that they intentionally disregarded their fiduciary duties in bad faith—the core inquiry in a Caremark oversight claim. 67 64 Pl.’s Ans. Br. 28. 65 Tr. Oral Arg. at 23. 66 See supra Part II.A.1. 67 See Vanderbilt Income and Growth Assocs., L.L.C. v. Arvida/JMB Managers, Inc., 691 A.2d 609, 613 (Del. 1996) (“The exceptions to the general Rule 12(b)(6) prohibition against considering documents outside of the pleadings are usually limited to two situations. The first exception is when the document is integral to a plaintiff’s claim and incorporated into the complaint. The second exception is when the document is not being relied upon to prove the truth of its contents.”) (internal quotation omitted). 23 For 2011, plaintiff referred to the Audit and Risk Committee’s “1Q 2011 Enterprise State of Compliance” report dated June 2011.68 The Complaint alleges this report: . . . shows high quantity of AML risk, high future risk, and poor and worsening quality of AML risk management. It also shows the high quantity of risk and future risk as unchanged, implying that the Audit and Risk Committee Defendants had been aware of these risk levels before the first quarter of 2011. The high quantity of AML risk shown in the report was attributed specifically to “high risk products and services, a large branch network located in high intensity drug trafficking and metropolitan areas, and a high risk customer base that includes most large New York check cashing businesses.” The poor and worsening quality of AML risk management was attributed to “operational process breakdowns.”69 Other parts of the same report stated that: “Net AML Risk remained low, trending steady during the quarter. . . . AML Compliance is engaged in all projects to ensure compensating controls are in place. . . . Remediation is underway. . . . AML and Fraud working to deliver enhanced fraud monitoring of ACH payments which will decrease risk.”70 68 Tr. Oral Arg. at 24. 69 Compl. ¶ 51. 70 Shauger Aff. Ex. H (1Q 2011 Enterprise State of Compliance report to the Audit and Risk Committee, dated June 2011) at CONADEL0001187. 24 For 2012, plaintiff pointed to the Audit and Risk Committee’s “1Q 2012 Enterprise State of Compliance” report dated June 5, 2012. 71 The Complaint alleges that this report: . . . highlighted the Company’s “At Risk” and “Worsening” AML internal control environment. The report stated that “Enterprise Net Risk has been downgraded” and described AML “Inherent Risk” as “High,” due to “high risk products and services, large branch network located in high intensity drug trafficking and metropolitan areas, high risk customer base that includes most large New York check cashing businesses,” AML “Governance & Control” as “At Risk,” and the “Future Trend” as “Worsening.” The report further stated that in March over 10% of AML controls were “operating ineffectively,” and suffered from “elongated time to resolve exceptions,” specifically including AML-critical CIP exceptions.72 Other parts of the same report stated that the “Medium” risk rating was partially due to “inadequate control environment in Canada . . . and the anticipated complexities of integrating HSBC and ING” 73 and listed a series of “[a]ctions needed to get back into stated [risk] appetite.”74 In other words, management had identified to the Audit and Risk Committee the actions they believed necessary to achieve the Company’s compliance goal. 71 Tr. Oral Arg. at 26. 72 Compl. ¶ 55. 73 Shauger Aff. Ex. F (1Q 2012 Enterprise State of Compliance report to the Audit and Risk Committee, dated June 5, 2012) at CONADEL0001528. 74 Id. 25 Additionally, a memo from the Chief Compliance Officer to the Audit and Risk Committee from the month before stated that management was preparing a detailed assessment of the AML program deficiencies noted in a recent regulatory action against Citibank to make sure Capital One’s own program was adequate.75 A few months later, in October 2012, the Chief Compliance Officer reported to the Audit and Risk Committee in another memo that: “We are watching several trends that may impact our risk profile and compel us to modify our approach or control environment. The most significant issue arises from recent enforcement orders against financial institutions in their AML and OFAC Programs and the shift the OCC will take in examining our Program.” 76 That same month, the Audit and Risk Committee recommended to the board certain revisions to the Company’s AML policy. 77 For 2013, plaintiff focused on the Audit and Risk Committee’s “Enterprise Risk Profile: Summary Report” dated February 12, 2013.78 The Complaint alleges this report: . . . provided the Audit and Risk Committee Defendants with additional warnings about the Company’s “High” AML compliance 75 Shauger Aff. Ex. C (memo re May 2012 Compliance Risk Update, dated May 7, 2012) at CONADEL0001469. 76 Shauger Aff. Ex. B (memo re 2012 AML and OFAC Compliance Risk Assessment, dated October 22, 2012) at CONADEL0002458. 77 Tr. Oral Arg. at 31. 26 risk. The report warned that “[f]ailing to mitigate [this] risk[] could result in non-compliance with applicable requirements and, in a worst case scenario, fines and reputational exposure similar to those incurred under recent consent orders.” The report further described AML as the “Top Risk” and described how “based on recent enforcement actions left unchecked the consequences of unmanaged risks in this area could result in violations of law.”79 Another part of the same report reiterated the regulatory actions that had been taken against other financial institutions and the inherent risk posed by money laundering activity: “While the corporate AML program is sound, regulatory actions at other financial institutions have been well publicized. Inherently, money laundering, terrorist financing, and economic sanctions remain a top risk for financial institutions. Management is proactively ensuring the corporate AML program is strengthened to meet evolving expectations.” 80 A second presentation provided to the Audit and Risk Committee on the same date elaborated on management’s initiatives to address the Company’s AML risk: Management is taking action to put remediation plans and dates in place. Focus is on establishing the correct governance in Enterprise Payments to address cash handling policy and operational needs, continued build of AML Model Governance processes, and moving/revising first line of defense controls for CIP.81 78 Tr. Oral Arg. at 26. 79 Compl. ¶ 62. 80 Shauger Aff. Ex. M (Enterprise Risk Profile report to the Audit and Risk Committee, dated February 12, 2013) at CONADEL0000656. 81 Shauger Aff. Ex. N (Q4 2012 Enterprise State of Compliance report to the Audit and Risk Committee, dated February 12, 2013) at CONADEL0000757. 27 According to the Complaint, yet another report provided to the Audit Committee on October 24, 2013, “seemed to spark in earnest the Board’s reactive mad dash efforts—ultimately far too little too late—to rectify Capital One’s critically deficient AML controls.”82 In an unusual twist, plaintiff’s counsel disclaimed this exculpatory allegation of his own Complaint, which is repeated elsewhere in the Complaint,83 as not “well-pled.”84 A few months later, in a compliance report for the fourth quarter of 2013 dated January 23, 2014, the members of the Audit Committee were informed that management had decided to exit the business of serving check cashers “in parallel” with an investigation of potential violations of anti-money laundering laws that was being conducted of several of the Company’s clients. 85 A memorandum sent to the members of the Audit and Risk Committee on the same day further explained that management’s decision to exit the check cashing business was expected to be executed in 2014, and that Capital One’s “AML Compliance Program is operating within tolerance” outside of the “Check Casher Group:” 82 Compl. ¶ 68. 83 See id. ¶ 70. 84 Tr. Oral Arg. at 46. 85 Compl. ¶ 70. 28 • Management has decided to exit the Check Cashing business and a plan is underway to execute this decision throughout 2014. AML is closely monitoring these account relationships and performing additional due diligence as they wind down. • With the exception of the Check Casher Group, the core AML Compliance Management Program is operating with tolerance; however, AML inherently remains a top risk to the company. 86 For 2014, plaintiff relied on the Audit Committee’s “Corporate Audit & Security Services First Quarter 2014” report dated April 25, 2014. 87 The Complaint alleges that this report: . . . described Capital One’s internal audit findings. Far from showing improvement following the stark warnings received by the Individual Defendants in the preceding months, the Company’s “High” risk AML Compliance Risk Management program was rated “Inadequate,” the worst possible rating. This would begin a series of internal reports showing that in the face of extreme risk and regulatory scrutiny, the Individual Defendants continued to fail improving Capital One’s AML controls to an acceptable level. The report cites a need for robust procedures, well-trained associates, and a strong management review function to comply with FinCEN and bank regulators’ expectations. It also identified other key issues of concern, including inconsistencies in investigation and narrative preparation related to alerted transactions, lack of associate training, and a weak management review process that failed to make robust notations, pose questions, or challenge conclusions.88 86 Bennett Aff. Ex. 5 (memo re 2013 AML and OFAC Compliance Risk Assessment, dated January 23, 2014) at CONADEL0000903. 87 Tr. Oral Arg. at 28. 88 Compl. ¶ 73. 29 Other parts of the same report stated that the audit department concluded that Capital One’s “Bank Secrecy Act Operations Procedures are quite detailed,” that the “unplanned use of consultants in the compliance area required to support onetime efforts related to enhancing the BSA/AML risk assessment methodology and audit program” had caused the department to go over budget, and that the department’s contractor usage “is primarily driven by additional projects supporting the compliance audit team in areas including quality assurance and enhancements of the BSA/AML risk assessment process.” 89 In a memo to the Audit Committee for the next quarter, the Chief Compliance Officer reported that the Company had launched a comprehensive initiative to improve its AML compliance program: AML remains a top compliance risk for the company, primarily due to heightened regulatory expectations; high alert volumes; a need to enhance AML controls and strengthen the AML organization; and an ongoing law enforcement investigation into alleged criminal activity by certain of the company’s commercial clients. ***** In coordination, the Chief Risk Officer, the Chief Compliance Officer and the new Chief AML Officer have launched a comprehensive initiative to improve our enterprise AML compliance program, including all core controls, processes, and policies.90 89 Shauger Aff. Ex. S (Corporate Audit & Security Services First Quarter 2014 Audit Committee Report, dated April 25, 2014) at CONADEL0001062, CONADEL0001069. 90 Shauger Aff. Ex. V (memo re Quarterly Compliance Report for the Second Quarter of 2014, dated July 24, 2014) at CONADEL0001276. 30 The fifth and final report plaintiff identified as his best evidence of red flags is the Audit Committee’s “Corporate Audit & Security Services Fourth Quarter 2014” report dated January 22, 2015.91 The Complaint discusses two statements in this report: that it “confirmed the Company’s AML Program was still rated ‘At Risk’ and described as ‘Inadequate,’” and that it “reported on ‘risk management and control issues,’ warning ‘significant effort remains to enhance the overall AML [Compliance Management Program].’” 92 But the report also said the following: Management is in the process of addressing ineffective model governance practices. . . . The Model Risk Office issued an AML Notice, . . . , which requires high risk AML models to be compliant with the Model Policy by April 2015, while medium and low risk AML models are expected to be fully compliant by October 2015. . . . Management self-identified the need to ensure a uniform and coordinated approach to referring fraud cases for potential SAR and STR reporting. . . . Prior to the conclusion of this audit, management established a dedicated workstream in the AML Strategic Plan to address this concern by December 31, 2014. 93 Additionally, in a section entitled “AML Strategic Plan,” the report included the observations that “[w]here specific needs have been identified, the [AML 91 Tr. Oral Arg. at 29. 92 Compl. ¶ 80. 93 Bennett Aff. Ex. 6 (Corporate Audit & Security Services Fourth Quarter 2014 Audit Committee Report, dated January 22, 2015) at CONADEL0002577, CONADEL0002582. 31 compliance program] has elevated recruiting activities to support delivery commitments” and that “[d]uring the fourth quarter, management made a deliberate decision to focus efforts on completing deliverable commitments.” 94 To summarize, the five reports plaintiff identified as his best evidence of red flags show that Capital One’s directors were made aware that (1) the Company’s assessment of its AML compliance risk had escalated from “low” in the first quarter of 2011,95 to “medium” in the first quarter of 2012,96 and then to “high” as of February 2013,97 (2) that management had decided to exit the business of serving check cashers by January 2014, and (3) that the Company’s AML risk exposure remained high in 2014 as it implemented its plan to exit the check cashing business.98 None of these reports, however, states that the Company’s 94 Defs.’ Reply Br. Ex. B (Corporate Audit & Security Services Fourth Quarter 2014 Audit Committee Report, dated January 22, 2015) at CONADEL0002576. 95 Shauger Aff. Ex. H (1Q 2011 Enterprise State of Compliance report to the Audit and Risk Committee, dated June 2011) at CONADEL0001187. 96 Shauger Aff. Ex. F (1Q 2012 Enterprise State of Compliance report to the Audit and Risk Committee, dated June 5, 2012) at CONADEL0001528. 97 Shauger Aff. Ex. M (Enterprise Risk Profile report to the Audit and Risk Committee, dated February 12, 2013) at CONADEL0000675; see also id. Ex. N (Q4 2012 Enterprise State of Compliance report to the Audit and Risk Committee, dated February 12, 2013) at CONADEL0000757. 98 See Shauger Aff. Ex. S (Corporate Audit & Security Services First Quarter 2014 Audit Committee Report, dated April 25, 2014) at CONADL0001062; Bennett Aff. Ex. 6 (Corporate Audit & Security Services Fourth Quarter 2014 Audit Committee Report, dated January 22, 2015) at CONADEL0002577. 32 BSA/AML controls and procedures actually had been found to violate statutory requirements at any time or that anyone within Capital One had engaged in fraudulent or criminal conduct. In other words, the core factual allegations of the Complaint do not amount to red flags of illegal conduct.99 Giving plaintiff all reasonable inferences, the allegations of the Complaint plead at most flags of a different hue, namely yellow flags of caution concerning the Company’s escalating AML compliance risk that was occurring in tandem with heightened regulatory scrutiny of AML compliance in the financial services industry. The escalation occurred over a two-year period and led to management’s decision less than one year later to exit the business of serving check cashers, which was the root cause of Capital One’s AML compliance exposure according to the Complaint. Significantly, the reports the directors received did not place them on notice that management had refused to act or displayed an indifference to complying with the BSA/AML. To the contrary, the same reports that described the Company’s heightened compliance risk simultaneously explained to the directors in considerable detail on a regular basis the initiatives management was taking to address those problems and to ameliorate the AML compliance risk. 99 Although the OCC found in July 2015 “regulatory deficiencies in [Capital One’s] AML program emanating from [its] former Check Cashing Group within the Commercial Banking business,” Compl. ¶ 83, this event occurred in July 2015 after the Company had decided to exit the check cashing business, which explains why plaintiff does not view that event to have been a red flag. Tr. Oral Arg. at 33-34. 33 Thus the factual context here is fundamentally inconsistent with the inference plaintiff asks the Court to draw—that the directors must have known they were breaching their fiduciary duties by tolerating a climate in which the Company was operating part of its business in defiance of the law. The factual allegations of this case stand in stark contrast to the two key authorities on which plaintiff relies: this Court’s decisions in the Massey and Pyott cases. In Massey, the company “had pled guilty to criminal charges, had suffered other serious judgments and settlements as a result of violations of law, had been caught trying to hide violations of law and suppress material evidence, and had miners suffer death and serious injuries at its facilities.”100 Based on these and other “objective facts” of the company’s record as a “recidivist” law-breaker, the Court found it was reasonably inferable “that the Board and management were aware of a troubling continuing pattern of non-compliance in fact and of a managerial attitude suggestive of a desire to fight with and hide evidence from the company’s regulators,” and thus opined that a viable Caremark claim likely had been pled. 101 In Pyott, plaintiff’s particularized allegations allowed the Court to draw an inference that the Allergen board “knowingly approved and subsequently oversaw 100 Massey, 2011 WL 2176479, at *20. 101 Id. at *20-21. 34 a business plan that required illegal off-label marketing and support initiatives for Botox.”102 In other words, Pyott involved the board’s “knowing use of illegal means to pursue profit”103 in contravention of the common sense principle that “a fiduciary of a Delaware corporation cannot be loyal to a Delaware corporation by knowingly causing it to seek profits by violating the law.” 104 Unlike in Massey and Pyott, plaintiff does not contend, and the pled facts would not warrant the inference, that Capital One’s management embraced a strategy to pursue profits by employing illegal means, much less that its directors were knowingly complicit in such a strategy. To the contrary, the Complaint’s allegations evidence that Capital One’s management made efforts to cope with tightening regulations and more aggressive AML enforcement actions, and regularly kept the directors informed of those efforts along the way. Those efforts included designation of a new Chief AML Officer, monthly training, quarterly internal audits, other initiatives taken in response to the changing regulatory 102 Pyott, 46 A.3d at 356. 103 Id. at 352. 104 Id. 35 landscape,105 and ultimately, the decision to exit altogether the check cashing business that presented the most acute BSA/AML challenges. 106 As discussed previously, the Delaware Supreme Court made clear a decade ago that directors can be found liable for a Caremark oversight claim only if they fail to discharge their fiduciary duties in good faith, meaning that “the directors knew that they were not discharging their fiduciary obligations.” 107 “Good faith, not a good result, is what is required of the board.”108 As our Supreme Court explained more recently in Lyondell Chemical Co. v. Ryan, “there is a vast difference between an inadequate or flawed effort to carry out fiduciary duties and a conscious disregard for those duties.” 109 Here, the allegations of the Complaint and the documents incorporated therein would allow reasonable minds to argue either side of a debate over whether the directors’ oversight of the Company’s BSA/AML compliance program was sufficiently robust or flawed. But what those allegations do not reasonably permit 105 Shauger Aff. Ex. Q (Anti-Money Laundering (AML) Assessment report to the Audit and Risk Committee, dated February 12, 2013) at CONADEL0000762. 106 Bennett Aff. Ex. 5 (memo re 2013 AML and OFAC Compliance Risk Assessment, dated January 23, 2014) at CONADEL0000903. 107 Stone, 911 A.2d at 370. 108 In re The Goldman Sachs Group, Inc. S’holder Litig., 2011 WL 4826104, at *23. 109 Lyondell Chemical Co. v. Ryan, 970 A.2d 235, 243 (Del. 2009). 36 for the reasons explained above is an inference that the defendants consciously allowed Capital One to violate the law so as to sustain a finding they acted in bad faith. As such, plaintiff has failed to plead with particularity that a majority of Capital One’s ten-member board acted in such an egregious manner that they would face a substantial likelihood of liability for breaching their fiduciary duty of loyalty so as to disqualify them from applying disinterested and independent consideration to a stockholder demand. Thus, demand is not excused as to Count I. C. Demand Is Not Excused for the Unjust Enrichment Claim Count II of the Complaint asserts that defendants “were unjustly enriched as a result of the compensation and director remuneration they received while breaching fiduciary duties owed to Capital One.” 110 Plaintiff readily acknowledges that this claim rises or falls with the viability of Count I. 111 Thus, because plaintiff has failed to allege particularized facts to excuse his failure to make a demand concerning Count I, it necessarily follows that demand would not have been futile as to Count II. III. CONCLUSION For the foregoing reasons, plaintiff has failed to demonstrate that demand would have been futile with respect to either of the two claims in the Complaint. 110 Compl. ¶ 110. 111 Tr. Oral Arg. at 39. 37 Accordingly, defendants’ motion to dismiss the Complaint with prejudice is GRANTED. IT IS SO ORDERED. 38