Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Oklahoma Firefighters Pension & Retirement System v. Corbat

Court of Chancery of Delaware

December 18, 2017

OKLAHOMA FIREFIGHTERS PENSION & RETIREMENT SYSTEM, KEY WEST MUNICIPAL FIREFIGHTERS & POLICE OFFICERS' RETIREMENT TRUST FUND, JEFFREY DROWOS, FIREMAN'S RETIREMENT SYSTEM OF ST. LOUIS, and ESTHER KOGUS, Derivatively on Behalf of Nominal Defendant, Citigroup, Inc., Plaintiffs,
v.
MICHAEL L. CORBAT, DUNCAN P. HENNES, FRANZ B. HUMER, EUGENE M. MCQUADE, MICHAEL E. O'NEILL, GARY M. REINER, JUDITH RODIN, ANTHONY M. SANTOMERO, JOAN SPERO, DIANA L. TAYLOR, WILLIAM S. THOMPSON JR., JAMES S. TURLEY, ERNESTO ZEDILLO PONCE DE LEON, ROBERT L. JOSS, VIKRAM S. PANDIT, RICHARD D. PARSONS, LAWRENCE R. RICCIARDI, ROBERT L. RYAN, JOHN P. DAVIDSON III, BRADFORD HU, BRIAN LEACH, MANUEL MEDINA-MORA, and KEVIN L. THURM, Defendants, and CITIGROUP, INC., Nominal Defendant.

          Date Submitted: September 19, 2017

          Stuart M. Grant, Nathan A. Cook, and Rebecca A. Musarra, of GRANT & EISENHOFER P.A., Wilmington, Delaware; OF COUNSEL: Mark Lebovitch, David L. Wales, and Alla Zayenchik, of BERNSTEIN LITOWITZ BERGER & GROSSMANN LLP, New York, New York; Brian J. Robbins, Felipe J. Arroyo, and Gina Stassi, of ROBBINS ARROYO LLP, San Diego, California, Attorneys for Plaintiffs.

          Donald J. Wolfe, Jr., T. Brad Davey, Tyler J. Leavengood, and Jay G. Stirling, of POTTER ANDERSON & CORROON LLP, Wilmington, Delaware; OF COUNSEL: Mary Eaton, of WILLKIE FARR & GALLAGHER LLP, New York, New York; Frank Scaduto, of WILLKIE FARR & GALLAGHER LLP, Washington, DC, Attorneys for Defendants Duncan P. Hennes, Franz B. Humer, Michael E. O'Neill, Gary M. Reiner, Judith Rodin, Anthony M. Santomero, Joan Spero, Diana L. Taylor, William S. Thompson, Jr., James S. Turley, Ernesto Zedillo Ponce de Leon, Robert L. Joss, Richard D. Parsons, Lawrence R. Ricciardi, and Robert L. Ryan, and Nominal Defendant Citigroup Inc.

          Stephen P. Lamb and Meghan M. Dougherty, of PAUL, WEISS, RIFKIND, WHARTON & GARRISON LLP, Wilmington, Delaware; OF COUNSEL: Brad S. Karp, Bruce Birenboim, and Susanna Buergel, of PAUL, WEISS, RIFKIND, WHARTON & GARRISON LLP, New York, New York; Jane B. O'Brien, of PAUL, WEISS, RIFKIND, WHARTON & GARRISON LLP, Washington, DC, Attorneys for Defendants Michael L. Corbat, Eugene M. McQuade, Vikram S. Pandit, John P. Davidson III, Manuel Medina-Mora, Bradford Hu, Kevin L. Thurm, and Brian Leach.

          MEMORANDUM OPINION

          SAM GLASSCOCK, III VICE CHANCELLOR

         In this matter, stockholders of Citigroup, Inc. seek damages, derivatively on the part of the company, against directors and officers. The Defendants have moved to dismiss. The burden is on the Plaintiffs to plead facts that, if true, raise a reasonable doubt that the director Defendants could exercise their business judgment to consider a demand, thus excusing demand under Court of Chancery Rule 23.1. The Plaintiffs seek to satisfy that burden by pointing to pleadings they allege demonstrate a substantial likelihood that the director Defendants are liable to Citigroup for failing to oversee company employees' compliance with law, under the rubric of In re Caremark International Inc. Derivative Litigation.[1]

         It is appropriate, I think, to discuss here the implications of a claim under Caremark. Corporate entities, acting through their employees, may violate laws or regulations. Such unlawful acts, in turn, can result in fines, penalties, third-party damages, and other losses on the part of the entity. The essence of a Caremark claim is an attempt by the owners of the company, its stockholders, to force the directors to personally make the company whole for these losses.

         The circumstances under which a Caremark or oversight claim can be successful are limited. If the board directs employees to act unlawfully, the directors have breached the duty of loyalty and are liable; that, strictly speaking, is not an oversight claim. Caremark provides that if directors have failed to put in place any system whereby they may be made aware of and oversee corporate compliance with law, they may be liable. That situation is, manifestly, not the case here. Conversely, where the board has an oversight system in place, but nonetheless fails to act to promote compliance, the directors may be liable, but only where their failure to act represents a non-exculpated breach of duty.

         It should be apparent that many failures of oversight by directors sufficient to constitute a breach of duty implicate the duty of care.[2] Directors breach the duty of care where they act with gross negligence. In other words, where the directors are informed of potential unlawful acts in a way that puts them on notice of systematic wrongdoing, and nonetheless they act in a manner that demonstrates a reckless indifference toward the interests of the company, they may be liable for breach of the duty of care. Here, however, Citigroup's directors are exculpated from liability for such a breach. In that case, the path to director liability is straitened. In order to result in liability, the directors' inaction in the face of "red flags" putting them on notice of systematic wrongdoing must implicate the duty of loyalty. To imply director liability, the response of the directors must have been in bad faith. The inaction must suggest, not merely inattention, but actual scienter. In other words, the conduct must imply that the directors are knowingly acting for reasons other than the best interest of the corporation. That is the essence of a Caremark claim.[3] The height of this bar, presumably, is what led to Chancellor Allen's famous observation that a Caremark claim is among the most difficult to prove in our corporate law.[4]

         Here, the Plaintiffs, with admirable effort and the aid of records obtained under Section 220, produced a ponderous omnibus of a complaint. It describes red flags placed before the directors, dating back to the financial crisis of a decade ago as well as more recently, in connection with activities of Citigroup and its subsidiaries that led to large fines levied against the bank. The Complaint makes it reasonably conceivable that the directors, despite these red flags, failed to take actions that may have avoided loss to the company. That is not the standard, however. To my mind, the allegations of the Complaint, if true, fail to demonstrate scienter. The Complaint does not make it reasonably conceivable that the directors acted in bad faith. Therefore, the Motion to Dismiss is granted.

         My reasoning follows.

         I. BACKGROUND[5]

         A. Parties and Relevant Non-Parties

         Plaintiffs Oklahoma Firefighters Pension and Retirement System, Key West Municipal Firefighters and Police Officers' Retirement Trust Fund, Jeffrey Drowos, Fireman's Retirement System of St. Louis, and Esther Kogus are stockholders of nominal defendant Citigroup, Inc., and they held stock at all times relevant to this action.[6]

         Citigroup is a Delaware corporation headquartered in New York City.[7]Citigroup maintains a complicated network of subsidiaries, but its business revolves around two primary segments: Citicorp and Citi Holdings.[8] Citicorp contains a "regional customer banking and institutional clients group."[9] "Citi Holdings consists of Citigroup's brokerage and asset management and local consumer lending businesses, and a special asset pool."[10] Citibank N.A. is Citigroup's primary depository subsidiary.[11]

         When the Plaintiffs filed their Complaint, Citigroup's board had sixteen directors, thirteen of whom are Defendants in this action.[12] The thirteen directors named as Defendants are Michael L. Corbat, Duncan P. Hennes, Franz B. Humer, Eugene M. McQuade, Michael E. O'Neill, Gary M. Reiner, Judith Rodin, Anthony M. Santomero, Joan Spero, Diana L. Taylor, William S. Thompson, Jr., James S. Turley, and Ernesto Zedillo Ponce de Leon.[13] These individuals began serving on the Citigroup board at different times, and some of them have been members of various board committees.[14] Ten of them have also served on Citibank's board.[15]

         The Defendants in this case also include former Citigroup directors. Defendant Robert L. Joss served on the Citigroup board from 2009 to April 2014, and he was a Citibank director from 2010 to 2014.[16] Defendant Vikram S. Pandit was a member of the Citigroup board from December 2007 to October 2012, during which time he also served as Citigroup's CEO.[17] Defendant Richard D. Parsons was a Citigroup director from 1996 to April 2012.[18] Defendant Lawrence R. Ricciardi served on Citigroup's board from 2008 to April 2013, and he was a Citibank director from 2009 to 2013.[19] Defendant Robert L. Ryan was a Citigroup director from 2007 to April 2015; he served on Citibank's board from 2009 to 2015.[20]

         The final set of Defendants consists of Citigroup officers. Corbat has been Citigroup's CEO since October 2012, and from December 2011 to October 2012, he served as CEO of Citi Europe, Middle East, and Africa.[21] From January 2009 to December 2011, Corbat was the CEO of Citi Holdings.[22] Defendant John P. Davidson III has been Citigroup's Chief Compliance Officer since September 23, 2013.[23] From April 2008 to September 2013, he headed Enterprise Risk Management at Citigroup, "a unit responsible for managing Citigroup's operational risk across businesses and geographies."[24] Defendant Bradford Hu has been Citigroup's Chief Risk Officer since January 2013.[25] Defendant Brian Leach was Citigroup's Chief Risk Officer from March 2008 to January 2013, and he worked as Citigroup's Head of Franchise Risk and Strategy from January 2013 to April 2015.[26]Since June 2015, Defendant Manuel Medina-Mora has served as the non-executive chairman of the board of Grupo Financiero Banamex, S.A. de C.V. (the "Banamex Group"), a wholly owned, indirect Citigroup subsidiary.[27] Before then, he held various high-level positions at Citigroup.[28] Defendant Kevin L. Thurm was Citigroup's Chief Compliance Office from 2011 to September 2013, and, as noted above, Pandit was Citigroup's CEO from December 2007 to October 2012.[29]

         B. Factual Overview[30]

         The Plaintiffs allege that the Defendants "consciously fail[ed] to develop, implement, and enforce effective internal controls throughout [Citigroup], including at its subsidiaries."[31] The Plaintiffs seek relief for harm Citigroup has suffered as a result of four corporate traumas: "(1) pervasive violations of anti-money laundering rules; (2) substantial fraud at Banamex[, a wholly owned subsidiary of the Banamex Group]; (3) fraudulent manipulation of benchmark foreign exchange rates; and (4) deceptive credit card practices."[32] I summarize the allegations relevant to each of these corporate traumas below.

         1. Compliance with Anti-Money Laundering Laws

         a. The Regulatory Environment

         Citigroup and several of its subsidiaries are required to comply with an array of federal laws and regulations addressing the issue of money laundering.[33]According to the Complaint, the most important of these anti-money laundering ("AML") laws are the Bank Secrecy Act of 1970 ("BSA") and various provisions of the USA Patriot Act.[34] Several federal and state agencies are charged with administering these laws.[35] At the federal level, the administering agencies include the Federal Reserve System ("FRB"), the Office of the Comptroller of the Currency ("OCC"), and the Federal Deposit Insurance Corporation ("FDIC").[36] At the state level, they include the California Department of Business Oversight ("CDBO").[37]

         The BSA imposes "mandatory reporting and record-keeping requirements to track currency transactions and detect and prevent money laundering."[38] Likewise, under the USA Patriot Act, financial institutions must "establish AML and customer identification programs, and . . . conduct enhanced due diligence . . . for bank accounts held by non-U.S. persons."[39] Banks must also compare their transactions and customers against sanctions lists kept by the Office of Foreign Asset Control ("OFAC").[40] Generally speaking, the federal AML laws require every bank to maintain a BSA/AML compliance program tailored to its risk profile.[41]

         The BSA's implementing regulations impose more specific requirements on financial institutions. Under those regulations, banks must maintain internal controls designed to ensure continuing compliance, perform independent testing of BSA/AML compliance, designate someone to serve as a BSA compliance officer, and train relevant personnel.[42] A bank's internal BSA/AML controls must conform to a bevy of regulatory requirements. For example, banks must "[p]rovide sufficient controls and monitoring systems for timely detection and reporting of suspicious activity, " "[i]dentify banking operations more vulnerable to abuse by money launderers and criminals, " "[p]rovide for adequate supervision of employees that handle [activities covered by the BSA], " and "provide for timely updates in response to changes in regulations."[43] Moreover, each bank must file a Suspicious Activity Report ("SAR") when it identifies "(i) certain known or suspected violations of federal law; (ii) suspicious transactions related to a money laundering activity; or (iii) a violation of the BSA/AML."[44]

         The USA Patriot Act's implementing regulations require financial institutions to develop a Customer Identification Program ("CIP").[45] The CIP must enable the bank to verify the identities of its customers, and the program must be tailored to the bank's risk profile and size.[46] The USA Patriot Act and its implementing regulations further require banks to conduct "special due diligence for accounts requested or maintained by, or on behalf of, foreign banks and non-U.S. persons."[47] Finally, banks operating in the United States must comply with OFAC regulations, which "require that U.S. financial institutions ensure that their business operations and transactions do not violate U.S. economic and trade sanctions against entities such as targeted foreign countries, terrorists, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction."[48]Every bank must adopt an OFAC compliance program that fits its size and risk profile.[49]

         b. The Alleged Compliance Failures

         The Plaintiffs allege that Citigroup and its subsidiaries have continually failed to abide by BSA/AML laws and regulations.[50] The compliance failures spanned several years and persisted in the face of multiple consent orders stemming from federal and state investigations into Citigroup's and its subsidiaries' BSA/AML practices.[51] The end result, say the Plaintiffs, was that regulators were forced to fine Citigroup $140 million for its BSA/AML compliance failures.[52]

         The Complaint identifies a number of red flags that supposedly should have led the Defendants to improve Citigroup's BSA/AML controls. According to the Plaintiffs, if the Defendants had made the necessary improvements, Citigroup could have avoided paying the $140 million fine.[53] I summarize the purported red flags and the responses to them from the Citigroup board and senior management.

         Citigroup and its subsidiaries face a high risk of AML violations for several reasons. First, Citigroup is a global corporation, and many of the countries it operates in pose a heightened risk of AML violations. For example, in January 2012, the Citigroup Compliance Committee learned from management that "50% of the countries in which Citigroup operates demonstrated a 'high' inherent geographic risk for AML violations."[54] The Plaintiffs focus on Citigroup's operations in Mexico, in which "corrupt practices such as bribery and money laundering occur at a higher frequency . . . than in many of the other countries in which Citigroup operates."[55] According to the Plaintiffs, Citigroup directors and senior management knew or should have known that the "corrupt practices" common in Mexico would pose a serious risk of money laundering at Citigroup subsidiaries operating in that country.[56] Those subsidiaries included Banamex, which Citigroup acquired in 2001.[57] As part of that acquisition, Citigroup also bought Banamex USA ("BUSA"), "which had numerous branches along the Mexican border and routinely engaged in cross-border transactions."[58]

         Second, Citigroup's "inorganic[]" growth led to the absorption of "disparate businesses with different and sometimes conflicting standards, systems, and controls."[59] This potpourri of business lines created a heightened risk of AML violations.[60] Senior management and directors appear to have recognized this. For example, in October 2009, management told the Audit and Risk Management Committees that Citigroup's AML compliance in North America "need[ed] improvement."[61] And in January 2012, "management reported to the Citigroup Compliance Committee that the Company was rated 'medium high' in the categories of 'inherent AML risk, ' 'quality of AML controls, ' and 'residual AML risk.'"[62] These AML issues were ascribed to, among other things, Citigroup's growing presence in emerging markets, its failure to create centralized AML systems, and its lack of consistent standards.[63] Beginning in April 2012, Citigroup's Internal Audit ("IA") team continually informed Citigroup board members of these risks.[64]

         All of this is background to the primary allegations about Citigroup's BSA/AML compliance issues. The Plaintiffs' focus is the Citigroup board's purportedly inadequate response to a regulatory order and several consent orders issued by various government agencies. In July 2010, the OCC issued Citibank a Part 30 order[65] as a result of "serious compliance deficiencies in the bank's operations."[66] That order directed Citibank to improve its AML compliance in several of its business lines.[67] In particular, Citibank was asked to improve "identification of high risk customers and of client relationships on a bank-wide basis; . . . expan[d] . . . periodic customer reviews; and . . . optimiz[e] . . . automated transaction monitoring systems."[68] Two years later, the OCC found that these "[d]eficiencies were not properly and timely addressed."[69]

         As a result of Citibank's failure to obey the Part 30 order, the OCC issued a consent order on April 5, 2012.[70] The consent order "castigated Citibank for its AML program deficiencies, " noting several "internal control weaknesses."[71] The OCC identified weaknesses in Citibank's monitoring of client relationships, its customer due diligence processes, and the "scope and documentation of the validation and optimization process applied to the automated transaction monitoring system."[72] Among other things, the consent order required Citibank to implement a "BSA/AML Action Plan" and to improve its customer due diligence practices.[73] The OCC made clear that Citibank's board was ultimately responsible for ensuring the bank's compliance with the consent order.[74]

         According to the Complaint, even after the April 2012 consent order was issued, "directors and senior management stood idly by with respect to AML compliance."[75] In the months following entry of the consent order, Citigroup board members received several warnings about AML issues. For example, in July 2012, IA told the Compliance Committee that there was "[i]nadequate AML control, governance, and oversight" at Banamex and BUSA.[76] That same month, the Audit Committee learned that AML risk was increasing.[77] Documents incorporated by reference in the Complaint make clear, however, that the Citigroup board took action in response to the problems revealed by the first consent order. To take just one example, at an April 17, 2012 Citigroup board meeting, directors learned that "the Compliance Committees [had] received a presentation from the AML Monitoring Team, including efforts to improve the quality and integrity of the data feeding . . . Citibank's AML monitoring platforms."[78] Directors were also told at this meeting that "the Compliance Committees directed [IA] to provide a country-by-country AML assessment."[79]

         Despite these efforts, on August 2, 2012, BUSA entered into a consent order with the FDIC and the California Department of Financial Institutions ("CDFI").[80]The consent order required BUSA's board to "'develop, adopt, and implement an updated written compliance program' that would be designed to 'ensure and maintain compliance' with the BSA."[81] BUSA was also ordered to hire a BSA compliance officer and enough staff to monitor compliance with the BSA.[82] The Plaintiffs allege that "[t]he Citigroup Board was aware of the FDIC/CDFI Consent Order no later than October 2012, when Joss[, the chair of the Compliance Committee at the time, ] discussed the consent order with the Citigroup, Citibank, and Citicorp boards."[83]

         The Plaintiffs allege that the entry of the second consent order failed to prompt action from the Defendants, "leav[ing] [Citigroup] and its subsidiaries vulnerable to AML violations."[84] The Plaintiffs point out that in September and October 2012, IA found that "BUSA's control environment remained 'unsatisfactory.'"[85] In October and November 2012, the FDIC and CDFI conducted an on-site visit of BUSA, and they concluded that since the entry of the August 2012 consent order, "BUSA had made inadequate progress on AML/BSA compliance."[86] And in early 2013, the AML control environment "retained a 'limited assurance' rating, while the 'overall effectiveness of controls over affiliate transactions' at BUSA received an 'insufficient assurance' rating."[87]

         Again, however, documents incorporated by reference in the Complaint reveal that the Citigroup board took action in response to continuing AML issues. For instance, when the Citigroup board met on December 12, 2012, the directors learned that management had taken "proactive efforts concerning AML issues, [and] that management's current areas of focus include the Consumer North America high risk account re-remediation; expired customer due diligence documentation; migration programs in Mexico; . . . and broader structural issues."[88] At the same meeting, the board also learned of "continued progress on OCC commitments and business priorities, including creating and implementing a global governance structure and framework and short-term tactical project execution."[89]

         Nevertheless, on March 21, 2013, yet another consent order was issued, this time by the FRB.[90] Unlike the two consent orders discussed above, this one addressed Citigroup's role in ensuring that its subsidiaries achieved compliance.[91]The FRB found that "Citigroup lacked effective systems of governance and internal controls to adequately oversee the activities of the Banks."[92] Under the FRB consent order, Citigroup was required to ensure firmwide compliance, and to "implement a firmwide compliance risk management program."[93] The consent order also required the Citigroup board itself to "review [Citigroup's] firmwide BSA/AML compliance program and, based on its findings, submit to the FRB a plan to 'strengthen the management and oversight' of the compliance program."[94]

         The Complaint next focuses on the approximately two-year period between the entry of the FRB consent order and the imposition of the $140 million fine. The Plaintiffs allege that during this period, "Citigroup's Board failed to respond meaningfully and in good faith to the misconduct that attracted so much regulatory scrutiny, ultimately leading to the imposition of [the] fine."[95] The Plaintiffs cite several reports from IA to the Citigroup board and its committees.[96] In those reports, IA revealed that "BUSA's BSA/AML controls, risk management controls, and oversight procedures were deficient."[97] A few examples illustrate the tenor of these reports. In an April 2013 report to the Audit and Compliance Committees, IA noted that "BUSA's AML control environment earned an 'insufficient assurance' rating, with increasing risk of violations 'due to poor risk management, failures in control design and execution, and inadequate management oversight.'"[98] In July and August 2013, IA told the Audit Committee that BUSA was "'substantially non-compliant' with the FDIC Consent Order."[99] And about nine months later, IA reported that "significant weaknesses continue to exist in AML."[100] In sum, IA put out twenty-two reports in which "BUSA's AML programs were given an 'insufficient assurance' rating between February 2013 and April 2015."[101]

         The picture painted in the Complaint is indeed one of a board that "sat like stones growing moss" in the face of clear warnings about persistent AML issues.[102]But the documents incorporated by reference in the Complaint belie this narrative. For example, about one month after entry of the FRB consent order, the Citigroup board, along with the Citibank and Citicorp boards, learned that "management was preparing an action plan [in response to the FRB consent order] and will meet with the FRB's staff to better understand its expectations."[103] The Citigroup board was also informed that "management reported progress on . . . de-risking, enhancing controls, strengthening governance and OCC commitments and business priorities."[104] And, as to BUSA, the board was told that management planned to "de-risk the business, close money services businesses and close eight branches along the US-Mexican border."[105] Later, in September 2013, the Citigroup, Citibank, and Citicorp boards learned that outside counsel had reviewed BUSA's operations and that "employee terminations" had been undertaken as part of the compliance effort.[106] At this meeting, members of the three boards "directed questions to management about BUSA, including personnel changes and prior regulatory reviews."[107]

         The Citigroup board received additional updates about AML compliance in December 2013. Specifically, the board learned that the Citigroup and Citibank Compliance Committees were "focus[ed] on whether management is embracing AML controls."[108] The board was told that "the AML surveillance process reviews 2.8 billion transactions per month, flags about 200, 000 matters each month and that about 150, 000 of these matters are subject to further review by analysts."[109] About one year later, in January 2015, the Citigroup board was informed that, while the "aggregate risk rating for AML is High, " "the aggregate risk trend is decreasing due to de-risking of certain high-risk client types, businesses, and geographies, in combination with ongoing improvements to the control environment."[110] Moreover, the board learned that two products "identified as having inherently higher levels of AML risk" demonstrated "decreasing risk trends."[111]

         Citigroup's efforts were ultimately unavailing. On July 22, 2015, "the FDIC 'announced the assessment of a civil money penalty of $140 million against Banamex USA . . . for violations of the Bank Secrecy Act . . . and anti-money laundering . . . laws and regulations.'"[112] The FDIC found that BUSA had

failed to implement an effective BSA/AML Compliance Program over an extended period of time. The institution failed to retain a qualified and knowledgeable BSA officer and sufficient staff, maintain adequate internal controls reasonably designed to detect and report illicit financial transactions and other suspicious activities, provide sufficient BSA training, and conduct effective independent testing.[113]

         For its part, the CDBO imposed a $40 million fine on BUSA, citing "new, substantial violations of the BSA and anti-money laundering mandates over an extended period of time."[114] The FDIC fine was satisfied in part by the CDBO fine.[115] On the same day that these fines were announced, Citigroup announced its decision to close BUSA.[116] But BUSA "remains subject to a number of investigations, including a criminal investigation by the U.S. Department of Justice and an investigation by the Treasury Department's Financial Crimes Enforcement Network."[117]

         2. Accounts Receivable Fraud at Banamex

         The Plaintiffs allege that lack of oversight and inadequate internal controls caused Banamex to become the victim of a massive accounts receivable fraud.[118]Citigroup lost over $400 million as a result of the fraud, which took the following form.[119] Oceanografia S.A. de C.V. ("OSA"), a Mexican oil services company, borrowed a total of approximately $585 million from Banamex.[120] The loans were secured by accounts receivable submitted by OSA.[121] OSA, in turn, was an important supplier to Pemex, a state-owned Mexican oil company.[122] Many of Banamex's loans to OSA were secured by accounts receivable reflecting payments Pemex owed to OSA.[123] The problem was that most of these accounts receivable were fraudulent.[124] The fraud, which came to light in February 2014, wiped out 19% of Banamex's banking profits for 2013.[125] And in October 2014, Mexico's banking regulator fined Banamex $2.5 million after determining that "the fraud resulted from weaknesses in Banamex's internal controls, errors in its loan origination and administration procedures, and deficiencies relating to risk administration and internal audits."[126] I turn now to the purported red flags related to this fraud and the response to them.

         According to the Plaintiffs, Citigroup and its subsidiaries failed to implement adequate "maker/checker controls" or properly segregate duties.[127] Maker/checker controls are designed to reduce the likelihood of misconduct "by preventing too much authority from being centralized in single individuals or positions."[128]Segregation of duties is meant to achieve the same goal.[129] The Defendants knew that maker/checker controls were not strong in Mexico, and in September 2013, management told the Audit Committees about "the failure to enforce the separation of duties in Mexico."[130] Later, IA revealed in its 2013 year-end review that "a fraud within the treasury and trade business . . . 're-enforce[d] the need for attention to key maker-checker controls and oversight of manual processes.'"[131] The Plaintiffs concede that Citigroup management developed "Project Andes, " an initiative to improve segregation of duties and to address issues in the maker/checker process.[132]But the Plaintiffs fault Citigroup for failing to consider "expanding Project Andes to retail banks until after the OSA fraud."[133]

         The Plaintiffs next point to a series of fraud-related incidents at Citigroup and its subsidiaries that supposedly should have warned the board of "significant issues concerning fraud detection and prevention."[134] In one incident, "a Citigroup Treasury Finance employee fraudulently transferred $25 million to his own personal bank account."[135] In a July 18, 2011 meeting, the Audit Committee learned that the fraud stemmed from "a 'poor control environment, ' 'inadequate supervision and review, ' and insufficient review of manual transactions."[136] The next spring, the Audit Committee was told that "five Banamex employees had accepted at least 16 million Mexico pesos . . . in kickbacks as part of [a] scheme" with several Banamex vendors.[137] Again, inadequate controls were to blame.[138] In 2013, management discovered that a Banamex bond trader had fraudulently concealed trading losses by deferring loss recognition and manipulating trades.[139] In March 2014, the Audit Committee learned that thirty-seven Banamex employees had been selling confidential credit card customer information.[140] And in October 2014, Citigroup announced that a Banamex security unit had been engaging in several nefarious activities for almost fifteen years, including "recording phone calls without authorization; fraudulently misreporting gas expenses in order to increase the reimbursements [members of the unit] received from Banamex; developing shell companies to launder proceeds; and receiving kickbacks from vendors who overcharged Banamex."[141]

         Banamex's brokerage unit, Accival, also fell victim to a fraud committed by one of its employees.[142] In this scheme, an Accival operations manager "fraudulently transferred funds from an Accival account to a private customer account using foreign exchange . . . transactions."[143] Accival lost approximately $6.9 million in the fraudulent transfers.[144] IA later told the Audit Committee that the fraud stemmed from "[k]ey control weaknesses related to segregation of duties and maker/checker controls."[145]

         A more salient purported red flag was the Mexican homebuilders fraud, which involved fraudulent collateral.[146] Banamex developed a product that resembled a revolving loan facility.[147] Banamex extended credit to homebuilders who, in turn, transferred properties to a trust.[148] Those properties served as collateral for the loan facility.[149] When the homebuilders sold the homes they built, "they were required to deposit the proceeds of the sale into the trust, and the proceeds would be redistributed primarily to Banamex as repayment for the loan."[150] Unfortunately, many of the homebuilders did not deposit the proceeds of their sales into the trust, and some "overstated the value of the collateral against which Banamex made its loans."[151] Citigroup lost between $75 million and $85 million as a result of the fraud, which management attributed to "design and execution deficiencies in the management of collateral."[152] Management also told the Citigroup board that it would conduct "a global, end-to-end assessment of Citi's management effectiveness with respect to secured lending and collateral management, as well as a review of Banamex's overall collateral framework, in order to identify potential gaps and the actions necessary to remediate control deficiencies."[153]

         According to the Plaintiffs, if the Defendants had heeded the warnings contained in the events just described, the OSA accounts receivable fraud could have been avoided. And, the Plaintiffs suggest, there were red flags about OSA itself. The Plaintiffs complain that Banamex decided to extend more credit to OSA under the receivables program even though "it had been apparent for several years that OSA was a troubled company."[154] For example, in 2005, Mexican regulators learned that OSA had obtained a $27 million loan by submitting phony Pemex paperwork.[155]And in 2009, Fitch, the ratings agency, highlighted OSA's "high leverage and poor cash flow."[156] Fitch eventually refused to provide any rating for OSA because OSA failed to give Fitch enough information, which the Plaintiffs describe as "a telltale sign of potential wrongdoing."[157]

         Despite the problems at OSA, Banamex extended so much credit to the "troubled company" that "by 2012, Banamex's loans to OSA constituted nearly half of OSA's revenue."[158] Banamex loosened its lending procedures to make this happen. For example, at some point it ceased "contacting Pemex to verify the receipts submitted by OSA as the bases for its credit."[159] Citigroup management later suggested that this was unusual among accounts receivable programs, in which invoices used as collateral are typically reconciled.[160] These risky practices were possible because "Citi's Board had not implemented basic controls and legal compliance mechanisms."[161] Moreover, while Banamex was being defrauded, IA failed to perform an audit to determine whether "the OSA/Pemex program 'was appropriately classified as a buyer centric or seller centric program.'"[162] As noted above, Citigroup lost over $400 million in the accounts receivable fraud, and Mexico's banking regulator fined Banamex $2.5 million for allowing the fraud to occur.[163] The Securities and Exchange Commission and the Mexican Attorney General later announced investigations into the fraud.[164]

         3. Foreign Exchange Rate Manipulation

         The next corporate trauma for which the Plaintiffs seek relief involves foreign exchange ("FX") rate manipulation on the part of Citigroup traders. From at least 2007 to at least 2013, Citigroup FX traders colluded with traders at other firms to manipulate FX benchmark rates, triggered customer stop loss orders, [165] and increased profits by sharing confidential client information with traders at other firms.[166]

         These Citigroup traders manipulated two widely used FX benchmark rates- the 4:00 pm WM Reuters fix and the 1:15 European Central Bank fix-by "exchang[ing] details relating to their net currency orders and related future fixes with FX traders at other banks to coordinate trading strategies."[167] The communications at issue occurred in "private electronic chat rooms."[168] Citigroup FX traders also shared clients' instructions about stop loss orders with "traders at other firms to manipulate the FX spot rate and ultimately to set off clients' stop loss orders."[169] Citigroup profited from this manipulation "because FX Traders could take advantage of the difference between the rate at which they purchased a particular currency and the rate at which they sold to a client pursuant to a stop loss order."[170] And Citigroup FX traders revealed the identities of certain clients to traders at other firms in furtherance of their "collusive trading activity."[171] Citigroup ultimately paid $2.2 billion in fines as a result of these activities, and Citicorp pleaded guilty to conspiracy to violate federal antitrust laws.[172]

         The Plaintiffs point to several purported red flags that they say should have alerted the Defendants to the compliance threat posed by FX benchmark manipulation and collusive trading. In 2009, the Audit and Risk Management Committee learned that "the current 'market turbulence increases operational risk significantly.'"[173] And in August 2011, "Citi became aware that a trader in its FX business outside London had inappropriately shared confidential client information in a chat room with a trader at another firm."[174] This trader was fired, and "reminders were given to Citi employees about the need to maintain client confidentiality."[175]Later, in April 2013, IA told the Audit Committee that "FX transaction execution maker/checker controls and post transaction reviews require improvement."[176] The Plaintiffs omit the portion of this IA report that describes the remedial actions to be taken, including "[c]lear definition of FX execution mandates in terms of transaction size, products, tenors, currencies, and approvals."[177]

         According to the Plaintiffs, another red flag appeared back in 2001, when Citigroup itself helped draft the industry standards governing good practices in FX trading.[178] Those standards stated, among other things, that "[m]anipulative practices by banks with each other or with clients constitute unacceptable trading behavior."[179] The Plaintiffs do not say, however, whether any of the Defendants played a role in formulating (or were even aware of) these standards. The same gap exists in the Plaintiffs' allegation that "Citigroup's oversight failures leading to the FX-related misconduct occurred in the midst of the LIBOR rate-fixing scandals that resulted in criminal investigations and monetary penalties against other firms."[180]

         Despite these supposed red flags, the FX manipulation scheme continued, eventually costing Citigroup billions of dollars in fines. On November 11, 2014, the Commodity Futures Trading Commission ("CFTC") sanctioned Citibank for violations of the Commodity Exchange Act and CFTC regulations.[181] According to the CFTC, when the fraud took place, Citibank knew of "related attempts by banks 'to manipulate the London Interbank Offered Rate ["LIBOR"] and other interest rate benchmarks'; yet, the FX manipulation proceeded without detection because of 'internal control and supervisory failures' at Citibank."[182] The CFTC imposed a $310 million fine and issued a consent order requiring the bank to improve its internal controls.[183] That same day, the OCC issued its own consent order, in which it "identified 'deficiencies and unsafe or unsound practices related to [Citibank's] wholesale foreign exchange business.'"[184] The OCC, for its part, fined Citibank $350 million.[185] On the same day that these two consent orders were entered, the United Kingdom's Financial Conduct Authority ("FCA") issued a "Final Notice" finding that Citibank had "'fail[ed] to take reasonable care to organize and control its affairs responsibly and effectively with adequate risk management systems' in connection with FX trading manipulation."[186] The FCA also found that Citibank knew of oversight issues at other firms related to LIBOR enforcement actions, and it levied a fine of approximately $358 million.[187]

         Several months later, on May 20, 2015, Citicorp entered the guilty plea mentioned above.[188] The plea agreement stated that Citicorp had participated in a "combination and conspiracy to fix, stabilize, maintain, increase or decrease the price of, and rig bids and offers for, the euro/U.S. dollar . . . currency pair exchanged in the foreign currency exchange spot market . . . in violation of the Sherman Antitrust Act."[189] Citicorp paid a $925 million criminal fine, and it was put on probation for three years.[190] And on the same day that Citicorp pleaded guilty to antitrust violations, Citigroup entered a consent order with the FRB, which fined Citigroup $342 million after determining that, "[a]s a result of deficient policies and procedures . . . Citigroup engaged in unsafe and unsound banking practices."[191] There has also been "significant private litigation against Citigroup" stemming from its antitrust violations, and Citigroup is now being investigated by the Korea Fair Trade Commission in connection with FX manipulation.[192]

         As noted above, the regulators that investigated Citigroup's FX trading practices found that "Citigroup and its subsidiaries did not have sufficient measures in place to exercise satisfactory control over the FX spot trading business."[193] To take just one example, the FRB noted that Citigroup

lacked adequate firm-wide governance, risk management, compliance and audit policies and procedures to ensure that the firm's Covered FX Activities conducted at Citigroup complied with safe and sound banking practices, applicable U.S. laws and regulations, including policies and procedures to prevent potential violations of the U.S. commodities, antitrust and criminal fraud laws, and applicable internal policies.[194]

         The Plaintiffs conclude from these findings that the Defendants failed to exercise appropriate oversight and maintain effective controls.[195]

         4. Unlawful Credit Card Practices

         The final corporate trauma for which the Plaintiffs seek relief relates to a variety of unlawful credit card practices engaged in by Citigroup subsidiaries from at least 2000 to at least 2013.[196] The subsidiaries in question were Citibank, Citicorp Credit Services, Inc. ("CCSI"), and Department Stores National Bank ("DSNB").[197]Broadly speaking, these subsidiaries deceived millions of consumers into purchasing or keeping credit card "add-on products (i) relating to services that they did not receive, (ii) for which they did not give their informed and affirmative enrollment consent, (iii) that they did not know they could refuse, and/or (iv) that were not in their best financial interest."[198] As a result of this unlawful conduct, on July 20, 2015, the Consumer Financial Protection Bureau ("CFPB") imposed a $35 million fine on Citibank and ordered it to pay $700 million in restitution to the victims of the deceptive practices.[199] The OCC levied a separate fine of $35 million.[200]

         The Complaint describes the unlawful credit card practices in some detail; I offer only a brief summary of their salient characteristics. One component of these practices was to misrepresent the terms of various optional additions to credit cards, which included "identity monitoring, debt protection, and identity theft reimbursement services."[201] Another aspect of the unlawful practices was to bill customers for add-ons that they never received.[202] And sometimes customer authorization was never secured for add-ons or "was obtained only after the[ Citigroup subsidiaries] began charging for the services."[203] The Citigroup subsidiaries at issue also "engaged in improper consumer retention practices, " for example by "misrepresent[ing] the benefits of various services or omit[ing] the terms or limitations thereof" when consumers sought to cancel the services.[204] Finally, DSNB, which let customers "apply for credit cards via 'pin pad' offer screens at retail stores like Macy's, " "deceptively made it appear that enrollment in . . . additional services was a condition to obtaining the credit card."[205]

         The Plaintiffs point to a variety of purported red flags related to these unlawful practices. In July 2011, IA informed the Audit Committee that the control environment for credit cards needed improvement.[206] At the same meeting, the Audit Committee learned that "action will be taken through training and systems changes and the corrective action plans would be discussed and agreed with the OCC."[207] The next month, the West Virginia Attorney General sued Citigroup for deceptive practices it employed in marketing credit card protection programs, alleging that those practices violated the state's Consumer Credit and Protection Act.[208] Citigroup settled the charges about two years later for $1.95 million.[209]Further red flags allegedly appeared in January 2012, when the Citibank and Citigroup Audit Committees received a memorandum describing the "'Retail Partners Cards Governance' controls . . . as medium-high risk."[210] Later, in October 2012, the Audit Committees learned that "the CFPB and FDIC were taking action against competitors Discovery and American Express, requiring hundreds of millions of dollars in restitution and penalties relating to the sales of add-on products."[211]

         Citigroup itself became the subject of investigation for unlawful credit card practices. The Citigroup and Citibank Audit Committees learned in April 2013 that the FCA had conducted an investigation and found that "add-on Payment Protection Insurance . . . products from U.K. insurance company Card Protection Plan Ltd. . . ., which were sold by a wholly owned subsidiary of Citigroup from 2000 to 2011, were 'fundamentally flawed' and 'missold.'"[212] But the Complaint also alleges that in the wake of the FCA's investigation, "Citigroup . . . joined a customer remediation program involving 13 other financial institutions."[213] A month earlier, in March 2013, IA had told the Citigroup and Citibank boards that Citigroup's consumer compliance rating was downgraded because of "'significant deficiencies in controls over third party vendors' relating to identify theft and other fee-based products."[214]And, in October 2013, IA reported to the Audit Committees that there were "fifty-four control issues relating to the card services provided for the Macy's accounts[, which were handled by DSNB, the entity responsible for distributing credit cards for private account labels]."[215] Three months later, IA was still telling the Audit Committee that there were several "ineffective controls in place to mitigate risks across Credit Granting, Customer Service, Fraud Management, Collections, and Technology."[216]

         As noted above, on July 20, 2015, the CFPB and the OCC issued consent orders against the offending Citigroup subsidiaries.[217] As with the FX benchmark manipulation outlined above, the regulators found that these Citigroup subsidiaries "failed to enact adequate controls to ensure that their add-on credit businesses conformed to applicable consumer protection laws and regulations."[218] The OCC and the CFPB stressed that the Citigroup board bore the ultimate responsibility for ensuring that its subsidiaries complied with consumer financial laws.[219]

         C. Procedural History

         Before the Plaintiffs initiated this litigation, they sought books and records from Citigroup under 8 Del. C. § 220.[220] After facing resistance from Citigroup, the Plaintiffs pursued two separate Section 220 actions and obtained the documents that form the basis of the allegations in their Complaint.[221]

         The Plaintiffs filed their initial Complaint on March 30, 2016, and they filed a supplemental Complaint on April 14, 2016. After the Defendants moved to dismiss, the Plaintiffs amended their Complaint and filed the operative pleading in this case on August 15, 2016. The Complaint contains three counts. Count I is brought against both the current and former Citigroup directors who are named as Defendants in this case, and it alleges that they breached their fiduciary duties by failing to exercise appropriate oversight over Citigroup.[222] Count II is asserted against the Citigroup officers named as Defendants in this action, and it similarly alleges that they breached their fiduciary duties by failing to adequately monitor and oversee Citigroup.[223] Count III is a waste claim that the Plaintiffs have since voluntarily withdrawn.[224]

         The Defendants moved to dismiss the Complaint on September 30, 2016. They argue primarily that the Complaint fails to adequately allege demand futility as to any of the four corporate traumas described above. I held oral argument on the Defendants' Motion on July 20, 2017, after which the parties submitted supplemental briefing on the red flags alleged in the Complaint and the Citigroup board's response to them.

         II. ANALYSIS

         As just noted, the Defendants seek dismissal of the Complaint under Court of Chancery Rule 23.1 for failure to make a demand.[225] The demand requirement is an extension of the fundamental principle that "directors, rather than shareholders, manage the business and affairs of the corporation."[226] Directors' control over a corporation embraces the disposition of its assets, including its choses in action. Thus, under Rule 23.1, a derivative plaintiff must "allege with particularity the efforts, if any, made by the plaintiff to obtain the action the plaintiff desires from the directors or comparable authority and the reasons for the plaintiff's failure to obtain the action or for not making the effort."[227] Where, as here, the plaintiff has failed to make a pre-suit demand on the board, the Court must dismiss the complaint "unless it alleges particularized facts showing that demand would have been futile."[228] The plaintiff's "pleadings must comply with stringent requirements of factual particularity that differ substantially from the permissive notice pleadings governed solely by Chancery Rule 8(a)."[229] Under the heightened pleading requirements of Rule 23.1, conclusory "allegations of fact or law not supported by allegations of specific fact may not be taken as true."[230]

         Nevertheless, "[o]n a motion to dismiss pursuant to Rule 23.1, the Court considers the same documents, similarly accepts well-pled allegations as true, and makes reasonable inferences in favor of the plaintiff-all as it does in considering a motion to dismiss under Rule 12(b)(6)."[231] And "where a complaint quotes or characterizes some parts of a document but omits other parts of the same document, the Court may apply the incorporation-by-reference doctrine to guard against the cherry-picking of words in the document out of context."[232] Under the incorporation-by-reference doctrine, "a complaint may, despite allegations to the contrary, be dismissed where the unambiguous language of documents upon which the claims are based contradict[s] the complaint's allegations."[233]

         The Plaintiffs in this case allege that the Defendants breached their fiduciary duties by consciously failing to exercise appropriate oversight over Citigroup.[234]That failure, the Plaintiffs suggest, caused the four corporate traumas detailed above. Because the Plaintiffs allege that the Defendants violated their oversight duties, I must analyze demand futility under the Rales v. Blasband[235] test.[236] Under Rales, a court faced with allegations of director inaction must "examine whether the board that would be addressing the demand can impartially consider its merits without being influenced by improper considerations."[237] More specifically, a court must decide whether the plaintiff has alleged particularized facts "creat[ing] a reasonable doubt that, as of the time the complaint is filed, the board of directors could have properly exercised its independent and disinterested business judgment in responding to a demand."[238] A plaintiff may create such reasonable doubt by alleging particularized facts that "reveal board inaction of a nature that would expose [at least half of the directors] to 'a substantial likelihood' of personal liability."[239]Thus, "[d]emand is not excused solely because the directors would be deciding to sue themselves, "[240] unless such a decision makes liability of at least half of the directors substantially likely.

         Below, I examine alleged bad faith on the part of the directors with respect to inaction in light of corporate non-compliance with positive law. Some of the purported red flags date back more than a decade.[241] In determining whether demand is futile, "it is important to remember that demand is made against the board of directors at the time of filing of the complaint, "[242] here, March 30, 2016.[243] Thus, "whether demand is excused is typically analyzed with respect to the directors seated as of the date that the complaint was filed."[244] And the Court usually conducts this analysis on a "director-by-director" basis.[245] Here, because the Complaint's allegations fail to support a reasonable inference of bad faith on the part of the Citigroup board with respect to any particular failure to act, I need not undertake an analysis, with respect to any such alleged breach, of whether at least half of the directors seated on March 30, 2016, face a substantial likelihood of liability for that purported oversight violation.

         A. Demand Is Not Excused as to the Caremark Claim

         The Plaintiffs argue that demand is excused because at least half of the Citigroup board as of the filing of the Complaint faces a substantial likelihood of liability under Caremark. "A Caremark claim contends that the directors set in motion or 'allowed a situation to develop and continue which exposed the corporation to enormous legal liability and that in doing so they violated a duty to be active monitors of corporate performance.'"[246] A Caremark claim typically rests on the assertion that the directors of a corporation failed "to properly monitor or oversee employee misconduct or violations of law."[247]

         Proof of such a claim is difficult. In Stone v. Ritter, our Supreme Court held that Caremark liability lies where "(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention."[248] Stone also made clear that "Caremark claims are breaches of the duty of loyalty, as opposed to care, preconditioned on a finding of bad faith."[249] Thus, "imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith."[250] Put differently, to state a Caremark claim, a plaintiff must allege facts "that allow a reasonable inference that the directors acted with scienter which, in turn, 'requires [not only] proof that a director acted inconsistently with his fiduciary duties, ' but also 'most importantly, that the director knew he was so acting.'"[251] As the Court in Stone stressed, "directors' good faith exercise of oversight responsibility may not invariably prevent employees from violating criminal laws, or from causing the corporation to incur significant financial liability, or both."[252]

         The Plaintiffs do not argue that the Defendants are liable for "an utter failure to attempt to assure a reasonable information and reporting system exist[ed]" at Citigroup.[253] Instead, they contend that the Defendants knew of red flags pointing to corporate misconduct and consciously chose to ignore them.[254] "[A] plaintiff asserting a Caremark oversight claim must plead with particularity 'a sufficient connection between the corporate trauma and the board.'"[255] One way to establish such a connection is to allege facts suggesting that "the board knew of evidence of corporate misconduct-the proverbial 'red flag'-yet acted in bad faith by consciously disregarding its duty to address that misconduct."[256] For example, a claim that directors "had notice of serious misconduct, " yet, so knowing, "failed to investigate[, ] . . . would survive a motion to dismiss, even if the . . . board was well constituted and was otherwise functioning."[257] Nevertheless, the corporate trauma in question "must be sufficiently similar to the misconduct implied by the 'red flags' such that the board's bad faith, 'conscious inaction' proximately caused that trauma."[258]

         1. Demand Is Not Excused as to the Anti-Money Laundering Law Compliance Issues

         The Plaintiffs argue that the Citigroup board was aware of several red flags pointing to BSA/AML compliance issues at Citigroup subsidiaries. The Plaintiffs focus on a regulatory order and a series of consent orders that Citigroup and Citibank entered into with various government agencies. First, in July 2010, the OCC issued Citibank a Part 30 order directing it to improve its AML compliance in various business segments.[259] Then, on April 5, 2012, the OCC issued a consent order against Citibank, citing its failure to make the improvements outlined in the Part 30 order.[260] The consent order criticized Citibank's AML controls, and it ordered Citibank to develop a "BSA/AML Action Plan."[261] Several months later, on August 2, 2012, BUSA entered into a consent order with the FDIC and the CDFI.[262] This consent order "required BUSA's Board of Directors to 'increase its oversight of the affairs of the Bank [and] assume full responsibility for . . . the oversight of all of the Bank's activities.'"[263] A third consent order was issued on March 21, 2013, and it stated that "Citigroup lacked effective systems of governance and internal controls to adequately oversee the activities of [Citibank and BUSA]."[264]

         The red flags did not stop with the regulatory order and the three consent orders, however. After the April 2012 consent order was issued, the Citigroup board received a steady drumbeat of warnings about continuing AML compliance issues. In July 2012, for instance, IA informed the Compliance Committee that there was "[i]nadequate AML control, governance, and oversight" at Banamex and BUSA.[265] The warnings continued after the entry of the August 2012 consent order. In September and October 2012, IA revealed that "BUSA's control environment remained 'unsatisfactory.'"[266] And, several months later, the AML control environment "retained a 'limited assurance' rating, while the 'overall effectiveness of controls over affiliate transactions' at BUSA received an 'insufficient assurance' rating."[267] The drumbeat continued after the third consent order was issued. As the Complaint points out, "[b]etween February 2013 and April 2015, IA issued 22 reports noting that BUSA was suffering from 'Insufficient Assurance' in its AML control environment."[268]

         The Plaintiffs contend that despite receiving both internal and external warnings about serious AML compliance issues, the Citigroup board (in the Plaintiffs' memorable phrase) "sat like stones growing moss."[269] Then, "after a full six years of inaction following the Part 30 Order, regulators were compelled to impose a $140 million fine on Citigroup."[270] There is compelling evidence that the board was aware that Citigroup had serious problems with AML compliance. If the Complaint adequately alleged that the Citigroup board consciously did nothing in response to the red flags just described, and thereby acted consonant with the geologic metaphor just quoted, in my view that would state a Caremark claim.[271]And, as I said above, the Complaint standing alone does give the impression of a board that sat on its hands in the face of clear warnings about potentially unlawful conduct. But the documents incorporated by reference in the Complaint make clear that the Plaintiffs' narrative is unsupported by the materials on which they relied in drafting their pleading. Those documents reveal that, far from doing nothing in response to red flags, the Citigroup board and its various committees oversaw significant efforts to comply with the consent orders and ensure that adequate AML controls were implemented.[272]

         It is true that the first consent order came almost two years after the Part 30 order, and that the consent order resulted from "[t]he failure to obey the Part 30 Order."[273] But, while the Complaint implies that no action was taken between the Part 30 order and the first consent order, the documents incorporated by reference tell a different story. For example, at an April 17, 2012 board meeting, directors learned that "28 of the 35 [Part 30] milestones were completed during 1Q 2012."[274] While Citibank ultimately fell short in complying with the Part 30 order, that failure, of itself, does not suggest bad faith. Indeed, the fact that the majority of the Part 30 milestones were met suggests that a substantial effort was made to abide by the order's terms. As this Court has noted, "[s]imply alleging that a board incorrectly exercised its business judgment and made a 'wrong' decision in response to red flags . . . is insufficient to plead bad faith."[275]

         Citigroup continued to make an effort to address the AML control environment following entry of the April 2012 consent order. For example, on April 17, 2012, the Citigroup board learned that "the Compliance Committees [had] received a presentation from the AML Monitoring Team, including efforts to improve the quality and integrity of the data feeding . . . Citibank's AML monitoring platforms."[276] The board was also told that "the Compliance Committees directed [IA] to provide a country-by-country AML assessment."[277] Again, these efforts apparently proved unavailing, for in August 2012, another consent order was issued. But I cannot infer bad faith from that. The question is whether "the board chose to do nothing about the control deficiencies that it knew existed."[278] That is simply not an accurate description of what the Citigroup board did. Moreover, there are no allegations from which I may infer that the reports of progress the board received were a sham, let alone that the directors so considered them. In any event, as the documents incorporated in the Complaint reveal, something was indeed done about the ongoing AML issues highlighted by the first consent order.

         The second consent order prompted more action from Citigroup. The Citigroup board met on December 12, 2012, and at that meeting, the directors were informed of "proactive efforts concerning AML issues, [and] that management's current areas of focus include the Consumer North America high risk account re-remediation; expired customer due diligence documentation; migration programs in Mexico; . . . and broader structural issues."[279] And the directors learned of "continued progress on OCC commitments and business priorities, including creating and implementing a global governance structure and framework and short-term tactical project execution."[280] These are not the minutes of a board that learned of red flags suggesting corporate misconduct and chose to do nothing about them.[281]Instead, they reflect that steps were taken to improve the systems and controls related to AML compliance. Those efforts were not ultimately successful, and another consent order was issued in March 2013. But, to repeat, it is not enough to say that the board's response was ineffective. "Plaintiffs here simply seek to second-guess the . . . manner of the board's response to the red flags, which fails to state a Caremark claim."[282]

         A little over two years passed between the entry of the third consent order and the $140 million fine from the FDIC and the CDBO. Those agencies imposed the fine because of continued violations of BSA/AML laws at BUSA.[283] The Plaintiffs argue that during this approximately two-year period, "the Board failed to act in the face of" the red flags outlined above.[284] Bad faith could be imputed to a board that simply "failed to act" for over two years after the entry of a third consent order related to AML compliance issues. But the Plaintiffs' pleading, which includes the documents it incorporates by reference, paints a different picture.

         The Citigroup board responded promptly to the third consent order. One month after its entry, the board learned that "management was preparing an action plan [in response to the FRB consent order] and will meet with the FRB's staff to better understand its expectations."[285] And in September 2013, directors from Citigroup, Citibank, and Citicorp learned that outside counsel had undertaken a review of BUSA's operations and that several employees had been fired in furtherance of compliance efforts.[286] At the same meeting, several directors posed "questions to management about BUSA, including personnel changes and prior regulatory reviews."[287] And at the end of 2013, the Citigroup board was told that the Citigroup and Citibank Compliance Committees were "focus[ed] on whether management is embracing AML controls."[288] About one year later, Citigroup had achieved progress in improving AML controls. Specifically, the board learned in January 2015 that, while the "aggregate risk rating for AML [wa]s High, " "the aggregate risk trend [wa]s decreasing due to de-risking of certain high-risk client types, businesses, and geographies, in combination with ongoing improvements to the control environment."[289]

         Again, these measures did not secure the compliance sought by the regulators, and Citigroup ended up paying a hefty fine as a result. And it may be the case that, as the Plaintiffs put it, "Citigroup's Board failed . . . to adopt effective internal controls addressing the gaps in its compliance systems."[290] But the question is not whether Citigroup's board adopted effective AML controls. As our Supreme Court has recognized, "directors' good faith exercise of oversight responsibility may not invariably prevent employees from violating criminal laws, or from causing the corporation to incur significant financial liability, or both."[291] That is one reason why a Caremark claim requires a showing of "intentional dereliction of duty, [or] a conscious disregard for one's responsibilities, " a standard that entails a greater degree of culpability than "simple inattention or failure to be informed of all facts material to the decision."[292] At issue is the duty of loyalty; a board's efforts can be ineffective, its actions obtuse, its results harmful to the corporate weal, without implicating bad faith. Bad faith may be inferred where the directors knew or should have known that illegal conduct was taking place, yet "took no steps in a good faith effort to prevent or remedy that situation."[293] Here, the facts the Plaintiffs have alleged imply that the Citigroup board could have done a better job addressing the issues highlighted by, among other sources, the consent orders. That is not enough to state a Caremark claim. Thus, the allegations relating to the AML compliance issues and the board's response to them do not raise a reasonable doubt that at least half of the Citigroup board as it existed when the Complaint was filed faces a substantial likelihood of personal liability for purported oversight failures. Demand is not excused as to these allegations.[294]

         2. Demand Is Not Excused as to the Accounts Receivable Fraud Allegations

         The Plaintiffs seek to hold the Defendants personally liable for losses Banamex suffered as a result of an accounts receivable fraud it fell victim to. According to the Plaintiffs, the Citigroup board knew for years of red flags related to problems in Banamex's "controls for detecting and preventing fraud."[295] Despite receiving clear warnings about these control deficiencies, the Citigroup board "failed to take good faith action to implement controls to detect and prevent fraud."[296] That failure caused Banamex to become the victim of a $400 million fraud by OSA, a Mexican oil services company. In the scheme, OSA took out loans from Banamex that were secured by fraudulent accounts receivable.[297] The fraud led to an investigation by Mexico's banking regulator, which ultimately fined Banamex $2.5 million for "ineffective controls."[298]

         Before turning to the purported red flags related to the accounts receivable fraud, I pause to note the unusual nature of the Caremark claim that the Plaintiffs attempt to assert here. The primary injury for which the Plaintiffs seek to hold the Defendants personally liable is Banamex's loss of $400 million in a fraud that it fell victim to. The illegal conduct that caused this loss was committed largely by third parties, not by anyone at Banamex. That is unlike the typical Caremark claim, in which "plaintiffs argue that the defendants are liable for damages that arise from a failure to properly monitor or oversee employee misconduct or violations of law."[299]In other words, Caremark claims involve a knowing failure to prevent or remedy illegality within the corporation.[300] The Plaintiffs' theory appears to be that the Defendants' oversight failures caused Banamex to engage in a business venture that generated large losses because of fraud by the party on the other side. Put differently, Banamex made a risky business decision that turned out poorly for the company. That suggests a failure to monitor or properly limit business risk, a theory of director liability that this Court has never definitively accepted.[301] Indeed, evaluation of risk is a core function of the exercise of business judgment.[302]

         On the other hand, the Plaintiffs do point to the $2.5 million fine handed down by Mexico's banking regulator "based on ineffective controls at Banamex."[303]Specifically, this regulator found that "the [OSA] fraud resulted from weaknesses in Banamex's internal controls, errors in its loan origination and administration procedures, and deficiencies relating to risk administration and internal audits."[304]If the Plaintiffs are seeking to recover the $2.5 million Banamex was fined as a result of these violations, they are pursuing a more traditional Caremark claim, one that involves a failure to prevent illegal conduct within the corporation. But the Complaint contains scant allegations about the Mexican laws or regulations that Banamex violated while it was being defrauded. Indeed, the Plaintiffs do not cite any Mexican law or regulation Banamex failed to comply with while it was falling victim to OSA's scheme. Instead, they simply allege that the fine was imposed because Banamex had ineffective controls.[305] Moreover, the Complaint does not suggest that the Citigroup board ever had any inkling that Banamex could run afoul of Mexican laws or regulations governing the steps companies operating in Mexico must take in order to ensure that they do not become victims of fraud.[306]

         These problems aside, the allegations relating to the accounts receivable fraud fail to state a Caremark claim for an independent reason: the lack of red flags to put the Defendants on notice of what eventually happened. Moreover, any incidents that arguably served as red flags were met with responses that clearly fulfilled the Citigroup directors' obligation to act in good faith. The Plaintiffs primarily point to two types of alleged red flags related to the OSA fraud: fraud-related incidents that took place before the OSA fraud, and problems with Banamex's technology systems, segregation of duties, and maker/checker controls.[307]

         The first set of purported red flags involves a series of fraud-related incidents that occurred primarily at Banamex over a period of several years. One incident involved "a Citigroup Treasury Finance employee fraudulently transferr[ing] $25 million to his own personal bank account."[308] In a separate incident, "five Banamex employees . . . accepted at least 16 million Mexico pesos . . . in kickbacks as part of [a] scheme" with several Banamex vendors.[309] Another fraud affecting Banamex involved a bond trader who hid trading losses by delaying loss recognition and manipulating trades, and in a separate scheme, dozens of Banamex employees sold confidential credit card customer information.[310] It later emerged that a Banamex security unit was "recording phone calls without authorization; fraudulently misreporting gas expenses in order to increase the reimbursements [members of the unit] received from Banamex; developing shell companies to launder proceeds; and receiving kickbacks from vendors who overcharged Banamex."[311] The Plaintiffs also point to fraud committed by an operations manager at Accival, Banamex's brokerage unit; this employee "fraudulently transferred funds from an Accival account to a private customer account using foreign exchange . . . transactions."[312]Finally, the Complaint discusses the Mexican homebuilders fraud, in which Banamex developed a revolving credit facility for homebuilders.[313] The homebuilders put up their properties as collateral, and when they sold the homes they built, they were supposed to pay off the loans with the sale proceeds.[314] Many of them failed to do so, however, and some "overstated the value of the collateral against which Banamex made its loans."[315]

         Even assuming that these fraud-related incidents were brought to the attention of the Defendants before the OSA fraud, they could not have served as red flags. As discussed above, a corporate trauma "must be sufficiently similar to the misconduct implied by the 'red flags' such that the board's bad faith, 'conscious inaction' proximately caused that trauma."[316] The corporate trauma here involved a particular kind of fraud: phony accounts receivable submitted by a large borrower. None of the incidents just recounted bear a material resemblance to the accounts receivable fraud. For example, there is no meaningful connection between the embezzlement committed by the Citigroup Treasury Finance employee and the OSA fraud. The same goes for the kickbacks received by Banamex employees, the concealment of losses by the Banamex bond trader, and the nefarious activities of the Banamex security unit. These incidents were simply too far removed from the OSA fraud to have served as red flags for that corporate trauma.[317]

         The homebuilders fraud is similarly remote from the corporate trauma at issue. Part of the fraud involved homebuilders overstating the value of the properties they used as collateral for the loans they received from Banamex. Like the homebuilders fraud, the OSA fraud involved misrepresentations about collateral. But the collateral at issue was different in the two frauds: accounts receivable in the OSA scheme, properties in the homebuilders scheme. The Plaintiffs have not explained how the processes for verifying one type of collateral resemble the methods used to detect fraud in the other type of collateral. Thus, I doubt that the homebuilders fraud could have served as a red flag for the accounts receivable fraud.[318] And even if the homebuilders fraud could have provided the requisite notice, the Citigroup board took action in response to the issues it highlighted. Soon after the fraud came to light, the Citigroup board learned that management would perform "a global, end-to-end assessment of Citi's management effectiveness with respect to secured lending and collateral management, as well as a review of Banamex's overall collateral framework."[319] That is sufficient to show that, following the homebuilders fraud, the board did not decide "to do nothing about the control deficiencies that it knew existed."[320]

         The second set of purported red flags involves defects in Banamex's technology systems, the failure to properly segregate duties, and inadequate maker/checker controls. As the Plaintiffs admit, however, Citigroup management attempted to address the latter two issues via "'Project Andes, ' which was purportedly to focus on the effective segregation of duties and to eliminate weaknesses in dual controls and the maker/checker process."[321] The Plaintiffs criticize Project Andes for "focus[ing] solely on corporate clients and Citibank cash accounts" and not addressing Citibank branches.[322] But, as I stated above, a plaintiff cannot plead bad faith "[s]imply [by] alleging that a board incorrectly exercised its business judgment and made a 'wrong' decision in response to red flags."[323] As for the allegations about problems with Banamex's technology systems, the Plaintiffs fail to explain how those issues allowed the OSA fraud to occur. Indeed, Mexico's banking regulator attributed the fraud to "weaknesses in Banamex's internal controls, errors in its loan origination and administration procedures, and deficiencies relating to risk administration and internal audits."[324] It did not identify any technological issues as contributing to the accounts receivable fraud. Thus, these issues could not have served as red flags for the Defendants. Because the Plaintiffs have failed to adequately allege that the Citigroup board faces a substantial likelihood of liability as to the OSA fraud allegations, demand is not excused as to those allegations.

         3. Demand Is Not Excused as to the Foreign Exchange Rate Manipulation Allegations

         The Plaintiffs also seek to hold the Defendants personally liable for alleged oversight failures related to FX rate manipulation by Citigroup traders over a period of about six years. From at least 2007 to at least 2013, Citigroup FX traders, working with traders at other firms, manipulated FX benchmark rates, set off customer stop loss orders, and shared confidential client information.[325] As a result, Citigroup paid $2.2 billion in fines, and Citicorp pleaded guilty to conspiracy to violate federal antitrust laws.[326] These allegations fail to state a Caremark claim.

         First, the purported red flags the Plaintiffs point to either were not red flags at all or were met with good-faith responses from Citigroup. The Plaintiffs point out that in 2009, the Audit and Risk Management Committee was told that "the current 'market turbulence increases operational risk significantly.'"[327] The Complaint fails to mention that this line appears in a report that does not specifically discuss FX-related misconduct.[328] Instead, the report discusses, among other things, the Madoff fraud, "mark manipulation, issuer/borrower fraud, [and] embezzlement."[329] Two years later, it emerged that "a trader in [Citi's] FX business outside London had inappropriately shared confidential client information in a chat room with a trader at another firm."[330] This incident bears some resemblance to the corporate trauma at issue, which involved the sharing of confidential client information. But Citigroup took action in response to this misconduct: the trader was terminated, and employees received reminders "about the need to maintain client confidentiality."[331] Two years after this incident, the Audit Committee learned that "FX transaction execution maker/checker controls and post transaction reviews require improvement."[332] Even if this were a red flag of FX-related issues at Citigroup, the company set out to address the issues it highlighted by providing "[c]lear definition of FX execution mandates in terms of transaction size, products, tenors, currencies, and approvals."[333]These efforts did not prevent the corporate trauma in question from taking place. And one might legitimately criticize the adequacy of the board's response to FX-related issues. But I cannot infer that "the defendants consciously allowed [Citigroup] to violate the law so as to sustain a finding they acted in bad faith."[334]

         The second problem with the Plaintiffs' purported red flags is that some of them were not waved in front of the Defendants. For example, the Plaintiffs allege that in 2001, Citigroup helped draft the industry standards for good practices among FX traders.[335] Those standards decried "[m]anipulative practices by banks with each other or with clients."[336] Even given the dubious proposition that the drafters of such standards were aware that Citigroup's controls in these areas were deficient, the Plaintiffs do not allege that any of the Defendants played a role in developing (or even knew about) these standards, which were drafted years before the misconduct at issue began. Similarly, the Plaintiffs argue that "the Board allowed the FX-related misconduct to occur in the midst of the LIBOR rate-fixing scandals, " and they stress that Citigroup was itself investigated for LIBOR rate-fixing when the misconduct at issue was taking place.[337] But, even assuming that LIBOR-related infractions in the industry implicated inadequate FX controls at Citigroup, the Complaint does not say whether these issues were brought to the Defendants' attention. That prevents them from serving as red flags.[338] Thus, because the allegations relating to FX benchmark rate manipulation fail to create a reasonable doubt that the Citigroup board faces a substantial likelihood of liability, demand is not excused as to those allegations.[339]

         4. Demand Is Not Excused as to the Unlawful Credit Card Practices Allegations

         The final corporate trauma for which the Plaintiffs seek recovery from the Defendants involves deceptive credit card practices engaged in by several Citigroup subsidiaries for over a decade. These subsidiaries misled consumers into buying "add-on products (i) relating to services that they did not receive, (ii) for which they did not give their informed and affirmative enrollment consent, (iii) that they did not know they could refuse, and/or (iv) that were not in their best financial interest."[340]On July 20, 2015, the CFPB and the OCC fined Citibank $35 million, and the CFPB ordered it to pay $700 million in restitution to consumers who fell victim to the unlawful practices.[341] The Plaintiffs' allegations about this corporate trauma fail to state a Caremark claim for several reasons.

         At the outset, one of the Plaintiffs' purported red flags involves conduct that did not even take place at Citigroup or any of its subsidiaries. According to the Complaint, the Citigroup and Citibank Audit Committees were told in 2012 that "the CFPB and FDIC were taking action against competitors Discovery and American Express, requiring hundreds of millions of dollars in restitution and penalties relating to the sales of add-on products."[342] But directors' failure to act in the face of warnings about misconduct at other businesses does not imply bad faith with respect to the entity to which the directors owe fiduciary duties.[343]

         Another red flag allegedly appeared when the Audit Committee was told in July 2011 that control systems related to credit cards needed improvement.[344] But it also learned at the same meeting that "action will be taken through training and systems changes and the corrective action plans would be discussed and agreed with the OCC."[345] Thus, Citigroup dealt with this red flag in a manner that cannot be said to reflect bad faith. The Plaintiffs also point to the West Virginia Attorney General's lawsuit against Citigroup for deceptive practices in the marketing of credit card protection programs, a case that Citigroup settled for $1.95 million in September 2013, two years after the litigation began.[346] However, the Complaint fails to allege that the West Virginia lawsuit was ever brought to the attention of at least half of the directors serving on the Citigroup board when the Complaint was filed.[347] Even if I infer knowledge on the part of the entire board, moreover, board action regarding credit card sales controls was taken contemporaneously, as detailed below.

         The other red flags alleged in the Complaint were not simply brushed aside; they were met with action by Citigroup. For example, in April 2013, the Citigroup and Citibank Audit Committees were told that the FCA had done an investigation and determined that "add-on Payment Protection Insurance . . . products from U.K. insurance company Card Protection Plan Ltd. . . ., which were sold by a wholly owned subsidiary of Citigroup from 2000 to 2011, were 'fundamentally flawed' and 'missold.'"[348] Yet the Complaint itself says that following the investigation, "Citigroup . . . joined a customer remediation program involving 13 other financial institutions."[349] Later, in October 2013, the Audit Committees were informed of "fifty-four control issues relating to the card services provided for the Macy's accounts[, which were handled by DSNB, the Citigroup subsidiary tasked with distributing credit cards for private account labels]."[350] At the same meeting, however, the Audit Committees also learned that "corrective actions [would] include awareness training and improved controls and procedures, " and those "Committees emphasized the seriousness of the findings and commended IA for the vigor of the review and the level of detail."[351] These are not the actions of a board that has decided to do nothing about potential corporate misconduct.[352] Thus, demand is not excused as to the allegations about deceptive credit card practices.

         B. The Cases on Which the Plaintiffs Rely Support Dismissal

         The Plaintiffs point to several Caremark cases that purportedly support demand futility here. In fact, none of those cases suggests that demand should be excused as to any of the corporate traumas described in the Plaintiffs' Complaint. One of the cases the Plaintiffs rely on is Massey, in which then-Vice Chancellor Strine found that the plaintiffs had likely stated a Caremark claim "center[ed] on the allegation that directors and officers of Massey breached their fiduciary duties by failing to make a good faith effort to ensure that Massey complied with applicable laws designed to protect the safety of miners."[353] The facts in Massey were extreme. The Massey board was "dominated by [Don] Blankenship, " Massey's CEO.[354]Blankenship believed that "governmental safety regulators were overly nit-picking when it came to inspecting non-union mines like Massey's, " and he "took a combative approach with the key federal agency charged with enforcing United States mining operations' compliance with federal safety regulations."[355] Indeed, the plaintiffs alleged that "Blankenship knowingly ¶outed applicable miner safety laws, believing he knew better about how to run mines safely than the [Mine Safety and Health Administration], and more blatantly, made the conscious choice to put miners at risk in order to cut cost-corners and up mining profits."[356] "Even after Massey had already pled guilty to criminal charges for willful violations of mining safety laws and falsification of evidence, settled a claim with the Environmental Protection Agency for a record sum, and suffered a punitive damages award for firing a whistleblower, " Blankenship continued to publicly voice his view that government regulators could not possibly know more about mine safety than he did.[357]

         Even though they were aware of "the management culture at Massey[, which] allegedly put profits ahead of safety, " the independent directors failed to "make a good faith effort to ensure that Massey complied with its legal obligations."[358] Instead, "the Board allowed itself to continue to be dominated by Blankenship."[359] The Court found that while the independent directors took some steps toward compliance, a plausible inference was that they were simply "go[ing] through the motions."[360] As the Court put it:

Notably, the plaintiffs point to evidence that in the wake of pleading guilty to criminal charges and suffering liability for numerous violations of federal and state safety regulations, Massey mines continued to experience a troubling pattern of major safety violations. But, instead of using their supervisory authority over management to make sure that Massey genuinely changed its culture and made mine safety a genuine priority, the independent directors are alleged to have done nothing of actual substance to change the direction of the company's real policy.[361]

         The facts in Massey are a far cry from the allegations in the Plaintiffs' Complaint. Massey was run by a CEO who publicly expressed his contempt for the law, at least as it applied to his company. That contempt found expression in "an attitude of law-flouting" that continued to pervade the company even after it had repeatedly been punished for breaking the law.[362] The Court faulted Massey for "embrac[ing] the idea that its regulators are wrongheaded and . . . view[ing] itself as simply a victim of a governmental conspiracy."[363] It was this defiant and adversarial relationship to the law-and the independent directors' failure to do anything of substance about it-that gave rise to an inference of bad faith on the defendants' part. Here, by contrast, there are no allegations suggesting that any of Citigroup's officers or directors viewed themselves (or Citigroup) as above the law. Instead, the picture that emerges is of a massive, poorly integrated company that made efforts to comply with the wide range of laws and regulations governing large financial institutions. Those efforts failed in many instances, but that is not enough to support a plausible inference of bad faith. Bad results alone do not imply bad faith.[364]

         The Plaintiffs also rely on Pyott, in which Allergan's board allegedly approved a business plan premised on violations of the law prohibiting drug manufacturers from marketing off-label uses of their products.[365] While physicians may prescribe drugs for off-label uses, drug manufacturers are forbidden to market drugs for off-label uses.[366] Nevertheless, "the Board discussed and approved a series of annual strategic plans that contemplated expanding Botox sales dramatically within geographic areas that encompassed the United States."[367] Under these plans, Allergan would attempt to push Botox into markets "that involved applications that were off-label uses in the United States."[368] The expansion envisioned by these plans was so large that "it necessarily contemplated marketing and promoting off-label uses within the United States."[369] Crucially, the board continued to approve this expansion even after Allergan's general counsel warned the board that the company might be violating the prohibition on off-label marketing.[370] Vice Chancellor Laster found the plaintiffs' allegations sufficient to "support a reasonable inference that the Board knew Allergan personnel were engaging in or turning a blind-eye towards illegal off-label marketing and promotion and that the Board nevertheless decided to continue Allergan's existing business practices in pursuit of greater sales."[371]

         The facts in Pyott are unlike what has been alleged here. "[T]he board's alleged bad faith in Pyott was not based on its conscious disregard for its duty to prevent the company from engaging in illegal conduct. Instead, it was based on the board's alleged decision to cause the company to engage in illegal conduct."[372] That kind of conduct constitutes a breach of fiduciary duty because "'Delaware law does not charter law breakers, ' and 'a fiduciary of a Delaware corporation cannot be loyal to a Delaware corporation by knowingly causing it to seek profit by violating the law.'"[373] The Complaint in this case contains no allegations supporting an inference that any of the Defendants decided to cause Citigroup to break the law in pursuit of profits. To the contrary, the crux of this action is that the "incidents of corporate malfeasance" described in the Complaint "occurred because Defendants-who were aware of significant internal control weaknesses throughout the enterprise- consciously and knowingly failed to take action."[374] Thus, Pyott is of no help to the Plaintiffs here.[375]

         Finally, the Plaintiffs argue that the Seventh Circuit's decision in Westmoreland[376] is "instructive."[377] There, the plaintiff alleged that Baxter International's "directors and officers breached their fiduciary duties by 'consciously disregard[ing] their responsibility to bring Baxter into compliance with [a 2006] Consent Decree and related health and safety laws.'"[378] From 2006 to 2008, "Baxter devoted significant attention and resources to the task of" complying with the consent decree, under which Baxter was required to, among other things, "stop manufacturing and distributing all models of the [Colleague Infusion] Pump within the United States."[379] Yet, according to the plaintiff, the directors "made a conscious decision to halt these efforts in late 2008, despite clear and specific guidance from the [Food and Drug Administration ("FDA")] that additional action from Baxter was needed to bring the company into compliance with FDA regulations and the terms of the Consent Decree."[380] The plaintiff's allegations supported a reasonable inference that "the directors diverted critical resources to speed the development of the new Sigma pump, cynically gambling that this next-generation device could establish a market foothold, and that Colleague Infusion Pumps already in use would become obsolete before the FDA spotted Baxter's abandonment of its earlier efforts."[381] In light of these allegations and the reasonable inferences they supported, the Seventh Circuit, applying Delaware law, concluded that the plaintiff had successfully alleged demand futility.[382]

         Westmoreland resembles Pyott in that the allegations in both cases supported a reasonable inference that the defendants knowingly decided to flout the law. In Westmoreland, the Seventh Circuit inferred bad faith "during th[e] later period" when the directors allegedly chose to stop trying to comply with the FDA's consent decree.[383] Here, however, the Complaint does not raise a reasonable inference that any of the Defendants decided to simply give up on efforts to comply with the law. The Plaintiffs try to create such an inference by challenging the effectiveness of the Citigroup board's response to various purported red flags. But that is not enough to state a Caremark claim, because an ineffective response does not, without more, indicate bad faith.[384] As our Supreme Court has stated, "there is a vast difference between an inadequate or flawed effort to carry out fiduciary duties and a conscious disregard for those duties."[385]

         C. The Plaintiffs' Holistic Approach to Demand Futility

         The Plaintiffs urge me to evaluate their demand futility allegations "holistically, not in isolation."[386] They suggest that the Defendants have "resort[ed] to a 'divide and conquer' approach by isolating and selectively attacking Plaintiffs' allegations piecemeal, as if each well-pleaded allegation exists alone in a vacuum."[387] In support of this holistic approach to demand futility, the Plaintiffs cite Delaware County Employees Retirement Fund v. Sanchez.[388] In Sanchez, our Supreme Court employed an aggregate examination of all factors bearing on a director's independence with respect to a particular transaction;[389] Sanchez is not pertinent to my analysis of the Plaintiffs' Caremark claim here. In this matter, I must examine whether demand on the board is excused because, with respect to the board action that would otherwise have been demanded, a majority of the directors would have been unable to act in the face of a credible threat of liability. Such an analysis requires a separate examination of whether liability may attach with respect to each discrete corporate trauma alleged.[390] Thus, I have evaluated the red flags offered by the Plaintiffs and determined (a) whether they in fact constitute red flags and (b) if they do, whether the board's response (or lack of response) to them supports a reasonable inference of bad faith. That is how this Court has traditionally analyzed Caremark claims in the context of evaluating whether demand is excused.[391]

         The Plaintiffs are correct, however, that a series of actions or inactions of the board may have utility in determining whether board performance with respect to a discrete trauma involved scienter.[392] In that regard, I have considered the actions and inactions of the directors in all the instances pled by the Plaintiffs. What emerges is a picture of directors of a very large, inorganically grown set of financial institutions, beset by control problems as it struggled to integrate. Those directors may be faulted for lack of energy, or for accepting incremental efforts of management advanced at a testudinal cadence, when decisive action was called for instead. I may infer from the facts pled that the board's actions in response to the notices of compliance problems brought to its attention involved directorial negligence. If so, that is a problem that exercise of the stockholder franchise may remedy. If, however, directors of a large and diverse entity such as Citigroup could be liable for negligence, or even gross negligence, it would be difficult to encourage capable individuals to serve, and more difficult to encourage them to bring business judgment to bear on decisions involving risk (such as, for instance, whether to acquire Banamex). Such, at least, was the understanding of our General Assembly, when it extended the right to Delaware corporations to exculpate liability for breaches of the duty of care.[393] Nothing in the facts pled, considered individually or together, implies scienter on the part of the director Defendants. The bad results the Plaintiffs point to, in my view, do not imply bad faith. No substantial likelihood of liability for any of the director Defendants exists under the facts in the Complaint and as gleaned from the documents cited therein, and, therefore, demand is not excused.

         III. CONCLUSION

         For the foregoing reasons, the Defendants' Motion to Dismiss is GRANTED. An appropriate order is attached.

         ORDER

         AND NOW, this 18th day of December, 2017, The Court having considered the Defendants' Motion to Dismiss, and for the reasons set forth in the Memorandum Opinion dated December 18, 2017, IT IS HEREBY ORDERED that the Motion to Dismiss is GRANTED.

         SO ORDERED.

---------

Notes:

[1] 698 A.2d 959 (Del. Ch. 1996).

[2] Cf. City of Birmingham Ret. & Relief Sys. v. Good, 2017 WL 6397490, at *1 (Del. Dec. 15, 2017) ("We agree with the Court of Chancery that the plaintiffs did not sufficiently allege that the directors faced a substantial likelihood of personal liability for a Caremark violation. Instead, the directors at most faced the risk of an exculpated breach of the duty of care.").

[3] Id. at *5.

[4] In re Caremark Int'l Inc. Derivative Litig., 698 A.2d at 967.

[5]The facts, drawn from the Plaintiffs' Complaint and from documents incorporated by reference therein, are presumed true for purposes of evaluating the Defendants' Motion to Dismiss.

[6]Compl. ¶¶ 12-14.

[7]Id. ¶ 15.

[8]Id.

[9]Id.

[10]Id.

[11]Id.

[12] Id. ¶ 16.

[13]Id.

[14]Id. ¶¶ 17-29.

[15]Id. ¶¶ 18-22, 24-26, 28-29.

[16]Id. ¶ 31.

[17]Id. ¶ 32.

[18]Id. ¶ 33.

[19]Id. ¶ 34.

[20]Id. ¶ 35.

[21]Id. ¶ 17.

[22]Id.

[23]Id. ¶ 38.

[24]Id.

[25]Id. ¶ 39.

[26]Id. ¶ 40.

[27] Id. ¶¶ 41, 50.


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.