Executive Summary
Delaware's Court of Chancery has drawn a hard limit on Caremark board oversight liability: directors are not responsible for misconduct at external entities, even when the company carries material financial exposure to those entities. The protection is real, but conditional. It runs precisely as far as the internal governance architecture the board has already built. For Fortune 500 boards whose AI operations flow through third-party vendors and agents, that architecture does not yet exist at most companies.
The Signal at a Glance
PRIORITY 9 | SILO: Judicial
Delaware Court of Chancery, Marchner v. B. Riley Financial, Inc. (Del. Ch. 2026): Caremark oversight liability is bounded at the corporate perimeter. Third-party misconduct does not generate director liability absent documented failures in the company's own internal compliance system.
The Deep Dive
The Signal
The Delaware Court of Chancery's decision in Marchner v. B. Riley Financial, Inc. (Del. Ch. 2026) draws an unambiguous boundary around board fiduciary liability under the Caremark doctrine. Directors' oversight duties run to the company's internal compliance architecture. They do not extend to the conduct of external counterparties, vendors, or partner entities, even when the company carries material financial exposure to those entities.
The case arose when B. Riley Financial's significant investment in a franchise conglomerate collapsed after the target's principal was implicated in securities fraud at a separate asset management firm he controlled. Shareholders brought a derivative Caremark claim arguing the board should have detected the external fraud. The court dismissed the claim. Directors had no duty to monitor the internal compliance of a separate company. The plaintiff, in the court's framing, complained that the board did not uncover fraud at an outside firm before federal investigators did.
The ruling defines the map for every Fortune 500 board managing AI operations, data processing, or outsourced decision systems through external vendors: the board's monitored domain is what it owns internally. Everything outside that boundary is counterparty risk, not fiduciary duty under Caremark.
The Evidence
The court applied the Delaware Supreme Court's Zuckerberg demand futility test. On the first Caremark prong, the board had an active audit committee and had engaged outside advisers. That the oversight mechanisms had gaps did not mean the board "utterly failed" to implement a reporting system. On the second prong, the warning signs the shareholder cited, including declining projections and loan collateral concerns, reflected ordinary business risk, not red flags of illegality. The court was explicit: Caremark liability requires that directors actually know of and disregard evidence of legal non-compliance. Constructive knowledge and business misjudgment do not meet that standard.
The decision was analyzed by Sidley Austin on the Columbia Law School Blue Sky Blog (April 21, 2026). The McKinsey Technology AI Trust Survey (2026) found that fewer than 25 percent of companies have a board-approved, documented AI governance policy. The BCG Split Decisions CEO and Board Survey (2026, n=625 senior leaders) found that 40 percent of CEOs believe their boards lack an informed view of how AI reshapes operational risk. The court's ruling positions both of those gaps directly inside the scope of Caremark liability, not outside it.
The Strategic Implication
Defensive Risk. Audit committee chairs and lead independent directors at companies where AI operations run through third-party vendors, data processors, or agentic systems face a clarified but sharper internal test. The specific mechanism that breaks is the assumption that vendor contracts, service-level agreements, or third-party audits substitute for a board-approved internal AI governance framework. They do not. A derivative claim does not follow the vendor's conduct; it follows the absence of a functioning internal monitoring system. Boards without a documented AI oversight policy, defined committee reporting protocols, and explicit red-flag escalation procedures carry this exposure into the next 10-K certification cycle. This is the Declarative Board Failure Pattern in its clearest form: the boards most at risk are not those that ignored AI governance, but those that declared they had a governance posture without building the internal system a Delaware court would recognize as functional.
Offensive Advantage. The Marchner ruling creates a durable legal defense for boards that build their internal AI governance architecture before a claim arrives. A board-approved AI oversight policy, an active risk or audit committee tracking AI-related red flags, and documented escalation procedures establish the internal system that sits on the right side of the Caremark boundary. The Governance Boundary Principle applies directly: a board that builds this architecture only after a derivative complaint is filed never owned the governance standard; it borrowed it under compulsion. The window to build from conviction rather than litigation runs through this proxy season. Boards that act now define the terms before the court does.
Touch Stone Publishers | Board-Level Intelligence on Fiduciary Duty and Governance