Where Caremark Meets Park: A New Era of Regulatory Compliance and Criminal Liability

The Caremark doctrine¹ in Delaware (where most U.S. companies are incorporated) imposes a duty of oversight on all public company boards. Boards must “rigorously exercise” that duty with respect to “mission-critical risks,” which are prevalent in companies that manufacture or market products regulated by FDA. Separately, under the Park doctrine,² also known as the “responsible corporate officer” doctrine, a line of federal cases holds that individuals who bear a “responsible relation” to a violation of the Federal Food, Drug, and Cosmetic (FD&C) Act can be found criminally liable even without proof of traditional mens rea (guilty mind). Though some of the key cases underlying both doctrines involve food companies because of the breadth of the underlying statute, the principles these cases establish are arguably equally applicable to manufacturers of drugs and medical devices.

Coleen Klasmeier is a former partner and the leader of Sidley Austin LLP’s food, drug, and medical device regulatory practice as well as a member of the firm’s executive committee.

Both doctrines fundamentally address the same thing: the obligation of individuals responsible for a corporation to attend to—and properly address—regulatory compliance. Taken together, these two doctrines create a powerful incentive for the individuals responsible for overseeing and managing life sciences companies to establish compliance systems, monitor the performance of those systems, and remediate potential violations.

This article explores the responsibility of both directors and responsible corporate managers (whether or not technically corporate “officers”) to establish compliance systems and monitor corporate activities as well as the potential for board members to be exposed to “responsible corporate officer” liability if they cross the line to an operational role.

The Caremark doctrine and emerging Delaware law on “failure of oversight”

The Delaware Chancery Court first established the principle that directors can be held liable either for failure to 1) implement a system for oversight of controls or 2) monitor those controls in its 1996 In re Caremark decision.¹ The Delaware Supreme Court adopted the Caremark standard ten years later.³

For many years, it was relatively rare for a Caremark claim to survive a motion to dismiss. In the past several years, however, the Delaware courts have allowed six such cases to proceed. One of those cases involved a pharmaceutical manufacturer and another involved a pharmacy.⁴

In re Clovis Oncology, Inc. Derivative Litigation⁵ concerned allegations that the board of a biotechnology company had ignored “red flags” in the form of repeated reports to the board that the company “was not adhering to . . . clinical trial protocols, thereby placing FDA approval of the drug in jeopardy.”⁵ Citing Marchand v. Barnhill,⁶ a prior case involving allegations that the board of Blue Bell Creameries had failed properly to oversee compliance with FDA food safety rules, the court emphasized that when a company operates in an environment in which externally-imposed regulations govern its “mission critical” operations, “the board’s oversight function must be more rigorously exercised.”⁵ In allowing the plaintiffs’ case to proceed, the court found that the plaintiffs had satisfactorily pled that “the [b]oard consciously ignored red flags that revealed a mission critical failure” to comply with the clinical trial protocol and associated FDA regulations and was, therefore, inaccurately reporting the drug trial results.⁵ The derivative suit was ultimately settled for $2.3M in attorneys’ fees and a commitment to various governance reforms.⁷

Paul E. Kalb, MD, is a former global practice leader, healthcare, and FDA Group, for Sidley Austin LLP.

Teamsters Local 443 Health Servs. v. Chou⁸ involved allegations that corporate directors had failed to implement and monitor compliance policies and systems in connection with a specialty pharmacy’s failure properly to package and ship prefilled syringes of oncology products.⁸ The court concluded that, for a manufacturer, distributor, and packager of drugs, “[l]aws and regulations governing the health and safety of drugs are . . . the ‘most central ... safety and legal compliance issue facing the company.’”⁸ Accordingly, the court concluded that “when regulations governing drug health and safety are at issue, [a company’s] [b]oard must actively exercise its oversight duties in order to properly discharge its duties in good faith.”⁸ The court found that the claim survived under a Caremark theory because plaintiffs had adequately pled that the directors had ignored multiple “red flags” in the form of a law firm report, allegations in a qui tam complaint, and a DOJ subpoena alleging compliance and safety issues.⁸

Special standard of criminal liability for individuals under the FD&C Act

Most violations of the FD&C Act are subject to criminal penalties. In general, the FD&C Act makes “any person” guilty of a misdemeanor if they introduce or deliver for introduction into interstate commerce an adulterated or misbranded product that is subject to the statute.⁹ The statute defines “person” to mean an individual, partnership, corporation, or association.¹⁰

The “responsible corporate officer” doctrine holds that, under certain circumstances, an individual can be held criminally liable for an FD&C Act violation even without evidence of mens rea. The doctrine was developed primarily in two seminal Supreme Court cases in which senior executives appealed their convictions for misdemeanor violations of the statute. The first of these cases, United States v. Dotterweich,¹¹ concerned the prosecution of the president and general manager of the Buffalo Pharmacal Company, Inc. on charges of shipping misbranded and adulterated drugs in interstate commerce. The Supreme Court upheld the conviction upon reasoning that, given the regulatory nature of the FD&C Act, Congress intended executives to be held accountable for their companies’ violations of the statute even if they were unaware of the misconduct.

The Court explained the public policy rationale behind Dotterweich’s prosecution as follows:

"The prosecution to which [he] was subjected is based on a now familiar type of legislation whereby penalties serve as an effective means of regulation. Such legislation dispenses with the conventional requirement for criminal conduct—awareness of some wrongdoing. In the interest of the larger good it puts the burden of acting at hazard upon a person otherwise innocent but standing in responsible relation to a public danger."¹¹

In the second seminal case, the Supreme Court reiterated the principles it laid out in Dotterweichin a case involving the prosecution of the president of a large national food chain. In United States v. Park,² Park was charged with FD&C Act violations relating to rodent infestation discovered during FDA inspections. Park contended that, although the company was under his general direction, other individuals were responsible for different aspects of the company’s operations.² The Court rejected his defenses, explaining that, “in providing sanctions which reach . . . the individuals who execute the corporate mission—and this is by no means necessarily confined to a single corporate agent or employee—the [FD&C Act] imposes not only a positive duty to seek out and remedy violations when they occur but also, and primarily, a duty to implement measures that will insure that violations will not occur.”² According to the Court, the government establishes a prima facie case “when it introduces evidence sufficient to warrant a finding by the trier of the facts that the defendant had, by reason of his position in the corporation, responsibility and authority either to prevent in the first instance, or promptly to correct, the violation complained of, and that he failed to do so.”²

The Justice Manual, which establishes guidelines for federal prosecutions, recognizes the Park doctrine, stating that “an individual who stands in responsible relation to the violative conduct, even if he or she did not engage in the conduct itself, may be liable under the ‘responsible corporate officer’ doctrine (the so-called Park doctrine).”¹² The Park doctrine has been used in recent prosecutions of medical product executives. In 2003, three senior officers of the Purdue Frederick Company were charged with misdemeanor misbranding violations of the FD&C Act as “responsible corporate officers” in connection with allegations of off-label marketing of OxyContin.¹³ All three executives pleaded guilty.¹⁴ In 2009, four senior officials at Synthes were indicted for misdemeanor violations of shipping adulterated and misbranded devices in interstate commerce based on their roles as “responsible corporate officers of Synthes.”¹⁵ The indictment alleged that the company illegally “test marketed” a bone cement product without proper FDA approval.¹⁶ All three executives ultimately pleaded guilty to the charges and were sentenced to prison terms.¹⁷ In 2020, the former CEO of Invidior PLC was convicted under the Park doctrine of a misdemeanor relating to the marketing of the company’s suboxone film product.¹⁸

In 2011, FDA updated its Regulatory Procedures Manual (RPM) to identify the criteria that the agency would use in identifying matters that are appropriately handled as Parkprosecutions.¹⁹ Under this policy, FDA will consider “the individual’s position in the company and relationship to the violation, and whether the official had the authority to correct or prevent the violation.”¹⁹ Though not necessary to such a prosecution, the individual’s “[k]nowledge of and actual participation in the violation . . . are factors that may be relevant.”¹⁹ The RPM also includes a non-exclusive list of “factors to consider,” the first of which is “[w]hether the violation involves actual or potential harm to the public.”¹⁹

In addition to liability imposed by the Caremark and Parkdoctrines, certain laws directly impose oversight obligations on responsible corporate officials. For instance, the good manufacturing practice regulations that FDA has formulated specifically for medical device manufacturers—known as the Quality System Regulation—includes a special rule requiring that “management with executive responsibility, among other things, establish policies and objectives for, and commitment to, quality.”²⁰ The relationship between that specific provision and the Caremark and Parkline line of cases has not been addressed by FDA or the courts.

The courts have also not yet definitively resolved other important open questions raised by the Caremark and Park doctrines. Critically, the Supreme Court has never addressed whether Park liability may apply under the FDCA felony provision for offenders who violate the statute “after a [prior] conviction . . . has become final.”²¹ At least one federal court of appeals has found a defendant guilty of a felony under this provision according to a Park liability theory.²² The courts have also not definitively addressed the role of key defenses, such as defenses arising under the Due Process Clause or the rule of lenity, or the applicability of Chevron deference to agency interpretation in criminal cases.

Doctrinal overlap: implications for both life sciences companies and certain individuals

Implications for life sciences companies. The Caremark doctrine concerns potential liability for directors. The Park doctrine is about potential liability for responsible corporate officials. The former is civil and the latter criminal.

As applied to companies manufacturing and/or selling FDA-regulated products, the two doctrines overlap considerably despite these distinctions. Both impose liability for failure to appropriately address the core regulatory rules (largely comprised of FDA regulations) governing their conduct. Stated more specifically, the Caremark line of cases holds boards of life sciences companies accountable for overseeing compliance with the most critical rules governing the company. The policy behind these holdings is plain: a heightened threat of liability will incentivize responsible individuals to take steps to ensure corporate compliance with key regulatory requirements which are intended, in turn, to protect and promote public health. The Park doctrine is driven by similar considerations. Dotterweich explains that the rule allowing criminal penalties to be imposed on those responsible for compliance with the FD&C ACT “serve[s] as an effective means of regulation.”¹¹ In addition, Park refers to “a duty to implement measures that will ensure that violations will not occur,”² with the goal “to prevent in the first instance, or promptly to correct.”²

How can boards and management working in tandem properly oversee regulatory compliance? The Caremark line of cases provides a set of answers from the judicial perspective:

• Companies must implement reporting systems that allow both boards and responsible corporate officials (each within their own scope) to obtain timely and accurate information, which allows them to make informed judgments concerning the corporation’s compliance with key laws and regulations.
• Boards and responsible corporate officials must actively and regularly monitor the information they receive through such systems.

Boards and responsible corporate officials must act appropriately on (and certainly not hide) any problems reported through such systems.

This high-level set of principles, however, masks a very challenging task. Regulations governing life sciences companies, including ones addressing “mission critical” risks, are increasingly complex and often highly technical. Commonly, applicable regulatory rules are subject to interpretation, which helps explain the proliferation of interpretive guidance from FDA. Under these circumstances, maintaining compliance in a way that fully insulates a corporation (or its board and managers) from criminal liability is likely impossible. In practice, companies develop and monitor their compliance infrastructure and rely on regulatory lawyers and other professionals experienced in advising on regulatory matters to control regulatory risk.

A key facet of regulatory risk management involves developing reasonable and defensible interpretive stances and determining whether, how, and when to engage with external stakeholders as part of the company’s risk-focused tactical plan. Thoughtful engagement with regulators can, for example, significantly enhance the durability of outside counsel’s own assessment of the meaning of an ambiguous regulatory rule.

Implications for individual directors in certain circumstances

The Caremark and Parkdoctrines may also intersect in another way. Directors (or others, such as controlling investors) could, in limited circumstances, potentially face direct liability. This could occur in circumstances in which they play a managerial role (i.e., if their roles bleed over into operational roles). This is a particularly significant consideration in the private equity environment, in which representatives of a sponsor may play an active role in the management of a portfolio company.

The US Department of Justice (DOJ) has pursued some form of this theory outside of the FD&C Act context for several years. In 2019, as part of a broader effort to impose liability on private equity owners for legal issues arising at their portfolio companies,²³ the DOJ intervened in a False Claims Act case against a private equity sponsor, one of its portfolio companies (a pharmacy), and two pharmacy employees.²⁴ In its complaint, the government alleged that the private equity fund had a “controlling interest” in the pharmacy; that two representatives of the fund served as both board members and officers of the pharmacy; and that these individuals played an active role in the management of the pharmacy. According to the DOJ, the named individuals engaged in a kickback scheme by analyzing the potential profitability of the scheme, approving the scheme, and receiving regular updates about its implementation.²⁴ The allegations were settled in 2019 for $21M.²⁵

Active engagement in the management of portfolio companies potentially exposes private equity sponsors—and individuals working for those sponsors—to penalties for a portfolio company’s misconduct. It is not hard to imagine the DOJ pressing an analogous theory under the FD&C Act in the right circumstances (i.e., taking the position that representatives of a private equity sponsor have assumed the duties of a “responsible corporate officer”). Whether such a theory would have merit is debatable, and its application would be highly fact-dependent, but private equity board members of FDA-regulated companies should understand the potential liability associated with that role and take appropriate steps to mitigate that liability.

Conclusion

The statutory and regulatory provisions governing FDA-regulated companies are subject to judicial doctrines—the Caremark and Park doctrines—which address, respectively, the duties of board members and “responsible corporate officers” (i.e., managers who are responsible for corporate compliance). Under those doctrines, relevant individuals are consistent with their roles and responsible for ensuring that the corporations for which they work remain in compliance with applicable regulatory requirements. The details of this general obligation are both important and incompletely defined, with open questions regarding, for example, the availability of certain legal defenses. To discharge their obligations, board members and responsible corporate managers should consider deploying the tools available to them, including the tactics identified by the Caremark line of cases, for the benefit of both the corporation and themselves. That task is challenging given the increasing complexity of FDA regulations, but it is crucial given the government’s continued reliance on Park-based enforcement actions targeting individuals in the life sciences sector.

References

1. In re Caremark International, Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).
2. United States v. Park,421 U.S. 658 (1974).
3. Stone v. Ritter, 911 A.2d. 362 (Del. 2006).
4. The others arose out of the food service, oil pipeline, auto parts, and airplane manufacturing industries. See Marchand v. Barnhill, 212 A.3d 805 (Del. 2019); Inter-Marketing Group USA, Inc., v. Armstrong, 2020 WL 756965 (Del. Ch. Jan 31, 2020) (unpublished); Hughes v. Hu, No. CV 2019-0112-JTL, 2020 WL 1987029 (Del. Ch. Apr. 27, 2020); In re Boeing Co. Derivative Litigation, 2019-0907 (Del. Ch. Sept. 7, 2021).
5. In re Clovis Oncology, Inc. Derivative Litigation, No. CV 2017-0222-JRS, 2019 WL 4850188, *3, *28, *31 (Del. Ch. Oct. 1, 2019).
6. Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).
7. Law 360, “Clovis Agrees to Reforms, $2.3 M Atty Fee in Drug Trial Suit” (Mar. 7, 2022).
8. Teamsters Local 443 Health Servs. v. Chou, C.A. No. 2019-0816-SG, *6, *53 (Del. Ch. Aug. 24, 2020).
9. 21 U.S.C. § 331(a), § 333(a)(1).
10. 21 U.S.C. § 321(e).
11. United States v. Dotterweich, 320 U.S. 277, 280, 281 (1943).
12. U.S. Dep’t of Just., Just. Manual § 4-8.215 (2021).
13. Information, United States v. The Purdue Frederick Co., No. 1:07-cr-00029 (W.D. Va. May 10, 2007).
14. Plea Agreement, United States v. Friedman., No. 1:07-cr-00029 (W.D. Va. May 10, 2007); Plea Agreement, United States v. Udell, No. 1:07-cr-00029 (W.D. Va. May 10, 2007); Plea Agreement, United States v. Goldenheim, No. 1:07-cr-00029 (W.D. Va. May 10, 2007).
15. Indictment, United States v. Norian Corp. et al., No. 2:09-cr-00403 (E.D. Pa. Jun. 16, 2009).
16. Superseding Information, United States v. Norian Corp. et al., No. 2:09-cr-00403, at 11-27 (E.D. Pa. Oct. 2010).
17. Maykuth, A., “Synthes Enters Guilty Plea in Bone-Cement Case,” The Philadelphia Inquirer (Nov. 30, 2010).
18. Department of Justice, “Indivior Solutions Pleads Guilty To Felony Charge And Indivior Entities Agree To Pay $600 Million To Resolve Criminal And Civil Investigations As Part Of DOJ’s Largest Opioid Resolution,” Press Release (July 24, 2020).
19. FDA, Regulatory Procedures Manual 6-5-3; see also Letter from Margaret A. Hamburg, Commissioner of Food and Drugs to Sen. Charles Grassley (Mar. 4, 2010).
20. 21 CFR 820.20(a).
21. 21 U.S.C. 333(a)(2).
22. United States v. Hohensee, 243 F.2d 367, 371 (3d Cir. 1957).
23. Jones, J., “Private Equity Funds Face Increasing Risk of False Claims Act Liability,” Sidley Austin (Oct. 29, 2018).
24. U.S. ex rel. Medrano v. Diabetic Care Rx, LLC, Case No. 15-62617-CIV-BLOOM (S.D.Fl Mar. 5, 2018).
25. The United States Department of Justice, “Compounding Pharmacy, Two of Its Executives, and Private Equity Firm Agree to Pay $21.36 Million to Resolve False Claims Act Allegations” (Sept. 18, 2019).