Opinion
C. A. 2022-1103-LWW
10-01-2024
IN RE TRANSUNION DERIVATIVE STOCKHOLDER LITIGATION
Kevin M. Gallagher & Spencer V. Crawford, RICHARDS, LAYTON &FINGER, P.A., Wilmington, Delaware; Sandra C. Goldstein, Victoria J. Ryan &Mike Rusie, KIRKLAND &ELLIS LLP, New York, New York; Counsel for Defendants George M. Awad, William P. Bosworth, Christopher A. Cartwright, Suzanne P. Clark, Kermit R. Crawford, John T. Danaher, Russell P. Fradin, Pamela A. Joseph, Siddharth N. Mehta, Thomas L. Monahan, III, Leo F. Mullin, James M. Peck, and Andrew Prozes, and Nominal Defendant TransUnion Samuel L. Closic, John G. Day &Seth T. Ford, PRICKETT, JONES &ELLIOTT, P.A., Wilmington, Delaware; Laurence Paskowitz, THE PASKOWITZ LAW FIRM P.C., Rego Park, New York; Emily Komlossy, KOMLOSSY LAW, P.A., Hollywood, Florida; Frederic S. Fox, KAPLAN FOX &KILSHEIMER LLP, New York, New York; Matthew M. Houston, GLANCY PRONGAY &MURRAY LLP, New York, New York; D. Seamus Kaskela &Adrienne Bell, KASKELA LAW LLC, Newtown Square, Pennsylvania; Alfred G. Yates, LAW OFFICE OF ALFRED G. YATES, JR., P.C., Pittsburgh, Pennsylvania; Counsel for Plaintiffs Richard Delman, Donna Nicosia, and Charles R. Blackburn
Date Submitted: June 7, 2024.
Kevin M. Gallagher & Spencer V. Crawford, RICHARDS, LAYTON &FINGER, P.A., Wilmington, Delaware; Sandra C. Goldstein, Victoria J. Ryan &Mike Rusie, KIRKLAND &ELLIS LLP, New York, New York; Counsel for Defendants George M. Awad, William P. Bosworth, Christopher A. Cartwright, Suzanne P. Clark, Kermit R. Crawford, John T. Danaher, Russell P. Fradin, Pamela A. Joseph, Siddharth N. Mehta, Thomas L. Monahan, III, Leo F. Mullin, James M. Peck, and Andrew Prozes, and Nominal Defendant TransUnion
Samuel L. Closic, John G. Day &Seth T. Ford, PRICKETT, JONES &ELLIOTT, P.A., Wilmington, Delaware; Laurence Paskowitz, THE PASKOWITZ LAW FIRM P.C., Rego Park, New York; Emily Komlossy, KOMLOSSY LAW, P.A., Hollywood, Florida; Frederic S. Fox, KAPLAN FOX &KILSHEIMER LLP, New York, New York; Matthew M. Houston, GLANCY PRONGAY &MURRAY LLP, New York, New York; D. Seamus Kaskela &Adrienne Bell, KASKELA LAW LLC, Newtown Square, Pennsylvania; Alfred G. Yates, LAW OFFICE OF ALFRED G. YATES, JR., P.C., Pittsburgh, Pennsylvania; Counsel for Plaintiffs Richard Delman, Donna Nicosia, and Charles R. Blackburn
MEMORANDUM OPINION
WILL, Vice Chancellor.
Boards of directors are duty bound to ensure that the corporations they manage operate lawfully. To meet this obligation, directors must establish a reporting system informing them of material risks to the business and attend to clear signs of noncompliance. If they do so with reasonable care, the court will not second guess the directors' attempts to exercise oversight.
Although there are rare exceptions, independent directors scarcely abandon this basic duty. Claims for failed oversight usually amount to retrospective critiques of good faith acts. Since liability can only attach where a plaintiff pleads facts showing a disloyal state of mind, steps toward compliance defeat such claims-even where corporate traumas unfold.
The plaintiffs here recognize the high bar to pleading that a board snubbed its oversight duties. Their complaint details board-level engagement on legal compliance, which contradicts any inference of knowing failures to monitor reported risks. And so, the plaintiffs take another approach and argue that the board's awareness of flaws in compliance efforts suggests willful lawbreaking.
TransUnion-a consumer credit reporting company-submitted to a regulatory consent order requiring it to change its advertising and billing practices. TransUnion worked to correct these practices with the oversight of its board. But it had a disagreement with the regulator on the details of certain changes.
Because the board learned that the regulator's views diverged from TransUnion's, the plaintiffs assert that the board purposefully violated the law for greater profit. The misconduct complained of, however, amounts to minor interpretive differences of the consent order's terms-disclaimer font size, phrase usage, and check box placement. TransUnion and the regulator are contesting these issues in related federal litigation.
Regardless of whose interpretation proves correct in that suit, there are no facts-much less particularized ones-suggesting that TransUnion's board breached its duty of loyalty. Imperfect compliance is not bad faith. Demand was not futile, and this case is dismissed.
I. FACTUAL BACKGROUND
Unless otherwise noted, the following facts are drawn from the Second Amended and Consolidated Verified Stockholder Derivative Complaint (the "Complaint") and the documents it incorporates by reference, including books and records produced by TransUnion in response to 8 Del. C. § 220 demands.
Verified S'holder Deriv. Am. Consol. Compl. (Dkt. 27) ("Compl."); Freedman v. Adams, 2012 WL 1345638, at *5 (Del. Ch. Mar. 30, 2012) ("When a plaintiff expressly refers to and heavily relies upon documents in her complaint, these documents are considered to be incorporated by reference into the complaint[.]") (citation omitted). Exhibits to the Affidavit of Spencer V. Crawford, Esq. in Support of Defendants' Opening Brief in Support of their Motion to Dismiss or Stay Proceedings (Dkts. 32-33) are cited as "Defs.' Ex. __." Exhibits produced in response to pre-suit books and records demands under confidentiality agreements with incorporation by reference provisions are deemed incorporated by reference into the Complaint. See Defs.' Ex. 1 § 10; see also Pettry ex rel. FedEx Corp. v. Smith, 2021 WL 2644475, at *8 n.90 (Del. Ch. June 28, 2021) (noting that "Section 220 documents[] [were] incorporated by reference into the Complaint to the extent [they] directly dispute[d] [p]laintiff's conclusory assertion[s]"). Exhibits lacking internal pagination are cited by the last three digits of their Bates stamps.
A. The 2017 Consent Order
Nominal defendant TransUnion is a Delaware corporation headquartered in Chicago, Illinois. TransUnion provides credit reporting services to millions of consumers globally.
Compl. ¶ 2.
As a participant in consumer financial markets, TransUnion is subject to the oversight authority of the Consumer Financial Protection Bureau (CFPB). The CFPB is authorized by the Consumer Financial Protection Act to conduct examinations and investigations and enforce the statute.
Id. ¶ 59.
In 2015, the CFPB launched an examination of the advertising and marketing practices used for TransUnion's credit reporting services. It concentrated on two main subjects. The first was statements in TransUnion's online advertisements about the utility of credit scores generated by TransUnion's proprietary model, VantageScore (the "VantageScore Disclosure"). The second was TransUnion's use of a "negative billing structure" that automatically enrolled consumers in credit monitoring services after a trial period (the "Negative Option") and related advertisements.
Compl. ¶ 62.
Id. ¶¶ 67-69.
The CFPB's examination and subsequent investigation culminated in a January 3, 2017 Consent Order. The Consent Order detailed the CFPB's findings on TransUnion's violations of the Consumer Financial Protection Act. It also outlined remediation efforts that TransUnion had agreed to undertake. Relevant here are changes to the VantageScore Disclosure and Negative Option, as well as compliance and redress plans.
Id. ¶ 63; Defs.' Ex. 2 ("Consent Order").
1. VantageScore Disclosure
The CFPB found TransUnion's VantageScore Disclosure to be inaccurate and deceptive. It concluded that TransUnion's marketing on its own and third-party websites falsely represented that VantageScore provided the same credit score used by lenders to determine creditworthiness. TransUnion's disclosures about the differences between VantageScore and models relied on by lenders were hidden in small, low contrast text at the bottom of its webpage.
Compl. ¶¶ 65-67; Consent Order ¶ 31.
Compl. ¶ 66; Consent Order ¶¶ 10, 27-29.
Compl. ¶ 67; Consent Order ¶ 27.
The Consent Order outlined changes that TransUnion would make to its VantageScore advertisement practices. TransUnion agreed to modify its advertisements to "substantially state[]" that the VantageScore "is not likely to be the same score used by lenders or other commercial users for credit decisions[.]"TransUnion also agreed to provide a header with the phrase "What You Need to Know" in text double the size of its disclosure about the utility of VantageScore.
Consent Order ¶ 40(c)(ii); see Compl. ¶ 100 n.32.
Consent Order ¶ 40(c)(iii); see Compl. ¶ 74.
2. Negative Option
The CFPB found that TransUnion's "free" credit score and "$1" credit report promotions were misleading. These offers included a Negative Option billing structure by which consumers who signed up for a trial of TransUnion's services were automatically enrolled in a paid subscription when the trial expired. The CFPB described these advertisements as "unfair, deceptive or abusive" because they gave the misimpression that credit scores or reports were no or low cost without highlighting the Negative Option enrollment.
Compl. ¶ 68; Consent Order ¶¶ 32-39.
Compl. ¶ 68; Consent Order ¶¶ 32-39.
Compl. ¶ 68; Consent Order ¶¶ 38-39.
The Consent Order required TransUnion to obtain express consent from consumers before enrolling them in any service with a Negative Option feature.TransUnion agreed to include "a check box on the final order page" for free or discounted trials "conspicuously stat[ing]" that the consumer consented to be billed for the service after the trial. The Consent Order also mandated that TransUnion create a "simple mechanism for a consumer to immediately cancel the purchase."
Compl. ¶ 71; Consent Order ¶ 40(b)(i).
Consent Order ¶ 40(b)(i); see Compl. ¶ 71.
Consent Order ¶ 40(b)(ii); see Compl. ¶ 72.
3. Compliance Plan
TransUnion had to submit a "comprehensive compliance plan" detailing how it would implement the Consent Order's conduct provisions (the "Compliance Plan"). It was required to, "[w]ithin 90 days" of the Consent Order becoming effective, submit the Compliance Plan to the CFPB "for review and determination of non-objection ...." The Compliance Plan needed to include, "at a minimum," "[d]etailed steps for addressing each action required by [the] Consent Order . . . and [s]pecific timeframes and deadlines for implementation of the[se] steps ...."
Consent Order ¶ 41; see Compl. ¶ 75.
Consent Order ¶ 41; see Compl. ¶ 75.
Consent Order ¶ 41; see Compl. ¶ 75.
The Consent Order addressed how the CFPB would provide feedback on and approve the Compliance Plan:
[(1)] The [CFPB] will have the discretion to make a determination of non-objection to the Compliance Plan or direct [TransUnion] to revise it. If the [CFPB] directs [TransUnion] to revise the Compliance Plan, [TransUnion] must make the revisions and resubmit the Compliance Plan to the [CFPB] within 30 days.
[(2)] After receiving notification that the [CFPB] has made a determination of non-objection to the Compliance Plan, [TransUnion] must implement and adhere to the steps, recommendations, deadlines, and timeframes outlined in the Compliance Plan.
Consent Order ¶¶ 42-43; see Compl. ¶ 75.
4. The Redress Plan
The Consent Order also required TransUnion to provide $13.9 million in consumer redress and to prepare a plan to pay affected consumers (the "Redress Plan"). As with the Compliance Plan, the Consent Order described the process for the CFPB to approve the Redress Plan. TransUnion was also ordered to pay a $3 million penalty to the CFPB.
Compl. ¶ 80; Consent Order ¶¶ 47-51.
Consent Order ¶ 48.
Compl. ¶ 80; Consent Order ¶ 52.
B. Early Compliance Efforts
TransUnion took several initial steps to address the Consent Order. Outside counsel-a former CFPB enforcement attorney-advised on these efforts.
See Compl. ¶¶ 99, 155.
See id. ¶¶ 128-29; Defs.' Ex. 19 (Feb. 20, 2020 declaration) '957.
On January 11, 2017, TransUnion deposited the $13.9 million redress funds into a dedicated account for distribution. TransUnion wired the $3 million penalty to the CFPB two days later. It eliminated the Negative Option entirely and moved to a no-trial, full-price offer for credit monitoring on its website. TransUnion "updated online cancellation functionality" and "improved agent scripting to ensure consumer understanding of their transactions." It also enhanced the VantageScore Disclosure on its product order page.
Defs.' Ex. 4 (Feb. 9, 2017 A&C Committee presentation) '304.
Id.
Defs.' Ex. 3 (June 12, 2019 Letter from TransUnion to CFPB) ("Response to PARR Letter") '620; see Compl. ¶ 88.
Response to PARR Letter '619.
Compl. ¶ 100; Response to PARR Letter '619.
TransUnion management kept the company's Board of Directors apprised of the CFPB investigation, the Consent Order, and TransUnion's efforts to comply with the Consent Order. For example, on February 2, 2017, TransUnion distributed the Consent Order to its directors and officers, as well as others with compliance responsibilities. The next week, the Audit and Compliance Committee of the Board (the "A&C Committee") was updated on the planned submission of the Redress Plan and Compliance Plan to the CFPB. Later that month, the Board was updated on the Consent Order and engagement with the CFPB by TransUnion's General Counsel John Blenke and John Danaher-President of TransUnion's operating subsidiary that sold services to consumers.
Defs.' Ex. 5 (Summary of Consent Order Acknowledgment) '545. Nine of the eleven directors acknowledged receipt of the Consent Order.
Defs.' Ex. 4 at '304-05.
Defs.' Ex. 6 (Feb. 28, 2017 Board minutes) '349, '352; see Compl. ¶ 82.
C. Submission of the Redress Plan
In April 2017, the A&C Committee was told that TransUnion had submitted its Redress Plan to the CFPB and was "[a]waiting non-objection from [the] CFPB prior to initiating redress activities." On August 1, the CFPB directed TransUnion to revise the Redress Plan, which TransUnion did that month. The CFPB provided TransUnion with a determination of non-objection to the Redress Plan a few months later. As reported to the Board, TransUnion began to implement the Redress Plan after receiving the CFPB's confirmation of non-objection.
Defs.' Ex. 7 (Apr. 24, 2017 A&C Committee presentation) '361; see Compl. ¶ 96.
Defs.' Ex. 11 (Oct. 27, 2017 memorandum from J. Blenke to Board) '514; Defs.' Ex. 12 (Aug. 30, 2017 letter from D. Norgle to CFPB) '562.
Defs.' Ex. 13 (Nov. 7, 2017 letter from A. Hrdy to D. Norgle) '614.
Defs.' Ex. 14 (Feb. 16, 2018 memorandum from J. Blenke to Board) '571; Defs.' Ex. 15 (Feb. 8, 2018 A&C Committee deck) '543.
D. Submission of the Compliance Plan
The submission and feedback process for the Compliance Plan was less orderly. The CFPB had granted TransUnion an extension to June 30, 2017 to submit a Compliance Plan. A week before the deadline, a draft Compliance Plan was presented to the A&C Committee that listed dozens of actions TransUnion would take to comply with the Consent Order, including changes to the VantageScore Disclosure and the Negative Option. It listed timelines for starting and completing each action pegged to the "date determination of non-objection is received from the CFPB ...." The A&C Committee reviewed the Compliance Plan before its submission to the CFPB.
Defs.' Ex. 7 at '363.
See, e.g., Defs.' Ex. 16 ("Compliance Plan") '546; id. at '548 (stating, regarding the Negative Option, that TransUnion would "utilize and test disclosure and consent mechanisms that are consistent with those used by our competitors that we understand have been condoned by the CFPB subsequent to the Consent Order"); id. at '549 (stating, regarding the Negative Option, that TransUnion would "perform a review of all existing Credit-Related Products cancellation mechanisms and channels to determine any enhancements that should be made to telephone cancellations"); id. at '553 (stating, regarding the VantageScore Disclosure, that TransUnion would "review and implement the 'What You Need To Know' disclosure language on written offer communications").
Compliance Plan '546.
Id.
A few months later, Blenke advised the Board that it did "not need to make any of the proposed changes until [TransUnion] receive[d] confirmation from the CFPB that it does not object to the submitted Compliance Plan." This advice aligned with guidance given by the former CFPB enforcement attorney who was serving as TransUnion's outside counsel and had negotiated the Consent Order on TransUnion's behalf.
Defs.' Ex. 11 at '515.
Compl. ¶ 129; see Defs.' Ex. 19 ¶ 8 ("It was expected that [TransUnion] would receive . . . a letter from the CFPB stating its non-objection to particular approaches for compliance with the consent order.").
TransUnion awaited a determination of non-objection from the CFPB. It never came.
Defs.' Ex. 11 at '515; Defs.' Ex. 14 at '572; Defs.' Ex. 18 (July 27, 2017 memorandum from J. Blenke to Board) '454; Defs.' Ex. 25 (May 4, 2018 memorandum from J. Blenke to Board) '613.
E. The PARR Letter
TransUnion next heard from the CFPB over a year later in October 2018, when a second examination was launched. An onsite examination of TransUnion's compliance with the Consent Order took place in January 2019. Management reported to the A&C Committee that TransUnion cooperated throughout the process.
Compl. ¶¶ 13, 116.
Id. ¶ 116.
Defs.' Ex. 23 (Feb. 2019 A&C Committee deck) '733.
In May 2019, the CFPB issued a Potential Action and Request for Response (PARR) letter to TransUnion. The PARR letter reported the CFPB's "preliminary findings that TransUnion may have violated several conduct provisions" of the Consent Order and that an enforcement action might follow. It conveyed the CFPB's view that a statement of non-objection was not "required to subject TransUnion to the conduct provisions of the Consent Order."
Defs.' Ex. 28 (May 19, 2019 Letter from CFPB) ("PARR Letter").
PARR Letter '615; see Compl. ¶ 116.
Compl. ¶ 97; PARR Letter '616.
The PARR letter identified three potential violations of the Consent Order that related to the VantageScore Disclosure and the Negative Option. First, regarding the VantageScore Disclosure, TransUnion failed to include the requisite text on "display ads" on third-party websites. Second, the language TransUnion used to describe the utility of VantageScore differed from the specific language suggested in the Consent Order. Third, the "What You Need to Know" header above the VantageScore Disclosure was less than double the size of the other text. In addition, TransUnion had "advertised and offered a [N]egative [O]ption feature through internet ads placed on [third-party website] annualcreditreport.com" without a check box for affirmative consent on the order page.
Compl. ¶¶ 100-01.
PARR Letter '615; see Compl. ¶ 100.
Compl. ¶ 100; PARR Letter '615-16.
PARR Letter '616.
Id.; see Compl. ¶ 100.
F. TransUnion's PARR Letter Response
On June 12, 2019, TransUnion responded to the PARR letter. It observed that although the CFPB's views on "display ads" drew on an expansive reading of the Consent Order, TransUnion would "review an appropriate implementation of a form of disclosure on applicable display ads." It noted that its VantageScore Disclosure was "substantially consistent with the illustrative language in the Consent Order." And it explained that the font size used for the "What You Need to Know" header was selected to prevent the text from breaking across two lines. As to the Negative Option, TransUnion explained that the transunion.com offer had been removed before the Consent Order's effective date. TransUnion clarified that it had corrected another isolated Negative Option offer that appeared on annualcreditreport.com without a check box shortly after discovering it in January 2019.
Compl. ¶ 100.
Response to PARR Letter '619; see Compl. ¶ 100.
Response to PARR Letter '619; see Compl. ¶ 100.
Response to PARR Letter '619-20.
Id. at '620.
Id.
The next month, TransUnion's Chief Compliance Officer updated the A&C Committee about the PARR letter and TransUnion's response. He reported that TransUnion was "in compliance with three of the four potential findings" in the PARR letter.
Defs.' Ex. 29 (July 22, 2019 A&C Committee minutes) '859.
A few months later, TransUnion learned that the CFPB's Office of Supervision &Examinations had referred the matter to its Office of Enforcement.TransUnion management promptly relayed this development to the A&C Committee and the Board. The A&C Committee was also told that TransUnion had hired different outside counsel to engage with the CFPB.
Compl. ¶ 102.
Id.; Defs.' Ex. 31 (Oct. 21, 2019 A&C Committee minutes) '897.
Defs.' Ex. 31 at '898.
G. The CIDs and Steering Committee
In October 2019, the CFPB issued a civil investigative demand (CID) to TransUnion, seeking information about the VantageScore Disclosure and Negative Option. In March 2020, a second CID was served that concerned TransUnion's advertisements on annualcreditreport.com and legal advice relied upon in implementing the Compliance Plan. TransUnion produced materials in response to both CIDs and continued to engage with the CFPB. TransUnion management kept the A&C Committee and the Board apprised of these matters throughout the first quarter of 2020.
Compl. ¶¶ 104, 116.
Id. ¶¶ 105, 116; Defs.' Ex. 39 (CEO Board Report - Q1 2020) '034.
See Compl. ¶ 104.
Id. ¶¶ 105, 116; Defs.' Ex. 32 (Feb. 13, 2020 A&C Committee minutes) '932; Defs.' Ex. 33 (CEO Board Report - Q4 2019) '967; Defs.' Ex. 34 (Q1 2020 Board Meeting - Legal and Regulatory Update) '972; Defs.' Ex. 35 (Feb. 27, 2020 Board minutes) '979; Defs.' Ex. 38 (May 2020 A&C Committee deck) '009; Defs.' Ex. 39 at '034.
While the CFPB was investigating, TransUnion formed a Steering Committee composed of senior legal, compliance, and business personnel (including Danaher) to implement the Consent Order's conduct requirements. The Steering Committee began its preliminary work in January 2020 and held its first meeting in April 2020.By year end, TransUnion formed the Enterprise Risk Management Committee (the "ERM Committee"), which included TransUnion's CEO and officers and received monthly updates on the Steering Committee's progress.
Compl. ¶ 118.
Defs.' Ex. 36 (Apr. 3, 2020 Steering Committee memorandum) '991.
Defs.' Ex. 62 ("Revised Compliance Plan") '723-24.
H. The NORA Letter
On June 26, 2020, the CFPB issued a Notice of Opportunity to Respond and Advise (NORA) letter stating that it might pursue an enforcement action against TransUnion. Soon after, TransUnion management informed the A&C Committee that the company was preparing a response to the NORA letter and "seeking engagement with CFPB Senior Management in [an] effort to resolve the matter."
Compl. ¶ 116; Defs.' Ex. 40 (July 2020 A&C Committee deck) '076.
Compl. ¶ 108; Defs.' Ex. 40 at '076.
In July 2020, TransUnion responded to the NORA letter. TransUnion management updated the A&C Committee on the response and TransUnion's remediation efforts under the Consent Order, reporting that they were "targeting the end of the year" for completion. TransUnion tried to engage with the CFPB, met with the CFPB's senior enforcement team in October 2020, and did not hear anything further from the CFPB until March 2021.
Defs.' Ex. 42 (July 30, 2020 A&C Committee minutes) '088.
Compl. ¶ 108; Defs.' Ex. 42 at '088.
Defs.' Ex. 42 at '088; see also Defs.' Ex. 43 (Aug. 5, 2020 general counsel presentation to Board) '093; Defs.' Ex. 44 (Aug. 5, 2020 Board minutes) '106; Defs.' Ex. 45 (Oct. 30, 2020 A&C Committee presentation) '134; Defs.' Ex. 46 (CEO Board Report - Q3 2020) '176; Defs.' Ex. 47 (Nov. 11, 2020 Legal & Public Policy update) '181; Defs.' Ex. 48 (Feb. 18, 2021 Legal &Public Policy update) '276; Defs.' Ex. 49 (Feb. 2021 Q4 2020 Board Materials - Legal &Public Policy Update) '319.
I. The Subsequent CIDs and NORA Letter
In March 2021, the CFPB issued two additional CIDs that sought more information about new Negative Option enrollments and TransUnion management's knowledge of the Consent Order. Both the A&C Committee and the Board were informed about the CIDs at their next regularly scheduled meetings.
Compl. ¶¶ 112; 116.
Id. ¶ 113; Defs.' Ex. 52 (Apr. 29, 2021 A&C Committee deck) '338; Defs.' Ex. 53 (CEO Board Report - Q1 2021) '441; Defs.' Ex. 54 (May 11, 2021 Q1 2021 Board materials -Legal & Public Policy Update) '455; Defs.' Ex. 55 (May 2021 Board minutes) '445.
The CFPB issued another NORA letter in June 2021, which raised other allegations about TransUnion's representations of consumer enrollment practices, credit monitoring products, and aspects of the Consent Order. The A&C Committee was told about this NORA letter at a meeting held the next month.
Compl. ¶ 114; Defs.' Ex. 56 (July 29, 2021 A&C Committee deck) '619, '621.
Defs.' Ex. 57 (July 29, 2021 A&C Committee minutes) '616.
TransUnion responded to the NORA letter in August. Soon after, TransUnion management reported to the ERM Committee that they were "[d]eveloping [a] plan to address allegations [in the NORA letter] as appropriate."The Board received an update on the NORA letter later that month.
Defs.' Ex. 58 (Aug. 10-11, 2021 Board minutes) '649.
Defs.' Ex. 59 (Aug. 19, 2021 ERM Committee minutes) '701.
Compl. ¶ 114; Defs.' Ex. 58 at '649.
J. The Revised Compliance Plan
On August 19, 2021, the A&C Committee met to discuss the latest NORA letter and TransUnion's response. At the meeting, the A&C Committee reviewed a timeline of TransUnion's actions to comply with the Consent Order and a revised Compliance Plan (the "Revised Compliance Plan") that would be submitted to the CFPB. The A&C Committee endorsed the Revised Compliance Plan, which outlined how TransUnion had addressed each of the Consent Order's conduct provisions.
Defs.' Ex. 60 (Aug. 19, 2021 A&C Committee minutes) '721.
Id.; Defs.' Ex. 61 (Timeline: TransUnion January 3, 2017 Consent Order Compliance).
Defs.' Ex. 60 at '721.
Regarding the Negative Option, the Revised Compliance Plan explained that TransUnion had moved to eliminate such features as early as December 2016, taken additional steps to address their usage on annualcreditreport.com, and resolved "process gaps that enabled consumers to continue to enroll via Negative Options as a result of legacy 'offer codes.'" TransUnion further described its ongoing and "regular reporting to monitor the creation of new offer codes, the performance of existing offer codes and to verify that the decommissioning process was effective."
Revised Compliance Plan '725.
Id. at '726.
As to the VantageScore Disclosure, TransUnion explained its position on the language used and invited the CFPB to discuss "any remaining concerns ...." TransUnion confirmed that the VantageScore Disclosure and "What You Need to Know" header "w[ould] be included on all new webpages, including through the marketing checklist that [its] Marketing Team must submit prior to releasing new or making changes to existing marketing materials ...."
Id. at '728.
Id. at '729.
The Revised Compliance Plan also addressed TransUnion's compliance reporting structure. It highlighted the Board's oversight of TransUnion's response to the Consent Order, the work of the Steering Committee, and the ERM Committee's receipt of "monthly status updates regarding Consent Order compliance." TransUnion offered to "submit to the [CFPB] additional Compliance Reports or other requested information under penalty of perjury, provide sworn testimony, or produce documents within 30 days of receipt of a written request from the [CFPB]."
Id. at '723-24.
Id. at '733.
The Revised Compliance Plan noted that TransUnion had "received no comments from the [CFPB] regarding its original Compliance Plan, notwithstanding [TransUnion's] numerous requests for feedback on any deficiencies or nonobjection over the course of the last four years."
Id. at '723.
K. The Federal Litigation
In September 2021, the CFPB sent TransUnion a proposed settlement term sheet addressing consumer redress, civil monetary penalties, and injunctive relief against TransUnion and certain of its officers. TransUnion management explained their assessment of the proposal to the Board at a meeting the next month.TransUnion and the CFPB exchanged additional settlement proposals, and the Board discussed each one.
Defs.' Ex. 63 (Oct. 10, 2021 Board minutes) '825.
Id.; Defs.' Ex. 64 (Oct. 28, 2021 A&C Committee presentation) '910; Defs.' Ex. 65 (Nov. 9-10, 2021 Board minutes) '033; Defs.' Ex. 66 (Feb. 23, 2022 A&C Committee minutes) '275.
While settlement discussions of the regulatory investigation continued, the CFPB commenced litigation against TransUnion, its subsidiaries, and Danaher in the United States District Court for the Northern District of Illinois in April 2022 (the "Federal Action"). In the Federal Action, the CFPB seeks to enforce specific terms of the Consent Order and brings claims for violations of the Consumer Financial Protection Act, the Electronic Fund Transfer Act, and the Fair Credit Reporting Act.
Compl., CFPB v. TransUnion, LLC, et al., No. 1:22-cv-01880 (N.D. Ill. 2022).
See id.
The CFPB issued two additional NORA letters to TransUnion in March and August 2022 about matters related to the Federal Action and the marketing practices at issue in this suit.
In November 2022, TransUnion's motion to dismiss the Federal Action was denied. The court rejected TransUnion's argument that the CFPB's statement of non-objection was "a condition precedent to the enforceability of the Consent Order as a whole."
Consumer Fin. Prot. Bureau v. TransUnion, 641 F.Supp.3d 474, 478 (N.D. Ill. 2022) (denying TransUnion and Danaher's motions to dismiss).
Id. at 479.
The Federal Action remains pending.
L. This Litigation
On November 30, 2022, TransUnion stockholder Richard Delman filed a derivative action in this court. The suit followed TransUnion's production of books and records in response to Delman's Section 220 demand. In December, 2022, stockholder Donna Nicosia filed a near-identical complaint. A week later, stockholder Charles R. Blackburn entered an appearance as an interested party and told the court of his pending Section 220 demand.
Dkt. 1.
Compl. at 1.
Compl. ¶ 21.
Dkts. 6, 7.
On January 31, 2023, the court consolidated Delman and Nicosia's suits and added Blackburn as a plaintiff. The plaintiffs filed a consolidated complaint on March 31, 2023. After the defendants moved to dismiss on June 2, 2023, the plaintiffs filed the operative Complaint on August 1, 2023.
Dkt. 9.
Dkt. 10.
Dkts. 14, 27.
On October 2, 2023, the defendants moved to dismiss the Complaint.Briefing was completed on January 12, 2024. Oral argument on the motion to dismiss was held on June 7, 2024.
Dkt. 29.
Dkt. 43.
Dkt. 54.
II. LEGAL ANALYSIS
The Complaint lists two counts but advances one claim. Count I is a derivative claim for breach of fiduciary duty against present and former Board members. Count II is a request for a mandatory injunction "reforming the manner in which the Board oversees [TransUnion's] legal and regulatory obligations in the area of consumer law." "Injunctions are a form of relief, not a cause of action."
Compl. ¶¶ 151-59.
Compl. ¶ 20.
Quadrant Structured Prods. Co. v. Vertin, 102 A.3d 155, 203 (Del. Ch. 2014).
The defendants have moved to dismiss the Complaint under Court of Chancery Rule 23.1 for failure to plead demand excusal and under Rule 12(b)(6) for failure to state a claim upon which relief can be granted. In the alternative, they seek a stay in favor of the Federal Action.
Defs.' Opening Br. in Supp. of Their Mot. to Dismiss or Stay Proc. (Dkt. 31) ("Defs.' Opening Br.") 1-2.
The requirements of Rule 23.1 apply to derivative actions where stockholders seek to usurp the board's authority to control a corporate litigation asset. Rule 23.1 sets heightened pleading requirements for derivative claims "to prevent abuse and to promote intracorporate dispute resolution." A stockholder must "allege with particularity the efforts, if any" made to obtain the desired board-level action and the reasons for her "failure to obtain the action or for not making the effort."
See In re GoPro, Inc. S'holder Deriv. Litig., 2020 WL 2036602, at *8 (Del. Ch. Apr. 28, 2020) (observing "a presumption" that directors have managerial authority over corporate affairs); FLI Deep Marine LLC v. McKim, 2009 WL 1204363, at *2 (Del. Ch. Apr. 21, 2009) ("The decision to bring or to refrain from bringing suit on behalf of a corporation is the responsibility of the board of directors." (citing 8 Del. C. § 141(a))).
Pogostin v. Rice, 480 A.2d 619, 624 (Del. 1984), overruled on other grounds by Brehm v. Eisner, 746 A.2d 244 (Del. 2000).
Ct. Ch. R. 23.1; see Brehm, 746 A.2d at 254 ("Rule 23.1 is not satisfied by conclusory statements or mere notice pleading.").
The plaintiffs here declined to make a pre-suit demand on the Board. They assert that demand would be futile because a majority of the Board members could not impartially consider a demand.
Compl. ¶ 19.
In assessing demand futility, the court "is confined to the well-pleaded allegations in the Complaint, the documents incorporated into the Complaint by reference, and facts subject to judicial notice ...." Facts are considered "in their totality" and all reasonable inferences are drawn in the plaintiffs' favor.Conclusory allegations "are not considered as expressly pleaded facts or factual inferences."
In re Kraft Heinz Co. Deriv. Litig., 2021 WL 6012632, at *4 (Del. Ch. Dec. 15, 2021) (citing White v. Panic, 783 A.2d 543, 546-47 (Del. 2001)), aff'd, 282 A.3d 1054 (Del. 2022) (TABLE).
Del. Cty. Emps. Ret. Fund v. Sanchez, 124 A.3d 1017, 1019 (Del. 2015).
Brehm, 746 A.2d at 255.
The plaintiffs assert that the summary judgment standard should apply instead since the defendants rely on extraneous documents. But TransUnion's Section 220 production is incorporated by reference into the Complaint. The court can evaluate whether the plaintiffs have taken these documents out of context or ignored them entirely. There are no grounds to convert the defendants' motion to dismiss into one for summary judgment.
See Pls.' Answering Br. in Opp'n to Defs.' Mot. to Dismiss (Dkt. 37) ("Pls.' Answering Br.") 25-27.
See Defs.' Ex. 1 ¶ 10 (confidentiality agreement stating that TransUnion's Section 220 production "shall be deemed incorporated by reference into the operative version of the complaint"); see also Amalgamated Bank v. Yahoo!, Inc., 132 A.3d 752, 797-98 (Del. Ch. 2016), abrogated on other grounds by Tiger v. Boast Apparel, Inc., 214 A.3d 933 (Del. 2019); supra note 1.
See Okla. Firefighters Pension & Ret. Sys. v. Corbat, 2017 WL 6452240, at *16 (Del. Ch. Dec. 18, 2017) ("[T]he documents incorporated by reference in the Complaint make clear that the Plaintiffs' narrative is unsupported by the materials on which they relied in drafting their pleading."); Newman v. KKR Phorm Invs., L.P., 2023 WL 5624167, at *4 (Del. Ch. Sept. 5, 2023) (noting that Section 220 documents "necessarily shape the range and outcomes of pleading-stage inferences") (citation omitted).
A. The Fiduciary Duty Claim
The plaintiffs allege that a majority of the Board members "either knowingly permitted [TransUnion] to repeatedly violate the Consent Order . . . or chose to bury their heads in the sand and to ignore [TransUnion's] continuing illegal conduct . . . despite the knowable and grave risks raised by such improper conduct . . . ." The plaintiffs believe that their allegations support two distinct claims: one akin to the Court of Chancery's decision in Massey and another under Caremark. For their so-called "Massey claim," they allege that the Board knew the Consent Order was being violated but chose to prioritize profits over compliance. For their Caremark claim, they assert that the Board ignored red flags marking violations of the Consent Order. By this logic, the court would run the same allegations about the same facts through two separate doctrinal rubrics to see if one sticks.
Compl. ¶ 153.
Pls.' Answering Br. 27 ("The Complaint sufficiently pleads both Massey and Caremark claims.").
Compl. ¶¶ 94, 98, 100.
Id. ¶¶ 16, 102, 131, 156.
Neither precedent nor logic supports the bright line the plaintiffs work to draw between Caremark and Massey. Both of the plaintiffs' theories draw on the obligation of boards to take corporate compliance seriously. Directors who try to fulfill their oversight duties in good faith are not liable under either formulation advanced by the plaintiffs.
I begin by briefly exploring the legal landscape framing the plaintiffs' claim. I then consider how their claim should be examined. And I end by addressing whether the plaintiffs have adequately pleaded that a majority of the Board faces a substantial likelihood of liability for the claim. I conclude that they have not.
1. The Plaintiffs' Legal Theories
In his iconic Caremark decision, Chancellor Allen spurred directors to be heedful of their "duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists . . . ." There, the nominal defendant had paid substantial fines after sales and marketing employees were found to be bribing doctors to use its products. The directors were disinterested and independent, with no involvement in the underlying wrongdoing. But Chancellor Allen observed that the directors' distance from the misconduct did not grant them license to turn a blind eye.
In re Caremark Int'l Inc. Deriv. Litig., 698 A.2d 959, 970 (Del. Ch. 1996).
"[T]he Caremark decision is rightly seen as a prod towards the greater exercise of care by directors in monitoring their corporations' compliance with legal standards[.]" It stems from the core mandate in 8 Del. C. § 141(a) that the board is charged with overseeing the corporation's business and affairs. Delaware law presumes that directors are discharging this responsibility in good faith and with reasonable care, even if their actions turn out poorly in hindsight.
Guttman v. Huang, 823 A.2d 492, 506 (Del. Ch. 2003).
See Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984) ("It is a presumption that in making a business decision the directors of a corporation acted on an informed basis, in good faith and in the honest belief that the action taken was in the best interests of the company.") overruled on other grounds by Brehm, 746 A.2d 244.
Thus, the threshold for liability based on failed oversight "is quite high" and requires a "lack of good faith as evidenced by sustained or systematic failure of a director to exercise reasonable oversight." Directors who "try" to implement and attend to a "reasonable board-level system of monitoring and reporting" have met their baseline duty. Though directors may strive to exceed this bar, they cannot be held liable unless their conduct falls beneath it.
Caremark, 698 A.2d at 971; id. at 967 (observing that a claim for failed oversight is "possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment").
Marchand v. Barnhill, 212 A.3d 805, 821 (Del. 2019).
Ten years after Caremark, the Delaware Supreme Court confirmed the stringent liability standard applicable to a claim for absent oversight. In Stone v. Ritter, the court observed that this claim requires "a showing of bad faith conduct" breaching a director's duty of loyalty. It cautioned that a Caremark claim cannot lie where a plaintiff, "[w]ith the benefit of hindsight . . . seeks to equate a bad outcome with bad faith." Directors may face liability only where a plaintiff shows "that the directors knew that they were not discharging their fiduciary obligations."
Stone v. Ritter, 911 A.2d 362, 369-70 (Del. 2006).
Id. at 373.
Id. at 370.
The court in Stone articulated "the necessary conditions predicate for director oversight liability . . . ." These conditions have come to be called the two "prongs" of Caremark. They arise when: "(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations . . . ."
Id.
See Constr. Indus. Laborers Pension Fund ex rel. SolarWinds Corp. v. Bingle, 2022 WL 4102492, at *6 (Del. Ch. Sept. 6, 2022), aff'd, 297 A.3d 1083 (Del. 2023) (TABLE).
Stone, 911 A.2d at 370.
In Massey, then-Vice Chancellor Strine was faced with an extreme version of these scenarios. There, stockholders asserted that the director defendants had, in agreeing to a merger, failed to secure sufficient value for derivative claims arising from a massive coal mine explosion that killed 29 workers. The derivative claims not only alleged that the company's directors and officers failed to make a good faith effort to ensure that mining safety laws were complied with. They also went further, accusing the directors and officers of knowingly breaking applicable safety laws to prioritize coal production and profits.
In re Massey Energy Co., 2011 WL 2176479 (Del. Ch. May 31, 2011).
Id. at *19.
But Massey did not create a separate claim untethered from those explored in Caremark and Stone. All flow from the most basic obligation of directors and officers: to ensure that, in seeking profit, a corporation conducts lawful business by lawful means. Loyal fiduciaries must endeavor in good faith to maintain the corporation's fidelity to its material legal duties. If they intentionally fail to do so, personal liability for breach of fiduciary duty may follow.
See Lebanon Cnty. Emps. Ret. Fund v. Collis, 311 A.3d 773, 780 n.17 (Del. 2023) (declining to recognize that Massey "established a freestanding claim independent of Caremark"); see also McElrath v. Kalanick, 2019 WL 1430210, at *13 (Del. Ch. Apr. 1, 2019) (describing "Massey and similar progeny of Caremark"); Firefighters Pension Sys. of Kansas City v. Found. Bldg. Materials, Inc., 318 A.3d 1105, 1182 (Del. Ch. 2024) (describing Massey as a "sibling theory" of Caremark); City of Detroit Police and Fire Ret. Sys. v. Hamrock, 2022 WL 2387653, at *17 (Del. Ch. June 30, 2022) (addressing a claim styled as a Massey theory under the Caremark doctrine).
See 8 Del. C. § 101(b) ("A corporation may be incorporated or organized under this chapter to conduct or promote any lawful business or purposes ...."); id. § 102(a)(3) ("It shall be sufficient to state . . . that the purpose of the corporation is to engage in any lawful act or activity for which corporations may be organized . . . and by such statement all lawful acts and activities shall be within the purposes of the corporation ...."); Massey, 2011 WL 2176479, at *20 ("Delaware law allows corporations to pursue diverse means to make a profit, subject to a critical statutory floor, which is the requirement that Delaware corporations only pursue 'lawful business' by 'lawful acts.'"); Desimone v. Barrows, 924 A.2d 908, 934 (Del. Ch. 2007) ("Although directors have wide authority to take lawful action on behalf of the corporation, they have no authority knowingly to cause the corporation to become a rogue, exposing the corporation to penalties from criminal and civil regulators."); see also Leo E. Strine, Jr., Kirby M. Smith & Reilly S. Steel, Caremark and ESG, Perfect Together: A Practical Approach to Implementing an Integrated, Efficient and Effective Caremark and EESG Strategy, 106 Iowa L. Rev. 1885, 1893 (2021) (describing "the first principle of corporate law: corporations may only conduct lawful business by lawful means").
E.g., Desimone, 924 A.2d at 934-35 ("The knowing use of illegal means to pursue profit for the corporation is director misconduct."); Metro Commc'n Corp. BVI v. Advanced Mobilecomm Techs. Inc., 854 A.2d 121, 131 (Del. Ch. 2004) ("Under Delaware law, a fiduciary may not choose to manage an entity in an illegal fashion, even if the fiduciary believes that the illegal activity will result in profits for the entity."); Massey, 2011 WL 2176479, at *20 ("[A] fiduciary cannot be loyal to a Delaware corporation by knowingly causing it to seek profit by violating the law."); In re Walt Disney Co. Deriv. Litig., 906 A.2d 27, 67 (Del. 2006) (explaining that where "[a] fiduciary acts with the intent to violate positive law," she violates the duty of loyalty) (citation omitted).
Although claims for breaching this oversight duty concern diverse fact patterns, they are pleaded in three typical ways.
At the extreme end of the spectrum is a claim that directors and officers purposely caused the corporation to break the law in pursuit of greater profits. The alleged flouting of mine safety laws to lower costs and raise earnings at the expense of worker safety in Massey is one example. Other cases in this vein have addressed allegations about illegal but profitable business practices that led to criminal sanctions and employee or consumer deaths. These are meaningful-not trifling or technical-violations of laws integral to the company's operations.
E.g., La. Mun. Police Emps.' Ret. Sys. v. Pyott, 46 A.3d 313, 356 (Del. Ch. 2012) (holding that the plaintiffs had pleaded a Caremark claim based on allegations that the board approved an illegal business plan and the company "pled guilty to criminal misdemeanor [and] . . . paid criminal fines of $375 million"), rev'd on other grounds, 74 A.3d 612 (Del. 2013); Ontario Provincial Council of Carpenters' Pension Tr. Fund v. Walton, 2023 WL 3093500, at *48 (Del. Ch. Apr. 26, 2023) (holding that directors faced a substantial likelihood of liability where the board did not cause the company to change business practices for the distribution of prescription opioids despite the threat of a criminal indictment).
The second scenario involves a claim that the board knowingly failed to implement a system to monitor legal compliance. This obligation was recognized in Caremark, where Chancellor Allen admonished directors to implement a reasonable reporting system allowing information about significant risks to the business to reach the board level. These are known as Caremark "prong one" claims, based on the first necessary condition to oversight liability recognized in Stone . The Delaware Supreme Court's decision in Marchand, where the directors of an ice cream company allegedly made no effort to monitor compliance with essential food safety laws, is an example.
See Stone, 911 A.2d at 370; Firemen's Ret. Sys. of St. Louis ex rel. Marriott Int'l, Inc. v. Sorenson, 2021 WL 4593777, at *12 (Del. Ch. Oct. 5, 2021) ("For directors to face liability under Caremark's first prong, a plaintiff must show that the director made no good faith effort to ensure the company had in place any system of controls.") (citation omitted).
212 A.3d at 824 ("In Blue Bell's case, food safety was essential and mission critical. The complaint pled facts supporting a fair inference that no board-level system of monitoring or reporting on food safety existed."); see also In re Boeing Co. Deriv. Litig., 2021 WL 4059934, at *26 (Del. Ch. Sept. 7, 2021) (holding that demand was excused where the board allegedly failed to establish a reporting system for airplane safety risks).
The third situation has shades of the other two. A board that adopts a reporting system must monitor it and make a good-faith effort to address identified risks. A conscious failure to do so may support a claim under "prong two" of Caremark- the second necessary condition to oversight liability recognized in Stone . For liability to attach, the risks identified and ignored cannot be business matters on which deference to the directors' decision-making is owed. They must be legal violations so obvious and material that disregarding them amounts to bad faith.
See Stone, 911 A.2d at 373; Corbat, 2017 WL 6452240, at *17.
See Stone, 911 A.2d at 370.
See In re Citigroup Inc. S'holder Deriv. Litig., 964 A.2d 106, 125 (Del. Ch. 2009) (remarking that lowering the bar for Caremark liability to include business risks would "eviscerate the core protections of the business judgment rule-protections designed to allow corporate managers and directors to pursue risky transactions without the specter of being held personally liable if those decisions turn out poorly"); In re ProAssurance Corp. S'holder Deriv. Litig., 2023 WL 6426294, at *14 (Del. Ch. Oct. 2, 2023) (discussing the difference between legal and business risks under Caremark).
See, e.g., David B. Shaev Profit Sharing Acct. v. Armstrong, 2006 WL 391931, at *5 (Del. Ch. Feb. 13, 2006) (stating that allegations that a board "had notice of serious misconduct and simply failed to investigate . . . would survive a motion to dismiss, even if the committee or board was well constituted and was otherwise functioning"), aff'd, 911 A.2d 802 (Del. 2006) (TABLE).
Although categorizing these claims is helpful, it is incidental to the bottomline principles underpinning them. Each is rooted in the fundamental rule that Delaware corporations operate lawfully. Each requires a showing that directors utterly failed to oversee the corporation's compliance with the material laws constraining it. And for each, a sincere effort by directors to fulfill their oversight duties removes the potential for personal liability.
2. The Plaintiffs' Claim
With that framing, I consider where the plaintiffs' claim falls along the continuum of Caremark and its progeny.
The plaintiffs' lead argument is that the Board "resisted the terms of the Consent Order" by waiting to implement remedial efforts based on "knowingly incorrect and unsupported" legal advice. In an effort to analogize to Massey, the plaintiffs assert that the Board "allowed [TransUnion's] pursuit of profits to take precedence over its legal compliance." At the same time, they contend that the Board is liable under the second prong of Caremark for consciously disregarding TransUnion's non-compliance with the Consent Order. The latter argument stands in tension with the former, since the same conduct would reflect action and inaction. It cannot logically be both.
Pls.' Answering Br. 30.
Id. at 39 (citing Compl. ¶¶ 37-44, 87-88, 93-94, 99-100).
Id. at 45.
One must wonder, then, why the plaintiffs make a full-throated pitch for the most extreme iteration of a failed oversight claim-affirmative lawbreaking for profit-over a missing check box, the use of "may not" versus "not likely," and the wrong font size. This is hardly Massey. Their reasoning seems to be the following. The Complaint acknowledges that the Board took steps to comply with the Consent Order, which undermines the plaintiffs' Caremark prong two theory. There were, however, some potential gaps between TransUnion's compliance and the Consent Order's terms. The plaintiffs therefore insist that the Board's knowledge of these alleged flaws supports a reasonable inference that it encouraged TransUnion to violate the Consent Order.
This view turns Caremark jurisprudence on its head. Delaware courts have consistently held that imperfect attempts at compliance are not indicative of bad faith. A weak "prong two" theory cannot morph into Massey-like purposeful lawbreaking simply because the directors' good faith efforts ultimately fell short of positive law.
E.g., Horman v. Abney, 2017 WL 242571, at *11 (Del. Ch. Jan. 19, 2017); Sorenson, 2021 WL 4593777, at *16 ("[A]n attempted yet failed remediation effort generally cannot implicate bad faith."); Richardson v. Clark, 2020 WL 7861335, at *11 (Del. Ch. Dec. 13, 2020) (granting a motion to dismiss where the "[d]efendants acknowledge[d] that [corporate] services were being used to launder money and commit fraud" and "[i]n response, per the [p]laintiff's own allegations, . . . took action").
Regardless of the nomenclature applied, the claim presented is deficient. The Complaint details the Board's knowledge of the Consent Order and of TransUnion's efforts to comply with it, which erodes any reasonable inference of bad faith. The plaintiffs' second-guessing of the speed and thoroughness of TransUnion's response amounts to the sort of backward-looking critiques warned of in Stone .
Stone, 911 A.2d at 373 ("[T]he directors' good faith exercise of oversight responsibility may not invariably prevent employees from violating criminal laws, or from causing the corporation to incur significant financial liability, or both.").
B. The Demand Futility Analysis
To survive the defendants' Rule 23.1 motion, the plaintiffs must plead particularized facts supporting a reasonable inference that a majority of the Board acted in bad faith. "In this context, bad faith means 'the directors were conscious of the fact that they were not doing their jobs, and that they ignored red flags indicating misconduct in defiance of their duties.'" No such facts are found in the Complaint.
Horman, 2017 WL 242571, at *10 (quoting Armstrong, 2006 WL 391931, at *5).
The plaintiffs' allegations fall into two main periods: before and after the May 2019 receipt of the PARR letter. In the first, the plaintiffs question TransUnion's delay in implementing the Compliance Plan. In the second, they criticize how TransUnion interpreted the Consent Order. I consider each in turn.
1. Pre-May 2019 Events
The Board knew that the Consent Order required TransUnion to make changes to its VantageScore Disclosure and Negative Option usage. But according to the plaintiffs, the Board "resisted" these obligations. Instead, it allegedly "hid[] behind" outside counsel's "knowingly incorrect and unsupported" interpretation of the Consent Order and failed to correct TransUnion's violations for over two years.
Compl. ¶¶ 5, 7, 70-74; see Consent Order ¶¶ 3(h), 40.
Pls.' Answering Br. 30; see Compl. ¶¶ 9-13.
Pls.' Answering Br. 30-31; see Compl. ¶¶ 16, 99, 116.
No reasonable inference of bad faith can arise from these facts. That is so for at least two reasons.
First, the plaintiffs' charge is belied by TransUnion's immediate efforts to comply with the Consent Order. Before the Consent Order's effective date, TransUnion removed the Negative Option from its website. In January 2017, TransUnion made it easier for consumers to cancel orders or services through an online cancellation feature. TransUnion promptly paid the requisite $3 million civil penalty to the CFPB and deposited $13.9 million of redress funds into an account for affected consumers. It prepared and submitted a Redress Plan to the CFPB, which was implemented after the CFPB issued a statement of non-objection in November 2017. The Board and A&C Committee were kept apprised of these steps throughout.
Response to PARR Letter '620.
Id. at '619.
Defs.' Ex. 4 (Feb. 9, 2017 A&C Committee deck) '304.
Defs.' Ex. 12 at '562; Defs.' Ex. 13 at '614; Defs.' Ex. 14 at '571; Defs.' Ex. 67 (TransUnion Redress Plan); Defs.' Ex. 68 (Aug. 1, 2017 Letter from CFPB to TransUnion).
See, e.g., Defs.' Ex. 4; Defs.' Ex. 6 (Feb. 28, 2017 Board minutes); Defs.' Ex. 7 (Apr. 24, 2017 A&C Committee deck); Defs.' Ex. 15 at '543-44; Defs.' Ex. 17 (July 24, 2017 A&C Committee deck) '420, '435; Defs.' Ex. 20 (Oct. 23, 2017 A&C Committee deck) '482-83, '486; Defs.' Ex. 21 (CEO Board Report - Q3 2017) '507.
The plaintiffs concede that TransUnion "actually began partially implementing the Order almost immediately ...." They insist that further remediation efforts were "stopped" because TransUnion "noticed that compliance with the [Consent] Order was decreasing the company's revenue." But an inadequate, delayed, or misguided response to red flags cannot support a claim for breach of the duty of loyalty-no matter how it is categorized. The conduct described in the Complaint is far from an "intentional dereliction of duty," much less "law-flouting."
Compl. ¶ 99(a).
Id.
See Melbourne Mun. Firefighters' Pension Tr. Fund v. Jacobs, 2016 WL 4076369, at *9 (Del. Ch. Aug. 1, 2016) ("Simply alleging that a board incorrectly exercised its business judgment and made a 'wrong' decision in response to red flags . . . is insufficient to plead bad faith."); see also Sorenson, 2021 WL 4593777, at *16 (dismissing a Caremark claim where the directors were informed that remedial actions were taken to address known data security issues though "the implementation plan was probably too slow").
Boeing, 2021 WL 4059934, at *25.
Massey, 2011 WL 2176479, at *20.
Second, it cannot fairly be inferred that the Board relied on counsel in bad faith. The outside counsel in question was a former a CFPB enforcement attorney.She advised TransUnion that it could wait to implement the Compliance Plan until it received the CFPB's statement of non-objection. The Consent Order states that TransUnion was obligated to implement the steps listed in its Compliance Plan "[a]fter receiving notification that the [CFPB] ha[d] made a determination of non-objection." This advice was relayed to the Board at least five times by Blenke, TransUnion's General Counsel.
See Compl. ¶ 129; Defs.' Ex. 19; Defs.' Opening Br. 13.
Consent Order ¶ 43. The CFPB provided a statement of non-objection regarding the Redress Plan. See supra 9-10.
E.g., Defs.' Ex. 8 (Apr. 28, 2017 memorandum from J. Blenke to Board) '399; Defs.' Ex. 11 at '514; Defs.' Ex. 14 at '571; Defs.' Ex. 18 at '454; Defs.' Ex. 25 at '613.
In May 2019, TransUnion learned through the PARR letter that the CFPB disagreed with this interpretation of the Consent Order. But whether counsel's advice proved correct is beside the point. There are no particularized facts in the Complaint supporting a reasonable inference that the Board's reliance on the advice suggests a breach of its duty of loyalty. Under 8 Del. C. § 141(e), directors are "fully protected in relying in good faith" on professionals and experts "selected with reasonable care ...."
Compl. ¶ 97.
8 Del C. § 141(e); see also Cinerama, Inc. v. Technicolor, Inc., 663 A.2d 1134, 1142 (Del. Ch. 1994) (explaining that directors are presumed to act in good faith when relying on "the written or oral advice or opinions of any professionals and experts who are selected with reasonable care and are reasonably believed to be acting within the scope of their expertise" (citation omitted)), aff'd, 663 A.2d 1156 (Del. 1995); cf. In re Chemours Co. Deriv. Litig., 2021 WL 5050285, at *20 (Del. Ch. Nov. 1, 2021).
2. Post-May 2019 Events
Most of the plaintiffs' allegations post-date TransUnion's receipt of the PARR letter. According to the Complaint, the PARR letter put the Board on notice of ongoing Consent Order violations. The series of CIDs, NORA letters, and CFPB investigations that followed allegedly underscored this continued non-compliance. The plaintiffs assert that the Board nevertheless "purposely avoided any effort to bring TransUnion into compliance . . . to maintain [certain] revenue streams." This conclusion lacks well-pleaded support.
See Compl. ¶ 13 (alleging that the CFPB did not inform TransUnion of supposed violations of the Consent Order until May 2019).
Compl. ¶¶ 38, 100-01; see PARR Letter '615-16.
Compl. ¶ 116.
Pls.' Answering Br. 40.
a. PARR Letter
The May 2019 PARR letter informed the Board of the CFPB's preliminary view that TransUnion was non-compliant with the Consent Order. It invited TransUnion to "provide a response setting forth any reasons of fact, law, or policy as to why the CFPB should not take action against TransUnion."
Compl. ¶ 116 (outlining multiple alleged "red flags").
PARR Letter '616.
TransUnion did so two weeks later. It told the CFPB that despite never receiving any feedback or non-objection to the Compliance Plan submitted in June 2017, it had made "significant efforts to comply with the conduct provisions of the Consent Order." TransUnion said that it was "committed to working with the [CFPB] to demonstrate full compliance with the language and spirit of the Consent Order."
Response to PARR Letter '618-19.
Id. at '620.
The plaintiffs assert that two types of "gross violations" of the Consent Order's conduct provisions remained-one concerning the VantageScore Disclosure and another concerning the Negative Option. They allege that despite learning about TransUnion's breaches of these provisions, the Board remained disobedient.
Pls.' Answering Br. 34.
Id. at 40.
But the Complaint and documents it incorporates indicate that the Board oversaw and understood that management was working to correct both the VantageScore Disclosure and Negative Option.
E.g., Defs.' Ex. 30 (Aug. 7, 2019 Board minutes) '862; e.g., Sorenson, 2021 WL 4593777, at *16 (dismissing a Caremark claim where "management told the Board that it was addressing or would address the issues presented"); Pettry, 2021 WL 2644475, at *10 (holding that "our law does not demand board action in all instances; if action is taken by the Company to remediate the alleged harm, that is a reflection of a lack of bad faith on the part of the Board"), aff'd, 273 A.3d 750 (Del. 2022) (TABLE); In re Zimmer Biomet Hldgs., Inc., Deriv. Litig., 2021 WL 3779155, at *22-23 (Del. Ch. Aug. 25, 2021) (crediting management's "multiple attempts to cure ongoing [regulatory] violations and regular updates to the Board"), aff'd, 279 A.3d 356 (Del. 2022) (TABLE); Horman, 2017 WL 242571, at *13-14 (concluding that a plaintiff failed to plead bad faith where the board was informed of management's remediation efforts).
i. VantageScore Disclosure The Consent Order required TransUnion to make two changes to its
VantageScore Disclosure. First, TransUnion agreed the disclosure would "substantially state[]" that VantageScore was "not likely to be the same score used by lenders or other commercial users for credit decisions." Second, TransUnion agreed to provide a "What You Need to Know" header above the disclosure in a font double the rest of the text.
Consent Order ¶ 40(c)(ii)(1).
Id. ¶ 40(c)(iii).
The PARR letter expressed the CFPB's view that these requirements were unmet. One identified issue was TransUnion's use of the phrase "may not" rather than "not likely" to describe lenders' potential use of VantageScore. In its response to the PARR letter, TransUnion explained that its selection of "may not" was "substantially consistent with the illustrative language in the Consent Order."It expressed concern that the phrase "not likely" might inaccurately "suggest to consumers that they should assign no weight to their VantageScore ...." The other issue was the font size TransUnion chose for the "What You Need to Know" header. TransUnion told the CFPB that the header was in a 19.63-point rather than 24-point font to prevent the text from breaking across two lines, which would be "more difficult for the consumer to read."
PARR Letter '615-16.
Response to PARR Letter '619; see Consent Order ¶ 40(c)(ii) (requiring that the VantageScore Disclosure "substantially state[]" the illustrative language).
Response to PARR Letter '619.
PARR Letter '616; see Consent Order ¶ 40(c)(iii).
Response to PARR Letter '623 ("This approach ensured that the label was sufficiently large enough to be recognizable, easily readable, and able to capture the consumer's attention, relative to the disclosure itself, and is consistent with other labels on the order flow.").
The plaintiffs believe that the Board's knowledge of these issues shows purposeful-or at least conscious ignorance of-lawbreaking. They analogize to Pyott, where directors allegedly "continued to approve and oversee business plans that depended on illegal activity" despite understanding that pharmaceutical drugs were being promoted for off-label use. Those directors pleaded guilty to criminal misdemeanors and paid $375 million in fines.
Pyott, 46 A.3d at 356; see Pls.' Answering Br. 44.
Pyott, 46 A.3d at 356.
Here, by contrast, the Board was informed about and oversaw improvements to TransUnion's business practices to comply with the Consent Order. These affirmative steps toward and regular updates about compliance undercut any inference that the Board acted in bad faith. Unlike the serious offenses in Pyott, the remaining deficiencies raised in the PARR letter concern minor technical disagreements over whether TransUnion's changes went far enough. These same issues remain contested in the Federal Action.
E.g., Defs.' Ex. 29 at '859.
See, e.g., Zimmer Biomet, 2021 WL 3779155, at *22-23 (holding that any inference of bad faith was contradicted by allegations showing "multiple attempts to cure ongoing FDA violations and regular updates to the Board"); Jacobs, 2016 WL 4076369, at *12; Pettry, 2021 WL 2644475, at *10; Horman, 2017 WL 242571, at *13-14.
See Fisher v. Sanborn, 2021 WL 1197577, at *16 (Del. Ch. Mar. 30, 2021) (concluding that ongoing litigation about a "hotly disputed" alleged violation of federal consumer protection laws did not support an inference that the board knowingly permitted violations of those laws); Rojas v. Ellison, 2019 WL 3408812, at *14 (Del. Ch. July 29, 2019) (rejecting the assertion that a board consciously disregarded its duties based on the initiation of civil proceedings where the issues where "disputed vigorously").
ii. Negative Option
TransUnion also agreed in the Consent Order to implement two changes to the order flow for credit monitoring products with Negative Option features. First, TransUnion would add "a check box on the final order page that consumers must affirmatively check to select the Negative Option feature." Second, TransUnion would "provide a simple mechanism for a consumer to immediately cancel the purchase of any" credit-related product and end billing for future payments.
Consent Order ¶ 40(b)(i)(1).
Id. ¶ 40(b)(ii).
The plaintiffs acknowledge that TransUnion established the requisite cancellation mechanism. They focus on the check box required to affirm consent. But as TransUnion told the CFPB in response to the PARR letter, its website lacked any Negative Option features after December 2016.
See Defs.' Ex. 36 at '994.
See Pls.' Answering Br. 16-17, 21-22.
Response to PARR Letter '620.
The problem, according to the plaintiffs, is that in March 2017, Danaher allegedly caused TransUnion to "cease using the check box in affiliate marketing"- not TransUnion's own website. The Consent Order contemplated that Negative Option-related conduct provisions would apply to credit monitoring products TransUnion "offered for sale directly to consumers." TransUnion read this term of the Consent Order to exclude affiliate marketing. The proper interpretation remains at issue in the Federal Action. Even if the CFPB's view were correct, though, these facts reflect a genuine dispute over the Consent Order's reach. They do not support a reasonable inference that the Board acted disloyally.
Compl. ¶¶ 28, 88(j); see Pls.' Answering Br. 41.
2017 Consent Order ¶ 3(f).
See Defs.' Ex. 9 (TransUnion Offer Code Creation and Offer Code Review Policy).
See Fisher, 2021 WL 1197577, at *16; Corbat, 2017 WL 6452240, at *16.
The sole new issue raised in the PARR letter was the use of a Negative Option feature for a TransUnion product offered on annualcreditreport.com. But by the time of the PARR letter, TransUnion resolved this issue. As it told the CFPB, it had identified an "isolated case" where its credit products were being marketed on annualcreditreport.com with Negative Option enrollments but no check box. This issue was fixed "immediately upon discovery," and "senior leadership" directed the Steering Committee to identify any similar offerings. These proactive steps are ignored in the Complaint.
PARR Letter '616.
PARR Letter Response '620.
Id.; see also Defs.' Ex. 29 at '859; Defs.' Ex. 36 at '992.
See, e.g., Desimone, 924 A.2d at 940; Sorenson, 2021 WL 4593777, at *16.
b. Enforcement Division Referral, CIDs, and NORA Letters
The plaintiffs describe the CFPB's October 2019 referral of the matter to its enforcement division as another red flag of non-compliance. They also point to the Board's awareness of three CIDs, three investigational hearings, and four NORA letters. The plaintiffs argue that the Board defied the Consent Order despite these developments putting it on notice of the CFPB's concerns. Yet the Complaint and the documents it incorporates highlight the Board's oversight of TransUnion's compliance with the Consent Order.
Compl. ¶¶ 102, 116.
See id. ¶ 116.
Pls.' Answering Br. 16.
First, after the CFPB referred the matter for enforcement, TransUnion formed the Steering Committee to fulfill the conduct provisions of the Consent Order.The plaintiffs allege that the Steering Committee is irrelevant to demand futility since it was not constituted by the Board. But the A&C Committee was apprised of the Steering Committee's work. After TransUnion established the ERM Committee in May 2020, the Steering Committee reported to the ERM Committee which, in turn, updated the A&C Committee.
Compl. ¶ 118; Defs.' Ex. 36 at '991.
See Compl. ¶¶ 119-20.
Defs.' Ex. 64 at '920; Defs.' Ex. 65 at '031; Defs.' Ex. 71 (Oct. 28, 2021 A&C Committee minutes) '901; Defs.' Ex. 73 (Oct. 30, 2020 A&C Committee minutes) '129.
Revised Compliance Plan '724; Defs.' Ex. 72 (Feb. 18, 2021 A&C Committee minutes) '269.
Second, TransUnion management consistently informed the Board of actions taken after the CFPB's enforcement division became involved. For instance, management told the Board it replaced the outside counsel who had advised that the CFPB's non-objection was a condition to implementing the Compliance Plan. It also reported to the Board that it was "actively engaged" with the CFPB to resolve the regulatory proceeding "expeditiously and without a public order."
Defs.' Ex. 31 at '897-98.
Id. at '898.
Defs.' Ex. 69 (CEO Board Report - Q3 2019) '906-07.
The Board was regularly informed that TransUnion was working with the CFPB in response to the CIDs, NORA letters, and other inquiries. For example, in February 2020, the Board learned that TransUnion management was cooperating with the CFPB during investigational hearings. The Board was also told that TransUnion was fulfilling CID information requests. As to the NORA letters, the A&C Committee was kept apprised of TransUnion's planned responses. A Revised Compliance Plan was prepared and reviewed by the A&C Committee, with the advice of outside counsel, before it was submitted to the CFPB.
See, e.g., Compl. ¶¶ 105, 116; Defs.' Ex. 32 at '932; Defs.' Ex. 33 at '967; Defs.' Ex. 34 at '972; Defs.' Ex. 35 at '979; Defs.' Ex. 38 at '009; Defs.' Ex. 39 at '034.
Defs.' Ex. 34 at '972; see Compl. ¶¶ 105, 116.
Defs.' Ex. 38 at '009; Defs.' Ex. 39 at '034.
Defs.' Ex. 57 at '616; Defs.' Ex. 58 at '649; Defs.' Ex. 60 at '721; see Compl. ¶ 114.
See Defs.' Ex. 60; Defs.' Ex. 61.
These facts cannot reasonably be viewed to suggest that the Board knew TransUnion was purposefully breaking the law. Rather, they demonstrate that the Board understood TransUnion had remediated or was working to resolve remaining problems. That is a long way from doing "nothing."
See, e.g., Sorenson, 2021 WL 4593777, at *16; Zimmer Biomet, 2021 WL 3779155, at *22-23.
Horman, 2017 WL 242571, at *11; see Jacobs, 2016 WL 4076369, at *9, *12.
c. The Federal Litigation
Finally, the plaintiffs assert that the filing of the Federal Action in November 2022 was "a red flag alerting [TransUnion] that it was failing to comply with the Consent Order." As the defendants point out, however, TransUnion disputes the allegations in the Federal Action and has tried to reach an amicable resolution with the CFPB. The Board maintained oversight; it reviewed and discussed each of the CFPB's settlement proposals. The plaintiffs' only argument in response is to call the defendants' position "preposterous."
Pls.' Answering Br. 52; see also id. at 21-22.
Defs.' Ex. 63 at '825; Defs.' Ex. 64 at '910; Defs.' Ex. 65 at '033; Defs.' Ex. 66 at '275.
Pls.' Answering Br. 52.
* * *
The tale spun by the plaintiffs is one of a protracted dispute between TransUnion and the CFPB over the scope of the Consent Order. The CFPB maintains that TransUnion ran afoul of the Consent Order by waiting for a statement of non-objection, removing a Negative Option check box from affiliate marketing, and using the wrong language and font size for its VantageScore Disclosure. TransUnion, for its part, believes that it satisfied the Consent Order.
For purposes of this motion, I accept as true that TransUnion should ideally have implemented the Compliance Plan sooner. I also accept that the Board knew about the CFPB's views on what the Consent Order required and the escalating actions taken by the CFPB to compel compliance. It may also be that TransUnion profited from the challenged VantageScore Disclosures and Negative Option features.
Still, the Board does not face a substantial likelihood of liability. The Complaint and documents it incorporates evidence that the Board attempted to fulfill its oversight function in good faith. Information about potential compliance problems made its way to the Board through counsel, management, and committeelevel reports. These updates outlined the steps taken by TransUnion to satisfy the Consent Order and resolve lingering disputes with the CFPB over remediation.
See GoPro, 2020 WL 2036602, at *12-13 ("A Caremark claim cannot be squared with an allegation the Board responded to red flags.").
The remaining issues complained of are quibbles about whether TransUnion's compliance efforts went far enough fast enough. They boil down to check box placement on affiliate websites, whether the phrase "may not" is similar to "not likely," and whether 19.63-point font should have been 24 point. These are matters over which reasonable minds can differ. Regardless of which side prevails in the Federal Action, the plaintiffs' allegations fall materially short of suggesting bad faith. "[T]here is a vast difference between an inadequate or flawed effort to carry out fiduciary duties and a conscious disregard for those duties." There is an even wider gulph between imperfect compliance and purposeful lawbreaking.
Reiter v. Fairbank, 2016 WL 6081823, at *14 (Del. Ch. Oct. 18, 2016).
Lyondell Chem. Co. v. Ryan, 970 A.2d 235, 243 (Del. 2009); see Corbat, 2017 WL 6452240, at *17 (explaining that the relevant question is whether the board "took no steps in a good faith effort to prevent or remedy [the] situation"); Clem v. Skinner, 2024 WL 668523, at *8 (Del. Ch. Feb. 19, 2024) ("Claims that quibble with the timing or success of corrective action necessarily fail.").
III. CONCLUSION
The plaintiffs have failed to plead particularized allegations demonstrating that a majority of the Board could not impartially consider a demand. The defendants' motion to dismiss is granted under Rule 23.1. The Complaint is dismissed with prejudice.