eCases

•    IN THE COURT OF CHANCERY OF THE STATE OF DELAWARE
  CONSOLIDATED
  IN RE TRANSUNION DERIVATIVE
  C.A. No. 2022-1103-LWW
  STOCKHOLDER LITIGATION
  MEMORANDUM OPINION
  Date Submitted: June 7, 2024
  Date Decided: October 1, 2024
  Kevin M. Gallagher & Spencer V. Crawford, RICHARDS, LAYTON & FINGER,
  P.A., Wilmington, Delaware; Sandra C. Goldstein, Victoria J. Ryan & Mike Rusie,
  KIRKLAND & ELLIS LLP, New York, New York; Counsel for Defendants George
  M. Awad, William P. Bosworth, Christopher A. Cartwright, Suzanne P. Clark,
  Kermit R. Crawford, John T. Danaher, Russell P. Fradin, Pamela A. Joseph,
  Siddharth N. Mehta, Thomas L. Monahan, III, Leo F. Mullin, James M. Peck, and
  Andrew Prozes, and Nominal Defendant TransUnion
  Samuel L. Closic, John G. Day & Seth T. Ford, PRICKETT, JONES & ELLIOTT,
  P.A., Wilmington, Delaware; Laurence Paskowitz, THE PASKOWITZ LAW FIRM
  P.C., Rego Park, New York; Emily Komlossy, KOMLOSSY LAW, P.A.,
  Hollywood, Florida; Frederic S. Fox, KAPLAN FOX & KILSHEIMER LLP, New
  York, New York; Matthew M. Houston, GLANCY PRONGAY & MURRAY LLP,
  New York, New York; D. Seamus Kaskela & Adrienne Bell, KASKELA LAW
  LLC, Newtown Square, Pennsylvania; Alfred G. Yates, LAW OFFICE OF
  ALFRED G. YATES, JR., P.C., Pittsburgh, Pennsylvania; Counsel for Plaintiffs
  Richard Delman, Donna Nicosia, and Charles R. Blackburn
  WILL, Vice Chancellor
  Boards of directors are duty bound to ensure that the corporations they manage
  operate lawfully. To meet this obligation, directors must establish a reporting system
  informing them of material risks to the business and attend to clear signs of non-
  compliance. If they do so with reasonable care, the court will not second guess the
  directors’ attempts to exercise oversight.
  Although there are rare exceptions, independent directors scarcely abandon
  this basic duty. Claims for failed oversight usually amount to retrospective critiques
  of good faith acts. Since liability can only attach where a plaintiff pleads facts
  showing a disloyal state of mind, steps toward compliance defeat such claims—even
  where corporate traumas unfold.
  The plaintiffs here recognize the high bar to pleading that a board snubbed its
  oversight duties.    Their complaint details board-level engagement on legal
  compliance, which contradicts any inference of knowing failures to monitor reported
  risks. And so, the plaintiffs take another approach and argue that the board’s
  awareness of flaws in compliance efforts suggests willful lawbreaking.
  TransUnion—a consumer credit reporting company—submitted to a
  regulatory consent order requiring it to change its advertising and billing practices.
  TransUnion worked to correct these practices with the oversight of its board. But it
  had a disagreement with the regulator on the details of certain changes.
  1
  Because the board learned that the regulator’s views diverged from
  TransUnion’s, the plaintiffs assert that the board purposefully violated the law for
  greater profit.    The misconduct complained of, however, amounts to minor
  interpretive differences of the consent order’s terms—disclaimer font size, phrase
  usage, and check box placement. TransUnion and the regulator are contesting these
  issues in related federal litigation.
  Regardless of whose interpretation proves correct in that suit, there are no
  facts—much less particularized ones—suggesting that TransUnion’s board breached
  its duty of loyalty. Imperfect compliance is not bad faith. Demand was not futile,
  and this case is dismissed.
  I.     FACTUAL BACKGROUND
  Unless otherwise noted, the following facts are drawn from the Second
  Amended and Consolidated Verified Stockholder Derivative Complaint (the
  “Complaint”) and the documents it incorporates by reference, including books and
  records produced by TransUnion in response to 8 Del. C. § 220 demands.1
  1
  Verified S’holder Deriv. Am. Consol. Compl. (Dkt. 27) (“Compl.”); Freedman v. Adams,
  

  2012 WL 1345638

  , at *5 (Del. Ch. Mar. 30, 2012) (“When a plaintiff expressly refers to
  and heavily relies upon documents in her complaint, these documents are considered to be
  incorporated by reference into the complaint[.]”) (citation omitted).
  Exhibits to the Affidavit of Spencer V. Crawford, Esq. in Support of Defendants’
  Opening Brief in Support of their Motion to Dismiss or Stay Proceedings (Dkts. 32-33) are
  cited as “Defs.’ Ex. __.” Exhibits produced in response to pre-suit books and records
  demands under confidentiality agreements with incorporation by reference provisions are
  deemed incorporated by reference into the Complaint. See Defs.’ Ex. 1 § 10; see also
  2
  A.      The 2017 Consent Order
  Nominal defendant TransUnion is a Delaware corporation headquartered in
  Chicago, Illinois. TransUnion provides credit reporting services to millions of
  consumers globally.2
  As a participant in consumer financial markets, TransUnion is subject to the
  oversight authority of the Consumer Financial Protection Bureau (CFPB). 3 The
  CFPB is authorized by the Consumer Financial Protection Act to conduct
  examinations and investigations and enforce the statute.4
  In 2015, the CFPB launched an examination of the advertising and marketing
  practices used for TransUnion’s credit reporting services.5 It concentrated on two
  main subjects. The first was statements in TransUnion’s online advertisements
  about the utility of credit scores generated by TransUnion’s proprietary model,
  VantageScore (the “VantageScore Disclosure”). The second was TransUnion’s use
  of a “negative billing structure” that automatically enrolled consumers in credit
  Pettry ex rel. FedEx Corp. v. Smith, 

  2021 WL 2644475

  , at *8 n.90 (Del. Ch. June 28, 2021)
  (noting that “Section 220 documents[] [were] incorporated by reference into the Complaint
  to the extent [they] directly dispute[d] [p]laintiff’s conclusory assertion[s]”). Exhibits
  lacking internal pagination are cited by the last three digits of their Bates stamps.
  2
  Compl. ¶ 2.
  3
  Id. ¶ 59.
  4
  

  12 U.S.C. § 5492

  (a).
  5
  Compl. ¶ 62.
  3
  monitoring services after a trial period (the “Negative Option”) and related
  advertisements.6
  The CFPB’s examination and subsequent investigation culminated in a
  January 3, 2017 Consent Order.7 The Consent Order detailed the CFPB’s findings
  on TransUnion’s violations of the Consumer Financial Protection Act. It also
  outlined remediation efforts that TransUnion had agreed to undertake. Relevant here
  are changes to the VantageScore Disclosure and Negative Option, as well as
  compliance and redress plans.
  1.     VantageScore Disclosure
  The CFPB found TransUnion’s VantageScore Disclosure to be inaccurate and
  deceptive.8 It concluded that TransUnion’s marketing on its own and third-party
  websites falsely represented that VantageScore provided the same credit score used
  by lenders to determine creditworthiness.9 TransUnion’s disclosures about the
  differences between VantageScore and models relied on by lenders were hidden in
  small, low contrast text at the bottom of its webpage.10
  6
  Id. ¶¶ 67-69.
  7
  Id. ¶ 63; Defs.’ Ex. 2 (“Consent Order”).
  8
  Compl. ¶¶ 65-67; Consent Order ¶ 31.
  9
  Compl. ¶ 66; Consent Order ¶¶ 10, 27-29.
  10
  Compl. ¶ 67; Consent Order ¶ 27.
  4
  The Consent Order outlined changes that TransUnion would make to its
  VantageScore advertisement practices.               TransUnion agreed to modify its
  advertisements to “substantially state[]” that the VantageScore “is not likely to be
  the same score used by lenders or other commercial users for credit decisions[.]”11
  TransUnion also agreed to provide a header with the phrase “What You Need to
  Know” in text double the size of its disclosure about the utility of VantageScore.12
  2.     Negative Option
  The CFPB found that TransUnion’s “free” credit score and “$1” credit report
  promotions were misleading.13 These offers included a Negative Option billing
  structure by which consumers who signed up for a trial of TransUnion’s services
  were automatically enrolled in a paid subscription when the trial expired.14 The
  CFPB described these advertisements as “unfair, deceptive or abusive” because they
  gave the misimpression that credit scores or reports were no or low cost without
  highlighting the Negative Option enrollment.15
  11
  Consent Order ¶ 40(c)(ii); see Compl. ¶ 100 n.32.
  12
  Consent Order ¶ 40(c)(iii); see Compl. ¶ 74.
  13
  Compl. ¶ 68; Consent Order ¶¶ 32-39.
  14
  Compl. ¶ 68; Consent Order ¶¶ 32-39.
  15
  Compl. ¶ 68; Consent Order ¶¶ 38-39.
  5
  The Consent Order required TransUnion to obtain express consent from
  consumers before enrolling them in any service with a Negative Option feature.16
  TransUnion agreed to include “a check box on the final order page” for free or
  discounted trials “conspicuously stat[ing]” that the consumer consented to be billed
  for the service after the trial.17 The Consent Order also mandated that TransUnion
  create a “simple mechanism for a consumer to immediately cancel the purchase.”18
  3.     Compliance Plan
  TransUnion had to submit a “comprehensive compliance plan” detailing how
  it would implement the Consent Order’s conduct provisions (the “Compliance
  Plan”).19 It was required to, “[w]ithin 90 days” of the Consent Order becoming
  effective, submit the Compliance Plan to the CFPB “for review and determination
  of non-objection . . . .”20 The Compliance Plan needed to include, “at a minimum,”
  “[d]etailed steps for addressing each action required by [the] Consent Order . . . and
  [s]pecific timeframes and deadlines for implementation of the[se] steps . . . .”21
  16
  Compl. ¶ 71; Consent Order ¶ 40(b)(i).
  17
  Consent Order ¶ 40(b)(i); see Compl. ¶ 71.
  18
  Consent Order ¶ 40(b)(ii); see Compl. ¶ 72.
  19
  Consent Order ¶ 41; see Compl. ¶ 75.
  20
  Consent Order ¶ 41; see Compl. ¶ 75.
  21
  Consent Order ¶ 41; see Compl. ¶ 75.
  6
  The Consent Order addressed how the CFPB would provide feedback on and
  approve the Compliance Plan:
  [(1)] The [CFPB] will have the discretion to make a determination of
  non-objection to the Compliance Plan or direct [TransUnion] to revise
  it. If the [CFPB] directs [TransUnion] to revise the Compliance Plan,
  [TransUnion] must make the revisions and resubmit the Compliance
  Plan to the [CFPB] within 30 days.
  [(2)] After receiving notification that the [CFPB] has made a
  determination of non-objection to the Compliance Plan, [TransUnion]
  must implement and adhere to the steps, recommendations, deadlines,
  and timeframes outlined in the Compliance Plan.22
  4.     The Redress Plan
  The Consent Order also required TransUnion to provide $13.9 million in
  consumer redress and to prepare a plan to pay affected consumers (the “Redress
  Plan”).23 As with the Compliance Plan, the Consent Order described the process for
  the CFPB to approve the Redress Plan.24 TransUnion was also ordered to pay a $3
  million penalty to the CFPB.25
  22
  Consent Order ¶¶ 42-43; see Compl. ¶ 75.
  23
  Compl. ¶ 80; Consent Order ¶¶ 47-51.
  24
  Consent Order ¶ 48.
  25
  Compl. ¶ 80; Consent Order ¶ 52.
  7
  B.    Early Compliance Efforts
  TransUnion took several initial steps to address the Consent Order.26 Outside
  counsel—a former CFPB enforcement attorney—advised on these efforts.27
  On January 11, 2017, TransUnion deposited the $13.9 million redress funds
  into a dedicated account for distribution.28 TransUnion wired the $3 million penalty
  to the CFPB two days later.29 It eliminated the Negative Option entirely and moved
  to a no-trial, full-price offer for credit monitoring on its website.30 TransUnion
  “updated online cancellation functionality” and “improved agent scripting to ensure
  consumer understanding of their transactions.”31 It also enhanced the VantageScore
  Disclosure on its product order page.32
  TransUnion management kept the company’s Board of Directors apprised of
  the CFPB investigation, the Consent Order, and TransUnion’s efforts to comply with
  the Consent Order. For example, on February 2, 2017, TransUnion distributed the
  Consent Order to its directors and officers, as well as others with compliance
  26
  See Compl. ¶¶ 99, 155.
  27
  See id. ¶¶ 128-29; Defs.’ Ex. 19 (Feb. 20, 2020 declaration) ‘957.
  28
  Defs.’ Ex. 4 (Feb. 9, 2017 A&C Committee presentation) ‘304.
  29
  Id.
  30
  Defs.’ Ex. 3 (June 12, 2019 Letter from TransUnion to CFPB) (“Response to PARR
  Letter”) ‘620; see Compl. ¶ 88.
  31
  Response to PARR Letter ‘619.
  32
  Compl. ¶ 100; Response to PARR Letter ‘619.
  8
  responsibilities.33 The next week, the Audit and Compliance Committee of the
  Board (the “A&C Committee”) was updated on the planned submission of the
  Redress Plan and Compliance Plan to the CFPB.34 Later that month, the Board was
  updated on the Consent Order and engagement with the CFPB by TransUnion’s
  General Counsel John Blenke and John Danaher—President of TransUnion’s
  operating subsidiary that sold services to consumers.35
  C.     Submission of the Redress Plan
  In April 2017, the A&C Committee was told that TransUnion had submitted
  its Redress Plan to the CFPB and was “[a]waiting non-objection from [the] CFPB
  prior to initiating redress activities.”36 On August 1, the CFPB directed TransUnion
  to revise the Redress Plan, which TransUnion did that month.37 The CFPB provided
  TransUnion with a determination of non-objection to the Redress Plan a few months
  33
  Defs.’ Ex. 5 (Summary of Consent Order Acknowledgment) ‘545. Nine of the eleven
  directors acknowledged receipt of the Consent Order.
  34
  Defs.’ Ex. 4 at ‘304-05.
  35
  Defs.’ Ex. 6 (Feb. 28, 2017 Board minutes) ‘349, ‘352; see Compl. ¶ 82.
  36
  Defs.’ Ex. 7 (Apr. 24, 2017 A&C Committee presentation) ‘361; see Compl. ¶ 96.
  37
  Defs.’ Ex. 11 (Oct. 27, 2017 memorandum from J. Blenke to Board) ‘514; Defs.’ Ex. 12
  (Aug. 30, 2017 letter from D. Norgle to CFPB) ‘562.
  9
  later.38 As reported to the Board, TransUnion began to implement the Redress Plan
  after receiving the CFPB’s confirmation of non-objection.39
  D.     Submission of the Compliance Plan
  The submission and feedback process for the Compliance Plan was less
  orderly. The CFPB had granted TransUnion an extension to June 30, 2017 to submit
  a Compliance Plan.40 A week before the deadline, a draft Compliance Plan was
  presented to the A&C Committee that listed dozens of actions TransUnion would
  take to comply with the Consent Order, including changes to the VantageScore
  Disclosure and the Negative Option.41 It listed timelines for starting and completing
  each action pegged to the “date determination of non-objection is received from the
  38
  Defs.’ Ex. 13 (Nov. 7, 2017 letter from A. Hrdy to D. Norgle) ‘614.
  39
  Defs.’ Ex. 14 (Feb. 16, 2018 memorandum from J. Blenke to Board) ‘571; Defs.’ Ex. 15
  (Feb. 8, 2018 A&C Committee deck) ‘543.
  40
  Defs.’ Ex. 7 at ‘363.
  41
  See, e.g., Defs.’ Ex. 16 (“Compliance Plan”) ‘546; id. at ‘548 (stating, regarding the
  Negative Option, that TransUnion would “utilize and test disclosure and consent
  mechanisms that are consistent with those used by our competitors that we understand have
  been condoned by the CFPB subsequent to the Consent Order”); id. at ‘549 (stating,
  regarding the Negative Option, that TransUnion would “perform a review of all existing
  Credit-Related Products cancellation mechanisms and channels to determine any
  enhancements that should be made to telephone cancellations”); id. at ‘553 (stating,
  regarding the VantageScore Disclosure, that TransUnion would “review and implement
  the ‘What You Need To Know’ disclosure language on written offer communications”).
  10
  CFPB . . . .”42 The A&C Committee reviewed the Compliance Plan before its
  submission to the CFPB.43
  A few months later, Blenke advised the Board that it did “not need to make
  any of the proposed changes until [TransUnion] receive[d] confirmation from the
  CFPB that it does not object to the submitted Compliance Plan.”44 This advice
  aligned with guidance given by the former CFPB enforcement attorney who was
  serving as TransUnion’s outside counsel and had negotiated the Consent Order on
  TransUnion’s behalf.45
  TransUnion awaited a determination of non-objection from the CFPB.46 It
  never came.
  E.    The PARR Letter
  TransUnion next heard from the CFPB over a year later in October 2018,
  when a second examination was launched.47 An onsite examination of TransUnion’s
  42
  Compliance Plan ‘546.
  43
  Id.
  44
  Defs.’ Ex. 11 at ‘515.
  45
  Compl. ¶ 129; see Defs.’ Ex. 19 ¶ 8 (“It was expected that [TransUnion] would receive
  . . . a letter from the CFPB stating its non-objection to particular approaches for compliance
  with the consent order.”).
  46
  Defs.’ Ex. 11 at ‘515; Defs.’ Ex. 14 at ‘572; Defs.’ Ex. 18 (July 27, 2017 memorandum
  from J. Blenke to Board) ‘454; Defs.’ Ex. 25 (May 4, 2018 memorandum from J. Blenke
  to Board) ‘613.
  47
  Compl. ¶¶ 13, 116.
  11
  compliance with the Consent Order took place in January 2019.48 Management
  reported to the A&C Committee that TransUnion cooperated throughout the
  process.49
  In May 2019, the CFPB issued a Potential Action and Request for Response
  (PARR) letter to TransUnion.50 The PARR letter reported the CFPB’s “preliminary
  findings that TransUnion may have violated several conduct provisions” of the
  Consent Order and that an enforcement action might follow.51 It conveyed the
  CFPB’s view that a statement of non-objection was not “required to subject
  TransUnion to the conduct provisions of the Consent Order.”52
  The PARR letter identified three potential violations of the Consent Order that
  related to the VantageScore Disclosure and the Negative Option. 53 First, regarding
  the VantageScore Disclosure, TransUnion failed to include the requisite text on
  “display ads” on third-party websites.54 Second, the language TransUnion used to
  describe the utility of VantageScore differed from the specific language suggested
  48
  Id. ¶ 116.
  49
  Defs.’ Ex. 23 (Feb. 2019 A&C Committee deck) ‘733.
  50
  Defs.’ Ex. 28 (May 19, 2019 Letter from CFPB) (“PARR Letter”).
  51
  PARR Letter ‘615; see Compl. ¶ 116.
  52
  Compl. ¶ 97; PARR Letter ‘616.
  53
  Compl. ¶¶ 100-01.
  54
  PARR Letter ‘615; see Compl. ¶ 100.
  12
  in the Consent Order.55 Third, the “What You Need to Know” header above the
  VantageScore Disclosure was less than double the size of the other text. 56 In
  addition, TransUnion had “advertised and offered a [N]egative [O]ption feature
  through internet ads placed on [third-party website] annualcreditreport.com” without
  a check box for affirmative consent on the order page.57
  F.     TransUnion’s PARR Letter Response
  On June 12, 2019, TransUnion responded to the PARR letter.58 It observed
  that although the CFPB’s views on “display ads” drew on an expansive reading of
  the Consent Order, TransUnion would “review an appropriate implementation of a
  form of disclosure on applicable display ads.”59 It noted that its VantageScore
  Disclosure was “substantially consistent with the illustrative language in the Consent
  Order.”60 And it explained that the font size used for the “What You Need to Know”
  header was selected to prevent the text from breaking across two lines.61 As to the
  Negative Option, TransUnion explained that the transunion.com offer had been
  55
  Compl. ¶ 100; PARR Letter ‘615-16.
  56
  PARR Letter ‘616.
  57
  Id.; see Compl. ¶ 100.
  58
  Compl. ¶ 100.
  59
  Response to PARR Letter ‘619; see Compl. ¶ 100.
  60
  Response to PARR Letter ‘619; see Compl. ¶ 100.
  61
  Response to PARR Letter ‘619-20.
  13
  removed before the Consent Order’s effective date.62 TransUnion clarified that it
  had corrected another isolated Negative Option offer that appeared on
  annualcreditreport.com without a check box shortly after discovering it in January
  2019.63
  The next month, TransUnion’s Chief Compliance Officer updated the A&C
  Committee about the PARR letter and TransUnion’s response. He reported that
  TransUnion was “in compliance with three of the four potential findings” in the
  PARR letter.64
  A few months later, TransUnion learned that the CFPB’s Office of
  Supervision & Examinations had referred the matter to its Office of Enforcement.65
  TransUnion management promptly relayed this development to the A&C Committee
  and the Board.66 The A&C Committee was also told that TransUnion had hired
  different outside counsel to engage with the CFPB.67
  62
  Id. at ‘620.
  63
  Id.
  64
  Defs.’ Ex. 29 (July 22, 2019 A&C Committee minutes) ‘859.
  65
  Compl. ¶ 102.
  66
  Id.; Defs.’ Ex. 31 (Oct. 21, 2019 A&C Committee minutes) ‘897.
  67
  Defs.’ Ex. 31 at ‘898.
  14
  G.     The CIDs and Steering Committee
  In October 2019, the CFPB issued a civil investigative demand (CID) to
  TransUnion, seeking information about the VantageScore Disclosure and Negative
  Option.68 In March 2020, a second CID was served that concerned TransUnion’s
  advertisements on annualcreditreport.com and legal advice relied upon in
  implementing the Compliance Plan.69 TransUnion produced materials in response
  to both CIDs and continued to engage with the CFPB.70 TransUnion management
  kept the A&C Committee and the Board apprised of these matters throughout the
  first quarter of 2020.71
  While the CFPB was investigating, TransUnion formed a Steering Committee
  composed of senior legal, compliance, and business personnel (including Danaher)
  to implement the Consent Order’s conduct requirements.72 The Steering Committee
  began its preliminary work in January 2020 and held its first meeting in April 2020.73
  By year end, TransUnion formed the Enterprise Risk Management Committee (the
  68
  Compl. ¶¶ 104, 116.
  69
  Id. ¶¶ 105, 116; Defs.’ Ex. 39 (CEO Board Report – Q1 2020) ‘034.
  70
  See Compl. ¶ 104.
  71
  Id. ¶¶ 105, 116; Defs.’ Ex. 32 (Feb. 13, 2020 A&C Committee minutes) ‘932; Defs.’ Ex.
  33 (CEO Board Report – Q4 2019) ‘967; Defs.’ Ex. 34 (Q1 2020 Board Meeting – Legal
  and Regulatory Update) ‘972; Defs.’ Ex. 35 (Feb. 27, 2020 Board minutes) ‘979; Defs.’
  Ex. 38 (May 2020 A&C Committee deck) ‘009; Defs.’ Ex. 39 at ‘034.
  72
  Compl. ¶ 118.
  73
  Defs.’ Ex. 36 (Apr. 3, 2020 Steering Committee memorandum) ‘991.
  15
  “ERM Committee”), which included TransUnion’s CEO and officers and received
  monthly updates on the Steering Committee’s progress.74
  H.     The NORA Letter
  On June 26, 2020, the CFPB issued a Notice of Opportunity to Respond and
  Advise (NORA) letter stating that it might pursue an enforcement action against
  TransUnion.75 Soon after, TransUnion management informed the A&C Committee
  that the company was preparing a response to the NORA letter and “seeking
  engagement with CFPB Senior Management in [an] effort to resolve the matter.”76
  In July 2020, TransUnion responded to the NORA letter.77 TransUnion
  management updated the A&C Committee on the response and TransUnion’s
  remediation efforts under the Consent Order, reporting that they were “targeting the
  end of the year” for completion.78 TransUnion tried to engage with the CFPB, met
  with the CFPB’s senior enforcement team in October 2020, and did not hear
  anything further from the CFPB until March 2021.79
  74
  Defs.’ Ex. 62 (“Revised Compliance Plan”) ‘723-24.
  75
  Compl. ¶ 116; Defs.’ Ex. 40 (July 2020 A&C Committee deck) ‘076.
  76
  Compl. ¶ 108; Defs.’ Ex. 40 at ‘076.
  77
  Defs.’ Ex. 42 (July 30, 2020 A&C Committee minutes) ‘088.
  78
  Compl. ¶ 108; Defs.’ Ex. 42 at ‘088.
  79
  Defs.’ Ex. 42 at ‘088; see also Defs.’ Ex. 43 (Aug. 5, 2020 general counsel presentation
  to Board) ‘093; Defs.’ Ex. 44 (Aug. 5, 2020 Board minutes) ‘106; Defs.’ Ex. 45 (Oct. 30,
  2020 A&C Committee presentation) ‘134; Defs.’ Ex. 46 (CEO Board Report – Q3 2020)
  ‘176; Defs.’ Ex. 47 (Nov. 11, 2020 Legal & Public Policy update) ‘181; Defs.’ Ex. 48 (Feb.
  16
  I.     The Subsequent CIDs and NORA Letter
  In March 2021, the CFPB issued two additional CIDs that sought more
  information about new Negative Option enrollments and TransUnion management’s
  knowledge of the Consent Order.80 Both the A&C Committee and the Board were
  informed about the CIDs at their next regularly scheduled meetings.81
  The CFPB issued another NORA letter in June 2021, which raised other
  allegations about TransUnion’s representations of consumer enrollment practices,
  credit monitoring products, and aspects of the Consent Order.82             The A&C
  Committee was told about this NORA letter at a meeting held the next month.83
  TransUnion responded to the NORA letter in August.84              Soon after,
  TransUnion management reported to the ERM Committee that they were
  “[d]eveloping [a] plan to address allegations [in the NORA letter] as appropriate.”85
  The Board received an update on the NORA letter later that month.86
  18, 2021 Legal & Public Policy update) ‘276; Defs.’ Ex. 49 (Feb. 2021 Q4 2020 Board
  Materials – Legal & Public Policy Update) ‘319.
  80
  Compl. ¶¶ 112; 116.
  81
  Id. ¶ 113; Defs.’ Ex. 52 (Apr. 29, 2021 A&C Committee deck) ‘338; Defs.’ Ex. 53 (CEO
  Board Report – Q1 2021) ‘441; Defs.’ Ex. 54 (May 11, 2021 Q1 2021 Board materials –
  Legal & Public Policy Update) ‘455; Defs.’ Ex. 55 (May 2021 Board minutes) ‘445.
  82
  Compl. ¶ 114; Defs.’ Ex. 56 (July 29, 2021 A&C Committee deck) ‘619, ‘621.
  83
  Defs.’ Ex. 57 (July 29, 2021 A&C Committee minutes) ‘616.
  84
  Defs.’ Ex. 58 (Aug. 10-11, 2021 Board minutes) ‘649.
  85
  Defs.’ Ex. 59 (Aug. 19, 2021 ERM Committee minutes) ‘701.
  86
  Compl. ¶ 114; Defs.’ Ex. 58 at ‘649.
  17
  J.        The Revised Compliance Plan
  On August 19, 2021, the A&C Committee met to discuss the latest NORA
  letter and TransUnion’s response.87 At the meeting, the A&C Committee reviewed
  a timeline of TransUnion’s actions to comply with the Consent Order and a revised
  Compliance Plan (the “Revised Compliance Plan”) that would be submitted to the
  CFPB.88 The A&C Committee endorsed the Revised Compliance Plan, which
  outlined how TransUnion had addressed each of the Consent Order’s conduct
  provisions.89
  Regarding the Negative Option, the Revised Compliance Plan explained that
  TransUnion had moved to eliminate such features as early as December 2016, taken
  additional steps to address their usage on annualcreditreport.com, and resolved
  “process gaps that enabled consumers to continue to enroll via Negative Options as
  a result of legacy ‘offer codes.’”90 TransUnion further described its ongoing and
  “regular reporting to monitor the creation of new offer codes, the performance of
  existing offer codes and to verify that the decommissioning process was effective.”91
  87
  Defs.’ Ex. 60 (Aug. 19, 2021 A&C Committee minutes) ‘721.
  88
  Id.; Defs.’ Ex. 61 (Timeline: TransUnion January 3, 2017 Consent Order Compliance).
  89
  Defs.’ Ex. 60 at ‘721.
  90
  Revised Compliance Plan ‘725.
  91
  Id. at ‘726.
  18
  As to the VantageScore Disclosure, TransUnion explained its position on the
  language used and invited the CFPB to discuss “any remaining concerns . . . .”92
  TransUnion confirmed that the VantageScore Disclosure and “What You Need to
  Know” header “w[ould] be included on all new webpages, including through the
  marketing checklist that [its] Marketing Team must submit prior to releasing new or
  making changes to existing marketing materials . . . .”93
  The Revised Compliance Plan also addressed TransUnion’s compliance
  reporting structure. It highlighted the Board’s oversight of TransUnion’s response
  to the Consent Order, the work of the Steering Committee, and the ERM
  Committee’s receipt of “monthly status updates regarding Consent Order
  compliance.”94 TransUnion offered to “submit to the [CFPB] additional Compliance
  Reports or other requested information under penalty of perjury, provide sworn
  testimony, or produce documents within 30 days of receipt of a written request from
  the [CFPB].”95
  The Revised Compliance Plan noted that TransUnion had “received no
  comments from the [CFPB] regarding its original Compliance Plan, notwithstanding
  92
  Id. at ‘728.
  93
  Id. at ‘729.
  94
  Id. at ‘723-24.
  95
  Id. at ‘733.
  19
  [TransUnion’s] numerous requests for feedback on any deficiencies or non-
  objection over the course of the last four years.”96
  K.        The Federal Litigation
  In September 2021, the CFPB sent TransUnion a proposed settlement term
  sheet addressing consumer redress, civil monetary penalties, and injunctive relief
  against TransUnion and certain of its officers. TransUnion management explained
  their assessment of the proposal to the Board at a meeting the next month.97
  TransUnion and the CFPB exchanged additional settlement proposals, and the Board
  discussed each one.98
  While settlement discussions of the regulatory investigation continued, the
  CFPB commenced litigation against TransUnion, its subsidiaries, and Danaher in
  the United States District Court for the Northern District of Illinois in April 2022
  (the “Federal Action”).99 In the Federal Action, the CFPB seeks to enforce specific
  terms of the Consent Order and brings claims for violations of the Consumer
  96
  Id. at ‘723.
  97
  Defs.’ Ex. 63 (Oct. 10, 2021 Board minutes) ‘825.
  98
  Id.; Defs.’ Ex. 64 (Oct. 28, 2021 A&C Committee presentation) ‘910; Defs.’ Ex. 65
  (Nov. 9-10, 2021 Board minutes) ‘033; Defs.’ Ex. 66 (Feb. 23, 2022 A&C Committee
  minutes) ‘275.
  99
  Compl., CFPB v. TransUnion, LLC, et al., No. 1:22-cv-01880 (N.D. Ill. 2022).
  20
  Financial Protection Act, the Electronic Fund Transfer Act, and the Fair Credit
  Reporting Act.100
  The CFPB issued two additional NORA letters to TransUnion in March and
  August 2022 about matters related to the Federal Action and the marketing practices
  at issue in this suit.
  In November 2022, TransUnion’s motion to dismiss the Federal Action was
  denied.101 The court rejected TransUnion’s argument that the CFPB’s statement of
  non-objection was “a condition precedent to the enforceability of the Consent Order
  as a whole.”102
  The Federal Action remains pending.
  L.        This Litigation
  On November 30, 2022, TransUnion stockholder Richard Delman filed a
  derivative action in this court.103 The suit followed TransUnion’s production of
  books and records in response to Delman’s Section 220 demand. 104 In December,
  2022, stockholder Donna Nicosia filed a near-identical complaint.105 A week later,
  100
  See id.
  101
  Consumer Fin. Prot. Bureau v. TransUnion, 641 F. Supp.3d 474, 478 (N.D. Ill. 2022)
  (denying TransUnion and Danaher’s motions to dismiss).
  102
  Id. at 479.
  103
  Dkt. 1.
  104
  Compl. at 1.
  105
  Compl. ¶ 21.
  21
  stockholder Charles R. Blackburn entered an appearance as an interested party and
  told the court of his pending Section 220 demand.106
  On January 31, 2023, the court consolidated Delman and Nicosia’s suits and
  added Blackburn as a plaintiff.107 The plaintiffs filed a consolidated complaint on
  March 31, 2023.108 After the defendants moved to dismiss on June 2, 2023, the
  plaintiffs filed the operative Complaint on August 1, 2023.109
  On October 2, 2023, the defendants moved to dismiss the Complaint.110
  Briefing was completed on January 12, 2024.111 Oral argument on the motion to
  dismiss was held on June 7, 2024.112
  II.       LEGAL ANALYSIS
  The Complaint lists two counts but advances one claim.       Count I is a
  derivative claim for breach of fiduciary duty against present and former Board
  members.113 Count II is a request for a mandatory injunction “reforming the manner
  106
  Dkts. 6, 7.
  107
  Dkt. 9.
  108
  Dkt. 10.
  109
  Dkts. 14, 27.
  110
  Dkt. 29.
  111
  Dkt. 43.
  112
  Dkt. 54.
  113
  Compl. ¶¶ 151-59.
  22
  in which the Board oversees [TransUnion’s] legal and regulatory obligations in the
  area of consumer law.”114 “Injunctions are a form of relief, not a cause of action.”115
  The defendants have moved to dismiss the Complaint under Court of
  Chancery Rule 23.1 for failure to plead demand excusal and under Rule 12(b)(6) for
  failure to state a claim upon which relief can be granted.116 In the alternative, they
  seek a stay in favor of the Federal Action.
  The requirements of Rule 23.1 apply to derivative actions where stockholders
  seek to usurp the board’s authority to control a corporate litigation asset.117 Rule
  23.1 sets heightened pleading requirements for derivative claims “to prevent abuse
  and to promote intracorporate dispute resolution.”118 A stockholder must “allege
  114
  Compl. ¶ 20.
  115
  Quadrant Structured Prods. Co. v. Vertin, 

  102 A.3d 155

  , 203 (Del. Ch. 2014).
  Defs.’ Opening Br. in Supp. of Their Mot. to Dismiss or Stay Proc. (Dkt. 31) (“Defs.’
  116
  Opening Br.”) 1-2.
  117
  See In re GoPro, Inc. S’holder Deriv. Litig., 

  2020 WL 2036602

  , at *8 (Del. Ch. Apr.
  28, 2020) (observing “a presumption” that directors have managerial authority over
  corporate affairs); FLI Deep Marine LLC v. McKim, 

  2009 WL 1204363

  , at *2 (Del. Ch.
  Apr. 21, 2009) (“The decision to bring or to refrain from bringing suit on behalf of a
  corporation is the responsibility of the board of directors.” (citing 8 Del. C. § 141(a))).
  118
  Pogostin v. Rice, 

  480 A.2d 619

  , 624 (Del. 1984), overruled on other grounds by Brehm
  v. Eisner, 

  746 A.2d 244

   (Del. 2000).
  23
  with particularity the efforts, if any” made to obtain the desired board-level action
  and the reasons for her “failure to obtain the action or for not making the effort.”119
  The plaintiffs here declined to make a pre-suit demand on the Board. They
  assert that demand would be futile because a majority of the Board members could
  not impartially consider a demand.120
  In assessing demand futility, the court “is confined to the well-pleaded
  allegations in the Complaint, the documents incorporated into the Complaint by
  reference, and facts subject to judicial notice . . . .”121 Facts are considered “in their
  totality” and all reasonable inferences are drawn in the plaintiffs’ favor.122
  Conclusory allegations “are not considered as expressly pleaded facts or factual
  inferences.”123
  The plaintiffs assert that the summary judgment standard should apply instead
  since the defendants rely on extraneous documents.124 But TransUnion’s Section
  119
  Ct. Ch. R. 23.1; see Brehm, 746 A.2d at 254 (“Rule 23.1 is not satisfied by conclusory
  statements or mere notice pleading.”).
  120
  Compl. ¶ 19.
  121
  In re Kraft Heinz Co. Deriv. Litig., 

  2021 WL 6012632

  , at *4 (Del. Ch. Dec. 15, 2021)
  (citing White v. Panic, 

  783 A.2d 543

  , 546-47 (Del. 2001)), aff’d, 

  282 A.3d 1054

   (Del.
  2022) (TABLE).
  122
  Del. Cty. Emps. Ret. Fund v. Sanchez, 

  124 A.3d 1017

  , 1019 (Del. 2015).
  123
  Brehm, 746 A.2d at 255.
  124
  See Pls.’ Answering Br. in Opp’n to Defs.’ Mot. to Dismiss (Dkt. 37) (“Pls.’ Answering
  Br.”) 25-27.
  24
  220 production is incorporated by reference into the Complaint.125 The court can
  evaluate whether the plaintiffs have taken these documents out of context or ignored
  them entirely.126 There are no grounds to convert the defendants’ motion to dismiss
  into one for summary judgment.
  A.    The Fiduciary Duty Claim
  The plaintiffs allege that a majority of the Board members “either knowingly
  permitted [TransUnion] to repeatedly violate the Consent Order . . . or chose to bury
  their heads in the sand and to ignore [TransUnion’s] continuing illegal conduct . . .
  despite the knowable and grave risks raised by such improper conduct . . . .”127 The
  plaintiffs believe that their allegations support two distinct claims: one akin to the
  Court of Chancery’s decision in Massey and another under Caremark.128 For their
  so-called “Massey claim,” they allege that the Board knew the Consent Order was
  125
  See Defs.’ Ex. 1 ¶ 10 (confidentiality agreement stating that TransUnion’s Section 220
  production “shall be deemed incorporated by reference into the operative version of the
  complaint”); see also Amalgamated Bank v. Yahoo!, Inc., 

  132 A.3d 752

  , 797-98 (Del. Ch.
  2016), abrogated on other grounds by Tiger v. Boast Apparel, Inc., 

  214 A.3d 933

   (Del.
  2019); supra note 1.
  126
  See Okla. Firefighters Pension & Ret. Sys. v. Corbat, 

  2017 WL 6452240

  , at *16 (Del.
  Ch. Dec. 18, 2017) (“[T]he documents incorporated by reference in the Complaint make
  clear that the Plaintiffs’ narrative is unsupported by the materials on which they relied in
  drafting their pleading.”); Newman v. KKR Phorm Invs., L.P., 

  2023 WL 5624167

  , at *4
  (Del. Ch. Sept. 5, 2023) (noting that Section 220 documents “necessarily shape the range
  and outcomes of pleading-stage inferences”) (citation omitted).
  127
  Compl. ¶ 153.
  128
  Pls.’ Answering Br. 27 (“The Complaint sufficiently pleads both Massey and Caremark
  claims.”).
  25
  being violated but chose to prioritize profits over compliance.129 For their Caremark
  claim, they assert that the Board ignored red flags marking violations of the Consent
  Order.130 By this logic, the court would run the same allegations about the same
  facts through two separate doctrinal rubrics to see if one sticks.
  Neither precedent nor logic supports the bright line the plaintiffs work to draw
  between Caremark and Massey. Both of the plaintiffs’ theories draw on the
  obligation of boards to take corporate compliance seriously. Directors who try to
  fulfill their oversight duties in good faith are not liable under either formulation
  advanced by the plaintiffs.
  I begin by briefly exploring the legal landscape framing the plaintiffs’ claim.
  I then consider how their claim should be examined. And I end by addressing
  whether the plaintiffs have adequately pleaded that a majority of the Board faces a
  substantial likelihood of liability for the claim. I conclude that they have not.
  1.     The Plaintiffs’ Legal Theories
  In his iconic Caremark decision, Chancellor Allen spurred directors to be
  heedful of their “duty to attempt in good faith to assure that a corporate information
  and reporting system, which the board concludes is adequate, exists . . . .”131 There,
  129
  Compl. ¶¶ 94, 98, 100.
  130
  Id. ¶¶ 16, 102, 131, 156.
  131
  In re Caremark Int’l Inc. Deriv. Litig., 

  698 A.2d 959

  , 970 (Del. Ch. 1996).
  26
  the nominal defendant had paid substantial fines after sales and marketing
  employees were found to be bribing doctors to use its products. The directors were
  disinterested and independent, with no involvement in the underlying wrongdoing.
  But Chancellor Allen observed that the directors’ distance from the misconduct did
  not grant them license to turn a blind eye.
  “[T]he Caremark decision is rightly seen as a prod towards the greater
  exercise of care by directors in monitoring their corporations’ compliance with legal
  standards[.]”132 It stems from the core mandate in 8 Del. C. § 141(a) that the board
  is charged with overseeing the corporation’s business and affairs. Delaware law
  presumes that directors are discharging this responsibility in good faith and with
  reasonable care, even if their actions turn out poorly in hindsight.133
  Thus, the threshold for liability based on failed oversight “is quite high” and
  requires a “lack of good faith as evidenced by sustained or systematic failure of a
  director to exercise reasonable oversight.”134 Directors who “try” to implement and
  attend to a “reasonable board-level system of monitoring and reporting” have met
  132
  Guttman v. Huang, 

  823 A.2d 492

  , 506 (Del. Ch. 2003).
  133
  See Aronson v. Lewis, 

  473 A.2d 805

  , 812 (Del. 1984) (“It is a presumption that in
  making a business decision the directors of a corporation acted on an informed basis, in
  good faith and in the honest belief that the action taken was in the best interests of the
  company.”) overruled on other grounds by Brehm, 

  746 A.2d 244

  .
  134
  Caremark, 

  698 A.2d at 971

  ; 

  id. at 967

   (observing that a claim for failed oversight is
  “possibly the most difficult theory in corporation law upon which a plaintiff might hope to
  win a judgment”).
  27
  their baseline duty.135 Though directors may strive to exceed this bar, they cannot
  be held liable unless their conduct falls beneath it.
  Ten years after Caremark, the Delaware Supreme Court confirmed the
  stringent liability standard applicable to a claim for absent oversight. In Stone v.
  Ritter, the court observed that this claim requires “a showing of bad faith conduct”
  breaching a director’s duty of loyalty.136 It cautioned that a Caremark claim cannot
  lie where a plaintiff, “[w]ith the benefit of hindsight . . . seeks to equate a bad
  outcome with bad faith.”137 Directors may face liability only where a plaintiff shows
  “that the directors knew that they were not discharging their fiduciary
  obligations.”138
  The court in Stone articulated “the necessary conditions predicate for director
  oversight liability . . . .”139 These conditions have come to be called the two “prongs”
  of Caremark.140 They arise when: “(a) the directors utterly failed to implement any
  135
  Marchand v. Barnhill, 

  212 A.3d 805

  , 821 (Del. 2019).
  136
  Stone v. Ritter, 

  911 A.2d 362

  , 369-70 (Del. 2006).
  137
  Id. at 373.
  138
  Id. at 370.
  139
  Id.
  140
  See Constr. Indus. Laborers Pension Fund ex rel. SolarWinds Corp. v. Bingle, 

  2022 WL 4102492

  , at *6 (Del. Ch. Sept. 6, 2022), aff’d, 

  297 A.3d 1083

   (Del. 2023) (TABLE).
  28
  reporting or information system or controls; or (b) having implemented such a
  system or controls, consciously failed to monitor or oversee its operations . . . .”141
  In Massey, then-Vice Chancellor Strine was faced with an extreme version of
  these scenarios.142 There, stockholders asserted that the director defendants had, in
  agreeing to a merger, failed to secure sufficient value for derivative claims arising
  from a massive coal mine explosion that killed 29 workers. The derivative claims
  not only alleged that the company’s directors and officers failed to make a good faith
  effort to ensure that mining safety laws were complied with. They also went further,
  accusing the directors and officers of knowingly breaking applicable safety laws to
  prioritize coal production and profits.143
  But Massey did not create a separate claim untethered from those explored in
  Caremark and Stone.144 All flow from the most basic obligation of directors and
  officers: to ensure that, in seeking profit, a corporation conducts lawful business by
  141
  Stone, 911 A.2d at 370.
  142
  In re Massey Energy Co., 

  2011 WL 2176479

   (Del. Ch. May 31, 2011).
  143
  Id. at *19.
  144
  See Lebanon Cnty. Emps. Ret. Fund v. Collis, 

  311 A.3d 773

  , 780 n.17 (Del. 2023)
  (declining to recognize that Massey “established a freestanding claim independent of
  Caremark”); see also McElrath v. Kalanick, 

  2019 WL 1430210

  , at *13 (Del. Ch. Apr. 1,
  2019) (describing “Massey and similar progeny of Caremark”); Firefighters Pension Sys.
  of Kansas City v. Found. Bldg. Materials, Inc., 

  318 A.3d 1105

  , 1182 (Del. Ch. 2024)
  (describing Massey as a “sibling theory” of Caremark); City of Detroit Police and Fire Ret.
  Sys. v. Hamrock, 

  2022 WL 2387653

  , at *17 (Del. Ch. June 30, 2022) (addressing a claim
  styled as a Massey theory under the Caremark doctrine).
  29
  lawful means.145 Loyal fiduciaries must endeavor in good faith to maintain the
  corporation’s fidelity to its material legal duties.146 If they intentionally fail to do
  so, personal liability for breach of fiduciary duty may follow.
  Although claims for breaching this oversight duty concern diverse fact
  patterns, they are pleaded in three typical ways.
  At the extreme end of the spectrum is a claim that directors and officers
  purposely caused the corporation to break the law in pursuit of greater profits. The
  145
  See 8 Del. C. § 101(b) (“A corporation may be incorporated or organized under this
  chapter to conduct or promote any lawful business or purposes . . . .”); id. § 102(a)(3) (“It
  shall be sufficient to state . . . that the purpose of the corporation is to engage in any lawful
  act or activity for which corporations may be organized . . . and by such statement all lawful
  acts and activities shall be within the purposes of the corporation . . . .”); Massey, 

  2011 WL 2176479

  , at *20 (“Delaware law allows corporations to pursue diverse means to make a
  profit, subject to a critical statutory floor, which is the requirement that Delaware
  corporations only pursue ‘lawful business’ by ‘lawful acts.’”); Desimone v. Barrows, 

  924 A.2d 908

  , 934 (Del. Ch. 2007) (“Although directors have wide authority to take lawful
  action on behalf of the corporation, they have no authority knowingly to cause the
  corporation to become a rogue, exposing the corporation to penalties from criminal and
  civil regulators.”); see also Leo E. Strine, Jr., Kirby M. Smith & Reilly S. Steel, Caremark
  and ESG, Perfect Together: A Practical Approach to Implementing an Integrated, Efficient
  and Effective Caremark and EESG Strategy, 

  106 Iowa L. Rev. 1885

  , 1893 (2021)
  (describing “the first principle of corporate law: corporations may only conduct lawful
  business by lawful means”).
  146
  E.g., Desimone, 

  924 A.2d at 934-35

   (“The knowing use of illegal means to pursue profit
  for the corporation is director misconduct.”); Metro Commc’n Corp. BVI v. Advanced
  Mobilecomm Techs. Inc., 

  854 A.2d 121

  , 131 (Del. Ch. 2004) (“Under Delaware law, a
  fiduciary may not choose to manage an entity in an illegal fashion, even if the fiduciary
  believes that the illegal activity will result in profits for the entity.”); Massey, 

  2011 WL 2176479

  , at *20 (“[A] fiduciary cannot be loyal to a Delaware corporation by knowingly
  causing it to seek profit by violating the law.”); In re Walt Disney Co. Deriv. Litig., 

  906 A.2d 27

  , 67 (Del. 2006) (explaining that where “[a] fiduciary acts with the intent to violate
  positive law,” she violates the duty of loyalty) (citation omitted).
  30
  alleged flouting of mine safety laws to lower costs and raise earnings at the expense
  of worker safety in Massey is one example. Other cases in this vein have addressed
  allegations about illegal but profitable business practices that led to criminal
  sanctions and employee or consumer deaths.147 These are meaningful—not trifling
  or technical—violations of laws integral to the company’s operations.
  The second scenario involves a claim that the board knowingly failed to
  implement a system to monitor legal compliance. This obligation was recognized
  in Caremark, where Chancellor Allen admonished directors to implement a
  reasonable reporting system allowing information about significant risks to the
  business to reach the board level. These are known as Caremark “prong one” claims,
  based on the first necessary condition to oversight liability recognized in Stone.148
  The Delaware Supreme Court’s decision in Marchand, where the directors of an ice
  147
  E.g., La. Mun. Police Emps.’ Ret. Sys. v. Pyott, 

  46 A.3d 313

  , 356 (Del. Ch. 2012)
  (holding that the plaintiffs had pleaded a Caremark claim based on allegations that the
  board approved an illegal business plan and the company “pled guilty to criminal
  misdemeanor [and] . . . paid criminal fines of $375 million”), rev’d on other grounds, 

  74 A.3d 612

   (Del. 2013); Ontario Provincial Council of Carpenters’ Pension Tr. Fund v.
  Walton, 

  2023 WL 3093500

  , at *48 (Del. Ch. Apr. 26, 2023) (holding that directors faced a
  substantial likelihood of liability where the board did not cause the company to change
  business practices for the distribution of prescription opioids despite the threat of a criminal
  indictment).
  148
  See Stone, 911 A.2d at 370; Firemen’s Ret. Sys. of St. Louis ex rel. Marriott Int’l, Inc.
  v. Sorenson, 

  2021 WL 4593777

  , at *12 (Del. Ch. Oct. 5, 2021) (“For directors to face
  liability under Caremark’s first prong, a plaintiff must show that the director made no good
  faith effort to ensure the company had in place any system of controls.”) (citation omitted).
  31
  cream company allegedly made no effort to monitor compliance with essential food
  safety laws, is an example.149
  The third situation has shades of the other two. A board that adopts a reporting
  system must monitor it and make a good-faith effort to address identified risks.150 A
  conscious failure to do so may support a claim under “prong two” of Caremark—
  the second necessary condition to oversight liability recognized in Stone.151 For
  liability to attach, the risks identified and ignored cannot be business matters on
  which deference to the directors’ decision-making is owed.152 They must be legal
  violations so obvious and material that disregarding them amounts to bad faith.153
  149
  212 A.3d at 824 (“In Blue Bell’s case, food safety was essential and mission critical.
  The complaint pled facts supporting a fair inference that no board-level system of
  monitoring or reporting on food safety existed.”); see also In re Boeing Co. Deriv. Litig.,
  

  2021 WL 4059934

  , at *26 (Del. Ch. Sept. 7, 2021) (holding that demand was excused
  where the board allegedly failed to establish a reporting system for airplane safety risks).
  150
  See Stone, 911 A.2d at 373; Corbat, 

  2017 WL 6452240

  , at *17.
  151
  See Stone, 911 A.2d at 370.
  152
  See In re Citigroup Inc. S’holder Deriv. Litig., 

  964 A.2d 106

  , 125 (Del. Ch. 2009)
  (remarking that lowering the bar for Caremark liability to include business risks would
  “eviscerate the core protections of the business judgment rule—protections designed to
  allow corporate managers and directors to pursue risky transactions without the specter of
  being held personally liable if those decisions turn out poorly”); In re ProAssurance Corp.
  S’holder Deriv. Litig., 

  2023 WL 6426294

  , at *14 (Del. Ch. Oct. 2, 2023) (discussing the
  difference between legal and business risks under Caremark).
  153
  See, e.g., David B. Shaev Profit Sharing Acct. v. Armstrong, 

  2006 WL 391931

  , at *5
  (Del. Ch. Feb. 13, 2006) (stating that allegations that a board “had notice of serious
  misconduct and simply failed to investigate . . . would survive a motion to dismiss, even if
  the committee or board was well constituted and was otherwise functioning”), aff’d, 

  911 A.2d 802

   (Del. 2006) (TABLE).
  32
  Although categorizing these claims is helpful, it is incidental to the bottom-
  line principles underpinning them. Each is rooted in the fundamental rule that
  Delaware corporations operate lawfully. Each requires a showing that directors
  utterly failed to oversee the corporation’s compliance with the material laws
  constraining it. And for each, a sincere effort by directors to fulfill their oversight
  duties removes the potential for personal liability.
  2.   The Plaintiffs’ Claim
  With that framing, I consider where the plaintiffs’ claim falls along the
  continuum of Caremark and its progeny.
  The plaintiffs’ lead argument is that the Board “resisted the terms of the
  Consent Order” by waiting to implement remedial efforts based on “knowingly
  incorrect and unsupported” legal advice.154 In an effort to analogize to Massey, the
  plaintiffs assert that the Board “allowed [TransUnion’s] pursuit of profits to take
  precedence over its legal compliance.”155 At the same time, they contend that the
  Board is liable under the second prong of Caremark for consciously disregarding
  TransUnion’s non-compliance with the Consent Order.156 The latter argument
  154
  Pls.’ Answering Br. 30.
  155
  

  Id.

   at 39 (citing Compl. ¶¶ 37-44, 87-88, 93-94, 99-100).
  156
  Id. at 45.
  33
  stands in tension with the former, since the same conduct would reflect action and
  inaction. It cannot logically be both.
  One must wonder, then, why the plaintiffs make a full-throated pitch for the
  most extreme iteration of a failed oversight claim—affirmative lawbreaking for
  profit—over a missing check box, the use of “may not” versus “not likely,” and the
  wrong font size. This is hardly Massey. Their reasoning seems to be the following.
  The Complaint acknowledges that the Board took steps to comply with the Consent
  Order, which undermines the plaintiffs’ Caremark prong two theory. There were,
  however, some potential gaps between TransUnion’s compliance and the Consent
  Order’s terms. The plaintiffs therefore insist that the Board’s knowledge of these
  alleged flaws supports a reasonable inference that it encouraged TransUnion to
  violate the Consent Order.
  This view turns Caremark jurisprudence on its head. Delaware courts have
  consistently held that imperfect attempts at compliance are not indicative of bad
  faith.157 A weak “prong two” theory cannot morph into Massey-like purposeful
  157
  E.g., Horman v. Abney, 

  2017 WL 242571

  , at *11 (Del. Ch. Jan. 19, 2017); Sorenson,
  

  2021 WL 4593777

  , at *16 (“[A]n attempted yet failed remediation effort generally cannot
  implicate bad faith.”); Richardson v. Clark, 

  2020 WL 7861335

  , at *11 (Del. Ch. Dec. 13,
  2020) (granting a motion to dismiss where the “[d]efendants acknowledge[d] that
  [corporate] services were being used to launder money and commit fraud” and “[i]n
  response, per the [p]laintiff’s own allegations, . . . took action”).
  34
  lawbreaking simply because the directors’ good faith efforts ultimately fell short of
  positive law.
  Regardless of the nomenclature applied, the claim presented is deficient. The
  Complaint details the Board’s knowledge of the Consent Order and of TransUnion’s
  efforts to comply with it, which erodes any reasonable inference of bad faith. The
  plaintiffs’ second-guessing of the speed and thoroughness of TransUnion’s response
  amounts to the sort of backward-looking critiques warned of in Stone.158
  B.     The Demand Futility Analysis
  To survive the defendants’ Rule 23.1 motion, the plaintiffs must plead
  particularized facts supporting a reasonable inference that a majority of the Board
  acted in bad faith. “In this context, bad faith means ‘the directors were conscious of
  the fact that they were not doing their jobs, and that they ignored red flags indicating
  misconduct in defiance of their duties.’”159 No such facts are found in the Complaint.
  The plaintiffs’ allegations fall into two main periods: before and after the May
  2019 receipt of the PARR letter. In the first, the plaintiffs question TransUnion’s
  delay in implementing the Compliance Plan. In the second, they criticize how
  TransUnion interpreted the Consent Order. I consider each in turn.
  158
  Stone, 911 A.2d at 373 (“[T]he directors’ good faith exercise of oversight responsibility
  may not invariably prevent employees from violating criminal laws, or from causing the
  corporation to incur significant financial liability, or both.”).
  159
  Horman, 

  2017 WL 242571

  , at *10 (quoting Armstrong, 

  2006 WL 391931

  , at *5).
  35
  1.    Pre-May 2019 Events
  The Board knew that the Consent Order required TransUnion to make changes
  to its VantageScore Disclosure and Negative Option usage.160 But according to the
  plaintiffs, the Board “resisted” these obligations.161 Instead, it allegedly “hid[]
  behind” outside counsel’s “knowingly incorrect and unsupported” interpretation of
  the Consent Order and failed to correct TransUnion’s violations for over two
  years.162
  No reasonable inference of bad faith can arise from these facts. That is so for
  at least two reasons.
  First, the plaintiffs’ charge is belied by TransUnion’s immediate efforts to
  comply with the Consent Order.             Before the Consent Order’s effective date,
  TransUnion removed the Negative Option from its website.163 In January 2017,
  TransUnion made it easier for consumers to cancel orders or services through an
  online cancellation feature.164 TransUnion promptly paid the requisite $3 million
  civil penalty to the CFPB and deposited $13.9 million of redress funds into an
  160
  Compl. ¶¶ 5, 7, 70-74; see Consent Order ¶¶ 3(h), 40.
  161
  Pls.’ Answering Br. 30; see Compl. ¶¶ 9-13.
  162
  Pls.’ Answering Br. 30-31; see Compl. ¶¶ 16, 99, 116.
  163
  Response to PARR Letter ‘620.
  164
  

  Id.

   at ‘619.
  36
  account for affected consumers.165 It prepared and submitted a Redress Plan to the
  CFPB, which was implemented after the CFPB issued a statement of non-objection
  in November 2017.166 The Board and A&C Committee were kept apprised of these
  steps throughout.167
  The plaintiffs concede that TransUnion “actually began partially
  implementing the Order almost immediately . . . .”168 They insist that further
  remediation efforts were “stopped” because TransUnion “noticed that compliance
  with the [Consent] Order was decreasing the company’s revenue.”169 But an
  inadequate, delayed, or misguided response to red flags cannot support a claim for
  breach of the duty of loyalty—no matter how it is categorized.170 The conduct
  165
  Defs.’ Ex. 4 (Feb. 9, 2017 A&C Committee deck) ‘304.
  166
  Defs.’ Ex. 12 at ‘562; Defs.’ Ex. 13 at ‘614; Defs.’ Ex. 14 at ‘571; Defs.’ Ex. 67
  (TransUnion Redress Plan); Defs.’ Ex. 68 (Aug. 1, 2017 Letter from CFPB to TransUnion).
  167
  See, e.g., Defs.’ Ex. 4; Defs.’ Ex. 6 (Feb. 28, 2017 Board minutes); Defs.’ Ex. 7 (Apr.
  24, 2017 A&C Committee deck); Defs.’ Ex. 15 at ‘543-44; Defs.’ Ex. 17 (July 24, 2017
  A&C Committee deck) ‘420, ‘435; Defs.’ Ex. 20 (Oct. 23, 2017 A&C Committee deck)
  ‘482-83, ‘486; Defs.’ Ex. 21 (CEO Board Report – Q3 2017) ‘507.
  168
  Compl. ¶ 99(a).
  169
  

  Id.

  170
  See Melbourne Mun. Firefighters’ Pension Tr. Fund v. Jacobs, 

  2016 WL 4076369

  , at
  *9 (Del. Ch. Aug. 1, 2016) (“Simply alleging that a board incorrectly exercised its business
  judgment and made a ‘wrong’ decision in response to red flags . . . is insufficient to plead
  bad faith.”); see also Sorenson, 

  2021 WL 4593777

  , at *16 (dismissing a Caremark claim
  where the directors were informed that remedial actions were taken to address known data
  security issues though “the implementation plan was probably too slow”).
  37
  described in the Complaint is far from an “intentional dereliction of duty,”171 much
  less “law-flouting.”172
  Second, it cannot fairly be inferred that the Board relied on counsel in bad
  faith. The outside counsel in question was a former a CFPB enforcement attorney.173
  She advised TransUnion that it could wait to implement the Compliance Plan until
  it received the CFPB’s statement of non-objection. The Consent Order states that
  TransUnion was obligated to implement the steps listed in its Compliance Plan
  “[a]fter receiving notification that the [CFPB] ha[d] made a determination of non-
  objection.”174 This advice was relayed to the Board at least five times by Blenke,
  TransUnion’s General Counsel.175
  In May 2019, TransUnion learned through the PARR letter that the CFPB
  disagreed with this interpretation of the Consent Order.176 But whether counsel’s
  advice proved correct is beside the point. There are no particularized facts in the
  Complaint supporting a reasonable inference that the Board’s reliance on the advice
  171
  Boeing, 

  2021 WL 4059934

  , at *25.
  172
  Massey, 

  2011 WL 2176479

  , at *20.
  173
  See Compl. ¶ 129; Defs.’ Ex. 19; Defs.’ Opening Br. 13.
  174
  Consent Order ¶ 43. The CFPB provided a statement of non-objection regarding the
  Redress Plan. See supra 9-10.
  175
  E.g., Defs.’ Ex. 8 (Apr. 28, 2017 memorandum from J. Blenke to Board) ‘399; Defs.’
  Ex. 11 at ‘514; Defs.’ Ex. 14 at ‘571; Defs.’ Ex. 18 at ‘454; Defs.’ Ex. 25 at ‘613.
  176
  Compl. ¶ 97.
  38
  suggests a breach of its duty of loyalty. Under 8 Del. C. § 141(e), directors are “fully
  protected in relying in good faith” on professionals and experts “selected with
  reasonable care . . . .”177
  2.      Post-May 2019 Events
  Most of the plaintiffs’ allegations post-date TransUnion’s receipt of the PARR
  letter.178 According to the Complaint, the PARR letter put the Board on notice of
  ongoing Consent Order violations.179 The series of CIDs, NORA letters, and CFPB
  investigations        that followed   allegedly   underscored     this   continued    non-
  compliance.180 The plaintiffs assert that the Board nevertheless “purposely avoided
  any effort to bring TransUnion into compliance . . . to maintain [certain] revenue
  streams.”181 This conclusion lacks well-pleaded support.
  177
  8 Del C. § 141(e); see also Cinerama, Inc. v. Technicolor, Inc., 

  663 A.2d 1134

  , 1142
  (Del. Ch. 1994) (explaining that directors are presumed to act in good faith when relying
  on “the written or oral advice or opinions of any professionals and experts who are selected
  with reasonable care and are reasonably believed to be acting within the scope of their
  expertise” (citation omitted)), aff’d, 

  663 A.2d 1156

   (Del. 1995); cf. In re Chemours Co.
  Deriv. Litig., 

  2021 WL 5050285

  , at *20 (Del. Ch. Nov. 1, 2021).
  178
  See Compl. ¶ 13 (alleging that the CFPB did not inform TransUnion of supposed
  violations of the Consent Order until May 2019).
  179
  Compl. ¶¶ 38, 100-01; see PARR Letter ‘615-16.
  180
  Compl. ¶ 116.
  181
  Pls.’ Answering Br. 40.
  39
  a.       PARR Letter
  The May 2019 PARR letter informed the Board of the CFPB’s preliminary
  view that TransUnion was non-compliant with the Consent Order.182 It invited
  TransUnion to “provide a response setting forth any reasons of fact, law, or policy
  as to why the CFPB should not take action against TransUnion.”183
  TransUnion did so two weeks later. It told the CFPB that despite never
  receiving any feedback or non-objection to the Compliance Plan submitted in June
  2017, it had made “significant efforts to comply with the conduct provisions of the
  Consent Order.”184 TransUnion said that it was “committed to working with the
  [CFPB] to demonstrate full compliance with the language and spirit of the Consent
  Order.”185
  The plaintiffs assert that two types of “gross violations” of the Consent
  Order’s conduct provisions remained—one concerning the VantageScore Disclosure
  and another concerning the Negative Option.186 They allege that despite learning
  about TransUnion’s breaches of these provisions, the Board remained disobedient.187
  182
  Compl. ¶ 116 (outlining multiple alleged “red flags”).
  183
  PARR Letter ‘616.
  184
  Response to PARR Letter ‘618-19.
  185
  

  Id.

   at ‘620.
  186
  Pls.’ Answering Br. 34.
  187
  Id. at 40.
  40
  But the Complaint and documents it incorporates indicate that the Board oversaw
  and understood that management was working to correct both the VantageScore
  Disclosure and Negative Option.188
  i.       VantageScore Disclosure
  The Consent Order required TransUnion to make two changes to its
  VantageScore Disclosure.              First, TransUnion agreed the disclosure would
  “substantially state[]” that VantageScore was “not likely to be the same score used
  by lenders or other commercial users for credit decisions.”189 Second, TransUnion
  agreed to provide a “What You Need to Know” header above the disclosure in a font
  double the rest of the text.190
  The PARR letter expressed the CFPB’s view that these requirements were
  unmet. One identified issue was TransUnion’s use of the phrase “may not” rather
  188
  E.g., Defs.’ Ex. 30 (Aug. 7, 2019 Board minutes) ‘862; e.g., Sorenson, 

  2021 WL 4593777

  , at *16 (dismissing a Caremark claim where “management told the Board that it
  was addressing or would address the issues presented”); Pettry, 

  2021 WL 2644475

  , at *10
  (holding that “our law does not demand board action in all instances; if action is taken by
  the Company to remediate the alleged harm, that is a reflection of a lack of bad faith on the
  part of the Board”), aff’d, 

  273 A.3d 750

   (Del. 2022) (TABLE); In re Zimmer Biomet
  Hldgs., Inc., Deriv. Litig., 

  2021 WL 3779155

  , at *22-23 (Del. Ch. Aug. 25, 2021) (crediting
  management’s “multiple attempts to cure ongoing [regulatory] violations and regular
  updates to the Board”), aff’d, 

  279 A.3d 356

   (Del. 2022) (TABLE); Horman, 

  2017 WL 242571

  , at *13-14 (concluding that a plaintiff failed to plead bad faith where the board was
  informed of management’s remediation efforts).
  189
  Consent Order ¶ 40(c)(ii)(1).
  190
  Id. ¶ 40(c)(iii).
  41
  than “not likely” to describe lenders’ potential use of VantageScore.191 In its
  response to the PARR letter, TransUnion explained that its selection of “may not”
  was “substantially consistent with the illustrative language in the Consent Order.”192
  It expressed concern that the phrase “not likely” might inaccurately “suggest to
  consumers that they should assign no weight to their VantageScore . . . .”193 The
  other issue was the font size TransUnion chose for the “What You Need to Know”
  header.194 TransUnion told the CFPB that the header was in a 19.63-point rather
  than 24-point font to prevent the text from breaking across two lines, which would
  be “more difficult for the consumer to read.”195
  The plaintiffs believe that the Board’s knowledge of these issues shows
  purposeful—or at least conscious ignorance of—lawbreaking. They analogize to
  Pyott, where directors allegedly “continued to approve and oversee business plans
  that depended on illegal activity” despite understanding that pharmaceutical drugs
  191
  PARR Letter ‘615-16.
  192
  Response to PARR Letter ‘619; see Consent Order ¶ 40(c)(ii) (requiring that the
  VantageScore Disclosure “substantially state[]” the illustrative language).
  193
  Response to PARR Letter ‘619.
  194
  PARR Letter ‘616; see Consent Order ¶ 40(c)(iii).
  195
  Response to PARR Letter ‘623 (“This approach ensured that the label was sufficiently
  large enough to be recognizable, easily readable, and able to capture the consumer’s
  attention, relative to the disclosure itself, and is consistent with other labels on the order
  flow.”).
  42
  were being promoted for off-label use.196 Those directors pleaded guilty to criminal
  misdemeanors and paid $375 million in fines.197
  Here, by contrast, the Board was informed about and oversaw improvements
  to TransUnion’s business practices to comply with the Consent Order.198 These
  affirmative steps toward and regular updates about compliance undercut any
  inference that the Board acted in bad faith.199 Unlike the serious offenses in Pyott,
  the remaining deficiencies raised in the PARR letter concern minor technical
  disagreements over whether TransUnion’s changes went far enough. These same
  issues remain contested in the Federal Action.200
  ii.   Negative Option
  TransUnion also agreed in the Consent Order to implement two changes to
  the order flow for credit monitoring products with Negative Option features. First,
  196
  Pyott, 

  46 A.3d at 356

  ; see Pls.’ Answering Br. 44.
  197
  Pyott, 

  46 A.3d at 356

  .
  198
  E.g., Defs.’ Ex. 29 at ‘859.
  199
  See, e.g., Zimmer Biomet, 

  2021 WL 3779155

  , at *22-23 (holding that any inference of
  bad faith was contradicted by allegations showing “multiple attempts to cure ongoing FDA
  violations and regular updates to the Board”); Jacobs, 

  2016 WL 4076369

  , at *12; Pettry,
  

  2021 WL 2644475

  , at *10; Horman, 

  2017 WL 242571

  , at *13-14.
  200
  See Fisher v. Sanborn, 

  2021 WL 1197577

  , at *16 (Del. Ch. Mar. 30, 2021) (concluding
  that ongoing litigation about a “hotly disputed” alleged violation of federal consumer
  protection laws did not support an inference that the board knowingly permitted violations
  of those laws); Rojas v. Ellison, 

  2019 WL 3408812

  , at *14 (Del. Ch. July 29, 2019)
  (rejecting the assertion that a board consciously disregarded its duties based on the
  initiation of civil proceedings where the issues where “disputed vigorously”).
  43
  TransUnion would add “a check box on the final order page that consumers must
  affirmatively check to select the Negative Option feature.”201 Second, TransUnion
  would “provide a simple mechanism for a consumer to immediately cancel the
  purchase of any” credit-related product and end billing for future payments.202
  The plaintiffs acknowledge that TransUnion established the requisite
  cancellation mechanism.203           They focus on the check box required to affirm
  consent.204 But as TransUnion told the CFPB in response to the PARR letter, its
  website lacked any Negative Option features after December 2016.205
  The problem, according to the plaintiffs, is that in March 2017, Danaher
  allegedly caused TransUnion to “cease using the check box in affiliate marketing”—
  not TransUnion’s own website.206 The Consent Order contemplated that Negative
  Option-related conduct provisions would apply to credit monitoring products
  TransUnion “offered for sale directly to consumers.”207 TransUnion read this term
  of the Consent Order to exclude affiliate marketing.208 The proper interpretation
  201
  Consent Order ¶ 40(b)(i)(1).
  202
  Id. ¶ 40(b)(ii).
  203
  See Defs.’ Ex. 36 at ‘994.
  204
  See Pls.’ Answering Br. 16-17, 21-22.
  205
  Response to PARR Letter ‘620.
  206
  Compl. ¶¶ 28, 88(j); see Pls.’ Answering Br. 41.
  207
  2017 Consent Order ¶ 3(f).
  208
  See Defs.’ Ex. 9 (TransUnion Offer Code Creation and Offer Code Review Policy).
  44
  remains at issue in the Federal Action. Even if the CFPB’s view were correct,
  though, these facts reflect a genuine dispute over the Consent Order’s reach. They
  do not support a reasonable inference that the Board acted disloyally.209
  The sole new issue raised in the PARR letter was the use of a Negative Option
  feature for a TransUnion product offered on annualcreditreport.com.210 But by the
  time of the PARR letter, TransUnion resolved this issue. As it told the CFPB, it had
  identified an “isolated case” where its credit products were being marketed on
  annualcreditreport.com with Negative Option enrollments but no check box.211 This
  issue was fixed “immediately upon discovery,” and “senior leadership” directed the
  Steering Committee to identify any similar offerings.212 These proactive steps are
  ignored in the Complaint.213
  b.     Enforcement Division Referral, CIDs, and NORA Letters
  The plaintiffs describe the CFPB’s October 2019 referral of the matter to its
  enforcement division as another red flag of non-compliance.214 They also point to
  the Board’s awareness of three CIDs, three investigational hearings, and four NORA
  209
  See Fisher, 

  2021 WL 1197577

  , at *16; Corbat, 

  2017 WL 6452240

  , at *16.
  210
  PARR Letter ‘616.
  211
  PARR Letter Response ‘620.
  212
  Id.; see also Defs.’ Ex. 29 at ‘859; Defs.’ Ex. 36 at ‘992.
  213
  See, e.g., Desimone, 

  924 A.2d at 940

  ; Sorenson, 

  2021 WL 4593777

  , at *16.
  214
  Compl. ¶¶ 102, 116.
  45
  letters.215 The plaintiffs argue that the Board defied the Consent Order despite these
  developments putting it on notice of the CFPB’s concerns.216 Yet the Complaint and
  the documents it incorporates highlight the Board’s oversight of TransUnion’s
  compliance with the Consent Order.
  First, after the CFPB referred the matter for enforcement, TransUnion formed
  the Steering Committee to fulfill the conduct provisions of the Consent Order.217
  The plaintiffs allege that the Steering Committee is irrelevant to demand futility
  since it was not constituted by the Board.218 But the A&C Committee was apprised
  of the Steering Committee’s work.219 After TransUnion established the ERM
  Committee in May 2020, the Steering Committee reported to the ERM Committee
  which, in turn, updated the A&C Committee.220
  Second, TransUnion management consistently informed the Board of actions
  taken after the CFPB’s enforcement division became involved.221 For instance,
  management told the Board it replaced the outside counsel who had advised that the
  215
  See id. ¶ 116.
  216
  Pls.’ Answering Br. 16.
  217
  Compl. ¶ 118; Defs.’ Ex. 36 at ‘991.
  218
  See Compl. ¶¶ 119-20.
  Defs.’ Ex. 64 at ‘920; Defs.’ Ex. 65 at ‘031; Defs.’ Ex. 71 (Oct. 28, 2021 A&C
  219
  Committee minutes) ‘901; Defs.’ Ex. 73 (Oct. 30, 2020 A&C Committee minutes) ‘129.
  220
  Revised Compliance Plan ‘724; Defs.’ Ex. 72 (Feb. 18, 2021 A&C Committee minutes)
  ‘269.
  221
  Defs.’ Ex. 31 at ‘897-98.
  46
  CFPB’s non-objection was a condition to implementing the Compliance Plan.222 It
  also reported to the Board that it was “actively engaged” with the CFPB to resolve
  the regulatory proceeding “expeditiously and without a public order.”223
  The Board was regularly informed that TransUnion was working with the
  CFPB in response to the CIDs, NORA letters, and other inquiries.224 For example,
  in February 2020, the Board learned that TransUnion management was cooperating
  with the CFPB during investigational hearings.225 The Board was also told that
  TransUnion was fulfilling CID information requests.226 As to the NORA letters, the
  A&C Committee was kept apprised of TransUnion’s planned responses. 227 A
  Revised Compliance Plan was prepared and reviewed by the A&C Committee, with
  the advice of outside counsel, before it was submitted to the CFPB.228
  These facts cannot reasonably be viewed to suggest that the Board knew
  TransUnion was purposefully breaking the law. Rather, they demonstrate that the
  222
  Id. at ‘898.
  223
  Defs.’ Ex. 69 (CEO Board Report – Q3 2019) ‘906-07.
  224
  See, e.g., Compl. ¶¶ 105, 116; Defs.’ Ex. 32 at ‘932; Defs.’ Ex. 33 at ‘967; Defs.’ Ex.
  34 at ‘972; Defs.’ Ex. 35 at ‘979; Defs.’ Ex. 38 at ‘009; Defs.’ Ex. 39 at ‘034.
  225
  Defs.’ Ex. 34 at ‘972; see Compl. ¶¶ 105, 116.
  226
  Defs.’ Ex. 38 at ‘009; Defs.’ Ex. 39 at ‘034.
  227
  Defs.’ Ex. 57 at ‘616; Defs.’ Ex. 58 at ‘649; Defs.’ Ex. 60 at ‘721; see Compl. ¶ 114.
  228
  See Defs.’ Ex. 60; Defs.’ Ex. 61.
  47
  Board understood TransUnion had remediated or was working to resolve remaining
  problems.229 That is a long way from doing “nothing.”230
  c.      The Federal Litigation
  Finally, the plaintiffs assert that the filing of the Federal Action in November
  2022 was “a red flag alerting [TransUnion] that it was failing to comply with the
  Consent Order.”231 As the defendants point out, however, TransUnion disputes the
  allegations in the Federal Action and has tried to reach an amicable resolution with
  the CFPB. The Board maintained oversight; it reviewed and discussed each of the
  CFPB’s settlement proposals.232 The plaintiffs’ only argument in response is to call
  the defendants’ position “preposterous.”233
  *              *             *
  The tale spun by the plaintiffs is one of a protracted dispute between
  TransUnion and the CFPB over the scope of the Consent Order. The CFPB
  maintains that TransUnion ran afoul of the Consent Order by waiting for a statement
  of non-objection, removing a Negative Option check box from affiliate marketing,
  229
  See, e.g., Sorenson, 

  2021 WL 4593777

  , at *16; Zimmer Biomet, 

  2021 WL 3779155

  , at
  *22-23.
  230
  Horman, 

  2017 WL 242571

  , at *11; see Jacobs, 

  2016 WL 4076369

  , at *9, *12.
  231
  Pls.’ Answering Br. 52; see also id. at 21-22.
  232
  Defs.’ Ex. 63 at ‘825; Defs.’ Ex. 64 at ‘910; Defs.’ Ex. 65 at ‘033; Defs.’ Ex. 66 at ‘275.
  233
  Pls.’ Answering Br. 52.
  48
  and using the wrong language and font size for its VantageScore Disclosure.
  TransUnion, for its part, believes that it satisfied the Consent Order.
  For purposes of this motion, I accept as true that TransUnion should ideally
  have implemented the Compliance Plan sooner. I also accept that the Board knew
  about the CFPB’s views on what the Consent Order required and the escalating
  actions taken by the CFPB to compel compliance. It may also be that TransUnion
  profited from the challenged VantageScore Disclosures and Negative Option
  features.
  Still, the Board does not face a substantial likelihood of liability. The
  Complaint and documents it incorporates evidence that the Board attempted to fulfill
  its oversight function in good faith.      Information about potential compliance
  problems made its way to the Board through counsel, management, and committee-
  level reports. These updates outlined the steps taken by TransUnion to satisfy the
  Consent Order and resolve lingering disputes with the CFPB over remediation.234
  The remaining issues complained of are quibbles about whether TransUnion’s
  compliance efforts went far enough fast enough. They boil down to check box
  placement on affiliate websites, whether the phrase “may not” is similar to “not
  likely,” and whether 19.63-point font should have been 24 point. These are matters
  234
  See GoPro, 

  2020 WL 2036602

  , at *12-13 (“A Caremark claim cannot be squared with
  an allegation the Board responded to red flags.”).
  49
  over which reasonable minds can differ.235 Regardless of which side prevails in the
  Federal Action, the plaintiffs’ allegations fall materially short of suggesting bad
  faith. “[T]here is a vast difference between an inadequate or flawed effort to carry
  out fiduciary duties and a conscious disregard for those duties.”236 There is an even
  wider gulph between imperfect compliance and purposeful lawbreaking.
  III.     CONCLUSION
  The plaintiffs have failed to plead particularized allegations demonstrating
  that a majority of the Board could not impartially consider a demand.                The
  defendants’ motion to dismiss is granted under Rule 23.1. The Complaint is
  dismissed with prejudice.
  235
  Reiter v. Fairbank, 

  2016 WL 6081823

  , at *14 (Del. Ch. Oct. 18, 2016).
  236
  Lyondell Chem. Co. v. Ryan, 

  970 A.2d 235

  , 243 (Del. 2009); see Corbat, 

  2017 WL 6452240

  , at *17 (explaining that the relevant question is whether the board “took no steps
  in a good faith effort to prevent or remedy [the] situation”); Clem v. Skinner, 

  2024 WL 668523

  , at *8 (Del. Ch. Feb. 19, 2024) (“Claims that quibble with the timing or success of
  corrective action necessarily fail.”).
  50
  

• Sign In
• Sign Up