On January 26, 2023, the Delaware Court of Chancery extended the rule set forth in In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), and Stone v. Ritter, 911 A.2d 362 (Del. 2006), to hold that corporate officers, like directors, owe a fiduciary duty of oversight.
In In re McDonald’s Corporation Stockholder Derivative Litigation, the plaintiffs alleged that a former McDonald’s human resources executive (the “Executive”) breached his fiduciary duties of oversight and loyalty. Specifically, the plaintiffs alleged that the Executive breached his duty of oversight by failing to properly monitor and inform his superiors of red flags relating to sexual harassment or employee misconduct involving McDonald’s employees and franchisees. The plaintiffs asserted that the Executive’s inaction allowed a “toxic” culture to develop at the company. The Delaware Court of Chancery declined to dismiss the complaint and held that plaintiffs plausibly stated claims on which relief could be granted.
I. Caremark Claims: The Foundation of the Duty of Oversight
Under Delaware law, a duty of oversight claim, which is commonly known as a Caremark claim, may be pled in one of two ways. An “Information-System Claim” alleges that a board of directors lacked the requisite information systems or controls. Alternatively, a “Red-Flags Claim” alleges that a board of directors failed to respond to wrongdoing that was identified by the information systems or controls. In recent years, there has been a steady increase in plaintiffs alleging Caremark claims against corporate directors, and the McDonald’s holding could further this trend by expanding the potential scope of liability to now include corporate officers.
II. Expanding the Duty of Oversight to Corporate Officers
Prior to In re McDonald’s, Delaware law did not formally recognize that officers owed a duty of oversight. The Delaware Supreme Court did, however, hold that corporate officers owe fiduciary duties consistent with those owed by corporate directors. The McDonald’s Court made it clear that such duties for officers include the duty of oversight. In so holding, the Court noted that “[t]he case for recognizing that officers owe oversight duties starts with the reasoning of the Caremark decision itself.” The Court recognized that officers play an integral role in gathering information and providing timely reports to the board. Further, officers are accountable for the day-to-day operations of the business and “are optimally positioned to identify red flags and either address them or report” the issues.
As the leaders of a business, officers play an “essential” role in the oversight structure. However, the oversight duties will not be identical for every officer. Instead, the duty of oversight will likely “change in the specific context” of an officer’s role. While Chief Executive Officers and Chief Compliance Officers will likely have a company-wide oversight portfolio, other officers might have a more “constrained version” of oversight duties to address red flags within their particular area of the business. For example, a Chief Information Officer with oversight duties with respect to cybersecurity would not ordinarily be held to have an oversight obligation with respect to financial records and reporting.
Similar to directors, liability for officers requires a showing of bad faith, equivalent to a breach of the duty of loyalty. Accordingly, the officer must consciously fail to make a good-faith effort to establish information systems, or the officer must consciously ignore red flags.
IV. Key Takeaways
The holding in In re McDonald’s expands the potential scope of liability for corporate officers. Specifically, an officer can be held accountable if he or she fails to make a good-faith effort to implement information systems or controls and/or consciously ignore conduct that raises a red flag. Nevertheless, the Court also limited this duty of oversight by holding that officers might only be responsible for their specialized area and by requiring proof of bad faith. As a result, corporate officers could benefit by re-visiting current information systems and controls to ensure that a good-faith effort is made to both monitor and remedy any conduct that amounts to a red flag.
This expanded scope of liability for corporate officers is especially important in light of the standard for pleading a breach of the duty of oversight, and its relationship to corporate charter exculpation provisions under Delaware law. While Delaware law currently provides for the possibility of exculpation of corporate officers for breaches of their duty of care, the “bad faith” / breach of duty of loyalty standard associated with duty of oversight claims would exceed the scope of such provisions. As a result, it is possible that plaintiffs may now attempt to circumvent “duty of care” exculpation provisions by styling their claims against corporate officers as a breach of duty of oversight.