The decision by the Delaware Court of Chancery last week to deny a corporate officer's motion to dismiss Caremark claims against him has sent ripples through the corporate community under headlines hailing it as a "landmark ruling" and a "wake-up call" for corporate executives. As described by Reuters, the decision in In Re McDonald’s Corporation Stockholder Derivative Litigation, C.A. No. 2021-0324-JTL, 2023 WL 407668 (Del. Ch. Jan. 26, 2023), is "a first-of-its-kind decision, that corporate officers owe a fiduciary duty of oversight to their company, just like the corporate board members whose oversight duties were articulated in the famous 1996 decision In re Caremark International Inc. [698 A.2d 959 (Del Ch. 1996)]" Frankel states, "McDonald's case is wake-up call for corporate execs – botch oversight, risk liability," Reuters, January 26, 2023.
Vice Chancellor Laster's opinion is far from being a remarkable change in the law. Rather, the opinion says in black and white what most people have understood the law to be for over 25 years: that corporate officers, like corporate directors, owe a duty of oversight. That is unsurprising, as Vice Chancellor Laster observed in his opinion. The policies underlying the duty of oversight for directors "apply equally, if not to a greater degree, to officers." The Delaware Supreme Court has held that corporate officers and corporate directors have the same fiduciary duties, Gantler v. Stephens, 965 A.2d 695, 709 (Del. 2009), and there is no reason to exclude the duty of oversight from those fiduciary duties. And, as the opinion notes, "[a]cademic authorities and federal decisions have [both] concluded that officers have a duty of oversight."
In these respects, the McDonald's decision aligns with existing case law and commentary. Indeed, to suggest that corporate officers do not have these fiduciary obligations would be to reverse a steady flow of case law since Chancellor Allen's decision in 1996 that the fiduciary duties owed by corporate directors include, in the now classic formulation, "assuring themselves that information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation's compliance with law and its business performance." The Court of Chancery's articulation of these oversight responsibilities became canon long before the Delaware Supreme Court explicitly approved the standard a decade later in Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006), holding that "[w]here directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith."
Since Stone, courts and commentators have divided Caremark claims into prong one, when the board lacks adequate information systems and controls to act, and prong two, when the board knows of problems but fails to act, the so-called “red flags” theory. Cf. City of Detroit Police & Fire Ret. Sys. v. Hamrock, 2022 WL 2387653, at *17 (Del. Ch. June 30, 2022). What is new is the Vice Chancellor’s application of the principle of oversight to a corporate officer’s own actions as well as a failure to assure that information about those actions was fed to senior management and the board of directors.
On prong one, McDonald’s holds that "[s]ome officers, like the CEO, have a company-wide remit. Other officers have particular areas of responsibility, and the officer’s duty to make a good faith effort to establish an information system only applies within that area. An officer's duty to address and report upward about red flags also generally applies within the officer's area, although a particularly egregious red flag might require an officer to say something even if it fell outside the officer’s domain." That, too, is unremarkable. Since Caremark, it has been implicit that a corporate officer must make a good faith effort to obtain "the information necessary to do his job and report to the CEO and the board, and he could not consciously ignore red flags indicating that the corporation was going to suffer harm." The McDonald's opinion is the first time a Delaware case has said this explicitly.
The McDonald's rationale is consistent with the approach taken by the federal Organizational Sentencing Guidelines that executive officers have compliance and oversight obligations and must ensure that "[s]pecific individual(s) within the organization [are] delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel [i.e., the C-suite] and, as appropriate, to the governing authority [i.e., the board of directors], or an appropriate subgroup of the governing authority [e.g., the audit committee of the board], on the effectiveness of the compliance and ethics program.” US Sent’g Guidelines Manual § 8B2.1(b)(2)(B) (US Sent’g Comm'n 2021), available at https://www.ussc.gov/guidelines/2021-guidelines-manual/annotated-2021-chapter-8. As the Vice Chancellor recognizes, the Sentencing Guidelines impose these obligations under prong one and prong two. In other words, nothing really new here.
The opinion contrasts its explication of an officer's duty with the obverse:
"Pause for a moment and envision an officer telling a board that the officer did not have any obligation to gather information and provide timely reports to the board. The directors would quickly disabuse the officer of that notion, and an officer who did not get with the program would not hold that position for long. Another critical part of an officer's job is to identify red flags, report upward, and address them if they fall within the officer’s area of responsibility. Once again, pause and envision an officer telling the board that their job did not include any obligation to report on red flags or to address them. A similar learning opportunity would result."
In short, it is and long has been "an indispensable part of an officer's job is to gather information and provide timely reports to the board about the officer's area of responsibility." But that obligation has been analyzed primarily under the duty of care.
The extension of Delaware law lies in the Vice Chancellor's determination that the complaint also states a Caremark claim for the officer's own malfeasance: "When engaging in sexual harassment, the harasser engages in reprehensible conduct for selfish reasons. By doing so, the fiduciary acts in bad faith and breaches the duty of loyalty. The plaintiffs' claim against [the officer] for his own acts of sexual harassment states a claim on which relief can be granted." The Vice Chancellor devotes a few pages at the end of the opinion to this claim, even though that is where the novelty lies.
The rationale for extending Caremark to breaches of the duty of loyalty lies in venerable Delaware case law: "Although '[t]he standard of loyalty is measured by no fixed scale,' a director’s duty of loyalty ‘requires an undivided and unselfish loyalty to the corporation’ and ‘demands that there shall be no conflict between duty and self-interest.' Guth v. Loft, Inc., 5 A.2d 503, 510 (Del. 1939). Harassing employees is, by the Vice Chancellor’s lights, inherently selfish, and "'[c]orporate officers and directors are not permitted to use their position of trust and confidence to further their private interests.' Id." Contrasting such selfish actions with the proposition that corporate officers are presumed to act in good faith in In re Walt Disney Co. Deriv. Litig., 906 A.2d 27 (Del. 2006), the Vice Chancellor holds that, "[w]hen a fiduciary ‘intentionally acts with a purpose other than that of advancing the best interests of the corporation,’ the fiduciary acts in bad faith, which constitutes a breach of the duty of loyalty. Disney, 906 A.2d at 67."
But the real support for his conclusion that Caremark gives rise to a derivative claim against an officer for his own wrongdoing lies in an academic work that relies on case law from outside of Delaware. The Vice Chancellor refers repeatedly to Daniel Hemel & Dorothy S. Lund, Sexual Harassment and Corporate Law, 118 Colum. L. Rev. 1583 (2018), and their proposition that "[C]orporate fiduciaries who fail to monitor harassment at their firms may be liable in certain circumstances under a Caremark theory." Id. at 1641. They also posit that "corporate fiduciaries who are aware of harassment but fail to react—or who affirmatively enable harassment to continue—may be sued for breach of the duties of care and loyalty." Id., at 1641-42 (citing Prozinski v. Ne. Real Estate Servs., 797 N.E.2d 415, 423–24 (Mass. App. Ct. 2003) (holding that when an officer "allegedly embarked on a course of sexual harassment of [a] receptionist," his "placement of his own interests above those of the company he served could be found by a fact finder to constitute an act of disloyalty”)).
The Vice Chancellor may be right or he may be predicting, but this is the real change in law suggested by McDonald's. In support of his conclusion, the Vice Chancellor sprinkles references to Delaware cases considering officer misconduct in other contexts, then rationalizes the decision by noting that "Like an oversight claim, a claim for breach of duty based on the officer's own acts of sexual harassment is derivative, so all of the protections associated with derivative claims apply." True, but beside the point, McDonald's suggests for the first time that if the corporation does not take action against a corporate officer for sexual harassment, the stockholders—under the right circumstances—may do so themselves. That is new under Delaware law.
The Vice Chancellor's reasoning results in an equation that will have a material impact on corporate litigation: "Sexual harassment is bad faith conduct. Bad faith conduct is disloyal conduct. Disloyal conduct is actionable." It previously was actionable for other reasons, though as the facts pled in McDonald’s show, not effective. The McDonald’s decision puts a new and meaningful arrow in the quiver for such claims.
The opinion also spends quite a bit of ink on possible limitations and defenses to a Caremark claim against an officer for failures in the duty of loyalty, providing fruitful grounds for future motions to dismiss while at the same time firmly planting the officer’s duty of oversight in Delaware soil. Companies may consider whether to expand existing director exculpation clauses to include officers, particularly in light of Delaware’s recent amendment of DGCL Section 102(b)(7) to allow exculpation of officers from claims for breach of the duty of care, to limit litigation of those issues.
But even the limitation will undoubtedly spawn litigation over whether an officer has breached the duty of loyalty or the duty of care when failing in the duty of oversight. And as Vice Chancellor Laster recognized, Delaware law is protective of well-informed officers and directors who have acted in good faith. In applying Section 102(b)(7) to Caremark claims against directors, for example, Delaware courts set exacting standards of pleading and proof to overcome the statutory exculpation. Wood v. Baum, 953 A.2d 136, 141 (Del. 2008) (pleading around the statutory protection requires "particularized facts that demonstrate” that the "directors acted with scienter, i.e., that they had ‘actual or constructive knowledge' that their conduct was legally improper.") Those protections may now apply to officers as well under amended Section 102(b)(7).