The fiduciary duty of oversight that historically has applied only to directors “applies equally to officers,” including chief compliance officers, the Delaware Court of Chancery explicitly held in a recent ruling.

The Jan. 26 decision by Vice Chancellor J. Travis Laster in the case McDonald’s Corporation Stockholder Derivative Litigation means shareholders can proceed to trial with their consolidated derivative lawsuit against David Fairhurst, the fast food chain’s former global chief people officer.

A second shareholder derivative lawsuit filed against McDonald’s current and former board members alleging breach of oversight duty was dismissed by Laster in a separate decision issued March 1. In that decision, Laster found the directors took steps to address the toxic culture.

Laster further rejected allegations the directors breached their fiduciary duty when they promoted Stephen Easterbrook to chief executive officer, failed to fire Fairhurst, and failed to initially terminate Easterbrook “for cause” amid allegations Easterbrook engaged in an inappropriate relationship with an employee.

Case background

Shareholders alleged Fairhurst breached his duty of oversight to McDonald’s by allowing “a toxic culture to develop at the company that turned a blind eye to sexual harassment and misconduct.” The lawsuit further alleged Fairhurst breached his duty of loyalty by personally engaging in sexual harassment against employees on multiple occasions prior to being terminated for cause in November 2019.

In moving to dismiss the claims, Fairhurst argued oversight obligations rest with the board, not with officers. The court disagreed, finding that, like directors, “corporate officers owe a duty of oversight.”

Court analysis

The court’s ruling is an offshoot of its 1996 Caremark decision and the Delaware Supreme Court’s 2006 decision in the case Stone v. Ritter, which adopted the Chancery Court’s reasoning in Caremark.

“At a high level, although described as a clarification of Delaware law, the decision for the first time since Caremark was decided in 1996 applies a duty of oversight at the officer level, instead of at the board level,” said Andrew Ditchfield, a partner at law firm Davis Polk.

Historically, Delaware courts have recognized two conditions for director oversight liability, known as the Caremark claims: 

  • The directors utterly failed to implement any reporting or information system or controls; or
  • The directors, having implemented such a system or controls, consciously failed to monitor or oversee its operations, thus disabling themselves from being informed of risks or problems requiring their attention.

The former refers to directors’ “information systems” obligations, while the latter refers to their “red flags” obligations.

“Just as it makes sense for the information systems obligation to extend to officers, it also makes sense for the red flags obligation to extend to officers,” Laster wrote in his opinion. “As the day-to-day managers of the entity, the officers are optimally positioned to identify red flags and either address them or report upward to more senior officers or to the board. The officers are far more able to spot problems than part-time directors who meet a handful of times a year.”

Regarding scope of oversight, the court described officers’ duties as “context-driven,” based on specific job functions.

“It would seem hard to argue that, simply by virtue of being an officer, the chief compliance officer could not owe a duty of oversight.”

Vice Chancellor J. Travis Laster, Delaware Court of Chancery

“Although the CEO and chief compliance officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority” and, thus, a “constrained version” of duties, the court found.

This speaks to the broad swath of oversight responsibilities the court recognizes CCOs as typically having. As Laster wrote in his decision, “It would seem hard to argue that, simply by virtue of being an officer, the chief compliance officer could not owe a duty of oversight.”

The court further explained, “[O]fficers generally only will be responsible for addressing or reporting red flags within their areas of responsibility.” However, exceptions could apply.

“An officer who receives credible information indicating that the corporation is violating the law cannot turn a blind eye and dismiss the issue as ‘not in my area,’” Laster wrote.

In practical terms, “Officers may want to focus more on the description of their responsibilities—in their employment agreement, for example—as this will affect their oversight responsibilities,” said Gail Weinstein, senior counsel at law firm Fried Frank.

Ruling ramifications

The court set a high bar for establishing a failure of duty of oversight claim, which it clarified “requires a showing of bad faith” and a showing the officer “consciously ignore[d] red flags.” The presence of red flags alone would not be enough to support a duty of oversight claim.

In Fairhurst’s case, the court held shareholders sufficiently pleaded a breach of duty of oversight claim, citing what the court characterized as “massive red flags,” including two rounds of coordinated complaints filed with the Equal Employment Opportunity Commission in 2016 and 2018 and a 30-city walkout.

The court further held shareholders adequately pleaded a claim of breach of duty of loyalty based on Fairhurst’s own alleged acts of sexual harassment.

“Sexual harassment is bad-faith conduct. Bad-faith conduct is disloyal conduct. Disloyal conduct is actionable,” the court held.

The ruling also addressed potential concerns that “recognizing such a claim will open the floodgates to employment-style litigation” by clarifying that “breach of duty based on the officer’s own acts of sexual harassment is derivative,” meaning victims have no standing to bring a claim against the company.

The scope of the court’s decision “will have broad impact,” Weinstein said. Not only are most companies incorporated in Delaware, but other states often look to Delaware to develop their own case law, she said.

“[The case] may impact how [CCOs] feel about the potential for personal liability, but my general experience is that most people aren’t making decisions with personal liability in mind.”

Andrew Ditchfield, Partner, Davis Polk

“The headline is that there are going to be more claims against officers and directors for oversight violations,” Weinstein said. “With respect to officers, (claims could come) both within an officer’s area of responsibility and potentially even outside their area of responsibility.”

“The court’s decision addressing claims against the officer suggests a new way of looking at personal misconduct by officers—whether in the area of sexual harassment, discrimination, or potentially much more broadly with respect to officer violations of company policies generally,” Weinstein added. These could come as Caremark violations or, apart from oversight responsibilities, duty of loyalty violations, she said.

“So, I think we are going to see more Caremark claims and potentially duty of loyalty claims, as well as possibly disclosure claims, when officers are accused of or fired for violating company policies,” she said.

Ditchfield said the decision should not change officers’ fiduciary obligations of the duty of care and duty of loyalty that have always existed. For many companies, “This may not be all that groundbreaking,” he said.

“Officers are looking to execute on those duties in good faith, so whether another court adopts the [Chancery Court’s] oversight liability line of thinking, I’m not sure that should change the way in which chief compliance officers go about their jobs,” Ditchfield said. “It may impact how they feel about the potential for personal liability, but my general experience is that most people aren’t making decisions with personal liability in mind.”

The court’s decision puts an exclamation point on what Department of Justice officials have been highlighting for years now—that CCOs must be empowered to properly oversee the ethics and compliance function and have an appropriate level of resources and independence to perform their duties effectively.

In practical terms, CCOs will want to ensure systems of oversight are in place that provide for sufficient lines of communication to report issues, Ditchfield said. Those that report to the CCO should have an obligation to report red flags, “and CCOs should be responsive to the issues being raised to them,” he said. For many companies, he said, “those measures are already going to be quite adequate.”