Clarity in Delaware About a Corporate Officer’s Duty of Oversight 

When it comes to corporate officers, it has long been an open question whether the scope of their fiduciary duties is the same as those imposed upon company directors. In Delaware, those questions have now been answered by the state’s Court of Chancery, which held late last month that under Delaware law, officers and directors are on equal footing, both owing the same fiduciary duties to their companies, including a duty of oversight.

This was the determination in In re McDonald’s Corporate Stockholder Derivative Litigation, a headline-grabbing ruling that will surely reverberate through C-suites and boardrooms nationwide.

In re McDonald’s Corporate Stockholder Derivative Litigation: a Bit of Background

From 2015 until his termination with cause in 2018, David Fairhurst served as Executive Vice President and Global Chief People Officer of McDonald’s Corporation. In that capacity, Fairhurst was responsible for ensuring that McDonald’s fostered a safe and respectful workplace environment. In a derivative lawsuit filed by company shareholders, it was asserted that he failed to do so. More specifically, Fairhurst was alleged to have breached his fiduciary duties owed to McDonald’s—specifically, the duty of oversight—by fostering a corporate culture that condoned sexual harassment.

According to company shareholders, Fairhurst’s duty of oversight required him to make a good faith effort to establish a system that would generate the information necessary to manage the human resources function at McDonald’s. And with that information, he was duty-bound to report to the company’s Chief Executive Officer and board of directors known instances of sexual harassment and misconduct. Trouble was, Fairhurst allegedly chose not to do so.

In their derivative action, McDonald’s shareholders claimed Fairhurst breached his duty of oversight by consciously ignoring red flags and, in effect, disabling himself from being informed of risks or problems requiring his attention. In opposition, Fairhurst attempted to have the lawsuit dismissed, asserting that Delaware law—as set forth in in the seminal case of In re Caremark International Inc. Derivative Litigation—did not impose on officers any obligations equivalent to the duty of oversight. By way of its ruling on January 25, the Delaware Court of Chancery disagreed.

In re McDonald’s Corporate Stockholder Derivative Litigation: the Court’s Ruling

As previewed above, the court in Delaware has made clear that officers owe the same fiduciary duties as directors, and that includes a duty of oversight—a function that may be better suited to corporate officers who are responsible for managing a corporation’s day-to-day operations. Given that officers are responsible for managing and maintaining systems to detect and identify red flags and are further tasked with correcting wrongdoing in the workplace, the court concluded that a duty of oversight should attach to officers who now, under Delaware law, can be sued derivatively by shareholders.

The Scope of an Officer’s Duty of Oversight

In the wake of the ruling in In re McDonald’s Corporate Stockholder Derivative Litigation, a new question arises: What exactly is the scope of an officer’s oversight responsibilities under Delaware law? Truth is, there is no “one-size-fits-all” answer.

The parameters of an officer’s duty of oversight will be largely dependent upon facts and circumstances and, as a result, the course of conduct that must be taken to rectify a given situation will vary based on context. For example, a CEO with company-wide responsibility will likely have a broader duty of oversight as compared to a Chief Financial Officer solely responsible for a company’s finances or a Chief Legal Officer in charge of a corporation’s in-house legal department. By extension, a Chief Marketing Officer will not likely be on the hook for deficiencies in financial or legal reporting systems or related oversight. That being said, should a red flag be overtly obvious and particularly egregious, then any officer could potentially have a duty to report it even if the subject matter of the red flag falls outside his or her domain.

Whatever the case may be, officers must be vigilant, even before claims are asserted. For purposes of illustration, consider data privacy. It is clear that a data breach could have catastrophic implications to a corporation’s business. Indeed, in the wake of a hack and under Delaware law, stockholders of a company impacted by cybercriminals could now sue an officer in charge of data privacy for the breach of his or her duty of oversight—were it found or alleged that the cybersecurity officer had failed to make a good faith effort to put adequate data privacy protections in place or had otherwise ignored clear weaknesses, or red flags, in the organization’s overall data security operation. In the aftermath of the decision in In re McDonald’s Corporate Stockholder Derivative Litigation, officers should anticipate the possibility of this type of exposure (even beyond the cybersecurity realm) and act accordingly.

Takeaways for Officers of Delaware Corporations

Clearly, by virtue of the court’s determination in In re McDonald’s Corporate Stockholder Derivative Litigation, officers of Delaware corporations must be mindful of their expanded fiduciary duties and, as just mentioned, vigilant. Yet there is no need for them to panic. To be subject to oversight liability, an officer must consciously (1) fail to make a good faith effort to establish information systems or (2) ignore red flags. As such, despite the imposition of a duty of oversight, the standard to prove that an officer has acted in bad faith is quite high.

Nonetheless, in light of the expansion of an officer’s fiduciary duties, executives working for Delaware corporations should be aware that they could be exposed to personal liability if a breach of oversight obligations can be established. Still, it remains unclear what might trigger an action for breach of the duty of oversight, especially if red flags fall outside the scope of an officer’s identified roles or areas of expertise. Also unanswered is whether the business judgement protection rule will extend to officers in these cases, thus shielding them from liability.

What we do know is that this area of law continues to evolve, and officers of Delaware corporations should be sure to consult with legal counsel if and when faced with a potential claim. Likewise, it would be prudent for them to review the terms of their companies’ D&O insurance policies to check if they need to be updated in light of this expanded liability exposure.

Of course, the lawyers in our Corporate & Securities Practice Group are here to answer any questions you may have about the impact of In re McDonald’s Corporate Stockholder Derivative Litigation and its aftermath.

This blog post is not offered, and should not be relied on, as legal advice. You should consult an attorney for advice in specific situations.