Boards of Delaware corporations may want to move toward adopting officer exculpatory provisions.

Delaware law has long recognized a director’s duty of oversight. The well-established doctrine, first articulated in 1996 in In re Caremark International Inc. Derivative Litigation (Caremark), was recently expanded to officers in In re McDonald’s Corporation Stockholder Derivative Litigation (McDonald’s). 

The Delaware Supreme Court has explained that the duty of oversight requires directors to “rigorously” exercise oversight and to monitor the corporation’s operational viability, legal compliance and financial performance. This has generally been considered to be derived from the directors’ fiduciary duty of loyalty, which obligates directors and officers to act in good faith and in the best interests of the corporation.

Vice Chancellor J. Travis Laster in McDonald’s pointed out, however, that there are references in the original Caremark opinion acknowledging that a breach of the duty of care could lead to a failure of oversight. Other courts have similarly found that “…to hold directors liable for a failure in monitoring, the directors have to have acted with a state of mind consistent with a conscious decision to breach their duty of care.” Chief Justice Leo Strine once wrote: “If Caremark means anything, it is that a corporate board must make a good-faith effort to exercise its duty of care. A failure to make that effort constitutes a breach of the duty of loyalty.” 

Given the nature of the oversight duty, shareholder plaintiffs have focused on two types of oversight claims:

• Claims contending that the board completely failed to implement any reporting or information systems or controls
• Claims contending that the board failed to monitor or oversee operations even after implementing systems and controls (also known as a “red flag” claim)

Oversight claims are difficult to successfully bring. For such claims to survive a motion to dismiss, “only a sustained or systematic failure of the board to exercise oversight — such as an utter failure to attempt to assure a reasonable information and reporting system exists — will establish the lack of good faith that is a necessary condition to liability.”

Notwithstanding the high pleading burden, there has been a rise in successfully asserted oversight claims in recent years. For example:

• In Marchand v. Barnhill, stockholders brought a derivative action against directors of the corporation (an ice cream manufacturer), claiming breaches of their fiduciary duties arising from a listeria outbreak. The court found that plaintiff had successfully pled a breach of the duty of oversight because no board-level compliance monitoring and reporting system existed to ensure that its only product — ice cream — was safe to eat, which was an “essential and mission-critical” compliance risk. The Marchand court found that the facts in the complaint showed the board had not made a “good-faith effort to put in place a reasonable system of monitoring and reporting” when it left compliance with food safety mandates to management’s discretion (and relied on general FDA compliance), rather than implementing and then overseeing a more structured compliance system.
• In In re Boeing Co. Derivative Litig., the court noted that the company’s compliance with FAA regulations regarding aircraft safety did not equate to the board implementing an adequate safety monitoring system, which was “mission-critical.” “These types of routine regulatory requirements, although important, are not typically directed at the board. . .  the fact that the company’s product facially satisfies regulatory requirements does not mean that the board has fulfilled its oversight obligations to prevent corporate trauma.” Plaintiffs also successfully pled a “red flags” Caremark claim because there were facts demonstrating that the board knew of red flags relating to aircraft safety (e.g., crashes) but did nothing to investigate or address the problem, electing to follow management’s misrepresentations that the aircraft in question was safe to fly.

Expansion of the Duty of Oversight 

Recently, in McDonald’s, the Delaware Court of Chancery held that this duty of oversight also applies to corporate officers. 

The McDonald’s court provided several reasons for its conclusion — starting with the reasoning of Caremark itself. First, the court explained that the same seriousness with which corporation law views the role of directors extends to the role of officers. Even though corporations are managed by or under the direction of the board, the reality is that, in most corporations, the officers are the ones who are responsible for running the business of the corporation and who are responsible for important day-to-day operational decisions and supervising employees. Given these responsibilities and the reality that officers may be more informed (or at least in a position to be more informed) than directors, the court reasoned that there is greater reason to impose Caremark oversight duties on officers than directors.

Second, the board’s need for information, emphasized in the Caremark decision, leads to an obligation for officers to generate and provide that information. The McDonald’s court found that:

“For relevant and timely information to reach the board, the officers who serve as the day-to-day managers of the entity must make a good-faith effort to ensure that information systems are in place so that the officers receive relevant and timely information that they can provide to the directors. It follows that officers must have a duty to make a good-faith effort to establish an information system as a predicate to fulfilling their obligation to provide information to the board.”

Third, the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines does not stop at the board level – these guidelines specifically call on officers to undertake compliance and oversight obligations, and under the guidelines the officers (having operational responsibility) are expected to report to those above them on the effectiveness of compliance programs. In sum, the court concluded that Caremark’s three foundational premises for recognizing that directors owe a duty of oversight apply equally (if not more so) to officers.

In addition to the Caremark rationale, the McDonald’s court also noted that corporate officers owe the same duties of care and loyalty as directors, and as the duty of oversight arises from those core duties, officers should owe a duty of oversight as well. Moreover, as agents, officers owe a duty to disclose relevant information that they know may affect the decisions of their principals. Before information/problems can be disclosed, it must be observed/overseen. Thus, for an officer/agent to fulfill his or her obligations to the board/principal, the officer must assume and satisfy a duty of oversight.

Notably, the court distinguished among officers with respect to the scope of the duty of oversight (and which is not necessarily the same scope as would apply to the board of directors). Thus, while a CEO likely has company-wide oversight, other officers are generally limited to particular areas of responsibility, which comes with a more limited oversight duty. Hence, officers generally will only be responsible for addressing or reporting red flags within their areas of responsibility (subject to possible exceptions, such as where a red flag is so prominent that any officer might have a duty to report it).

“Although the CEO and chief compliance officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority. With a constrained area of responsibility comes a constrained version of the duty that supports an information-systems claim. For example, the chief financial officer is responsible for financial oversight and for making a good-faith effort to establish reasonable information systems to cover that area. The chief legal officer is responsible for legal oversight and for making a good-faith effort to establish reasonable information systems to cover that area. The executive officer in charge of sales and marketing is not responsible for the financial or legal reporting systems. And, of course, the board can tailor the officers’ obligations and responsibilities. . .

For similar reasons, officers generally will be responsible only for addressing or reporting red flags within their areas of responsibility, although one can imagine possible exceptions. If a red flag is sufficiently prominent, for example, then any officer might have a duty to report upward about it. An officer who receives credible information indicating that the corporation is violating the law cannot turn a blind eye and dismiss the issue as ‘not in my area.’”

After concluding that officers owe a duty of oversight, the McDonald’s court held that the stockholder plaintiffs had successfully pled a Caremark claim against the former executive vice president and global chief people officer of McDonald’s. The complaint alleged facts that indicated the officer had knowledge of red flags relating to sexual harassment and other misconduct at the company and that, under his management, a toxic culture had developed at the company that allowed the misconduct to continue. 

Key Points and Takeaways

• In recent years, there has been an increase in shareholders’ demands to have access to company books and records seeking to uncover potential misconduct. This trend is likely to continue and to expand to cover possible misconduct by officers.
• Corporations should anticipate a rise in demands by shareholders that the board pursue derivative litigation against officers, particularly with regard to allegations of misconduct similar to the sexual harassment that was at issue in McDonald’s. The McDonald’s case stressed that officers’ day-to-day roles and ability to act put them in a position to identify and report “red flags,” which could prove for a slightly easier claim than against directors. Boards should also expect scrutiny of their own responses to uncovering such misconduct and be mindful of the potential interplay between liability of officers and themselves.
• There is an increased risk of oversight claims against chief compliance officers (and CEOs) because of the broader scope of their oversight portfolio. Unlike other officers, chief compliance officers and CEOs have wide-ranging oversight over the entire organization. This potentially leaves them more vulnerable, especially in light of the statement in the McDonald’s case, that officers generally will be responsible for addressing or reporting red flags within their areas of responsibility, which, for chief compliance officers and CEOs, encompasses company-wide areas.

Doug Raymond is a partner at the law firm of Faegre Drinker Biddle & Reath LLP (www.faegredrinker.com). He can be reached at douglas.raymond@faegredrinker.com.

Todd Schiltz is a partner and Christina Lidondici a corporate associate at Faegre Drinker.