An Expansion of the Duty of Oversight to Corporate Officers
Recently, the Delaware Court of Chancery has expanded the fiduciary duty of oversight to include corporate officers. This development arose from the Court of Chancery’s decision in In re McDonald’s Corp. Stockholder Derivative Litigation. Prior to this decision, it was unclear whether or not the duty of oversight applied to corporate officers in the same way it did to directors. However, that ambiguity is now resolved, and Delaware corporations will need to adjust their internal policies and procedures to reflect this expanded duty. As many of us here in California have clients who either are or are considering incorporating in Delaware, this is an important development to follow. This summary should give you a foundation to get started.
Facts of the Case
This stockholder derivative action was brought over issues with a former Executive VP and Global Chief People Officer creating a culture of sexual harassment and misconduct in workplace. He was eventually terminated in 2019 after engaging in sexual harassment and misconduct himself.
Duty of Oversight Test
The duty of oversight is derived from the more well-known duty of loyalty. The duty of oversight for directors was first laid out in In re Caremark Intern. Inc. (and is now referred to as the Caremark test). The Delaware Supreme Court in Stone v. Ritter refined the ruling and laid out the two types of claims for liability. Claims for failing to meet the duty of oversight are either: (1) failing to implement a reporting system or controls for issues arising within the company (Information Systems), or; (2) failing to monitor their operations and therefore not being aware of risks problems within the company (Red Flags).
Information Systems Claim
The Information Systems Claim arises when the board lacks the requisite information systems and controls that would provide them with updated and actionable intelligence to allow senior management and directors to make informed judgements on the company’s legal compliance and business performance. For an Information Systems Claim to succeed, the board must have consciously failed to make a good faith effort to establish an information and oversight system designed to provide information to the board. The reasoning of the rule being that a monitoring system will make directors proactive as well as document any future issues that may arise in litigation. While a system must be implemented, there is no set standard of effectiveness for this system. So the existence of a monitoring system will rebut this claim even if that system is ineffective.
Red Flag Claim
A Red Flag Claim has two parts: (1) an information or monitoring system described in the Information Systems claims exists, and (2) the board’s information systems generated red flags indicating wrongdoing and the directors failed to respond to them. Liability then emerges when directors consciously disregard evidence of red flag wrongdoing or misconduct in bad faith, and the damage to the corporation is proximately caused by such red flag wrongdoing or misconduct in bad faith.
Bad Faith/Scienter
For either type of the Caremark claim, directors and officers will only be liable for violations if a plaintiff can prove that they acted in bad faith and, therefore, breached the primary duty of loyalty to the corporation. The McDonald’s court applied the same standard of bad faith for officers as is applied to directors.
Sliding Scale of Scope
The court in its analysis recognized that the full berth of the duty of oversight is not practical to apply to every officer of the company. This is because unlike the Board of Directors, a corporate officer, even at the C-suite level, does not oversee every area of the company and is largely compartmentalized into their specific section. For this reason, an officer would typically only have this duty of oversight over which ever particular section they run. So if you have Head of HR, their duty under Caremark would be to implement an information/monitoring system in the HR department and also address any “red flags” that were picked up by that system. So the scope grows wider or narrower the higher or lower up the chain of reporting depending on the officer that is the subject of the claim.
It is worth noting a few additional things about the scope of applicability. First, the McDonald’s court did note that while officers must largely monitor only their own department, certain extremely egregious red flags would need to be reported by officers even if it is outside their particular area of oversight. Second, it is unclear how far down the corporate ladder this duty extends. The court only describes officers without providing much additional context. So future rulings should be reviewed to find guidance on that issue.
Impact and Practice Points
For those of us in corporate practice, this ruling adds a few new considerations when dealing with clients who are planning to incorporate in Delaware. The Court felt that its holding would not increase the amount of litigation against corporations as this is a derivative claim and requires a showing of bad faith, but that has yet to be seen. What is clear is that Delaware corporations will need to take some new steps to comply with the ruling.
First, this will expand the number of people that will need training regarding issues of governance and compliance. Now that officers are lumped in with directors, this will in most cases greatly increase the number of people that will need training and reviews by a corporate compliance team in order to properly protect against litigation; corporations should consider that when budgeting for compliance budgets.
Second, because a Caremark claim is one that is based on bad faith, corporate exculpation provisions won’t apply to these types of claims. While section 102(b)(7) of the Delaware General Corporation Law (DGCL) permits a Delaware corporation to include an exculpatory provision in its certificate of incorporation that eliminates the personal liability of a director or officer for breaches of certain fiduciary duties, it specifically excludes bad faith misconduct and breaches of the duty of loyalty. This is important as it will now need to be included in the employment agreements of officers as well as being a new area of liability for Director and Officer (DnO) insurance.
Finally, some of the documenting and reporting controls at the director level will need to be disseminated to lower officers. Since one of the first things seen in corporate litigation is DGCL Section 220 books and records request, it would be good practice for corporations to document all matters relating to a Caremark claim. Records should be made that a system exists and that red flags are addressed so that a corporation can preemptively show that both their officers and directors are complying with their duty of oversight.