Officer Oversight Liability: Insights from the McDonald’s Decision

On January 25, 2023, in In re McDonald’s Corporation Stockholder Derivative Litigation,¹ the Delaware Court of Chancery issued a significant opinion confirming what many legal practitioners and academics had long believed, but which to date had not been definitively articulated by a Delaware court: that the fiduciary duties of the officers of a Delaware corporation include a duty of oversight that is comparable to the duty of directors. Given prior rulings in Delaware courts with respect to the duty of oversight and officer fiduciary duties, the McDonald’s opinion is not a surprise or a break from Delaware precedent. Rather, it is a clarification and refinement of precedent and provides practical guidance for officers, companies and legal counsel on how officers can satisfy their oversight obligations.

Facts

The McDonald’s case centered on defendant David Fairhurst, who served as Executive Vice President and Global Chief People Officer at McDonald’s Corporation from 2015 until his termination for cause in 2019. In his position, Mr. Fairhurst oversaw the company’s global human resources function. Stockholder plaintiffs sued Mr. Fairhurst in a derivative action on behalf of McDonald’s, alleging that, as a corporate officer responsible for labor and human resources, Mr. Fairhurst breached his fiduciary duty of oversight by allowing a corporate culture to develop that fostered sexual harassment, misconduct and a toxic workplace, and by engaging in sexual harassment and misconduct himself. The complaint further alleged that Mr. Fairhurst did not properly report the purported misconduct to his superiors or address or otherwise remediate the HR issues that persistently occurred during his tenure, thereby consciously ignoring clear “red flags” (in addition to creating red flags through his own alleged misconduct).

The McDonald’s opinion described numerous incidents of sexual harassment, other inappropriate conduct, circumstances giving rise to a hostile work environment, and worker responses to these matters as well as the McDonald’s board’s eventual attempts to address the issues once the board became aware of them. The incidents ranged from workers filing two EEOC complaints about sexual harassment and misconduct (in 2016 and 2018) to witness statements about Mr. Fairhurst’s sexual harassment on more than one occasion, a 30-city employee walk out to protest sexual harassment and misconduct at McDonald’s, testimony about audit committee and board involvement once the board became aware of the issues, inquiries from a US senator about these incidents and the workplace environment at McDonald’s, and the filing of two worker class action lawsuits (in 2019 and 2020) against the company alleging a toxic work culture, sexual harassment, retaliation and other misconduct. These allegations demonstrated serious human resources issues that required a strong and sustained leadership commitment to address, and demonstrated that Mr. Fairhurst failed to respond to the issues appropriately or in a timely manner before ultimately being terminated for cause.

Mr. Fairhurst filed a motion to dismiss the oversight claim against him, asserting that Delaware law does not impose a duty of oversight on officers, only on a corporation’s directors. The McDonald’s court rejected this argument and denied the motion, holding that officers, like directors, have a duty of oversight and that the allegations in the complaint were sufficient to state a breach of that duty.

Analysis

The directors of a Delaware corporation have two basic fiduciary duties: a duty of care and a duty of loyalty. In In re Caremark Inc. Derivative Litigation,² the seminal case on director oversight claims, the Court of Chancery established the conditions for director oversight liability under Delaware law. Since Caremark, Delaware courts have refined the logic and analysis of oversight claims. Under Caremark and its progeny, Delaware courts recognize two types of oversight claims against directors (often referred to as Caremark claims). The first is a “red flags” claim, which alleges that the directors were aware of serious problems within the corporation and consciously chose not to act to remediate those problems or report them promptly and accurately to the board for remediation. The second type of claim is an “information systems” claim, which alleges that directors failed to implement reasonable information and reporting systems to ensure timely and accurate reporting to the board of material information about the corporation and its business to allow the board to perform its oversight function. The McDonald’s complaint involved a “red flags” claim.

The McDonald’s court noted the practical reality that corporations are run on a day-to-day basis by officers and that members of the board of directors engage with a corporation only on a periodic basis. A corporation’s officers are, therefore, often in the best position to notice red flags of the type that could implicate Caremark. The court concluded that the Caremark court’s rationale for recognizing an oversight duty for directors “applies equally to officers.” The McDonald’s court supported this conclusion with three additional points. First, the Delaware Supreme Court has held that the fiduciary duties of officers of a corporation are the same as the duties of directors.³ Second, Delaware case law establishes that officers are fiduciaries—they are agents who report to the board of directors and, therefore, have a principal-agent relationship with the board. This agency duty “extends beyond what the agent actually knows to encompass what the agent has reason to know or should know.” Third, to conclude that an officer does not owe a duty of oversight to the corporation would make it difficult for a corporation’s board of directors to hold an officer accountable for failing to alert the board to red flags, which would undermine the board’s ability to fulfill its statutory obligation to direct and oversee the business and affairs of the corporation. The court, therefore, reasoned: “The oversight duties of officers are an essential link in the corporate oversight structure.” Accordingly, the court held that officers owe oversight duties comparable to those of directors.

The court made clear that “oversight liability for officers requires a showing of bad faith. The officer must consciously fail to make a good faith effort to establish information systems, or the officer must consciously ignore red flags.” To state a red flags oversight claim, the court explained, a plaintiff must “plead facts supporting the inference that the fiduciary knew of evidence of corporate misconduct …[and] that the fiduciary consciously failed to take action in response. The pled facts must support an inference that the failure to take action [to investigate, report and remediate the issue or issues within the corporation] was sufficiently sustained, systemic or striking to constitute action in bad faith. A claim that a fiduciary had notice of serious misconduct and simply brushed it off or otherwise failed to investigate states a claim for breach of duty.

The court instructed that the scope of an officer’s oversight duty is context-driven and is based on the officer’s specific function within the corporation. The court noted that, whereas directors “are charged with plenary authority over the business and affairs of the corporation” and the corporation’s CEO and chief compliance officer “will have company-wide oversight portfolios,” the other officers of a corporation will generally have more limited authority depending on their role and therefore, their potential oversight liability will generally also be correspondingly narrower than the board’s and the CEO’s plenary oversight responsibility. The court further observed that there may be red flags within a corporation so significant as to require an officer to speak up even though the matter falls outside the officer’s domain.

Ultimately, the McDonald’s court concluded that the plaintiffs pleaded sufficient facts to state a claim for breach of the duty of oversight against Mr. Fairhurst based on allegations of his own misconduct as well as his conscious disregard of the pervasive and serious misconduct and human resources issues (which the court referred to as “massive red flags”) that occurred within his specific area of oversight.

Looking Ahead

Caremark claims against directors have historically been difficult to pursue because of the high pleading bar; as a result, they are often dismissed at the pleadings stage.⁴ Given the day-to-day role that officers play in a corporation in comparison to the more limited role that the board of directors plays, it remains to be seen whether oversight claims against officers will be equally difficult to pursue. Although, the ultimate fate of such claims remains an open question, corporate officers acting honestly, diligently and in good faith should take comfort in the high bar that the McDonald’s court has set to establish an officer’s bad faith. The McDonald’s complaint did not allege (and therefore the court did not address) whether or how corporate officers could be subject to “information systems” claims under Caremark. Nonetheless, we would expect the threshold for sustaining such claims against a corporate officer to be equally high.

Key Takeaways

• Because the contours of an officer’s oversight duty are context-driven, there remain many open questions as to how the duty will be applied to different officers across different companies in different contexts. We expect to see further litigation addressing these matters. 
• Officers (in combination with the board) should ensure the company has implemented systems for information reporting and evaluation to ensure that they are reasonable for the organization’s needs and are designed to enable appropriate personnel to receive and act upon information and risks within their purview. There is no “one size fits all” approach.
• Officers should be aware that their own misconduct—not simply their failure to monitor, report and address “red flags” raised by or about others—can give rise to a claim for breach of the duty of oversight against them.

¹ Del. Ch. Ca. No. 2021-0324-JTL.

² 698 A.2d 959 (Del. Ch. 1996). In 2006, the Delaware Supreme Court adopted the standards articulated in Caremark. See Stone v. Ritter, 911 A.3d 362, 370 (Del. 2006).

³ Gantler v. Stephens, 965 A.2d 695, 709 (Del. 2009).

⁴ While Caremark and its progeny have described director oversight claims as possibly the most difficult theory in corporation law on which a plaintiff might hope to win a judgment, since the Delaware Supreme Court’s 2019 decision in Marchand v. Barnhill, Delaware courts have demonstrated a greater willingness to entertain such claims when they involve issues that are essential and mission-critical for a company’s compliance risk. See Marchand, 212 A.3d 805, 824 (Del. 2019) (complaint stated oversight claim where food safety at an ice cream company was its most important safety and legal compliance issue, but there was no board level compliance reporting for food safety); see also, e.g., In re Boeing Co. Deriv. Litig., 2021 WL 4059934 (Del. Ch. Sept. 7, 2021) (denying motion to dismiss where complaint alleged that Boeing’s board had no committee charged with direct responsibility over airplane safety, did not regularly monitor, discuss or address safety, had no information reporting system requiring management to update the board on safety, despite making statements that they knew they should have a system in place, and the board ignored “red flags” problems with the 737 MAX); Teamsters Local 443 Health Servs. & Ins. Plan v. Chou, 2020 WL 5028065 (Del. Ch. Aug. 24, 2020) (holding that the board of a pharmaceutical company ignored red flags and permitted woefully inadequate reporting systems regarding the business line in which its subsidiary operated); Hughes v. Hu, 2020 WL 1987029 (Del. Ch. April 27, 2020) (holding that chronic deficiencies in internal controls over financial reporting supported a reasonable inference that the board failed to provide meaningful oversight over the company’s financial statements and system of financial controls); In re Clovis Oncology, Inc. Deriv. Litig., 2019 WL 4850188 (Del. Ch. Oct. 1, 2019) (denying motion to dismiss oversight claim, holding that the board of a drug manufacturer consciously ignored red flags that revealed mission-critical failures to comply with clinical trial protocols and FDA regulations). But see Fireman’s Retirement Sys. v. Sorenson, 2021 WL 4593777 (Del. Ch. Oct. 5, 2021)(plaintiff failed to state red flags or information systems claim in connection with data security breach because the plaintiff acknowledged that the board and audit committee were routinely apprised of cybersecurity risks and mitigation, were provided with reports evaluating cyber risks, engaged professionals to audit and improve cybersecurity practices, and when management received information indicating vulnerabilities, the board was informed and indicated that it was addressing or would address them).

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Nate P. Gallon, an O’Melveny partner licensed to practice law in California and Amy S. Park, an O’Melveny partner licensed to practice law in California, New York and New Jersey, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

© 2023 O’Melveny & Myers LLP. All Rights Reserved. Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York’s Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, T: +1 212 326 2000.