Delaware Court of Chancery Expands Duty of Oversight to Corporate Officers

Delaware law has long recognized a director’s duty of oversight. The well-established doctrine, first articulated in 1996 in In Re: Caremark International Inc. Derivative Litigation, was recently expanded to officers in In re McDonald’s Corporation Stockholder Derivative Litigation. Although no court has yet addressed whether directors or officers of a Pennsylvania corporation owe a duty of oversight, we believe that a court confronted with this issue would likely find that they do.

Duty of Oversight

The Delaware Supreme Court has explained that the duty of oversight requires directors to “rigorously” exercise oversight and to monitor the corporation’s operational viability, legal compliance and financial performance. This has generally been considered to be derived from the directors’ fiduciary duty of loyalty, which of loyalty obligates directors and officers to act in good faith and in the best interests of the corporation.

Vice Chancellor Laster in McDonald’s pointed out, however, that there are references in the original Caremark opinion acknowledging that a breach of the duty of care could lead to a failure of oversight. Other courts have similarly found that “…to hold directors liable for a failure in monitoring, the directors have to have acted with a state of mind consistent with a conscious decision to breach their duty of care.” Chief Justice Strine once wrote: “If Caremark means anything, it is that a corporate board must make a good faith effort to exercise its duty of care. A failure to make that effort constitutes a breach of the duty of loyalty.”

Given the nature of the oversight duty, shareholder plaintiffs have focused on two types of oversight claims:

1. Claims contending that the board completely failed to implement any reporting or information systems or controls.
2. Claims contending that the board failed to monitor or oversee operations even after implementing systems and controls (also known as a “red-flag” claim).

Oversight claims are difficult to successfully bring. For such claims to survive a motion to dismiss, “only a sustained or systematic failure of the board to exercise oversight — such as an utter failure to attempt to assure a reasonable information and reporting system exists — will establish the lack of good faith that is a necessary condition to liability.”

Notwithstanding the high pleading burden, there has been a rise in successfully asserted oversight claims in recent years. For example:

• In Marchand v. Barnhill, stockholders brought a derivative action against directors of the corporation (an ice cream manufacturer), claiming breaches of their fiduciary duties arising from a listeria outbreak. The court found that plaintiff had successfully pled a breach of the duty of oversight because no board-level compliance monitoring and reporting system existed to ensure that its only product — ice cream — was safe to eat, which was an “essential and mission critical” compliance risk. The Marchand court found that the facts in the complaint showed the board had not made a “good faith effort to put in place a reasonable system of monitoring and reporting” when it left compliance with food safety mandates to management’s discretion (and relied on general FDA compliance), rather than implementing and then overseeing a more structured compliance system.
• In re Boeing Co. Derivative Litig., the court noted that the company’s compliance with FAA regulations with regard to aircraft safety did not equate to the board implementing an adequate safety monitoring system, which was “mission critical.” “These types of routine regulatory requirements, although important, are not typically directed at the board. . .the fact that the company’s product facially satisfies regulatory requirements does not mean that the board has fulfilled its oversight obligations to prevent corporate trauma.” Plaintiffs also successfully pled a “red-flags” Caremark claim because there were facts demonstrating that the board knew of red flags relating to aircraft safety (e.g., crashes) but did nothing to investigate or address the problem, electing to follow management’s misrepresentations that the aircraft in question was safe to fly.

Expansion of the Duty of Oversight

Recently, in In Re McDonald’s Corporation Stockholder Derivative Ligation, the Delaware Court of Chancery held that this duty of oversight also applies to corporate officers.

The McDonald’s court provided several reasons for its conclusion — starting with the reasoning of Caremark itself. First, the court explained that the same seriousness with which corporation law views the role of directors extends to the role of officers. Even though corporations are managed by or under the direction of the board, the reality is that, in most corporations, the officers are the ones who are responsible for running the business of the corporation and who are responsible for important day-to-day operational decisions and supervising employees. Given these responsibilities and the reality that officers may be more informed (or at least in a position to be more informed) than directors, the court reasoned that there is greater reason to impose Caremark oversight duties on officers than directors.

Second, the board’s need for information, emphasized in the Caremark decision, leads to an obligation for officers to generate and provide that information. The McDonald’s court found that:

For relevant and timely information to reach the board, the officers who serve as the day-to-day managers of the entity must make a good faith effort to ensure that information systems are in place so that the officers receive relevant and timely information that they can provide to the directors. It follows that officers must have a duty to make a good faith effort to establish an information system as a predicate to fulfilling their obligation to provide information to the board.

Third, the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines does not stop at the board level – these guidelines specifically call on officers to undertake compliance and oversight obligations, and under the guidelines the officers (having operational responsibility) are expected to report to those above them on the effectiveness of compliance programs. In sum, the court concluded that Caremark’s three foundational premises for recognizing that directors owe a duty of oversight apply equally (if not more so) to officers.

In addition to the Caremark rationale, the McDonald’s court also noted that corporate officers owe the same duties of care and loyalty as directors and as the duty of oversight arises from those core duties, officers should owe a duty of oversight as well. Moreover, as agents, officers owe a duty to disclose relevant information that they know may affect the decisions of their principals. Before information/problems can be disclosed, it must be observed-overseen. Thus, for an officer/agent to fulfill its obligations to the board/principal, the officer must assume and satisfy a duty of oversight.

Notably, the court distinguished among officers with respect to the scope of the duty of oversight (and which is not necessarily the same scope as would apply to the board of directors). Thus, while a CEO likely has company-wide oversight, other officers are generally limited to particular areas of responsibility, which comes with a more limited oversight duty. Hence, officers generally will only be responsible for addressing or reporting red flags within their areas of responsibility (subject to possible exceptions, such as where a red flag is so prominent that any officer might have a duty to report it).

Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority. With a constrained area of responsibility comes a constrained version of the duty that supports an Information-Systems Claim. For example, the Chief Financial Officer is responsible for financial oversight and for making a good faith effort to establish reasonable information systems to cover that area. The Chief Legal Officer is responsible for legal oversight and for making a good faith effort to establish reasonable information systems to cover that area. The executive officer in charge of sales and marketing is not responsible for the financial or legal reporting systems. And of course, the board can tailor the officers’ obligations and responsibilities. . .

For similar reasons, officers generally only will be responsible for addressing or reporting red flags within their areas of responsibility, although one can imagine possible exceptions. If a red flag is sufficiently prominent, for example, then any officer might have a duty to report upward about it. An officer who receives credible information indicating that the corporation is violating the law cannot turn a blind eye and dismiss the issue as “not in my area.”

After concluding that officers owe a duty of oversight, the McDonald’s court held that the stockholder plaintiffs had successfully pled a Caremark claim against the former executive vice-president and global chief people officer of McDonalds. The complaint alleged facts that indicated the officer had knowledge of red flags relating to sexual harassment and other misconduct at the company, and that under his management, a toxic culture had developed at the company that allowed the misconduct to continue.

Duty of Oversight Under Pennsylvania Law

We have not identified an opinion of a Pennsylvania court that has expressly recognized a duty of oversight; however, it is likely that in a properly presented case a Pennsylvania court would find that directors, and also corporate officers, owe a fiduciary duty of oversight based on their fiduciary duties of care and loyalty owed to a Pennsylvania corporation.

The underlying principles that form a basis for the duty of oversight in Delaware also exist in Pennsylvania. First, Pennsylvania fiduciary duties are grounded on a similar framework as in Delaware, and the fiduciary duties of the officers as set out in the Pennsylvania Business Corporation Law (BCL) are the same as those of directors.

Section 1712 of the BCL provides the basic statement of the duties of directors:

A director of a business corporation shall stand in a fiduciary relation to the corporation and shall perform the duties of a director, including duties as a member of any committee of the board upon which the director may serve, in good faith, in a manner the director reasonably believes to be in the best interests of the corporation and with such care, including the skill and diligence that a person of ordinary prudence would use under similar circumstances and reasonable inquiry into those issues required by the statutes of this Commonwealth to be considered in the circumstances and those interests and factors … that the director considers appropriate.

While the standard for the fiduciary duties of officers is set out in a different section of the statute (Section 1734), it is essentially the same, except that the officer’s duty of inquiry is not limited to statutory matters, as has been the case for directors since the recent 2022 amendments to the BCL.

The other foundational premises cited by the Delaware Courts for recognizing the duty of oversight also apply, namely that boards of directors are responsible for managing corporations, and those boards delegate the day-to-day operations of the business to the corporate officers. Pennsylvania boards have the same need for information as those of Delaware corporations, and therefore, it is equally important for Pennsylvania officers to generate relevant information and provide it to the board. Accordingly, as in Delaware, there is a direct relationship between the shared need of directors and officers to have information about the company and the assurance that information systems are in place as a predicate to fulfilling their fiduciary obligations. Similarly, because officers of Pennsylvania corporations are also running the business, they too are well-positioned to identify red flags and capable of addressing or reporting them.

For these reasons, it would not be surprising for a court applying the BCL to conclude that officers as well as directors have a duty of oversight similar to that derived from the Caremark line of cases. It is worth noting, however, that the 2022 amendments to the BCL provide a limitation on the duty of inquiry for corporate directors that is not present under Delaware law. This could be a basis for limiting the directors’ obligation to investigate as to whether the corporation has adequate information or reporting systems. As a result of the recent amendment, the duty of reasonable inquiry for a director is limited to those issues required by the statutes of the Commonwealth to be considered in the circumstances and those interests and factors that the director considers appropriate. 

As noted above, the McDonald’s court left open the extent to which the duty of oversight of specific officers may be “context-driven.” This approach is similar to Pennsylvania law, which in a different context points out the while officers and directors may rely upon others for information used in their deliberations, what will constitute “justifiable reliance,” may depend on the officer’s role within, and knowledge of, the corporation. That is to acknowledge that not all officer’s roles are the same nor will every officer be privy to the same information.

It is important to reiterate that duty of oversight claims are brought as derivative claims. Thus, Caremark claims may not be brought directly by plaintiffs against officers or directors. The BCL provides, in relevant part, that a plaintiff must first demand that the board of directors bring an action and allow the corporation to respond before the plaintiff may commence a derivative action, unless the demand is excused. And unlike Delaware, where demand may be excused if it would be “futile,” under Pennsylvania law, demand is excused only if immediate and irreparable injury to the corporation would otherwise result.

If a plaintiff makes a demand that the board pursue a derivative claim, the board may decide to use a special litigation committee of board members or others (SLC) to investigate the claim and to determine or recommend to the board whether pursuing the claims asserted is in the best interests of the corporation. While the SLC must be comprised of disinterested individuals, the fact that a person is named as a defendant, does not disqualify them from serving as a member of a SLC if the claims against that person satisfy the following criteria:

1. Are based only on an allegation that the person approved of or acquiesced in the transaction or conduct that is the subject of the claims.
2. Do not otherwise allege with particularity facts that, if true, raise a significant prospect that the person would be adjudged liable.

If an SLC is appointed, and determines not to proceed with the action, the case will not proceed unless a reviewing court finds the members of the committee were not independent or did not satisfy their obligation to act in good faith, independently and with reasonable care.

Boards of Pennsylvania corporations may also want to consider another provision in the 2022 amendments to the BCL, which confirms that the shareholders of a corporation may exonerate its officers from liability to the corporation in the same way that directors may be exonerated (a concept that has been present in the BCL since 1988 but was expanded and clarified in response to similar action taken by Delaware). Pursuant to this amendment, a bylaw adopted by the shareholders may provide that an officer will not be personally liable, as such, for monetary damages for any action taken unless (subject to limited exceptions):

1. The officer has breached or failed to perform the duties of an officer under this subchapter.
2. The breach or failure to perform constitutes self-dealing, willful misconduct or recklessness.
   
   “Recklessness” conduct for these purposes involves a conscious disregard of a substantial and unjustifiable risk. The risk must be of such a nature and degree that, considering the nature and intent of the actor's conduct and the circumstances known to the actor, its conscious disregard involves a gross deviation from the standard of conduct that a reasonable person would observe in the actor's situation.

As a result, it is possible for a corporation to eliminate the potential liability of an officer for breach of a duty of oversight unless the breach constitutes self-dealing, willful misconduct or recklessness.

Key Points and Takeaways:

• In recent years there has been an increase in shareholders’ demands to have access to company books and records seeking to uncover potential misconduct. This trend is likely to continue and to expand to cover possible misconduct by officers.
• Corporations should anticipate a rise in demands by shareholders that the board pursue derivative litigation against officers, particularly with regard to allegations of misconduct similar to the sexual harassment that was at issue in McDonald’s. The McDonald’s case stressed that officers’ day-to-day roles and ability to act put them in a position to identify and report “red-flags” (which could prove for a slightly easier claim than against directors). Similarly, boards should expect an officer-based Caremark claim to be filed whenever there are serious allegations of misconduct against officers of a Pennsylvania corporation. Boards should also expect close scrutiny of their own responses to uncovering such misconduct and be mindful of the potential interplay between liability of officers and themselves.
• There is an increased risk of oversight claims against Chief Compliance Officers (and CEOs) because of the broader scope of their oversight portfolio. Unlike other officers, Chief Compliance Officers and CEOs have wide-ranging oversight over the entire organization. This potentially leaves them more vulnerable, especially in light of the statement in the McDonald’s case, that officers generally will be responsible for addressing or reporting red flags within their areas of responsibility, which for Chief Compliance Officers and CEOs encompass company-wide areas.
• Many boards of Delaware corporations have taken a “wait-and-see” to the adoption of officer exculpatory provisions. In light of the McDonald’s case and the more express authority in Pennsylvania facilitating officer exculpation, boards of Pennsylvania corporations may not want to sit on the fence too long but engage in a serious discussion whether such provisions make sense in their governance structure. In any event, this expansion of the duty of oversight has gotten the attention of the C-Suite in both Pennsylvania and Delaware.