On January 25, 2023, in In re McDonald’s Corporation Stockholder Derivative Litigation, Vice Chancellor Travis Laster of Delaware’s Court of Chancery denied a motion to dismiss a derivative lawsuit against David Fairhurst, McDonald’s former executive vice president and global chief people officer. McDonald’s stockholders alleged that Fairhurst violated his fiduciary duties by “allowing a corporate culture to develop [at McDonald’s] that condoned sexual harassment and misconduct.” Fairhurst moved to dismiss based on the argument, among others, that corporate officers, unlike directors, owe no fiduciary duty of oversight as Delaware courts have interpreted that duty since the 1996 decision in In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959 (Del. Ch. 1996). Vice Chancellor Laster rejected that argument and found explicitly for the first time that the Caremark duty of oversight applies to corporate officers just as it does to directors. Another first is the finding that allegations of sexual harassment can state a claim for breach of the duty of loyalty. While these findings come in the fact-specific context of a years-long scandal related to the company’s “toxic” corporate culture, they nonetheless should serve as a wake-up call for corporate officers.
McDonald’s stockholders filed their derivative lawsuit in April 2021, alleging that the company’s directors and officers, including Fairhurst, had breached their fiduciary duties and wasted corporate assets. The complaint stemmed from a years-long scandal related to the company’s “toxic” corporate culture, which itself produced regulatory investigations, investor lawsuits, and even a US Senate probe. Most recently, the SEC settled its enforcement action against former McDonald’s CEO Stephen J. Easterbrook and McDonalds related to alleged misstatements that Easterbrook made about the circumstances of his departure from the company.
In his role as executive vice president and global chief people officer of McDonald’s, Fairhurst was accused of failing in his duty to effectively run McDonald’s HR department so as to prevent workplace misconduct and harassment. He was also accused of sexually harassing female employees himself. Plaintiffs detailed a long list of “red flags” that Fairhurst allegedly either ignored or was responsible for, including a “party atmosphere” at McDonald’s corporate headquarters in which male employees routinely engaged in inappropriate behavior toward female colleagues, often at alcohol-fueled corporate events. According to the complaint, Fairhurst had a reputation for flirting with female employees, and then-CEO Stephen Easterbrook was widely known for pursuing intimate relationships with company employees. Fairhurst’s HR department allegedly failed to put a stop to these activities, and many employees said they feared retaliation for reporting complaints to HR. Fairhurst himself allegedly engaged in at least one reported act of sexual harassment, as well as another act of harassment that was not reported at the time.
McDonald’s faced increasing scrutiny over its workplace environment, and company workers scheduled one-day strikes and walkouts, coordinated complaints with the Equal Employment Opportunity Commission (EEOC), and eventually brought employment-related lawsuits against McDonald’s. McDonald’s terminated Fairhurst’s employment with cause in November 2019 shortly before the first employee lawsuit was filed.
In this derivative case, plaintiffs had two arguments as to Fairhurst: first, that he ignored red flags about sexual harassment at the company, directly contributing to the eventual harm dealt to McDonald’s in the form of litigation and reputational damage; and second, that he himself violated his fiduciary duty of loyalty to the company by sexually harassing female employees. The court held that the plaintiffs adequately pleaded breach of fiduciary duty against Fairhurst on both grounds.
Application of Caremark to Corporate Officers
In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959 (Del. Ch. 1996), established that directors’ fiduciary duties include the duty of oversight. This oversight duty requires directors to ensure that effective information and reporting systems exist within a company so the management and board of directors can “reach informed judgments concerning both the corporation’s compliance with law and its business performance”; and a duty not to ignore red flags indicating wrongdoing. In practice, Caremark claims are difficult to plead and prove because plaintiffs must support such claims with facts to suggest that the defendant acted in bad faith by either (a) “utterly fail[ing] to implement any reporting or information system or controls,” or (b) implementing such a system or controls but “consciously fail[ing] to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”
In McDonald’s, the court observed that the Caremark duty of oversight “appl[ies] equally, if not to a greater degree, to officers”:
This decision clarifies that corporate officers owe a duty of oversight. The same policies that motivated Chancellor Allen to recognize the duty of oversight for directors [in Caremark] apply equally, if not to a greater degree, to officers. The Delaware Supreme Court has held that under Delaware law, corporate officers owe the same fiduciary duties as corporate directors, which logically includes a duty of oversight. Academic authorities and federal decisions have concluded that officers have a duty of oversight.
Recognizing that neither the Delaware Supreme Court nor the Delaware Court of Chancery had explicitly extended the duty of oversight to corporate officers, the court analyzed each of the reasons supporting the Caremark decision before confirming that the duty also applies to officers. The court found that as with directors, officers’ duty of oversight is supported by the “seriousness with which the law takes the role” and the need for “actionable information” for officers to make decisions in their own right. This is particularly so, given that “nondirector officers may have a greater capacity to make oversight and strategic decisions on a day-to-day basis.”
An officer’s role vis-a-vis the board was another important factor in the court’s analysis. “Officers are an essential link in the corporate oversight structure,” and providing upward information and identifying red flags to the board are “indispensable parts of an officer’s job.” In order to provide such information to the board, officers “must make a good faith effort to ensure that information systems are in place so that the officers receive relevant and timely information that they can provide to the directors.” The court recognized that the oversight duty could apply differently to different actors in the same instance, and suggested that an officer’s breach of the oversight duty could shield directors from oversight liability if the directors “did not have reason to know” that an officer “was not providing adequate oversight.”
McDonald’s makes clear that the scope of an officer’s oversight duty is not boundless. A specific officer’s duty of oversight will vary in accordance with that officer’s role and responsibility within the company. For a CEO or CCO, the responsibility is companywide. For other officers, however, the duty is more limited:
[O]fficers generally will be responsible for addressing or reporting red flags within their areas of responsibility, although one can imagine possible exceptions. If a red flag is sufficiently prominent, for example, then any officer might have a duty to report upward about it. An officer who receives credible information indicating that the corporation is violating the law cannot turn a blind eye and dismiss the issue as “not in my area.”
In addition, while the court’s opinion indicated some willingness to implement a gross-negligence standard for oversight claims against officers—noting that officers are full-time employees with greater exposure to company operations—the court ultimately applied the same bad-faith standard as in Caremark claims against directors. An officer can be liable for oversight violations only “if a plaintiff can prove that they acted in bad faith and hence disloyally.” In this context, bad faith means that “[t]he officer must consciously fail to make a good faith effort to establish information systems, or the officer must consciously ignore red flags.”
After clarifying that officers have oversight duties and defining the scope of those duties, the court then turned to the allegations concerning Fairhurst’s role in “permitting a toxic culture to develop at the Company that turned a blind eye to sexual harassment and misconduct.” The court emphasized the significant number of red flags alleged — including the “party atmosphere,” allegations of HR nonresponsiveness to workplace complaints, employees’ fear of retaliation, and Fairhurst’s own alleged sexual harassment of female employees — as well as the walkouts, strikes, employment litigation, and congressional investigation. The court then found that plaintiffs adequately alleged that Fairhurst acted in bad faith by “consciously ignoring red flags.” Fairhurst’s own alleged involvement in the harassment was critical to this conclusion: “When a corporate officer himself engages in acts of sexual harassment, it is reasonable to infer that the officer consciously ignored red flags about similar behavior by others.”
Harassment Is a Breach of Fiduciary Duty
Equally groundbreaking is the holding in McDonald’s that “fiduciaries violate the duty of loyalty when they engage in harassment themselves.” Corporate officers “are not permitted to use their position of trust and confidence to further their private interests,” according to the court, and “a CEO or other corporate officer who uses a position of power to harass, intimidate, or assault employees clearly acts for a purpose other than that of advancing the company’s interests.” Harassment is per se not in the company’s best interests. As a result, fiduciaries who engage in harassment are violating their duty of loyalty by “violating company policy, violating positive law, and subjecting the Company to liability”:
If an officer or director personally engages in acts of sexual harassment, and if the entity suffers harm, then either the governing body of the entity (or, if necessary, a plaintiff acting properly on its behalf) should be able to assert a claim for breach of fiduciary duty in an effort to shift the loss that the entity suffered to the human actor who caused it.
Sexual harassment is bad faith conduct. Bad faith conduct is disloyal conduct. Disloyal conduct is actionable.
The court preemptively addressed the concern that this ruling would expand the scope of liability of corporate officers: “A flood of new employment-style claims seems unlikely” because “[t]he claim is not one that a victim has standing to bring against a solvent corporation” and “[a] claim for breach of fiduciary duty is also not duplicative of other remedies.”
Takeaways for Companies and Their Officers
Looking ahead, the decision raises several questions about how courts will interpret and apply McDonald’s. While the decision articulates the clear limits that make Caremark claims difficult to plead, there are significant unknowns about how this duty will be applied to corporate officers. Among other things, it is unclear how courts will distinguish between red flags relevant to only some officers and red flags that are “particularly egregious” and thus implicate a breach of duty for an officer even if outside their role. It also remains to be seen how oversight duty claims against directors and officers will relate, such as whether the same facts will be considered “red flags” for both officers and directors or whether directors could push oversight claims onto officers.
The decision also raises a real possibility that issues that have traditionally been treated as employment matters may now become issues of fiduciary duty as well. While this decision may cause companies to consider the recent expansion of Delaware law to allow for officer exculpation from personal liability for monetary damages in connection with certain breaches of their fiduciary duties, such exculpation likely would not offer protection for oversight or sexual harassment fiduciary-duty claims, because officers cannot be indemnified against claims arising from breaches of the duty of loyalty and “acts not in good faith or that involve intentional misconduct.”
Despite some unknowns, the decision at a minimum is a good reminder for companies to consider how they assess their risk monitoring, reporting, and compliance functions, and to properly document monitoring, reporting, and compliance in preparation for, among other things, potential shareholder requests for books and records and derivative litigation:
- Conduct an assessment of principal risks to the business, including individual officer assessments of their own areas of oversight.
- Ensure that a robust compliance system is in place, including policies that are keyed to mission-critical risks.
- Monitor compliance, including having individuals report up to relevant supervisors on how risks are being addressed and whether any compliance problems exist.
- Keep a full record of past and ongoing monitoring, including records of who reports to whom, how often such reports are made, and what was reported.
- Do not ignore red flags—take reports of noncompliance or other risk-generating behavior seriously.
- Promptly elevate issues to the board (or other officers) and keep directors (or other officers) apprised of ongoing risks and steps that the company is taking to mitigate those risks.
Goodwin attorneys across multiple practice areas are focused on and available to advise about the implications of both this decision and the recent SEC enforcement action against McDonald’s, including what they mean for public companies’ approach to employment, compensation, disclosure, fiduciary duties, and other issues arising from claims of sexual harassment.