Until the Delaware Court of Chancery issued its recent decision in In re McDonald’s Corp. Stockholder Derivative Litigation (“McDonalds”), it was unclear if claims for breach of the fiduciary duty of loyalty premised on a lack of oversight first established by In re Caremark International Inc. Derivative Litigation (“Caremark”) in 1996, with respect to directors, also applied to corporate officers of Delaware corporations. In McDonalds, the Delaware Court of Chancery pronounced, unequivocally, that “[t]his decision clarifies that corporate officers owe a duty of oversight. The same policies that motivated [the Delaware Court of Chancery in Caremark] to recognize the duty of oversight for directors apply equally, if not to a greater degree, to officers.”
Legal Background and Analysis
Under the Caremark test, as later adopted by the Delaware Supreme Court in Stone v. Ritter, liability to directors for failing to properly discharge their duty of oversight arises under two different “prongs” of the test, where either: “(1) directors utterly failed to implement any reporting or information system or controls; or (2) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”
- First Prong: Information System Claims. The court in McDonalds referred to the first prong as an “Information Systems Claim”, whereby “the board lacked the requisite information systems and controls”. To make an Information Systems Claim, the board must have consciously failed to make a good faith effort to establish a board-level information and oversight system designed to provide timely and accurate information and, at a minimum, address “essential and mission-critical” legal compliance. The validity of an Information Systems Claim does not depend on whether the oversight system was actually effective, but only whether the system existed and was monitored by the board.
- Second Prong: Red-Flags Claims. The McDonalds court referred to the second prong as a “Red-Flags Claim”, whereby “the board’s information systems generated red flags indicating wrongdoing and that the directors failed to respond.” The basis for liability requires a demonstration that (i) directors consciously disregarded evidence of red flag wrongdoing or misconduct in bad faith, and (ii) that the corporate trauma in question must be sufficiently similar to the red flag misconduct such that the board’s bad faith and conscious inaction proximately caused the trauma.
- Must Act in Bad Faith; Exculpation Unavailable. The McDonalds court found that the two prongs of the Caremark test would apply equally to officers and directors, but that the specifics of an officer’s duty is context-dependent, as discussed in more detail below. Regardless, under either prong of the Caremark test, directors and officers will only be liable for violations of the duty of oversight if a plaintiff can provide evidence that they acted in bad faith and, therefore, disloyally to the corporation.  This requires a showing of scienter, i.e., that the officer consciously failed to make a good faith effort to establish information systems or the officer consciously ignored red flags. As a practical matter, this means that Section 102(b)(7) of the Delaware General Corporation Law, which permits a Delaware corporation to include an exculpatory provision in its certificate of incorporation that eliminates the personal liability of a director or officer for breaches of certain fiduciary duties, will not apply to Caremark claims because Section 102(b)(7) specifically excludes bad faith misconduct and breaches of the duty of loyalty. See “Elimination of the Duty of Care in Delaware? Statutory Exculpation of Officers: Recent Amendment to Section 102(b)(7) of the Delaware General Corporation Law”.
- Applicability to Corporate Officers. The Court of Chancery in McDonalds then went on to explain how the situational aspects of a corporate officer’s duty of oversight may differ from that of the board of directors in a couple of important ways. For example, although the board has oversight duties regarding the whole corporation because it has “plenary authority” concerning the management of the corporation, a particular officer only has a duty to establish information systems and follow-up on red flags issues that comes within the scope of his or her authority and responsibility (e.g., a chief financial officer would be responsible for creating financial, but not human resources or legal, reporting systems and controls). The court then went on to note, however, that if a red flag is sufficiently material, then an officer may have a duty to report upward on such red flag even if it is outside of his her or her area of responsibility. From the McDonalds decision, it is unclear which officers of the corporation will be charged with a duty of oversight, i.e., if it will include all corporate officers or just senior officers. Based on language from the McDonalds opinion, a reasonable inference can be drawn that it applies to all corporate officers: “the officers are optimally positioned to identify red flags and either address them or report upward to senior officers [emphasis added] or to the board.” Section 142(a) of the Delaware General Corporation Law defines the term “officer” as “such officers with such titles and duties as shall be stated in the bylaws or in a resolution of the board of directors.” Further, in the matter of In re Walt Disney Co. Derivative Litigation, the Delaware Court of Chancery established a bright-line rule whereby officers and directors become fiduciaries only when they are officially installed, and receive “the formal investiture of authority that accompanies such office of directorship.” Taken together, the fiduciary duty of oversight would seem to apply only to those corporate officers specified in the bylaws or appointed by board resolution.
In the derivative shareholder lawsuit at issue in the McDonalds case, the plaintiffs did not allege that the Chief People Officer of McDonalds failed to make a good faith effort to establish information systems (i.e., an Information Systems Claim), and, instead, made a Red-Flags Claim by asserting that the Chief People Officer breached his duty of oversight by consciously ignoring red flags. In particular, the complaint cited statements from employees that the human resources function, under the supervision of the Chief People Officer, “turned a blind eye” to complaints about sexual harassment, including coordinated complaints filed by restaurant workers and a ten-city strike. Further, because the Chief People Officer also allegedly engaged in acts of sexual harassment, the court concluded that “it is reasonable to infer that the officer consciously ignored red flags about similar behavior of others.”
Practice Points Regarding Oversight Duties of Corporate Officers
In order to minimize exposure to liability for a breach of the duty of oversight by corporate officers, we recommend that management take the following actions:
- Each corporate officer should identify, at a minimum, the essential and mission-critical compliance with laws or regulatory mandates facing the company that are within the scope of the officer’s authority and establish a monitoring systems that timely and accurately brings this information to the officer’s attention. There may be heightened risk for a Caremark claim where risk to life or health or the company’s obligation to comply with positive laws or regulations are involved.
- Once the oversight system is in place, the officer should pay attention to any “red flag” issues that may evidence non-compliance, report that information to the officer’s superior(s), and take corrective actions, as needed, to address the red flag of non-compliance.
- Document all of the above actions, as litigation actions involving alleged breach of the duty of oversight are preceded by Section 220 books and records requests under the Delaware General Corporation Law. If this happens, one should be able to produce ample evidence that such officer made good faith efforts to properly execute his or her duty of oversight, including documenting: (i) that an oversight system was established, (ii) that the officer reviewed and discussed compliance issues, and (iii) that the officer followed-up on all red-flag issues, and addressed them, as needed.
 No. 2021-0324 (Del. Ch. Jan. 26, 2023). Caremark claims were officially adopted a decade later by the Delaware Supreme Court in Stone v. Ritter, 911 A.3d 362 (Del. 2006).
 698 A.2d 595 (Del. Ch. 1996)
 McDonalds at 1.
 Stone v. Ritter, 911 A.3d at 369.
 Id. at 370.
 McDonalds at 22 and 24.
 City of Detroit Police and Fire Retirement Sys. v. Hamrock, 2022 WL 2387653, at *12-14 (Del. Ch. June 30, 2022).
 McDonalds at 22.
 Hamrock, 2022 WL 2387653 at *20-21.
 McDonalds at 42. Although the McDonalds court did not opine on the matter (since the court was not ruling on the merits and, instead, was deciding on a motion to dismiss because the plaintiffs’ alleged failure to state a claim), it raises the important question of the standard of liability for officers subject to a duty of oversight claim. In Stone v. Ritter, the Delaware Supreme Court stated that a breach of the duty of loyalty, such as acting in bad faith, was a necessary condition to liability for directors for a breach of the duty of oversight. The Court of Chancery in McDonalds stated that “[t]here is room to debate whether the same loyalty-based framework that governs directors should apply to officers, or whether officers could be held liable for a failure of oversight caused by a breach of the duty of care. To state a care-based claim, a plaintiff would have to plead and later prove that the oversight failure resulted from gross negligence. For purposes of Delaware entity law, a showing of gross negligence requires conduct akin to recklessness.” McDonalds at 45.
 Id. at 51.
 McDonalds at 41-42. However, some officers, like the CEO, may have a company-wide level of authority similar to the board of directors.
 McDonalds at 42.
 McDonalds at 26-27.
 2004 Del. Ch. LEXIS 132 (Del. Ch. Sept. 10, 2004).
 The court when on to state that “a holding that officers did not owe oversight obligations would not be limited to derivative claims by stockholders. It would apply equally to a board’s ability to hold officers accountable. Denying a board of directors the ability to hold officers accountable for oversight failures would undermine the board’s statutory authority under Section 141(a) [of the Delaware General Corporation Law]. McDonalds at 35.
 McDonalds at 1.
 McDonalds at 3-4.