A C-suite title on your business card doesn’t just come with a cushy corner office. Since January’s blockbuster Delaware Chancery Court decision regarding toxic behavior at McDonald’s, it could also mean that you’ll bear the same oversight duty traditionally reserved for members of the board of directors. Bart M. Schwartz of Guidepost Solutions is currently the federally appointed monitor over the New York City Housing Authority, and Bonnie Jonas of Pallas Global Group is a former assistant U.S. attorney who helped prosecute former WorldCom CEO Bernie Ebbers. Schwartz and Jonas share their perspectives on the tectonic shift in corporate liability.
In a recent ruling prompted by what it called “reprehensible conduct” by the former chief people officer of McDonald’s, the Delaware Chancery Court has ushered a new era of liability into the C-suite. In In re McDonald’s Corporation Stockholder Derivative Litigation, the court held for the first time that Delaware law does, in fact, impose a duty of oversight on corporate officers comparable to the duty of oversight for directors, which was first articulated by the 1996 case In re Caremark International Inc. Derivative Litigation.
Stockholders of the company sued David Fairhurst, executive vice president and global chief people officer of McDonald’s, derivatively for breach of fiduciary duties, including the duty of oversight, by “allowing a corporate culture to develop that condoned sexual harassment and misconduct.” Plaintiffs argued that he breached his duty of oversight by consciously ignoring red flags regarding sexual harassment and misconduct at the company.
Despite being responsible for ensuring that “one of the largest employers in the world provided its employees with a safe and respectful workplace,” Fairhurst and the company’s former CEO, Steven Easterbrook, promoted what the court described as a party atmosphere and a boys club during their four-year tenure by participating in drinking excursions and engaging in inappropriate behavior with female employees. Easterbrook became known as a “player” who pursued intimate relationships with staff. During their tenure, the company faced employee walkouts at 30 restaurants and a 10-day strike by restaurant employees, which led to a request for information from Congress.
Notwithstanding the fast-food giant’s zero-tolerance policy for sexual misconduct, and at a perilous time for the company on the topic of sexual harassment, based on the recommendation of his mentor, Easterbrook, the board of directors nonetheless gave Fairhurst a “last chance,” the terms of which were outlined in a letter. During Fairhurst’s last-chance period, he co-led the company’s initiative to put in place significant remedial measures to address corporate problems with sexual harassment and misconduct. All the while, Fairhurst engaged in further misconduct and Easterbrook engaged in a prohibited relationship with an employee. Realizing that the proverbial fox had been guarding the henhouse all along, the board terminated both Fairhurst and Easterbrook for cause in 2019.
Podcaster and compliance expert Tom Fox digs into the details of a recent Delaware Chancery Court decision and how it could change everything for chief compliance officers.Read more
Changing liability landscape
Because of the outlandish conduct of these McDonald’s officers, liability under Delaware law has changed significantly for all corporate officers.
While Vice Chancellor J. Travis Laster’s decision in the McDonald’s case is sending chills — or, more accurately, warnings — to corporate officers, the court made clear that the scope of liability for corporate officers under the Caremark standard is context-driven and limited to particular areas of responsibility.
Corporate officers are required to make a good-faith effort to establish an information system that applies to their area of responsibility and a duty to address and report upward about red flags in that specific area, with the potential carve-out for reporting a particularly egregious red flag. The contours of the scope of liability for the CEO and other C-suite officers who have company-wide responsibilities, however, is less clear.
We believe the scope of liability for C-suite officers will be defined by duties and reliance. Clearly, the more responsibility a C-suite officer has, the more vulnerable they are. With respect to reliance, corporations historically have required employees who are not legally officers of the corporation to sign attestations that C-suite corporate officers rely on to meet Dodd-Frank Act and other regulatory mandates.
In a 2019 order against Facebook, for example, the FTC imposed attestation requirements on compliance officers with respect to Facebook’s privacy program. Indeed, in connection with the acquisition of a company that one of the authors of this piece, Bart M. Schwartz, founded decades ago, Bart attested annually to the accuracy of the information provided to the CFO, which formed the basis for reports issued by the CFO. Bart, in turn, asked for similar attestations from employees who reported to him.
Going forward, the actions officers need to take to establish good faith in conducting oversight responsibilities will ultimately be determined through litigation. Past practices, such as attestation requirements, do provide some guidance. It is incumbent on companies to encourage a speak-up culture and escalate issues, including red flags. To do that, companies need to double down on their training efforts for supervisors to augment the ability to spot red flags. For some companies, there are inherent conflicts with certain executives leading investigations or initiatives, even when the conduct is not as egregious as in the McDonald’s case. It becomes even more important to rely on independent third parties to help companies identify, analyze and remediate any red flags long before they create an existential threat to the company and its executives and officers.
These efforts will enable companies to demonstrate credibly to their employees and other stakeholders that the goal is not just technical, regulatory compliance but building and maintaining a healthy, values-based culture where corporate officers set examples for their employees and live the values they preach.
That is where the breakdown at McDonald’s occurred. C-suite officers, including the CEO, engaging in egregious sexual misconduct as they are leading the company’s efforts to combat that very misconduct company-wide evidences a deep cultural problem, notwithstanding the words written in compliance manuals or titles given to the head of HR.
Creating a values-based culture where there are no foxes guarding the henhouse is best built collaboratively, not through authoritarian relationships or overly rigid organizational structures. Influencing culture is a multi-faceted project, tied to recruitment, onboarding and succession planning, among other things. Successful values-based compliance programs remain flexible to handle organizational pain points like a changing business strategy or reorganizations. A company with a strong values-based culture will remain more stable over time and will enjoy increased productivity and employee retention.
A well-planned program that gives personnel the incentives and confidence to ask questions, seek advice and call out conduct that does not live up to the values both written and lived, is a major step toward identifying issues before they become deep-rooted problems. Actions that are reinforced are usually repeated. And taking these measures sets out a path for executives and others to demonstrate their good faith, which will protect them, the company, and ultimately the board from McDonald’s and Caremark liability.