Podcast: Delaware Law & Officer Liability

We have another Radical Compliance podcast today, this time talking about that recent Delaware Chancery Court ruling that opens the door to more personal liability risks for chief compliance officers and other corporate executives. 

To parse the implications of that ruling I called up Todd Haugh, professor of business ethics and law at Indiana University. Haugh writes and speaks about all manner of corporate law issues, including this Delaware ruling. We chatted about how the ruling might work in practice, who might be covered by it, and how much compliance officers really should (or should not) worry about personal exposure here. 

You can hear the full podcast in the player below. Further down are some of my own thoughts about the issues Haugh raised. 

First, some background on the case itself. The former head of HR for McDonalds, named David Fairhurst, was accused of allowing a sexually harassing culture to persist at McDonalds for years in the 2010s — a case where the former CEO was fired amid allegations of improper conduct, and even Fairhurst himself was accused of improper activity.

Unhappy shareholders sued Fairhurst. He claimed that he wasn’t liable for those failures because under Delaware corporate law, only board directors have a “duty of oversight” over corporate behavior. The court ruled against him, holding that corporate officers also have a duty of oversight. The lawsuit against Fairhurst is proceeding.

So how might that duty of oversight apply to compliance officers? What steps should you take to fulfill your duties, and what mistakes or failures of oversight could expose you to personal legal liability? That’s what Haugh and I discussed.

‘We Don’t Know’

First, the frustrating thing about this ruling is that while the Chancery Court articulated a straightforward, common sense principle, compliance officers still have precious little sense of how that principle will work in practice. 

For example, the court declared that corporate officers must make “a good-faith effort to put in place reasonable information systems” to obtain the information necessary to do his or her job. Exactly what constitutes a good-faith effort or a reasonable information system? We don’t know.

Along similar lines, the court also declared that a corporate officer cannot “consciously ignore red flags indicating that the corporation was going to suffer harm.” Well, what does that mean? To whom must the compliance officer report, and how often or how zealously? We don’t know.


Haugh did point compliance officers to one useful context clue. Several weeks after the Chancery Court used the shareholder lawsuit against Fairhurst to establish the principle of officer liability, the court dismissed a related shareholder lawsuit against McDonald’s board of directors. In that second ruling, Judge Travis Laster (who also heard the first lawsuit against Fairhurst) reasoned that because the board ultimately fired the CEO, directors had exercised their duty of oversight; so no lawsuit against them. 

What matters to compliance officers isn’t whether Laster reached the right answer about the board. What matters is everything else in his 79-page ruling, which is crammed with examples of what proper oversight looks like: internal reporting mechanisms, training reforms, and the like. 

“It’s a lot of the same things that traditional compliance programs have,” Haugh told me. So if compliance officers work to implement those measures — which, really, are the same measures any self-respecting compliance program would have in place anyway — “they’re probably going to be OK.” 

Still, we’re guessing here.

Liability Does Makes Sense

Haugh also laid out the history of director and officer liability in Delaware corporate law, and the hugely consequential Caremark ruling from 1996 that first defined directors’ liability. 

The Caremark ruling matters because you can’t have director liability without some degree of corporate officer liability, too. Indeed, Haugh said, officer liability is a necessary precursor to director liability; boards can’t do their job evaluating risks unless officers have first done theirs gathering information to present to the board.

So in that sense, nobody should be surprised that the Delaware Chancery Court arrived at the ruling it did for corporate officers. Officer liability was also there as a subtext to the original Caremark decision; Laster’s ruling just hauled it onto the printed page as plain text for all to see.

The question now is how corporations respond to that new clarity around officers’ liability. Perhaps we should look to the original Caremark ruling. Once directors understood that they could face personal liability for ignoring their duty of oversight, they began to push for more formal compliance programs. 

The same thing might happen now for corporate officers. “When you make it very explicit” that CCOs might have personal liability, Haugh said, “that potentially can super-heat compliance efforts.” 

Remain Calm, People

Let’s be honest. What compliance officers fear the most is the idea that senior management gives you an under-resourced, marginalized compliance program, and then you somehow end up getting sued by shareholders when that weak program fails to prevent a compliance violation.

CCO liabilityThat’s not really what this McDonald’s case was about. Fairhurst had multiple, credible allegations of sexual harassment against him. He was also best buds with the former CEO Stephen Easterbrook, who engaged in similar behavior and led a frat house culture at McDonald’s. So it’s easy to see why Fairhurst failed at his duty of oversight — but I don’t know how often other compliance officers, who aren’t as unsavory as Fairhurst, might meet the same fate. 

Haugh stressed that point too. Fairhurst didn’t respond to repeated red flags; and essentially was a walking red flag himself. “Those are many egregious facts that most compliance officers aren’t likely to face,” Haugh said. 

Quite so. Which means that in most cases, compliance officers will still have lots of protection under the Caremark standard for duty of oversight. After all, McDonald’s board was no paragon of governance and probity in this mess either, and directors still couldn’t be held liable because they did take at least one action (firing Easterbrook). 

“You can take solace in the high bar that has always been the case with Caremark claims overall,” Haugh said.  

Then again, he added, “Lawyers are creative people, and we do like to sue.” So who knows? 

Leave a Comment

You must be logged in to post a comment.