Chancery Expands Caremark Parameters—but Dismisses Claims Against McDonald’s Directors Because They Took Action to Address Sexual Harassment Once They Learned of It

In In re McDonald’s Corp. Stockholders Derivative Litigation (Mar. 1, 2023), the Delaware Court of Chancery, at the pleading stage of litigation, dismissed the derivative claims, brought against former and current directors of McDonald’s Corp., that alleged the directors had failed to fulfill their duty of oversight with respect to rampant sexual harassment at the company. Vice Chancellor Laster agreed with the plaintiffs that “red flags” had put the board on notice about the problem; but the Vice Chancellor dismissed the claims on the grounds that, once the directors had learned of the problem, they took action to address it (albeit arguably deficient action).

In an earlier decision in the case (issued Jan. 25, 2023), Vice Chancellor Laster had rejected dismissal of the Caremark claims asserted against McDonald’s former head of human resources, David Fairhurst, with respect to his alleged lack of oversight of the sexual harassment problem (and his own alleged sexual harassment an misconduct). Immediately following the dismissal of the claims against the directors, however, the Vice Chancellor granted dismissal of the claims against Fairhurst, as the plaintiffs had not made demand on the board to bring the claims against Fairhurst and, given that the directors faced no liability and were independent and not self-interested, the plaintiffs could not establish that demand would have been futile.

Key Points

• On the one hand, McDonald’s appears to expand the potential for Caremark liability beyond the parameters many legal analysts had understood to apply. In the two decisions issued in the case, the court has articulated or clarified, for the first time, that: (i) Caremark duties of oversight apply not only to directors but also to officers; (ii) Caremark duties apply not only to a company’s “mission critical risks” but, depending on the facts, may apply to other key risks even if not rising to the level of “mission critical”; and (iii) sexual harassment and similar issues—and, indeed, “maintaining workplace safety” and “tak[ing] care of the corporation’s workers”—are mission critical risks for companies.
• On the other hand, however—and perhaps most importantly as a practical matter— McDonald’s reinforces that there is a high bar to a finding of Caremark liability. The court emphasized that it is only when directors or officers act in bad faith that Caremark liability arises. The court stressed that directors or officers who acted to address a problem of corporate misconduct once they learned of it generally would not be deemed to have acted in bad faith, even if the actions they took were insufficient or reflected poor decision-making (so long as they were not so off the mark as to suggest bad faith).

• Caremark claims against officers likely will be dismissed (based on a demand futility defense) if Caremark claims against the board are dismissed. Once the court dismissed the Caremark claims against the McDonald’s board, the court also dismissed the claims against Fairhurst, although the court had previously ruled that the plaintiffs had stated valid claims against Fairhurst. The plaintiffs had contended that demand would be futile as a majority of the board faced a substantial risk of liability for the claims made against them that were closely intertwined with those made against Fairhurst. With the decision granting dismissal of the claims against the directors, the court held that demand futility had not been established.

Background. After the board installed Stephen Easterbrook as CEO of McDonald’s, he promoted Fairhurst to be Executive Vice President and Global Chief of People (i.e., head of the human resources function). Allegedly, Easterbrook and Fairhurst were very friendly with each other and together engaged in and promoted a party-type atmosphere, with excessive drinking and sexual harassment, at the company and its restaurants. In October 2016, more than a dozen company employees filed complaints with the EEOC alleging sexual harassment and retaliation. That same month, company employees engaged in a walkout in over thirty U.S. cities to draw attention to the EEOC complaints. In May 2018, the company faced a second round of similar EEOC complaints; and, in September 2018, company employees from ten cities organized a one-day strike to protest sexual harassment at the company—which events were covered in the national media and, in December 2018, prompted inquiries to the company from a U.S. Senator.

Also in December 2018, the board received reports the Fairhurst had engaged in sexual harassment and assault against employees, which acts had been verified by the company’s Compliance Department. The board’s Audit Committee, following Easterbrook’s recommendation, made an exception to its zero-tolerance policy for sexual harassment and, instead, permitted Fairhurst to continue in his position, but cut his bonus and had him sign a letter in which he acknowledged that his conduct had violated company policy and harmed the company and he agreed that he would cease the misconduct. In late 2019, the board, after learning that Easterbrook had been engaged in more prohibited relationships with company employees than the board had known about, negotiated a separation agreement with him and terminated his employment without cause. After learning that Fairhurst was continuing to engage in sexual harassment, the board terminated his employment for cause. Starting at the end of 2018, the management (including Fairhurst) and the board addressed the sexual harassment problem at the company.

Company employees brought class action lawsuits alleging systemic, pervasive problems with sexual harassment (including assault and rape); a general lack of sexual harassment training; general refusal of the human resources department under Fairhurst to help workers relating to these issues; and retaliation against employees making complaints. Employee surveys indicated that more than 75% of women employees (and even higher numbers at corporate-owned restaurants as compared to franchised restaurants) had suffered sexual harassment at the company and most had also been subject to retaliation for reporting it.

In a January 2023 decision in the case, Vice Chancellor Laster, at the pleading stage, rejected dismissal of Caremark claims against Fairhurst. In this most recent decision, the Vice Chancellor dismissed the Caremark claims against the directors. Immediately following this decision, the court also dismissed the claims against Fairhurst for failure to plead demand futility.

Discussion

“Red flags” had put the board on notice about the sexual harassment problem at the company. The court viewed the following as constituting “red flags”:

• the second round of EEOC complaints; the ten-city strike by employees to bring attention to the company’s sexual harassment problem; and the letter from a U.S. Senator inquiring about the problem—which together constituted a “collective red flag”; and
• Fairhurst’s own sexual harassment coming to light—which, standing alone, constituted an “indisputable red flag.” (The court wrote: “When the head of human resources has engaged in multiple acts of sexual harassment, that is enough to put directors on notice of problems in the human resources area.”)

The board acted to address the sexual harassment problem once it learned of it. The court cited the following actions:

• In January 2019, management reported to the board’s Strategy Committee about the issue and advised that teams of employees were proactively working to modify and improve policies and training programs on sexual harassment and creating a safe workplace.
• In May 2019, management reported on these issues to the full board.
• In June 2019, with management’s participation, the Strategy Committee met to discuss the sexual harassment issues and the actions being taken to address it, including a review and revamping, with outside expert assistance, of the company’s training programs; a new hotline for employees; a shared values commitment to be signed by franchisees; a best practices guide for franchisees for maintaining a safe and respectful work environment; listening sessions to promote continuous improvement; and an end to the company’s mandatory arbitration policy for harassment and discrimination claims.
• In September 2019, the board received an update on the company’s enterprise risk management that identified a “Respectful Workplace” as a “New Risk Theme” at the “Top Tier 2” level.
• In November 2019, when the board learned of Easterbrook’s improper relationship with an employee, the board terminated him (albeit without cause); and, when it learned that Fairhurst had again engaged in sexual harassment, it terminated him (with cause).

There was no basis on which to infer bad faith by the board. The court emphasized that Caremark liability will not arise for directors or officers unless the failure of oversight involved bad faith. Bad faith, in the Caremark context, involves a conscious, knowing, and intentional disregard of oversight duties. Even if such actions arguably were insufficient or reflected bad decision-making, Caremark liability will not arise unless the board takes actions that are so far beyond the bounds of reasonable judgment as to suggest bad faith. The court acknowledged that there was some evidence “suggesting that the [board’s] interventions in 2019 did not fix the problem.” But fixing the problem “is not the test,” the court wrote. “Fiduciaries cannot guarantee success, particularly in fixing a sadly recurring issue like sexual harassment. What they have to do is make a good faith effort.” In this case, the directors “responded to the red flags regarding the toxic culture”; and, “[b]ecause of the effort they made, it is not possible to infer that the Director Defendants acted in bad faith.”

Certain questionable board actions did not indicate bad faith. The plaintiffs contended that several of the board’s decisions indicated bad faith—namely, elevating Easterbrook to the CEO position (when the board knew at the time that he was engaged in an improper relationship with an employee); after learning about Fairhurst’s sexual harassment and misconduct, giving him several chances rather than terminating him (notwithstanding the company’s zero-tolerance policy on sexual harassment); and exercising discretion to terminate Easterbrook without cause (which resulted in his receiving a substantial severance payment). The court disagreed, stating that these decisions were “classic business judgments” as to which a majority-independent board was entitled to a presumption of good faith unless the decisions lacked any rationally conceivable basis. At worst, the court stated, the decisions may have implicated the directors’ duty of care, but even if so there would not be any actionable claims as the company’s charter exculpated directors from liability for duty of care violations.

The board’s separation agreement with Easterbrook did not constitute “corporate waste.” In addition to their claim that the separation agreement indicated bad faith, the plaintiffs contended that the agreement constituted corporate waste as it permitted Easterbrook to receive separation benefits, including a substantial severance payment, notwithstanding his misconduct. A transaction constitutes waste when it is so one-sided that no rational person acting in good faith could approve it. The court explained that the decision to enter into the agreement was within the purview of the board’s business judgment and “[did] not suggest a decision so extreme as to be inexplicable on any basis other than bad faith.” The court noted that the company obtained “meaningful corporate benefits” from the agreement—namely, ending the tenure of a CEO who had engaged in an improper relationship; securing the CEO’s swift exit and a letter of apology; a release of potential claims by him against the company (without giving him a release); his committing to cooperate with the company on post-termination matters; his agreeing to non-competition, non-solicitation and non-disclosure provisions; and the likelihood of avoiding litigation with him that would have highlighted the sexual harassment problem at the company that the company was trying to put behind it.

The court stated that (contrary to a commonly held view) Caremark duties do not apply only to “mission critical risks.” The phrase “mission critical risks” has acquired “talismanic importance in the aftermath of Marchand v. Barnhill,” the court stated. However, the court emphasized that in Marchand (2019) the Delaware Supreme Court stated that while the Caremark doctrine “may require more,” it “at least” requires attention to “central compliance risks"; and the Supreme Court held in that case that food safety was a “central compliance risk” for the ice cream manufacturer involved because it was “essential and mission critical” to producing and selling ice cream. Vice Chancellor Laster stated in McDonald’s that, although, based on Marchand, it is fair to infer that “all ‘essential and mission critical risks’ qualify as ‘central compliance risks,’ it is also possible that some ‘central compliance risks’ may not reach the level of ‘essential and mission critical.’” In other words, the court explained, just because Caremark liability attaches to mission critical risks does not rule out that it may also attach to central compliance risks that are not mission critical. “The extent to which [a Caremark claim that a board failed to put into place a reporting and monitoring system] might extend to other risks depends on the facts,” the court wrote.

Further, the court noted that McDonald’s, unlike Marchand, involved a Caremark claim relating to ignoring red flags about potential harm to the corporation (a “Red-Flags Claim”) rather than a Caremark claim relating to the failure to put an oversight system in place (an “Information Systems Claim”). “The Marchand decision actually holds that when directors fail to make any effort to establish an information system to address central compliance risks, then that failure supports an inference of bad faith,” the court wrote. In the Red-Flags Claims context, the court stated, the concept of central compliance risks plays a different role. In this context, the issue is whether the defendant directors or officers consciously ignored corporate misconduct that they knew about. The mission critical concept is relevant in this context, the court stated, in that, “all else equal, if a red flag concerns a central compliance risk, then it is easier to draw an inference that a failure to respond meaningfully resulted from bad faith.” But that does not mean that directors and officers “can ignore red flags about other risks,” the court stated. “[A] Red-Flags Claim is not dependent on the signal [i.e., the red flag)] relating to [a]…mission critical risk” and “[t]he plaintiffs [in McDonald’s] therefore were not obligated to plead that the red flags associated with the Company’s culture of sexual harassment and misconduct involved a mission critical risk….”

In any event, the court found it “easy to draw a pleading-stage inference” that “maintaining employee safety” is mission critical for companies. “Assuming that hurdle [(of sexual harassment and misconduct being a mission critical risk)] did exist, the plaintiffs cleared it,” the court wrote. “It is easy to draw a pleading-stage inference that maintaining employee safety is…mission critical.” The court explained: “Fiduciaries must act in good faith to maximize the value of the corporation over the long-term…. Employees perform the work that affects the value of the corporation. To remain true to the fiduciary principle and build value over the long term, corporate fiduciaries must take care of the corporation’s workers.” More specifically, the court stated that “[s]exual harassment and misconduct render the workplace unsafe…[and] can result in serious injury to the corporation…[, including by] jeopardiz[ing] the corporation’s relationship with…employees, creat[ing] a risk that customers and clients will defect to competitors, and subject[ing] the corporation to potential liability under state and federal law.” In addition, the court noted that, in this case, McDonald’s internal documents (discovered in the plaintiff’s Section 220 investigation) reflected that the company itself, once it began to address the sexual harassment and misconduct issue, presented it in various corporate materials as a mission critical risk for the company. “The court does not have to infer that sexual harassment and misconduct constituted a mission critical risk. The Company said it,” the court wrote.

When the court dismisses Caremark claims against directors, it will be likely that Caremark claims against officers will be dismissed as well based on a demand futility defense, even if the claims against the officers otherwise would have been actionable. The court had found in its January decision in the case that the Caremark claims against Fairhurst were well pled. Unlike the directors who, the court found, took action to address the sexual harassment problem once they learned of it, Fairhurst knew about the problem but did nothing about it until the board got involved—notwithstanding that he was the specific person responsible for overseeing and preventing sexual harassment at the company; that allegedly he himself promoted the toxic culture that led to the rampant sexual harassment; and that allegedly he himself had participated in the sexual harassment. (See here the Fried Frank Briefing on the January decision relating to Fairhurst.) Nonetheless, once the court ruled that the directors faced no potential liability under Caremark, the court dismissed the claims against Fairhurst as well. The court noted that the plaintiffs had not made demand on the board to bring the Caremark claims (which are derivative claims on behalf of the corporation) against Fairhurst; and that such demand was required unless demand would have been futile. The plaintiffs had contended that demand would have been futile as a majority of the board could not have responded in a disinterested manner as they faced a substantial risk of liability for the claims made against them that were closely intertwined with those made against Fairhurst. The court wrote that, with the decision granting dismissal of the claims against the directors, “the road to establishing demand futility that the plaintiffs sought to travel is closed.” Notably, in the January decision, the court observed that the demand futility defense would present a significant obstacle to plaintiffs’ success on Caremark claims against officers.

Practice Points

• A board and management should not ignore red flags of corporate misconduct and should act to address the misconduct, whether it relates to a “mission critical” risk or not. The clearer the red flag, the more it relates to a mission critical-type of risk, and the less the board or the officers do to address the problem, the greater the potential for liability under Caremark.
• A board and management should pay attention to corporate misconduct that jeopardizes employees’ welfare. It is unclear what the implications will be of the court’s holding that “taking care of the corporation’s workers” is a mission critical risk for companies. Clearly, companies should review, update, and monitor their policies, processes, and training relating to sexual harassment (and similar risks, such as discrimination) to ensure that current best practices are in effect and being enforced. Those officers who have direct responsibility for employee welfare, and those officers or directors who themselves engage in misconduct within the sphere of their own oversight responsibility, will face a higher risk of potential liability under Caremark. (We note also that the January decision in McDonald’s indicated that an officer or director who engages in sexual harassment—or, potentially, we would note, violation of other company policies—such that the company is harmed, may have liability for a duty of loyalty violation, apart from liability under Caremark for a failure of oversight duties.)
• A board and management should keep in mind the risks associated with departing from an existing zero-tolerance policy with respect to sexual harassment or similar policies. A board generally should consider, and document, its reasons for making an exception to a zero-tolerance policy. In addition, when entering into a separation agreement with an officer who is being terminated for misconduct under any such policy, the company should seek to ensure that any such agreement provides meaningful corporate benefits (which may include a likelihood of avoiding litigation with the employee, as well as the employee’s waiver of potential claims and the employee’s agreement to non-compete, non-solicitation, and/or non-disclosure provisions).
• With respect to general Caremark-related best practices: Risk management considerations should be a corporate priority and should be integrated into the company’s corporate strategies and decision-making generally. Generally, a board should: be active in establishing the effective management of key risks as a corporate priority; identify the key risks facing the company and delegate responsibility for oversight of these risks to specific board committees; consider setting a regular schedule for reporting from management on key risks and be proactive in seeking out additional reports when appropriate; not simply delegate to senior officers of the company the management of key risks, but become informed about and consider how those risks are managed; proactively address “red flags” (as well as “yellow flags”) about corporate misconduct, particularly (but not exclusively) relating to key risks; create a record (such as in board minutes) of its risk monitoring and oversight efforts; and when recruiting new directors, take into consideration the board’s expertise in addressing regulatory and other key risks (such as cybersecurity and human resources management). Generally, management should: establish regular processes and protocols requiring management to keep the board apprised of key regulatory compliance and other practices, risks or reports; inform the board when it learns of “red flags” (or “yellow flags”) about corporate misconduct (including, for example, complaints or reports from regulators or whistleblowers), particularly when it involves key risks; include the board in the company’s whistle-blower process; tailor risk management strategies to the company’s specific circumstances and risk profile; and inform the board of the practices of other companies in its industry or peer companies with respect to oversight of mission-critical risks.