Human Resources Executives and Chief Compliance Officers now face the potential for increased personal liability following a first-of-its-kind decision from a Delaware court, which established the fiduciary duty of oversight for corporate officers. This significant ruling means officers of a Delaware corporation — in addition to directors — can now be named in a stockholder derivative action and be personally liable for damages if they breached their duty of oversight. Generally speaking, this duty involves taking reasonable steps to develop a system of monitoring compliance and to ensure the system is used effectively to report potential wrongdoing. Why is the ruling in a Delaware case significant? If upheld, the decision will be important for companies across the United States, as many other jurisdictions look to Delaware for guidance on corporate law. Here’s what you need to know about the decision, as well as six key steps for businesses to take.

What is a Derivative Action?

A derivative action is typically brought by shareholders on behalf of the corporation against the directors, officers, or third parties who breach their fiduciary duties. The stockholders must follow certain procedural steps to bring the action, but if they prevail, the corporation (not the stockholders individually) may recover damages and reasonable expenses including attorneys’ fees. Note that these actions can be very costly: A recent derivative action settled for more than $300 million with about $50 million in attorneys’ fee.

Expanded Liability for Corporate Officers

For more than 25 years, most jurisdictions have recognized a duty of oversight for directors. Whether the duty applies to officers, however, has been an open question. In this most recent case, the Court of Chancery issued a 64-page decision unambiguously ruling that an officer has a duty of oversight, which can also form the basis of a derivative suit. Indeed, the court reasoned that the legal justifications for finding a duty of oversight for directors is even greater for officers.

What Does the Oversight Duty Require?

The stockholders in the Delaware case claimed that the HR Executive breached his fiduciary duty by allowing a corporate culture to develop that condoned sexual harassment and misconduct. The court agreed with the stockholders, noting that the HR Executive had the following two obligations under the duty of oversight:

• To make a good faith effort to establish systems that would generate information necessary to manage the HR function; and
• To use the system to manage the HR function and generate “red flags” of potential wrongdoing, address the wrongdoing, and report up the chain of command as needed to resolve the issues.

You should note that the same concepts could apply to any area of the company – such as safety, operations, and finance — not just HR. So be sure to review your processes for all relevant departments.   

“Bad Faith” Plays a Role

The Chancery Court also held that for an officer to be liable for a breach of the oversight duty, the shareholders must establish “bad faith” on the part of the officer – which means the officer deliberately failed to make a good faith effort to establish the necessary systems or consciously ignored the red flags.  

Notably, in the Delaware case, the HR officer was also alleged to have engaged in sexual harassment during his term in office. The court found that if an officer or director personally engages in acts of sexual harassment, and if the entity suffers harm, then the governing body of the entity (or if necessary, a plaintiff acting on its behalf) should be able to assert a claim for breach of fiduciary duty to shift the loss the entity suffered to the person who caused it.

As the court said: “Sexual harassment is bad faith conduct. Bad faith conduct is disloyal conduct. Disloyal conduct is actionable.”

The Chancery Court declined to dismiss the case. At the motion to dismiss stage, the court assumes that the allegations in the complaint are true and determines whether the plaintiffs have stated a claim. In this case, while the necessary HR systems may have been in place, the court found that the HR executive disregarded numerous red flags, including evidence of the following:

• The HR department allegedly ignored complaints about the conduct of co-workers and executives;
• Employees said they feared retaliation for reporting complaints to HR;
• Numerous EEOC charges were filed; and
• The HR executive and other executives allegedly engaged in sexual harassment at office parties.

The court clarified that an officer’s duty of oversight is not boundless. A CEO or Chief Compliance Officer may have company-wide oversight responsibility, and other officers’ oversight liability will be limited to their areas of responsibility. However, the court noted, if a red flag in another area of the company is particularly egregious, then an officer cannot “turn a blind eye” and claim it’s “not in my area.”

6 Key Steps to Take

1. Audit your compliance policies to ensure they are effective in addressing significant risks and are updated to address new risks;
2. Verify that your reporting systems — both anonymous reporting and routine operational reporting systems — are functioning effectively to capture potential red flags (particularly in mission critical areas). Make sure the necessary information is being reported to the proper levels throughout your organization (including top executives and the board, as appropriate);
3. Verify that your investigation systems are effective and include consistent procedures, well trained investigators, thorough investigations, and proper documentation;
4. Verify that substantiated allegations result in appropriate, consistent discipline and corrective actions. Ensure that any procedural or operational weaknesses that allowed the event to occur are enhanced or modified to prevent future wrongdoing;
5. Verify that your company has effective training for all levels of employees based on their areas of responsibility and potential risks. Training should include everyone from frontline employees to top executives; and
6. Review your director and officer liability insurance to confirm coverage levels, and verify which officers are covered by the policy. There may also be a need to modify the indemnification provisions outlined in the company’s organizing documents.