HR managers and compliance officers now face the possibility of increased personal liability following a first-of-its-kind Delaware court ruling that established the fiduciary duty to oversee for business leaders. This landmark decision means that officers of a Delaware corporation – in addition to directors – can now be named in a shareholder derivative action and be personally liable for damages if they breached their duty of oversight. Broadly, this obligation involves taking reasonable steps to develop a compliance monitoring system and to ensure that the system is used effectively to report potential wrongdoing. Why is the decision in a Delaware case significant? If upheld, the ruling will be significant for businesses across the United States, as many other jurisdictions look to Delaware for corporate law guidance. Here’s what you need to know about the decision, along with six key steps for businesses to take.

What is a Derivative Action?

A derivative action is usually brought by shareholders on behalf of the corporation against directors, officers or third parties who breach their fiduciary duties. Shareholders must follow certain procedural steps to bring the action, but if they prevail, the company (not the individual shareholders) may recover reasonable damages and expenses, including attorneys’ fees. Note that these actions can be very expensive: A recent derivative action settled over $300 million with approximately $50 million in attorney fees.

Extended liability of corporate officers

For more than 25 years, most jurisdictions have recognized a duty of supervision for directors. However, the question of whether the obligation applies to officers remained open. In this most recent case, the Court of Chancery issued a 64-page decision ruling unambiguously that an officer has a duty of care, which may also form the basis of a derivative suit. Indeed, the court held that the legal justifications for finding a duty of supervision for directors are even greater for managers.

What does the duty of supervision require?

The shareholders in the Delaware case claimed that the director of human resources breached his fiduciary duty by allowing the development of a corporate culture that condoned sexual harassment and misconduct. The court agreed with the shareholders, noting that the HR manager had the following two obligations under the duty of oversight:

Make good faith efforts to establish systems that would generate the information needed to manage the HR function; And

Use the system to manage the HR function and generate “red flags” of potential wrongdoing, address wrongdoing and report the chain of command as needed to resolve issues.

You should note that the same concepts can apply to any area of ​​the business – such as security, operations, and finance – and not just HR. So be sure to review your processes for all relevant departments.

Bad faith plays a role

The Chancery Court also ruled that for an executive to be liable for a breach of duty of supervision, shareholders must establish “bad faith” on the part of the executive – meaning that the executive deliberately Failing to make a good faith effort to establish necessary systems or knowingly ignoring red flags.

Notably, in the Delaware case, the HR manager was also allegedly sexually harassed while in office. The tribunal found that if an officer or director personally engages in acts of sexual harassment and the entity suffers harm, the entity’s governing body (or, if necessary, a complainant acting on its behalf) should be able to assert a claim for breach of fiduciary duty to transfer the loss suffered by the entity to the person who caused it.

As the court said, “Sexual harassment is behavior in bad faith. Bad faith behavior is disloyal behavior. Unfair conduct is subject to prosecution.

The chancery court refused to dismiss the case. At the motion to dismiss stage, the court presumes that the allegations in the complaint are true and determines whether the plaintiffs have made a claim. In this case, although the necessary HR systems may have been in place, the court found that the HR manager failed to heed many red flags, including evidence of the following:

The human resources department allegedly ignored complaints about the conduct of colleagues and managers;

Employees said they fear retaliation for reporting complaints to HR;

Numerous EEOC charges were filed; And

The HR manager and other executives were allegedly sexually harassed at office parties.

The court clarified that an agent’s duty of supervision is not unlimited. A CEO or chief compliance officer may have company-wide oversight responsibility, and the oversight responsibility of other executives will be limited to their areas of responsibility. However, the court noted that if a red flag in another area of ​​the company is particularly blatant, an officer cannot “turn a blind eye” and pretend it is “not in my area”.

6 key steps to follow

Audit your compliance policies to ensure that they are effective in addressing significant risks and that they are updated to address new risks; Check that your reporting systems (both anonymous reporting and routine operational reporting systems) are working effectively to detect potential red flags (especially in critical areas). Ensure that the necessary information is passed on to the appropriate levels in your organization (including senior management and the board of directors, if applicable); Check that your investigation systems are effective and include consistent procedures, well-trained investigators, thorough investigations and proper documentation; Verify that substantiated allegations result in appropriate and consistent discipline and corrective action. Ensure that any procedural or operational weaknesses that allowed the event to occur are improved or modified to prevent future wrongdoing; Check that your company has effective training for all levels of employees based on their areas of responsibility and potential risks. Training should include everyone from frontline employees to senior management; And Review your directors’ and officers’ liability insurance to confirm coverage levels and verify which officers are covered by the policy. It may also be necessary to modify the indemnification provisions described in the company’s organizational documents.

Conclusion

If you have any questions regarding best practices for ensuring appropriate governance systems and practices, please contact your Fisher Phillips attorney, the author of this overview, or any attorney in our Compliance and Governance practice group. business.