Tag: McDonald’s

Categories
Blog

Boards of Directors in the Era of Sanctions Enforcement

In a recent episode of the podcast ‘All Things Investigations, the discussion centered around directors’ critical role in ensuring legal compliance, particularly in sanctions and export controls. I was joined in this exploration by Mike Huneke, partner at HughesHubbardReed, and Brent Carlson, Director at BRG. Our discussion was based on their blog post on directors’ duty of oversight, which can be found here:  Boards of Directors Lovin’ It after McDonald’s? A Fresh Look at Directors’ Duty of Oversight in the New Era of Sanctions & Export Control Corporate Enforcement.

Our discussion highlighted McDonald’s case from the Delaware Court of Chancery, where the company officers faced lawsuits for neglecting their duties, emphasizing the importance of a dynamic approach from boards and compliance officers to evaluate and enhance compliance programs in response to the evolving geopolitical landscape and increased regulatory enforcement.

While many compliance professionals reviewed McDonald’s for the new duty of oversight created for corporate officers, including Chief Compliance Officers, Huneke and Carlson focused on the duties owed by Directors. For companies engaged in international trade, these actions engage directors’ fiduciary duties. Looking to bellwether Delaware corporate law, Delaware’s Chancery Court recently reiterated in the McDonald’s shareholder litigation that directors’ Caremark duty of oversight is a function of their duty of loyalty.

According to Huneke and Carlson’s article, this case “reinforced the limits of the protections directors would otherwise have if it were instead a function of the duty of care—under both the business judgment rule and “exculpation,” which is the option corporations have to excuse in their articles of incorporation directors’ liability for breaches of their duty of care (but not of loyalty).” Directors’ duty of oversight further requires ensuring that they receive information regarding any “central compliance risks,” not just “mission critical” risks, and that there is an appropriate response to red flags.”

The decision in McDonald’s case underscored the significance of information systems and controls for compliance. It stressed the need for companies to adopt a broader, qualitative view in monitoring export control compliance, with the Department of Justice’s heightened involvement signaling a shift towards a more proactive approach. Key aspects such as oversight, duty of care, and the business judgment rule were highlighted as essential components of board responsibilities and liability.

Board directors were urged to engage with compliance issues actively, ask critical questions, and conduct thorough investigations to fulfill their fiduciary duties. It was emphasized that boards should exercise caution when relying on management reports, proactively address risks, and take necessary actions to prevent potential legal and reputational damage.

From the Board’s perspective, we emphasized the importance of being cautiously skeptical of management’s information, seeking external advice, and taking preventive measures to avoid compliance issues. We also discussed the significance of the duty of oversight, which stems from the duty of loyalty and requires directors to ensure the presence of information systems and controls for informed decision-making and an effective response to red flags.

There is a clear need for board directors, corporate officers, and compliance professionals to stay abreast of the changing landscape of sanctions and export controls. With the Department of Justice’s increased focus on enforcement in this area, organizations must prioritize compliance efforts, seek external guidance, and take proactive steps to mitigate risks and ensure legal adherence.

Huneke and Carlson noted that the court ultimately dismissed plaintiffs’ claims against the directors because, after learning of the red flags, the directors:

  • Obtained detailed oral and written reports from management throughout several meetings dedicated to the red flag identified;
  • Made enhancements to the compliance program, including training and communication;
  • Retained external advisors;
  • Ensured that affiliates (here, franchisees) were included in the enhancements made;
  • Assessed and improved corporate culture and
  • Management involved in the conduct was eventually terminated.

These serve as a road map for the sanctions and export control boards.

Huneke and Carlson concluded their article with the following suggestions:

1) Understand how the world is changing and how those changes impact your business 

Geopolitical risks impact companies in different ways. Analyze potential impact scenarios to arrive at effective oversight approaches. Seek input from a variety of experts. Challenge commonly held assumptions, especially concerning the sufficiency of traditional screening.

2) Continuously ensure that the compliance program identifies and addresses evolving risks

Effective compliance programs evolve as risks change. Make sure management considers the changed enforcement environment when assessing risk. Do not just ask questions—ensure you receive good answers. Avoid solutions that are too clever by half, which can ultimately expose the company to greater risks.

3) Don’t sit on any red flags, and don’t let the management team sit on them either

All kinds of red flags can indeed come out of the blue. Our prior posts provide suggestions for responding to potential evasion effectively and efficiently. Politics (global and domestic) drive regulatory enforcement, and 2024 will be no exception. Now is the time to get ahead of what’s coming. An ounce of prevention is worth a pound of cure.

We concluded the podcast by noting that directors’ duties in sanctions and export controls are paramount in today’s regulatory environment. The pressure will only increase. Boards must be vigilant, proactive, and thorough in their oversight of compliance programs to uphold their fiduciary responsibilities and safeguard their organizations from potential legal and reputational harm. By staying informed, engaging with compliance issues, and taking decisive actions, directors can navigate the complexities of sanctions and export controls effectively.

Categories
FCPA Compliance Report

FCPA Compliance Report – Karen Woody on Officers Duty of Oversight

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. In this episode, Tom Fox welcomes Professor Karen Woody and they take a deep dive into the Segway case from Delaware.

The bottom line is that proving bad faith and breaching the duty of oversight remains a challenging task. The conversation delved into the fiduciary duties of directors and officers, specifically the duty of care and the duty of loyalty. The duty of care requires fiduciaries to be well-informed about material information and exercise prudence in decision-making. On the other hand, the duty of loyalty necessitates undivided interests towards the corporation, with no conflicts of interest or self-dealing.

The duty of oversight, derived from the landmark Caremark case in 1996, is an extension of the duty of loyalty. It requires the establishment of information reporting systems and compliance programs to inform senior management and the board about potential issues. There are two prongs to bring a duty of oversight claim: the systems or information prong and the red flag prong. The former focuses on the absence or ineffectiveness of systems, while the latter deals with the conscious disregard of red flags.

However, proving bad faith and breaching the duty of oversight is a high bar to clear. The Caremark standard is challenging to meet, and most cases are dismissed on a motion to dismiss. The recent Segway case, following the McDonald’s case, indicated a pushback against lowering the bar for officers compared to directors. The interpretation of the duty of oversight remains stringent, emphasizing the need for strong evidence of bad faith.

The conversation concluded by acknowledging the importance of context and the specific facts of each case. While there has been a slow march of weakening the Caremark standard in some cases, the facts in those instances were particularly egregious. The recent cases discussed in the episode did not exhibit the same level of egregiousness, leading to a retraction and a reaffirmation of the high bar set by the Caremark standard.

Resources:

Karen Woody on LinkedIn

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
Daily Compliance News

Daily Compliance News: November 15, 2023 – The Two Per Week Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Ukraine legislator tied to Giuliani arrested for treason.  (WaPo)
  • 2 sexual harassment claims per week at McDonalds UK (TT)
  • Can Barclay’s move beyond scandal (and Jes Staley)? (FT)
  • US drops antitrust claims over hospital hiring. (Reuters)
Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 3

This week, we are exploring a shift in the duties of care owed by corporate officers to the corporation. This shift is coming through the Chancery Court of Delaware in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst and his part in the creation of an absolute toxic atmosphere of sexual harassment at the very highest levels of the organization. The case is styled In re McDonald’s Corporation Stockholder Derivative Litigation, and in it, the court formally recognizes the oversight duties of officers of Delaware corporations. Today we discuss the role of the Chief Compliance Officer (CCO) in both the reasoning for the decision and what it means for CCOs going forward.

Perhaps one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a key reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

Specifically, the “Guidelines state that “[h]igh- level personnel of the organization shall ensure that the organization has an effective compliance and ethics program” and such senior person(s) “be assigned overall responsibility for the compliance and ethics program.” The Guidelines went on to define an organization’s “high-level personnel” as “individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization,” which includes “a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.”

The court somewhat dryly concluded “It would seem hard to argue that, simply by virtue of being an officer, the Chief Compliance Officer could not owe a duty of oversight. That, however, is the logical implication of Fairhurst’s position that only directors can owe a duty of oversight.”

The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

Finally, the CCO has a broad scope within an organization. Indeed the court noted, that only the Chief Executive Officer (CEO) has as broad a remit, stating “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority. With a constrained area of responsibility comes a constrained version of the duty that supports an Information-Systems Claim.”

Yet the breadth of this portfolio does not mean a CCO can be liable for every corporate failure, even those directly in culture or compliance. Here the standard of liability for the CCO is critical and standard is breach of the duty of loyalty through bad faith. The court noted, that in the decision of Stone v. Ritter, upholding the original Caremark decision, “the Delaware Supreme Court adopted the Guttman formulation and stated that a breach of the duty of loyalty, such as acting in bad faith, was a “necessary condition to liability.” After Stone, then-Vice Chancellor Strine acknowledged that Caremark duties carried overtones of care, but explained that “to hold directors liable for a failure in monitoring, the directors have to have acted with a state of mind consistent with a conscious decision to breach their duty of care.”

Rarely, if ever do you see a CCO engage in bad faith. There have been some instances but I can think or only one or two that rise to the level of bad faith. The good news for CCOs is that while there may be a new cause of action against them for a duty of oversight; if there is a compliance program in place and if that compliance program detects wrongdoing which is reported up to the Board; a CCO has most probably met their duty under this decision.

Please join me tomorrow as I explore how this court decision, together with the CCO certification mandate by the Department of Justice, the Monaco Memo and the new Corporate Enforcement Policy will all change the relationships and dynamics of Chief Compliance Officers in the corporate world.

Categories
Compliance Into the Weeds

McDonald’s and Duty of Corporate Officer Oversight

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. In this episode, Matt and I dive deep into a recent decision by the Delaware Court of Chancery in the McDonald’s case, creating a duty of oversight for corporate officers.

Some of the highlights include:

·      Why can bad facts make bad laws?

·      The sordid facts of David Fairhurst during his tenure at McDonald’s.

·      The legal rationale.

·      What is Caremark, and how did it influence this decision?

·      What does it mean for CCOs?

·      How does this decision intertwine with the Monaco Doctrine, CCO certification, and the new Corporate Enforcement Policy?

 Resources

Tom with a multipart series on the FCPA Compliance and Ethics Blog

Matt Kelly with two posts in Radical Compliance

Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 1

There is a reason that lawyer truisms are just that: because they are based in fact. One of those truisms is that bad facts make bad laws. I saw that in the first year I started practicing law in  case in Texas which forever changed the definition of gross negligence: Burke Royalty. In that case, a company allowed a rough neck to burn to death while hanging on a chain off an oil rig. The company, Burke Royalty claimed they had subcontracted their safety function to another company. The Texas Supreme Court decreed that safety was a non-delegable duty and failure to provide a safe workplace could form the basis of claim for gross negligence.

We now see this same truism playing out in the Chancery Court of Delaware in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst and the creation of an absolute toxic atmosphere of sexual harassment at the very highest levels of the organization. It included the now disgraced former Chief Executive Officer (CEO) Steven Easterbrook but he was dismissed from this litigation.

I will not go into the sordid facts of this matter as they are well-known from other litigation. Suffice it to say that Fairhurst and Easterbrook engaged in multiple instances of sexual harassment and inappropriate behavior with other McDonald’s employees and such conduct was not only well-known within the organization but also known by the McDonald’s Board. But this case dealt not Easterbrook or the Board but with Fairhurst. As you might guess from his corporate title, Fairhurst had a human resources role which he apparently took as license to get drunk at company events and grope, fondle and generally harass as many women as possible. It appears that the rest of McDonald’s senior management and Board stood by while he engaged in all of this.

Fairhurst’s attitude towards sexual harassment seemed to have permeated the entire corporate culture at McDonald’s. One employee class action lawsuit by employees claimed that 75% of all female employees had been sexually harassed while working at the company. Another allegation said that “over 70% of those who reported sexual harassment they witnessed or experienced faced some form of retaliation, with 42% reporting loss of income as a result.” A class action lawsuit by employees of McDonald’s franchisees claimed that “almost two-thirds of restaurant employees worked at locations that did not provide any sexual harassment training.”

As I started out this post, bad facts make bad law.

What the Court of Chancery found was there has long been a duty of oversight in Delaware law, not only for Board’s since at least the 1960s but for officers as well. On the Board side of the equation, there is of course the Caremark  decision from 1996 but which established an affirmative duty of Board oversight, with its progeny up to this day. However in 1963, the Delaware Supreme Court established a Board duty when red flags are brought to its attention in the case of Graham v. Allis-Chalmers Manufacturing Co., which held that directors have an obligation to respond if information reached them, but created no affirmative duty to set up an information system to learn about issues within the company. A limited duty of oversight arose only if the directors had already learned enough to suspect that there were issues that needed overseeing. Caremark created that affirmative duty.  

Taking a deep dive into the legalese, in this case the court noted, “Using more functional terminology, that species of claim can be called an “Information-Systems Claim” or an “Information- Systems Theory.” A plaintiff typically pleads a prong-two Caremark claim by alleging that the board’s information systems generated red flags indicating wrongdoing and that the directors failed to respond. From a functional perspective, the second type of claim can be called a “Red-Flags Claim” or a “Red-Flags Theory.”

But Board’s do not govern in a vacuum. They depend on senior management. Here the court said, “Indeed, from that perspective, the Caremark oversight role “is more suited to corporate officers who are responsible for managing the day-to-day affairs of the corporate enterprise.” This “first reason for recognizing oversight duties for directors—the seriousness with which the law takes the role—thus applies equally to officers.”

Indeed, “relevant and timely information is an essential predicate for satisfaction of the board’s supervisory and monitoring role under Section 141.” Finally, “board’s need for information leads ineluctably to an imperative for officers to generate and provide that information: Whereas a corporate board meets periodically—roughly six to ten times a year—senior officer engagement with the corporation is continuous. From a practical perspective, a board’s ability to effectively monitor is contingent upon adequate information flow, usually from senior officers functioning in a non-directorial capacity.”

Join me tomorrow where I take a dive into the Court’s legal reasoning.

Categories
Daily Compliance News

January 10, 2023 – The James Bond Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Why did Phoenix police detain a WSJ reporter? (NYT)
  • A former head of Eskom was poisoned with Cyanide. (BusinessInsider)
  • Former McDonald’s CEO settles with SEC for lying. (WSJ)
  • Germany is looking into corruption by Finance Minister. (FT)
Categories
Daily Compliance News

August 24, 2022 the 1MDB Verdict Upheld Edition

In today’s edition of Daily Compliance News:

  • Najib’s verdict was upheld in Malaysia. (Reuters)
  • Ex Twitter Security Chief files whistleblower suit. (WSJ)
  • McDonald’s shakes up BOD. (NYT)
  • Musk’s Twitter bot claims thin air? (BBC)
Categories
Daily Compliance News

December 17, 2021 McDonalds Claws Back Edition


In today’s edition of Daily Compliance News:

  • HSBC fined for AML violations. (WSJ)
  • Sackler bankruptcy settlement tossed. (NYT)
  • McDonalds claws back $105MM from former CEO? (WSJ)
  • Bayer faces more grief from Monsanto acquisition. (Reuters)