The COO's Dilemma: Inheriting a Company's Historical Sins

On March 10, 2026, the U.S. Department of Justice released a Department-wide corporate enforcement policy that applies to all criminal cases.

The policy, described in a public statement from the Office of Public Affairs, outlines incentives for companies that voluntarily self-disclose misconduct, cooperate with investigations, and remediate identified issues. This includes potential reductions in penalties and other resolution benefits.

At the same time, commentary on the policy notes that it reflects an ongoing institutional focus on individual accountability within corporate enforcement.

This enforcement shift arrives as Delaware courts clarify that corporate officers, not only directors, owe fiduciary oversight duties when they manage core operational and compliance risks.

A 2023 analysis by Morris James explains that the Delaware Court of Chancery in the McDonald’s shareholder derivative litigation recognized an officer-level duty of oversight. This duty is rooted in the duty of loyalty and tailored to each officer’s area of responsibility.

For incoming chief operating officers, these legal and enforcement trends combine to make inherited operational weaknesses more personally consequential.

The COO role typically covers the systems where financial reporting, safety, data protection, and regulatory requirements intersect. When failures surface in these areas, internal and external stakeholders often focus on the executive who had formal responsibility and apparent authority to design, monitor, and enforce controls.

Accepting a COO role in this environment requires a clear understanding of how legal standards have evolved. It also demands knowing how to identify and manage the risks associated with a company’s historical problems.

How Delaware Extended Caremark Oversight Duties to Officers

For many years, discussion of the Caremark oversight doctrine centered on directors. The original Caremark decision and later cases such as Stone v. Ritter addressed the obligation of boards to make a good-faith effort to establish reasonable information and reporting systems for risks that are central to the business.

In 2009, the Delaware Supreme Court held in Gantler v. Stephens that officers owe the same fiduciary duties as directors, but it did not specifically address oversight.

In 2023, the Court of Chancery made that connection explicit in In re McDonald’s Corp. Shareholder Derivative Litigation. According to the summary by Morris James, the court concluded that corporate officers have a duty of oversight premised on the duty of loyalty, within their corporate area of responsibility.

The opinion explains that to establish a breach of an officer’s duty of oversight, a plaintiff must show that the officer consciously failed to make a good-faith effort to establish information systems. Alternatively, they must show the officer consciously ignored and failed to address and report red flags through the corporate reporting chain.

The McDonald’s decision emphasizes that the content of the duty is context-driven. Officers with company-wide responsibilities, such as a chief executive, may have broader oversight obligations than officers who manage a discrete function.

The court noted that some officers are better positioned than directors to identify operational red flags and either address them directly or escalate them. This reasoning links officer accountability to the practical reality that day-to-day controls and information flows often sit in management’s hands rather than at the board level.

Later analysis has reinforced that the high pleading standard traditionally associated with Caremark claims applies to officers as well as directors. A 2024 post from the Harvard Law School Forum on Corporate Governance describes how the Court of Chancery continues to require detailed allegations of bad-faith failures to implement systems or respond to red flags when plaintiffs bring oversight claims against officers.

The result is that while successful claims remain relatively rare, the doctrinal framework now clearly reaches individuals in senior operational roles when oversight lapses occur within their domains.

The Teligent litigation illustrates how these principles can apply to both boards and officers. In a February 2026 publication, Jenner & Block summarizes the Court of Chancery’s decision in Giuliano v. Grenfell-Gardner. The court declined to dismiss certain oversight claims based on alleged failures to monitor U.S. Food and Drug Administration compliance at Teligent, Inc.

The opinion allowed claims against some former officers to proceed, reasoning that FDA compliance risks fell squarely within their functional roles. It also noted that they allegedly failed to escalate known regulatory issues to the board.

Why DOJ’s Corporate Enforcement Policy Raises the Stakes

The Department of Justice’s 2026 corporate enforcement policy sets out a unified framework for evaluating how companies handle criminal misconduct across all components of the Department.

In the public materials released by the Office of Public Affairs, the DOJ explains that prosecutors will consider whether a company has voluntarily self-disclosed misconduct, fully cooperated with investigations, and undertaken timely remediation when deciding whether to bring charges and what resolutions are appropriate. These criteria formalize incentives that had developed across various components into a single department-wide standard.

Reporting by Reuters highlights a statement from Deputy Attorney General Todd Blanche that well-intentioned businesses can expect to be rewarded when they self-disclose wrongdoing, cooperate with investigations, and remediate misconduct.

This message signals that organizations facing potential exposure may seek to demonstrate cooperation in part by identifying individuals who were responsible for failures. It also incentivizes showing that they have adjusted leadership or oversight structures.

For newly hired COOs, this environment can create tension between organizational and personal incentives. An incoming operations leader may be recruited during or after a period of regulatory or enforcement scrutiny and presented as evidence that the company is strengthening its compliance posture.

At the same time, the officer’s own name becomes closely associated with the systems, controls, and remediation steps that enforcement authorities will examine.

The DOJ policy does not alter Delaware fiduciary standards, but it interacts with them in practice. Where courts have recognized that officers can face oversight liability within their functional areas, and enforcement authorities place weight on individual accountability and remediation, the combination increases the importance of how senior officers document and perform their oversight roles.

This is especially true for executives who inherit existing problems rather than creating them.

Recognizing Red Flags in COO Recruitment

Certain patterns in how a COO role is described can indicate elevated personal risk, especially when a company has a history of regulatory, safety, or financial reporting issues. A mandate to "professionalize" or "clean up" operations may be reasonable in itself, but it becomes more concerning if it is not matched with budget, staffing, or decision-making authority to design and enforce new controls.

Without those resources, the officer may have formal oversight duties without the tools to fulfill them.

How leadership characterizes historical problems also matters. Describing issues as isolated "legacy" matters, a single "bad actor," or a temporary paperwork backlog can understate the scale of control weaknesses. If those descriptions are paired with requests that a new COO quickly sign off on policies, vendor approvals, or regulatory attestations, the officer may be stepping into a structure that seeks formal accountability without first addressing underlying systems.

Timing and documentation pressure are additional warning signs. Requests to put a new executive’s signature on controls or certifications that were drafted before their start date, or before they have had time to review and test systems, can shift responsibility for issues that originated earlier.

When management or the board prioritizes rapid optics such as new policy binders, slogans, or high-level presentations over funded remediation plans, it suggests that the emphasis is on signaling change rather than building durable oversight.

These signals do not prove that a company intends to use a COO as a scapegoat. They do, however, indicate that the role may sit at the junction of unresolved risks and heightened expectations.

In the context of Delaware oversight law and DOJ cooperation incentives, that combination justifies more extensive diligence and more precise contractual protections before accepting the position.

Pre-Hire Diligence: Treating the Offer Like a Credit Decision

Prospective COOs can approach a job offer with the discipline of a lender reviewing a large exposure. The first step is to request a written list of all ongoing and recent investigations, subpoenas, regulatory inquiries, threatened litigation, whistleblower complaints, and significant customer disputes.

This information frames the universe of known issues that could give rise to future oversight scrutiny. It also clarifies where enforcement authorities or private plaintiffs are already focused.

Beyond formal investigations, internal oversight materials provide insight into how seriously the company has treated past red flags. Recent audit committee memoranda, internal audit reports, and board materials that address key operational and compliance risks can show whether leadership has identified recurring issues and how management has responded.

A request for at least 12 to 24 months of such materials helps prospective officers understand patterns rather than isolated events.

D&O insurance is another critical component of pre-hire diligence. Directors and officers liability coverage typically includes several layers, with Side A coverage responding when individuals cannot be indemnified by the company, such as in certain insolvency or legal constraint scenarios.

Reviewing the policy or a detailed broker summary allows a COO candidate to see the limits, exclusions, and structure of coverage that would apply in a worst-case enforcement or litigation scenario. If an organization is unwilling to share high-level terms or give a clear overview, that reluctance is itself informative.

While legal and insurance advisors often lead detailed reviews, the COO candidate benefits from directly understanding whether the company has aligned governance, resources, and risk transfer mechanisms with the operational profile they will oversee. That understanding supports more accurate assessment of both the opportunity and the personal exposure attached to the role.

Negotiating Contractual Safeguards Around Oversight Risk

The employment agreement is a primary tool for defining how a COO’s oversight obligations intersect with the company’s commitments to support and protect the officer. Robust indemnification provisions, aligned with the company’s charter and bylaws, are central.

These provisions typically address the advancement of legal fees and the circumstances under which the company will defend and indemnify the officer in regulatory, criminal, or civil matters arising from their service.

Candidates can also seek specific representations from the company regarding the disclosure of material investigations, claims, and regulatory inquiries as of the time of signing. Such representations do not eliminate the risk of unknown issues, but they create a record that the company has been asked to identify known problems.

If significant undisclosed matters later emerge, those representations may form part of the officer’s contractual remedies.

How an agreement defines "cause" for termination can significantly affect a COO’s protection in scenarios where historical problems come to light. Narrow, forward-looking definitions that focus on clearly specified forms of misconduct or failure to perform duties reduce the risk that the company will retroactively reframe complex legacy problems as cause to terminate without severance.

Clarity around post-termination vesting, severance triggers, and treatment of equity in the event that undisclosed issues make the role untenable also supports more balanced risk-sharing.

Finally, contractual language that describes the officer’s authority and budget can align formal oversight duties with practical capacity. If the COO is responsible for remediating control weaknesses identified in internal or external reviews, the agreement can reflect that they will be given access to necessary information, teams, and funding.

That linkage is consistent with Delaware’s emphasis on the good-faith establishment of information and reporting systems. It also reduces the gap between legal expectations and operational realities.

Building a Defensible Oversight Record from Day One

Once in the role, a COO can take structured steps to document that they are meeting their oversight duties in good faith. A baseline memorandum to the board or audit committee that describes the state of operations, known gaps, and an initial prioritization of remediation work provides contemporaneous evidence of the conditions the officer inherited.

It also shows that the officer quickly engaged with core risks and proposed a plan for addressing them.

A board-approved remediation roadmap can then translate that baseline assessment into concrete milestones, accountable owners, and resource requirements. This roadmap may incorporate recommendations from internal audit, external auditors, or regulators, as well as the COO’s own views on process and control changes.

Obtaining formal approval for the roadmap aligns management and the board on what is required to address historical problems. It frames future oversight discussions around agreed priorities and timelines.

Ongoing documentation supports this initial framework. Keeping systematic records of resource requests, escalation of emerging issues, and responses from peers and the board helps demonstrate that the COO used the tools available to them to build and maintain oversight systems.

This type of record can be important if plaintiffs later argue that an officer consciously ignored red flags or failed to implement reasonable reporting structures in a specific risk area.

Delaware decisions and DOJ policy both focus more on systems and behaviors over time than on any single statement of intent. For a COO, that means that consistent, documented engagement with core operational and compliance risks is more protective than informal assurances about fixing problems.

Aligning formal responsibilities, contractual protections, and day-to-day documentation gives the officer a more defensible position if historical issues lead to future scrutiny.

Conclusion: Treat the COO Offer as an Oversight Liability Decision

In this environment, accepting a COO role involves more than assessing market opportunity or compensation. It requires methodical evaluation of legal expectations, enforcement incentives, and the specific risk profile of the organization.

The executives who approach these offers with lender-level diligence and rigorous documentation practices are better positioned to lead operational change. They can do so without becoming the default focus of blame for a company’s past failures.

Sources

• Albert H. Manwaring IV. "Court of Chancery Rules That Corporate Officers Have a Duty of Oversight Within Their Corporate Area of Responsibility." Morris James, 2023.
• Harvard Law School Forum on Corporate Governance. "Chancery Court Confirms High Bar to Pleading Caremark Oversight Claims Against Officers." Harvard Law School Program on Corporate Governance, 2024.
• Jessica Bonadurer. "Delaware Court Denies Dismissal of Caremark Oversight Claims in Teligent Case, Highlighting Board and Officer Compliance Obligations." Jenner & Block, 2026.
• Sarah Fortt. "US Encourages Companies to Report Criminal Misconduct in New Nationwide Policy." Reuters, 2026.
• U.S. Department of Justice. "Department of Justice Releases First-Ever Corporate Enforcement Policy for All Criminal Cases." U.S. Department of Justice, 2026.