This is possible with attribute-based encryption.
Per the description in the link, define a universe of attributes $\{A, B, D\}$, have Alice get a key with attribute $A$, Bob a key with attribute $B$, and David a key with attributes $\{A, D\}$.
To encrypt to Alice, Bob, or David, encrypt a message with respect to $A$, $B$, or $D$.
Then:
- For messages encrypted to Bob or David, they are the only people who have keys with the corresponding attributes, so are the only ones who can decrypt, but
- David and Alice have keys with Attribute $A$, so they both can decrypt any messages to Alice.
This causes a mild issue --- Alice can send messages to Bob that David cannot decrypt.
One can fix this by modifying encryption slightly, namely Alice (or any other person in David's organization) should encrypt messages with respect to the policy $C\lor D$, where $C$ is the intended recipient, and $D$ is the attribute corresponding to David.
In this particular case, Alice encrypts to Bob with attribute $B\lor D$.
Note that this doesn't require that Bob cooperate with David --- the system is setup such that anyone who communicates "in band" with Alice (encrypts using the attribute $A$) sends messages that David can decrypt as well.
There are two caveats though:
Alice must cooperate (if she encrypts with respect to the policy $B$, David cannot decrypt).
This is probably easier for David to enforce, with threats of firing Alice if she misbehaves.
ABE, as a stronger form of IBE, is subject to Rogaway's criticism of IBE (in The Moral Character of Cryptographic Work). Namely, a trusted third party must generate all keys.
In particular, this means that Bob cannot generate his key independently of David, and therefore must trust David that his key was generated honestly (or both Bob and David must trust some independent third party). It is plausible one can replace this independent third party with an MPC computation, but I don't know details.
