You know the stories well: fat-cat executives caught with their hand in the cookie jar. The prosecution of executives — CFOs in particular — for their role in fraud, insider trading, and securities or other regulatory violations is nothing new.
Less well known is the growing number of prosecutions in which CFOs facing penalties either did not know their activity was unlawful, or simply failed to supervise subordinates adequately, or merely certified corporate financial statements that later had to be revised due to another employee’s wrongful conduct. Many CFOs are facing a rude awakening: the scope of their liability is growing markedly, to the point where unforeseen liability lurks seemingly around every corner.
The new breed of prosecutions stems from recent changes in the regulatory landscape, especially the Dodd-Frank Act. The law gives the Securities and Exchange Commission broad enforcement powers and also heightens the standards for management of internal controls. CFOs and other executives face growing numbers of enforcement and civil actions arising from these provisions.
Under Dodd-Frank, the SEC can now bring a claim for aiding and abetting a violation of any of the federal securities statutes without having to establish that the accused party acted with “actual knowledge.” Rather, recklessness is now sufficient to establish a claim of aiding and abetting. Recklessness is a more modest standard than actual knowledge; it requires conduct that fails to account for its likely consequences or persists in spite of them. A person can be charged with “constructive knowledge” — i.e., knowledge he should have had by applying reasonable care or diligence — without having been actually aware of any wrongdoing.
In addition, Dodd-Frank expressly grants the SEC the authority to bring claims based on “control-person” liability, which asserts that a person who directly or indirectly controls another who commits a securities violation is responsible for that violation. The SEC defines “control” as “possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract, or otherwise.”
If an employee violates a securities law and the SEC pursues a control-person claim against the CFO, the burden falls to the CFO to show that he acted in good faith and did not induce the violation by the lower-level employee. To determine whether the CFO is protected by the good-faith defense, courts look to whether the control person “failed to establish, maintain or diligently enforce a proper system of supervision and control.”
Dodd-Frank also institutes vast changes to the SEC’s whistle-blower program and provides substantial monetary incentives for whistle-blowers to come forward to the SEC with information. The act expands the whistle-blower program to all SEC enforcement actions, rather than merely the insider-trading charges that were covered previously. Accordingly, as the SEC said in its annual whistle-blower report, the number of tips received by the commission has skyrocketed and is likely to lead to a larger number of regulatory actions against CFOs and other executives.
Implications for CFOs
Emboldened by these legislative expansions of liability for financial executives, the SEC increasingly is pursuing claims against CFOs that do not allege actual wrongdoing. It does so by alleging that the CFO’s subordinates violated securities laws and that the CFO either certified the resulting reports or failed to implement adequate internal safeguards.
Perhaps the most alarming of these cases was the prosecution of Craig Huff, CFO of Nature’s Sunshine Products (NSP), in 2009. The SEC charged him as part of a Foreign Corrupt Practices Act allegation that a Brazilian subsidiary of the company bribed customs officials. The SEC alleged that a wholly owned Brazilian subsidiary of NSP made payments to customs agents to import unregistered products into Brazil.
Huff was not alleged to have participated in or even known about the bribery scheme, but he was charged under a theory of control-person liability for violations of the books-and-records and internal-controls provisions of the securities laws, because NSP did not disclose the payments to customs agents in its SEC filings. Huff paid a civil penalty of $25,000 to settle the case.
The SEC is also embracing its powers, enacted by Sarbanes-Oxley, to seek disgorgement of bonuses and other compensation that CFOs received in years in which the company restated its financials. Under this sanction, the targeted executive may be forced to return compensation earned in years that the company had to restate as a result of misconduct, even when the executive did nothing improper. In November 2012, a federal court in Texas affirmed the SEC’s position that the act allows the SEC to enforce disgorgement in such circumstances. The decision paves the way for many more SEC actions against CFOs who certify financial reports that later must be revised.
The former CFO of Beazer Homes, James O’Leary, faced disgorgement of profits and bonuses from the SEC when Beazer Homes was found to have overstated its income while O’Leary was CFO. The SEC alleged that chief accounting officer Michael Rand directed the fraud by recording improper accounting reserves in order to decrease the company’s net income and meet estimates of diluted earnings per share.
The SEC did not accuse O’Leary of any accounting misconduct, but it stated he received substantial compensation and stock-sale profits while Beazer was misleading investors and fraudulently overstating its income. He agreed to return $1.4 million in past bonuses and stock profits he received while the company was submitting false financial statements.
Similarly, the CFO of Symmetry Medical, Fred Hite, agreed to reimburse $185,000 to the company and pay a $25,000 penalty when the SEC included him in its case against Symmetry. The SEC brought charges based on an accounting fraud at a British unit of the company, which it alleged overstated assets and revenue and understated costs. The SEC did not allege that Hite was involved in or even aware of the fraudulent scheme, but brought charges for disgorgement because he was collecting bonuses based on the inflated reports.
All of these cases offer pertinent examples of the high stakes for executives who fail to detect or prevent misconduct on their watch. The heightened standards of liability applied to executives, coupled with the increase in SEC enforcement powers, require great prudence from CFOs.
Increasingly aggressive antifraud and anticorruption measures are necessary so that in the event a regulatory violation occurs, CFOs can demonstrate to regulators that proper steps were taken to detect and prevent corruption and fraud. Financial executives must evaluate whether current procedures adequately facilitate detection of misconduct by subordinates, and determine how such systems can be improved.
In addition, CFOs should always utilize concrete and traceable communications in all of their supervisory and managerial activities. If a regulatory action is commenced, it is crucial that the officer involved be able to trace the company communications and identify any breakdowns in control protocols.
John J. Carney is a partner with BakerHostetler in the firm’s New York office and serves as co-leader of the firm’s national White Collar Defense and Corporate Investigations Group. Francesca M. Harker is an associate at BakerHostetler. Another associate at the firm, Hannah Choate, also contributed to this article.