Audit chairman may face personal liability from FCPA and other cases
It is well known that the US government has increased its enforcement of the Foreign Corrupt Practices Act (FCPA). It has also become apparent that shareholder suits against officers and directors are a common collateral consequence of FCPA cases. What is less well known is that audit committee chairpersons (ACCs), due to their control over personnel responsible for implementing a company’s accounting policies and internal controls, are now exposed to increased risk of civil liability following the disclosure of any FCPA violations. This risk exists due to ‘control person’ liability under Section 20(a) of the Securities Exchange Act of 1934 (Exchange Act).
The risk became manifest when a federal district court refused to dismiss a class action lawsuit against the ACC (among others) for Nature’s Sunshine Products (NSP), following the company’s disclosure of potential FCPA violations to the SEC and the Department of Justice (DoJ). The judge held there was sufficient evidence that the company’s CEO had potentially committed an SEC Rule 10b-5 violation by failing to disclose fraudulent transactions regarding international payments. Additionally, the judge found that there was sufficient evidence to allow a control person claim to proceed against the company’s ACC (as well as the CFO), without any consideration of whether the ACC was involved in or even aware of the misrepresentations. As a result, the ACC was potentially jointly and severally liable for the CEO’s alleged violations. Ultimately, the company settled the action against the CEO, CFO and ACC for a total of $6 million.
The NSP case
Headquartered in Utah, NSP makes and sells encapsulated herbs and other supplements in approximately 30 countries. According to a 2009 settlement with the SEC, Nature’s Sunshine had expanded in the 1990s into Brazil, which became one of its largest international markets. The Brazilian government then classified several of the company’s supplements as medicines, thereby subjecting them to a licensing scheme that effectively barred their importation in some cases. NSP sales in Brazil dropped dramatically. This regulatory challenge led NSP’s Brazilian office to make payments to Brazilian customs officials in an effort to circumvent the import restrictions, while recording the payments in the company’s books and records as legitimate import costs.
Following the third quarter of 2005, NSP delayed its submission of audited financial results to NASDAQ, as the company’s independent auditor, KPMG, had not completed its review of the financial statement. Moreover, NSP disclosed in press releases that it was ‘reviewing selected financial information with respect to certain of its foreign operations.’ In March 2006, an independent investigator reported its findings jointly to NSP’s audit committee and KPMG. The investigation ‘found electronic evidence indicating’ that NSP CEO Douglas Faggioli ‘knew of an alleged fraud in the international operations of the company, yet signed two different representations to KPMG affirming to the contrary, and that he had approved a payment in violation of the [FCPA].’ KPMG also stated that the ‘evidence provided by the investigation indicates that Mr. Cristiani [NSP’s audit committee chair] was aware of an alleged fraud that, in his words, could be considered material from an auditing standpoint and could pose a significant problem to our company’, but did not take any steps to notify KPMG of the allegations or correct any of the misrepresentations to KPMG. NSP did remove Cristiani from his position as chair of the audit committee, but not from the board, and it did not terminate the CEO. Consequently, KPMG resigned as the company’s independent auditor later that month.
Disclosure and settlement
Also in March 2006, NSP disclosed its potential FCPA violations to the DoJ and SEC. On July 31, 2009, the SEC announced a settlement with NSP as well as the CEO and the former CFO Craig Huff (whose resignation was concurrent with KPMG’s). Under the settlement, NSP agreed to pay a fine of $600,000 for FCPA anti-bribery, books and records and internal controls violations, as well as other SEC-related charges. However, the settlement’s statement of facts was notably different from KPMG’s summary of the investigation from 2006. Most significantly, although the CEO did pay an individual fine of $25,000, the SEC pleadings did not allege that he had any knowledge or involvement in the violations (unlike KPMG’s summary). Instead, the SEC pursued a claim against the CEO and former CFO on the basis that they were ‘control persons’ under Section 20(a) of the Exchange Act and had failed to maintain accurate books and records.
In April 2006, immediately after KPMG’s resignation and NSP’s decision to disclose potential FCPA violations, shareholders filed a civil lawsuit in Utah. The lawsuit piggybacked on KPMG’s summary of the internal investigation and alleged that the CEO had violated Section 10(b) of the Exchange Act and SEC Rule 10b-5. In particular, the plaintiffs alleged that the CEO materially misrepresented that the financial statements were accurate and that he was not aware of any fraud committed by senior managers. Because the alleged Rule 10b-5 violations fell within the sphere of accounting and auditing, the plaintiffs alleged that the former ACC and former CFO were liable under Section 20(a) of the Exchange Act as ‘control persons’ with responsibility over the company’s accounting and auditing functions. The plaintiffs also alleged that the former ACC knew of the CEO’s alleged misrepresentations (at least in part) and did nothing.
NSP moved to dismiss the case, but the district court denied the motion and allowed the case to proceed against the former ACC. The court found that because the CEO’s Rule 10b-5 violations involved accounting issues, and the former ACC ‘had power to direct the management and policies of NSP related to accounting and auditing, during the relevant period,’ the former ACC could be held jointly liable for the CEO’s alleged violations. Although the plaintiffs alleged that the former ACC, as well as the former CFO, had some knowledge of the violations but failed to act, the district court specifically stated that it ‘need not address these individuals’ alleged involvement in the primary violation to find properly pleaded control person liability.’ In September 2009, soon after the settlement with the SEC, NSP reached a $6 million settlement with the civil plaintiffs in Utah.
The bigger picture
The former ACC was targeted in the NSP civil suit because he was aware of the CEO’s alleged misrepresentations but never took action to correct them. However, the district court’s decision allowed the case to proceed against the former ACC on the sole basis that he directed the management and policies of the company with respect to accounting and auditing. In short, the ACC was a control person responsible for the potential books and records violations and for the CEO’s alleged misrepresentations about those violations. As a result, all ACCs, regardless of whether they have failed to correct misrepresentations or otherwise missed red flags, can expect to be named as defendants in any follow-on civil cases relating to potential violations of the FCPA’s books and records provisions if there are related SEC Rule 10b-5 violations.