The Buck stops here (at the top)
Over the weekend, I had occasion to hear the experience of a dentist whose practice was nearly ruined by poor oversight of an office manager who committed major insurance fraud, filing phony claims on behalf of patients for dental services they never received. After firing the employee, the dentist rolled up his sleeves and got busy, going into his office as early as 3.30 in the morning to learn the medical record software he had previously entrusted to the errant office manager.
To be sure, this man isn't responsible for a multinational company earning several billion dollars in revenue, with diverse business units around the globe and multiple layers of sub-managers to whom he can entrust such mundane tasks. That's not the point here. Rather, it's that faced with lawsuits, reputation damage and the loss of his practice, he took personal responsibility to get on top of the technological systems that were compromised.
Needless to say, the stakes are much higher for public companies that must answer to shareholders when they fail to catch fraudulent activity, or other forms of misconduct, by employees. Witness Jon Corzine, former CEO of now-defunct MF Global, who is being prosecuted in US District Court under the Commodity Exchange Act's 'control person provision' and could be found liable for having acted in bad faith or having induced the wrongful conduct of employees.
Although this provision has been used only a handful of times, 'the present environment is one in which regulators are keen to determine any senior management involvement in connection with wrongdoing,' says David Yeres, senior counsel at Clifford Chance. 'It is fair to expect they will look at all the tools, including control person [provisions], as a means to get at what they may perceive as bad faith by management.'
It's not only the Commodity Futures Trade Commission that has such a provision in its arsenal. Section 20 of the Securities Exchange Act of 1934 (15 USC § 78t(a)) gives the SEC ample room to pursue enforcement actions against CEOs based on a 'failure to supervise' theory, as it did in July 2009 in a case against a current and a former executive at Nature's Sunshine Products for a complaint alleging that the company violated the FCPA's anti-bribery, books and records, and internal controls provisions.
Yeres says he's not familiar enough with the securities context of the 'control person' provision, but notes that the language in Section 20 is very similar to that in the Commodity Exchange Act. That suggests the SEC may be more inclined to invoke Section 20 in the future to hold senior executives liable for their employees' misbehavior.
Senior executives, of course, have vast legal resources on hand to defend them if the SEC brings cases against them. But I would suggest that, equal to the industry background and business strategy qualifications they bring to the table, CEOs are being hired to maintain strict oversight of all activities within their corporate realm, in combination with their internal audit and compliance departments, and their board's audit and/or risk committees. That means taking the kind of personal responsibility to get on top of myriad technology platforms and other minutiae that have the potential to waylay them, just as the dentist did.