Senior Manager Liability for Derivatives Misconduct: The Buck Stops Where?

The following post comes to us from Clifford Chance LLP and is based on a Clifford Chance publication by David Yeres, Edward O’Callaghan, and Alejandra de Urioste; the full text, including footnotes, is available here.

The buck, so to speak, does not necessarily stop with the individual who personally violates the U.S. Commodity Exchange Act (“CEA”), which regulates a wide array of commodities and financial derivatives trading, including swaps (in addition to traditional futures contracts and physical commodities trading) in U.S. markets or otherwise engaged in by or with any U.S. person. Rather, as illustrated by a recent court ruling permitting regulatory charges to go forward against the former CEO of MF Global, Jon Corzine, liability can extend to senior managers, even if they are not regulatory supervisors and have not culpably participated in any misconduct.

While this is a significant consideration for senior managers and their legal advisors, it does not mean that senior managers will be personally liable for all misconduct by their employees. Rather, under the CEA, senior managers will be personally liable for employee misconduct only if the managers possessed the power of “control” over the business and have failed to act in “good faith” or otherwise “knowingly induced” the acts constituting the violation. Nevertheless, because these are slippery concepts which have not yet been fully defined by previous caselaw, or by the Corzine decision which summarily denies Corzine’s motion to dismiss the charges against him, regulators retain broad prosecutorial discretion. Further, it is now standard practice for regulators, upon discovery of serious employee misconduct, to investigate any connection to senior management. This, combined with the clarity of hindsight and current sentiment in favor of personally charging executives, suggests appropriate steps be taken to manage the risk to senior management.‎

The charge against John Corzine is a high-profile example of the Commodity Futures Trading Commission (“CFTC”), which administers and enforces the CEA, seeking to hold a firm’s top manager personally liable for the CEA violations of others. The CFTC’s complaint alleges that in October 2011, MF Global, a broker and trading company, was in desperate need of cash and unlawfully used customer funds to satisfy its own obligations, ultimately leaving it nearly $1 billion short of customer funds. According to the CFTC, Corzine is liable for MF Global’s CEA violations because, while controlling the business, he failed to act in good faith or knowingly induced the violations. If found liable, a control person may face a civil monetary penalty; disgorgement of salary and bonuses; restitution to victims; and effectively a ban from the market. Given the potentially substantial penalties at issue, the Corzine case directly raises the question: who can be liable under the CEA’s control person provision?

The touchstone for control person liability is section 13(b) of the CEA, which provides that an individual who controls another person that violated the CEA (or any CFTC rule or regulation) may be held liable for the underlying violation to the same extent as the controlled person. Significantly, section 13(b) specifically requires the CFTC to prove that the controlling person did not act in good faith or knowingly induced the acts constituting the violation. Thus, in order to hold someone liable as a control person, the CFTC must establish that a person had “control” and that such control person (i) lacked “good faith” or (ii) knowingly “induced” the underlying violation. And, these facts need only be proven by a preponderance of the evidence, that is, they are merely more likely than not.

Control

Although “control” is not defined in the CEA, the CFTC has said that control is the “possession, direct or indirect, of the power to direct or cause the direction of the management or policies.” There have been relatively few reported court decisions regarding “control,” but some appeals courts have held that to establish that an individual “controls” an entity, there are two elements that must be satisfied: (1) that the individual actually exercised general control over the operation of the entity when the unlawful act occurred and (2) that the individual possessed the power or ability to control the specific transaction or activity upon which the primary violation was predicated, even if such power was not exercised. Significantly, one appeals court has emphasized that it is it is the power that matters, not whether the person actually exercised it.

Lack of Good Faith or Knowing Inducement

In addition to establishing the requisite control, the CFTC has the burden of proving that the control person either lacked good faith or knowingly induced the CEA violations. Although these two concepts may overlap, the analysis of good faith (or a lack thereof) often focuses on supervision and controls. A few courts have found that the CFTC can establish a lack of good faith by showing that the control person “did not maintain a reasonably adequate system of internal supervision and control . . . or did not enforce with any reasonably diligence such system.” At least one court has also found that the controlling person must have at least acted recklessly (if not intentionally) to be liable as a control person; negligence is not enough. In one case, a court found that a manager failed to enforce a system of supervision (and therefore failed to act in good faith) when he failed to investigate repeated charges of wrongdoing from difference sources. However, overall, the few cases that have addressed good faith under the CEA do not give much guidance on what will lead to a finding that a control person lacked good faith. One can expect, though, that a lack of good faith may be found where a control person (1) received warnings of imminent, past or ongoing misconduct, but failed to take steps to investigate and curtail the misconduct or (2) deviated so sharply from recognized standards in the establishment or enforcement of training, supervision and controls as to be reckless.

Alternatively, the CFTC can establish liability by showing that the controlling person “knowingly induced” the controlled person’s misconduct. Here, the CFTC has said that it can establish “knowing inducement” by showing that the control person had “actual or constructive knowledge of the core activities” that constitute the underlying violation and that despite this knowledge, the control person allowed the violation to continue. One court found that showing that a senior manager received reports of misconduct and failed to take corrective action, could lead to a finding of “knowing inducement.” Although one could probably characterize that same senior manager as having acted in bad faith, the “knowing inducement” prong of the control person provision appears to be aimed at control persons who were aware CEA violations were imminent or occurring and allowed them to occur or persist. But actual knowledge of (or participation in) the misconduct is unnecessary; rather awareness can be established by proof that the manager turned a blind eye on the situation. The CFTC has said that a control person can be responsible for having knowingly induced the misconduct of others when the control person has constructive knowledge of the core misconduct by virtue of consciously avoiding learning of the conduct. One obvious example of this may be the manager who instructs staff to “get it done . . . and don’t tell me how.” But constructive knowledge might also be alleged by the CFTC in less clear situations, such as where a manager simply instructs staff to “get it done” without regard to how the staff will actually accomplish the task.

Overall, the boundaries of what constitutes “failing to act in good faith” or “knowingly inducing” a CEA violation are not well defined. The few CEA cases that have addressed these issues still leave many questions about when the CFTC will seek to hold managers liable as control persons and how the control person provision will be interpreted by courts in future cases.

Control Person Liability under the Securities Laws

Cases interpreting control person liability under the federal securities laws may serve as guidance for understanding the CEA’s control person provision, but there are some key distinctions that must be considered. For example, to establish control person liability under section 20(a) of the Securities Exchange Act of 1934, some courts require the SEC to prove that the control person was a culpable participant in the underlying securities fraud. Courts have generally not required the CFTC to make such as showing to establish control person liability under the CEA, although unlike the SEC, the CFTC has the initial burden of showing that the control person either lacked good faith or knowingly induced the underlying violation. Thus, securities cases addressing control person liability do not always provide apt guidance.

The Corzine case

The CFTC’s case against for control person liability against Corzine centers on two days in the final week of October 2011, when the CFTC alleges that MF Global was in so desperate need of cash that it unlawfully used customer funds to support its own proprietary operations. The CFTC alleges that, contrary to the fundamental requirement to separately safe-keep customer funds, on October 27 and 28, 2011, the head of MF Global’s Treasury Department, Edith O’Brien, and her staff directed or approved wrongful transfers of customer funds to MF Global’s proprietary accounts. Further, the CFTC alleges that despite being aware of MF Global’s liquidity crisis and being alerted to what the CFTC would likely describe as red flags, Corzine failed to investigate and correct any deficiencies in customer funds or MF Global policy violations, or to halt or examine further transfers of customer funds for proprietary purposes.

For example, the CFTC alleges that on the morning of October 28, Corzine learned that MF Global’s proprietary accounts at JPMorgan in London were overdrawn and that, despite his knowledge of the firm’s extremely limited sources of cash, he instructed O’Brien to transfer funds to pay for the overdrafts, without asking any questions about how O’Brien would find funds to pay for the overdrafts. Later that day, according to the CFTC, JPMorgan alerted Corzine to the fact that the payment had been accomplished through two transfers—one of which had come from a customer segregated account—and asked for assurances that the transfers complied with CFTC regulations. When Corzine contacted O’Brien, she allegedly provided him with backup documentation for one of the transfers, but not the transfer from the customer segregated account. The CFTC alleges that Corzine took no other steps to inquire or investigate whether funds had been transferred from customer segregated accounts. Overall, the CFTC faults Corzine for failing to take sufficient steps to investigate or correct any deficiencies in customer funds, to prevent any further violation of a firm policy that was designed to protect customer funds, or to implement any controls or take steps to ensure that customer funds would not be unlawfully used.

The Corzine case raises important questions about the responsibilities of senior managers, particularly in times of crisis. A senior manager cannot be charged with personally investigating every red flag, however, after being alerted to a serious potential problem, a senior manager cannot avoid addressing the issue and hope it goes away. In hindsight, of course, it may be easy to identify the “red flags” that “should have” been followed up, especially when there is a repeated pattern of warnings. But this does not mean that every failure to investigate should amount to a finding that a manager has acted in bad faith or failed to enforce a “reasonably adequate system of supervision.” Likewise, after becoming aware of violations, a manager cannot turn a blind eye and allow them to persist. However, constructive knowledge should not used as a backdoor to charging managers who are not informed of problems and reasonably rely on their staff.

The Takeaway

Control person liability under the CEA carries harsh personal penalties and can reach senior managers who have not themselves participated in any misconduct, but are nevertheless judged to have not acted in good faith. To avoid this, senior managers would be well advised to establish reasonably designed systems of control and supervision and ensure that these systems are implemented and enforced. This will likely include establishing appropriate written policies and reporting lines, training staff, and creating an environment in which material compliance issues are bubbled up to the appropriate level of management and promptly and effectively followed-up. But this will not be sufficient to protect a senior manager who turns a blind eye or otherwise fails to address manifest wrongdoing.

Both comments and trackbacks are currently closed.