What Do You Do When You Become Aware of Some Wrongdoing?

John P. Beavers
Partner, Bricker & Eckler LLP
 June 2003

If you are a director, officer, lawyer, accountant or even a volunteer of any organization-for profit or charitable, taxable or tax-exempt, publicly held or private-you are likely at some point during your service to come across evidence of possible wrongdoing by someone within or associated with the organization. If this happens, what should you do?

For example, let's say this one-page memorandum anonymously comes through an unofficial channel to your attention. How should you handle this situation?

Sir or Madam:

Mr. CFO is using Reptile LLC and other special purpose entities to divert assets away from the company to compensate himself. Shares of company treasury stock have been pledged to secure loans obtained by these entities. Some of the proceeds of these loans have been paid directly to Mr. CFO. The company is paying for Reptile fees that are being used to pay the interest on these loans. These fees are being accounted for as advisory fees, but none of the other transactions are being reported because the entities are not reflected on the company’s balance sheet. Mr. Manager who used to work in the audit department was fired yesterday for raising questions about the accounting of Reptile and for refusing to shred some accounting records. I am incredibly nervous that we will implode in a wave of accounting scandals. Someone should look into this.

This memorandum is similar to one written by Enron’s in-house lawyer, Sherron Watkins, to Enron’s CEO, Kenneth Lay, which resulted in many of the “accountability” provisions of the Sarbanes-Oxley Act of 2002 (SOX). The intent of Congress in the accountability provisions of SOX was to eliminate an alleged defense by Kenneth Lay that “I had no knowledge” or an alleged defense by Sherron Watkins that “I did nothing further because I trusted him.”

Complex maze of corporate governance laws

Although SOX has received much publicity, it is just one law in a complex maze of laws dealing with corporate governance. Other laws dealing with corporate governance include federal and state securities laws that existed before SOX; federal tax laws, especially with respect to tax exempt organizations; standards of professional conduct of lawyers, accountants, internal auditors and other professionals; and state statutory and common law, including fiduciary duties of directors and officers and contractual obligations arising from employment contracts and an organization’s governing documents.

Questions you should ask yourself

(1) What are your duties to the organization?

Why? Because if you do not have a duty to the organization, you may have no obligation. Generally, you only have an obligation to take some action regarding potential wrongdoing by or to the organization if you have a duty of care or duty of loyalty to the organization.

Duties arise from a number of sources, including:

  • State law duties of care and loyalty for directors and officers. All 50 states have either statutorily or judicially created duties of care and loyalty for directors and officers of an organization. Generally, the duty of care is to act with the care that an ordinarily prudent person in a like position would use under similar circumstances (duty of care). The duty of loyalty is to act in a manner reasonably believed to be in, or not opposed to, the best interests of the organization (duty of loyalty).

  • Contracts. Duties are often expressed in employment contracts. In addition, contractual duties are often implied from an organization’s governing documents, such as codes of business conduct and ethics as well as bylaw and charter provisions (including audit and other committee charters).

  • New and existing federal and state laws. These include the executive, accountant and lawyer accountability provisions of SOX and section 10A of the Securities Exchange Act of 1934, as well as new state law provisions expanding those accountability provisions to companies other than public reporting companies.

  • New and existing rules of conduct. These include the rules of conduct governing lawyers, accountants and internal auditors at the state and federal levels through rules of the SEC and the Public Company Accounting Oversight Board (PCAOB) created by SOX.

If you serve as a director, officer, lawyer or accountant for an organization, you likely have duties of care and loyalty that will not allow you to ignore a memo like the one from Sherron Watkins. However, if you serve as a janitor or clerical secretary or in another non-professional, non-directorial position, you probably do not have any legal duty to act on such a memo.

Because of the Sherron Watkins memo to Kenneth Lay, Congress enacted provisions in SOX to require certain persons to take some action:

  • CEOs and CFOs are required to take action upon learning of a material misstatement in financial statements or reports filed with the SEC, significant deficiencies in internal controls, and any fraud, whether or not material, involving internal controls;

  • Lawyers for the organization are required to take action upon learning of material violations of securities laws and material breaches of fiduciary duty; and

  • External accountants are required to take action upon learning of material illegal acts and related party transactions and are required to take action upon learning of defects in internal controls.

(2) What triggers you to take action?

Under most states’ laws, whether learning of some possible wrongdoing triggers the need to take action depends upon the duty of care that an ordinarily prudent person in a like position would exercise under similar circumstances. This duty of care applies to any organization, for profit or charitable, taxable or tax-exempt, publicly held or private. The problem with the prudent-person duty of care is that it is open to subjectivity determined by a jury or other trier of facts in courts. For this reason, SOX tries to bring some certainty as to when action must be taken by officers, lawyers and accountants of public reporting companies upon learning of evidence of wrongdoing.

However, what triggers action under SOX is not much different than what courts have held triggers action under the prudent-person duty of care. Under either, any of the following will likely trigger a requirement to take some action:

  • Illegal act, generally an act or omission that violates any law, or any rule or regulation having the force of law;1

  • Violation of securities law or breach of fiduciary duty to the organization or similar violation of federal or state law, including:

  • Failure or fraud in maintaining internal control and records underlying the organization’s financial statements,2

  • Improper influence, coercion, manipulation, or misleading of any independent public accountant engaged in the performance of an audit of the organization’s financial statements,3

  • Failure or fraud in reporting by insiders of their trading in the organization’s securities,4

  • Improper trading by insiders in the organization’s securities,5

  • Failure or fraud in enforcing the organization’s code of business conduct and ethics,6

  • Unlawful loan to officers or directors,7

  • Unlawful destruction of documents,8

  • Unlawful retribution against employees for lawfully providing information in any federal investigation;9

  • Material misstatement in financial statements or financial report filed with the SEC; and10

  • Deficiency or fraud in internal controls11.

(3) What action has to be taken?

Under most states’ laws, the action to be taken depends upon the duty of care that an ordinarily prudent person in a like position would exercise under similar circumstances. Again, the problem with the prudent-person duty of care is that it is open to subjectivity. For this reason, SOX tries to bring some certainty as to what action should be taken. In fact, the rules under SOX dealing with standards of professional conduct of lawyers is instructive.

SOX requires lawyers for public reporting companies to take some action upon learning of evidence of material violations of securities or breaches of fiduciary duty.12 The rules dealing with standards of conduct of lawyers under SOX require lawyers to take some action if the evidence is credible and the violation, if true, is material.13

These rules dealing with standards of conduct for lawyers are consistent with the holdings of courts across many jurisdictions regarding what a prudent person with a duty of care to an organization should do upon learning of wrongdoing involving or affecting the organization. Therefore, they can serve as guidelines for anyone learning of possible wrongdoing. Whether an organization is publicly or privately held, for profit or charitable, taxable or tax-exempt, a director, officer, professional, or other person having a duty to the organization is likely to act prudently if he or she follows these guidelines:

  1. Make an initial inquiry as to:

  • Credibility. To determine whether the evidence is credible, meaning unreasonable, under the circumstances, for a prudent and competent person not to conclude that it is reasonably likely that a problem has occurred, is ongoing, or is about to occur;14

  • Materiality. To determine whether or not the wrongdoing, if true, would (1) in an absolute sense, be considered material or significant to investors in general or security-holders of the organization in particular or (2) in a relative sense,

  • Make any past financial statement or report filed with the SEC materially misleading,

  • Have a material effect on any future financial statements or reports filed with the SEC,

  • Have, either directly or indirectly because of resulting consumption of time or expense, a material effect on current or future (1) operations, assets, liabilities or prospects of the organization or (2) results of operations or financial condition,

  • Constitute a significant defect in the internal controls or records underlying the organization’s financial statements, or

  • Constitute fraud (whether or not material) involving management or other employees who have a significant role in the issuer's internal controls.

  1. If credible and material, then report the evidence of the wrongdoing to the appropriate authorized representative of the organization. If the evidence demonstrates an illegal act or a violation of law or breach of fiduciary duty, report it to the chief legal officer or, if more appropriate, the CEO or CFO. If the evidence shows a misstatement in financial statements or financial report filed with the SEC or another governmental agency, or a deficiency or fraud in internal controls, report it to the CEO or CFO.

  2. Request someone responsible to conduct a substantive investigation to determine what remedial measures, if any, are necessary to (1) stop any wrongdoing that is ongoing; (2) prevent any problem that has yet to occur; (3) remedy or otherwise appropriately address any wrongdoing that has already occurred; and (4) minimize the likelihood of any recurrence.15

  3. Finally, report any remedial measures taken or to be taken to the CEO, CFO and CLO. If the wrongdoing will have a material effect on financial statements, or involves a material misstatement in financial statements or financial report filed with the SEC, or constitutes a significant deficiency in internal controls or accounting records, or involves fraud in internal controls or accounting records, then report remedial measures to the audit committee or other appropriate committee of the organization’s board, or the board itself, and the external auditor.

What would have happened if . . .

What would have happened with Enron if Kenneth Lay had received this type of advice after receiving Sherron Watkins memo?

  • Wouldn’t he have made at least an initial inquiry to determine the credibility of the evidence and the materiality of the alleged wrongdoing? And, if he did make an initial inquiry, wouldn’t he have found the concerns of one of his in-house attorneys credible and her evidence material?

  • In any event, wouldn’t Sherron Watkins have had a duty to continue up-the-ladder reporting if she did not reasonably believe the matter had been appropriately handled by Kenneth Lay?

  • And, wouldn’t Sherron Watkins’ evidence have been reported to the CLO and likely the audit committee and external auditor?

  • Wouldn’t a substantive investigation have been undertaken and wouldn’t some remedial measures have been taken that could have avoided the Enron implosion.

If Kenneth Lay had received such advice and taken such actions, the fraud perpetrated because of greed at Enron may not have been avoided. However, the fraud may have been discovered two years’ earlier, and the implosion of Enron may have been avoided.

Footnotes

  1. §10A(f) of the 1934 Act.
  2. §302 of SOX.
  3. §303 of SOX.
  4. §16(a) of the 1934 Act.
  5. §16(b) of 34 Act and §306 of SOX, including new Regulation BTR.
  6. §406 of SOX; item 406(b)(5) of Regulations S-K and S-B
  7. §402 of SOX.
  8. §802 of SOX and 18 USC 1519
  9. §806 of SOX and 18 USC 1514A
  10. §302(a) (2)-(3) of SOX, 34 Act rules 13a-14(b)(2)-(3) and 15d-14(d) (2)-(3).
  11. §302(a)(5) of SOX, and 34 Act rules 13a-14(b)(5) and 15d-14(d)(5).
  12. §307 of SOX.
  13. 17 CFR §205.2(e).
  14. 17 CFR §205.2(e)
  15. 17 CFR §205(b)(2).

More Board and Executive Governance articles ...