This is the second part of a two-piece look at how state securities and tort laws can affect auditors. To read the first piece, click here.
Most auditors don’t need to know the ins and outs of state securities laws. But that can change if they find themselves in the cross hairs of investors upset over the way a company outside the purview of the SEC was pitched in initial private placement offerings.
Here, we walk you through the particulars of state tort law to familiarize auditors and accountants with some of the legal theories that can come into play in contested state securities lawsuits.
In our first article, we talked about “Blue Sky” laws, which get their name from a 1917 U.S. Supreme Court case in which the court upheld the right of individual states to regulate the offer, sale, and purchase of securities.
While most securities offerings are not fraudulent investment schemes, allegations of fraud can arise when investors incur losses in connection with the purchase of securities. Both existing and prospective audit clients may seek to raise capital through securities offerings.
State tort laws come into play when creditors and investors file suit to recover losses associated with private placement offerings.
Based on data compiled by the AICPA Professional Liability Insurance Program, claims involving companies subject to securities laws and regulations have historically been some of the most expensive to defend and resolve. Given the specter of protracted and costly regulatory enforcement activity and large potential investor losses if a company fails or does not generate expected shareholder returns, this is not surprising.
Each state varies in how it approaches torts. These are loosely defined as wrongful acts that can lead to civil litigation; a tortfeasor is a person or entity who commits a tort. Auditors will be well served to know generally about the range of approaches. Generally speaking, the jurisdiction of state courts over lawsuits is based upon where the defendant resides or does business. The courts have the final say in determining jurisdiction.
Here are some explanations of the basic legal concepts that may come up:
Privity refers to the ability of third-party investors to sue a company’s auditors and is governed by the particular approach to the doctrine of privity that applies under state law.
There are three basic approaches to nonclient, third-party liability, depending on which approach a state privity law takes:
Privity-of-contract. This is when there is a connection or relationship that exists between two or more contracting parties. Under this approach, a third party must be in privity or near privity to recover for ordinary negligence. For this approach to apply, the defendant must be aware that a known third party intended to rely upon the work and information provided to the client for a particular purpose. There also must be conduct by the defendant linking it to a third party’s reliance.
Near privity. This type of liability is found when the third party is within a class of individuals or entities that normally rely upon the defendant’s work. In such a case, if it can be established that the defendant knew or should have known of reliance by this class, they can be held liable to the third party.
Foreseeability approach. While used in a minority of states (Mississippi, Oklahoma, and Wisconsin), this is much more expansive than the two other approaches. Essentially, a defendant can be held liable to any person whom he or she could reasonably foresee obtaining and relying upon their work. This includes both known and unknown parties.
When considering whether to undertake an audit engagement involving a private placement offering, evaluate whether a duty may be owed to the investors because they are within a limited class of third parties that the auditor knew could potentially rely upon their report.
Additionally, determine if the client or prospective client intends to include the auditor’s report in the offering materials or other materials that will be viewed by potential investors.
Joint and several liability
Auditors can be held liable for the tortious acts of others, with a tortious act considered an action that infringes on the rights of others. This is known as joint and several liability.
States take various approaches to this concept:
Under the joint liability theory, all parties whose tortious conduct caused the harm are
held jointly responsible for the full amount of the damages being sought in a lawsuit.
Under the several liability theory, each party is responsible for its proportionate share of the damages.
A third, hybrid approach is referred to as the joint and several liability theory. When two or more parties are jointly and severally liable for a tortious act, each party is independently liable for the full extent of the injuries stemming from that tortious act. For example, if a plaintiff receives a judgment against a group of joint tortfeasors — defined as those who commit wrongs that cause others harm or a loss — collectively, he or she may collect the full value of the judgment from any one of them. That party may then seek contribution from the other tortfeasors.
A handful of states apply the several liability theory. Eight states (Alabama, Delaware, Maine, Maryland, Massachusetts, North Carolina, Rhode Island, and Virginia) apply the pure joint-and-several-liability theory. Limited exceptions apply in some of these states. Other states use a hybrid approach in applying the joint-and-several-liability theory, with rules varying by jurisdiction.
Another 28 states have adopted a modified standard wherein a defendant is responsible for the entire verdict only if they are found to be at or above a specified percentage of fault.
States that have adopted the pure joint-and-several-liability theory are attractive venues for attorneys seeking to file suit on behalf of investors because this has the net effect of increasing their opportunities to recover damages, since some defendants may be insolvent or uninsured.
Consult with counsel regarding the liability theory applicable under state law and consider its impact should a claim be made.
Consumer fraud statutes
Auditors can also be held liable under consumer fraud statutes for exemplary damages and attorneys’ fees in some scenarios.
All states along with Puerto Rico and the U.S. Virgin Islands have consumer protection laws that prohibit deceptive trade practices and unfair or unconscionable business practices. The laws are designed to prohibit deceptive practices in consumer transactions and provide a private right of recovery for violations. Damages can include exemplary damages and attorneys’ fees.
Lawsuits alleging that the auditor conspired with the client and others to defraud investors often include a consumer fraud claim, depending on applicable state law.
Ask experts for help
Auditors need not become experts in applicable state securities and tort laws as part of the client acceptance and continuance process. However, proceed with caution if a client or prospective client is planning a private placement offering or is asking the auditor to consent to include a previously issued audit report in related private offering materials. If that’s the case, consider consulting with qualified legal counsel regarding the application of state securities and tort laws before going forward. The client also should retain attorneys with specialized expertise in state securities laws to assist with the offering.
As noted, state securities laws can be just as complex as applicable SEC registration and reporting requirements. Additionally, the variety of legal theories applicable under state law, such as third-party privity, joint and several liability, and comparative fault, can affect auditors’ liability exposure.
The significant exposure factors connected with SEC enforcement investigations and public company investor lawsuits are well documented. Less understood is the fact that audits of companies engaged in private placement offerings subject to state securities laws can be just as risky and can generate similar large damage claims. The hodgepodge of complex state securities laws — some more draconian than others — underscores the need to undertake vigorous due diligence of an audit client subject to these laws and to develop a level of expertise in the area.
The bottom line: Don’t get lulled into a false sense of security because the security being offered by your audit client is outside the purview of the SEC.
— Stanley Sterna, Esq., is a vice president at Aon, a global professional services firm providing risk, retirement, and health solutions. Joseph Wolfe is a risk management consultant with Aon. To comment on this article or to suggest an idea for another article, contact Chris Baysden, an associate director on the Association’s Magazines & Newsletters team, at Chris.Baysden@aicpa-cima.com
Aon Insurance Services is the National Program Administrator for the AICPA Professional Liability Program and can be contacted at 800-221-3023 or by visiting cpai.com. This article provides information, rather than advice or opinion. It is accurate to the best of the authors’ knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations. Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.
“Is This Client the Right Fit for Your Firm?” JofA, July 2013
“Defending Third-Party Audit Claims,” JofA, May 2013
“Privity in Third-Party Audit Claims,” CPA.com podcast, Modernizing Your Practice mini-series
“Joint and Several Liability and Contribution Laws in All 50 States,” Matthiesen, Wickert & Lehrer SC, Oct. 24, 2019