It’s been open season on financial institutions since the 2008-2009 financial crisis (“Financial Crisis”). State and federal prosecutors and regulators are competing with each other for press coverage of their latest consent order trophies, which include assessments of unprecedented civil money penalties and restitution orders. This focus on “accountability” has gone beyond the institutions, to the directors, officers, and employees of targeted institutions. The imperative to pursue individuals even became the subject of extrajudicial comments when Judge Jed Rakoff recently asked, “Why have no high-level executives been prosecuted” in the wake of the Financial Crisis?1
Over the past year, the perceived failure to prosecute individuals has been the focus of critics from all quarters, including the press, members of Congress, and federal and state agencies.2 In the current political climate, even astronomically large settlements with major institutions are not enough.3
The rhetoric continues to escalate. But what about the reality? Prosecutors are dusting off old tools, such as the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA), and using them to target individuals in new ways. And new entities, such as the Special Office of the Inspector General for the Troubled Asset Relief Program, are working together with existing agencies to assist federal prosecutors in building criminal indictments of individuals.
Much of this increased activity is aimed at individual misconduct — direct involvement by individuals in the wrongful conduct. But some regulators have gone further, pursuing individuals for poor management or for having failed to prevent or detect the wrongdoing due to ineffective oversight.
We focus on both types of risk for directors, officers, and employees of financial institutions and other providers of financial products. First, we discuss the current regulatory focus on the perceived need to hold individuals responsible for corporate wrongdoing, including the renewed energy brought by enforcers at the Consumer Financial Protection Bureau (CFPB). Next, we turn to the authority of the Department
Jed S. Rakoff, The Financial Crisis: Why Have No High-Level Executives Been Prosecuted (“Rakoff Article”), The New York Review of Books (Jan. 9, 2014), available at http://www.nybooks.com/articles/archives/2014/jan/09/financial-crisis-why-no-executive-prosecutions/. See, e.g., Neil Irwin, This is a complete list of Wall Street CEOs prosecuted for their role in the financial crisis, The Washington Post (Sept. 12, 2013), available at http://www.washingtonpost.com/blogs/wonkblog/wp/2013/09/12/this-is-a-complete-list-of-wall-street-ceos- prosecuted-for-their-role-in-the-financial-crisis/; Letter from Elizabeth Warren to Ben Bernanke, Mary Jo White, and Thomas J. Curry dated October 23, 2013 (“we also must look back to ensure that those who engaged in illegal activity during the [financial] crisis and its aftermath are held accountable”), available at http://www.warren.senate.gov/files/documents/SIGTARP%20Letter%202013-10-23.pdf. See, e.g., Letter from Elizabeth Warren to Attorney General Eric Holder dated August 21, 2013 (expressing concern that the historic $25 billion national mortgage settlement was “yet another example of the federal government’s timid enforcement strategy against the nation’s largest financial institutions”), available at http://www.warren.senate.gov/files/documents/EW%20Ltr%20to%20DOJ%20on%20Mortgage%20Settlement%20 2013-8-21.pdf.
of Justice (DOJ) and financial and securities regulators to pursue civil and criminal claims against individuals, and how those agencies have exercised that authority in recent cases. We touch on the efficacy of directors and officers insurance, errors and omissions coverage, and corporate indemnities as mitigants to personal liability. Finally, we provide some observations about how individuals and the institutions they serve may approach risk mitigation in light of actions being brought by government agencies in the wake of the Financial Crisis.
I. FINANCIAL CRISIS LEADS TO RENEWED FOCUS ON INDIVIDUAL LIABILITY
Holding individuals responsible for corporate misconduct is nothing new. As Judge Rakoff recognized, “[c]ompanies do not commit crimes; only their agents do.”4 Real deterrence, the theory goes, occurs only when individuals are held accountable. As SEC Chair Mary Jo White explained:
Another core principle of any strong enforcement program is to pursue responsible individuals wherever possible . . . . Companies, after all, act through their people. And when we can identify those people, settling only with the company may not be sufficient. Redress for wrongdoing must never be seen as “a cost of doing business” made good by cutting a corporate check. Individuals tempted to commit wrongdoing must understand that they risk it all if they do not play by the rules. When people fear for their own reputations, careers or pocketbooks, they tend to stay in line.5
Congress created a new enforcement mechanism that allowed regulators to pursue directors and officers of failed federal thrifts in the wake of the savings & loan crisis. We start there to set the stage, and then discuss the renewed focus on the individual in the current punitive enforcement environment.
A. Financial services regulators
Response to the last financial crisis
In the late 1980s, the thrift industry experienced unparalleled losses, leading to the failure of 1,043 federal thrifts.6 To stem the tide of failures, Congress passed
Rakoff Article at 10. Opening Speech, Deploying the Full Enforcement Arsenal, Council of Institutional Investors Fall Conference (Sept. 26, 2013), available at http://www.sec.gov/News/Speech/Detail/Speech/1370539841202. Timothy Curry & Lynn Shibut, The Cost of the Savings and Loan Crisis: Truth and Consequences at 26, FDIC Banking Review, available at http://www.fdic.gov/bank/analytical/banking/2000dec/brv13n2_2.pdf.
FIRREA.7 The goal of FIRREA was to “restore public confidence in the savings and loan industry in order to ensure a safe, stable, and viable system of affordable housing finance.”8 FIRREA brought several major banking reforms, including broad investigative and enforcement authority to pursue claims against institutions and individuals.
The expanded enforcement power and increased sanctions were designed to “give a clear signal to those who would violate federal banking laws that such conduct would not be tolerated.”9 Congress viewed insider fraud as the root cause of the large number of federal thrift failures, estimating that between 33-40% of the thrift failures were caused by corrupt insiders.10 To combat this intentional wrongdoing, Congress included several provisions in FIRREA expanding the DOJ’s and the FDIC’s ability to investigate, prosecute, and punish gross misconduct directed toward financial institutions.11 The Resolution Trust Corporation (RTC) and the FDIC took advantage of this expanded authority to file over 900 professional liability claims against failed savings & loan officers, directors, and third parties such as accountants and attorneys.12
A similar call for individual liability is being heard today as part of legal and regulatory reforms emanating from the Financial Crisis.
CFPB Director Richard Cordray said in a speech last year that the CFPB is seeking admissions of wrongdoing from individuals: “I’ve always felt strongly that you can’t only go after companies. Companies run through individuals, and individuals need to know that they’re at risk when they do bad things under the umbrella of a company.”13
Director Cordray repeated and amplified this theme in a speech to the Federal Reserve Bank of Chicago in May of 2014. This time, he appeared to expand the scope of
7 Pub. L. No. 101-73, 103 Stat. 183 (1989).
H.R. Rep. No. 54(I), 101st Cong., 1st Sess. 291, reprinted in 1989 U.S. Code Cong. & Admin. News 86,
Id. at 107. Id. at 260. See Pub. L. No. 101-73 §§ 101(9), (10), 103 Stat. 183, 187 (purposes of FIRREA include
“strengthen[ing] the enforcement powers of Federal regulators of depository institutions;” and “strengthen[ing] the civil sanctions and criminal penalties for defrauding or otherwise damaging depository institutions and their depositors.”)
The FDIC and the RTC Experience, Managing the Crisis, Professional Liability Claims, Ch. 11 at 270, FDIC (1998), available at http://www.fdic.gov/bank/historical/managing/history1-11.pdf. Emily Stephenson, U.S. consumer watchdog says committed to stiff penalties, Reuters (October 23, 2013), available at http://mobile.reuters.com/article/idUSBRE99M1K520131023?irpc=932.
potential targets from actual wrongdoers to individuals who failed to exercise appropriate oversight and management of compliance-oriented controls:
There are legitimate occasions where it is appropriate to sue not only the company that was a party to the consumer’s transactions, but also individuals who were decision-makers or actors relevant to that transaction . . . . Under the law, this includes not only a provider of consumer financial products or services, but also, in certain cases, anyone with “managerial responsibility” or who “materially participates in conduct of [its] affairs.”14
These comments seem to reflect a view that the Dodd-Frank Act reinforced regulatory authority to go after individuals.
3. New York Department of Financial Services and New York Attorney General
New York Attorney General Eric Schneiderman does not miss an opportunity to stress that “individuals in the financial services industry who perpetrate fraud, no matter how wealthy or powerful, must be held publicly accountable.”15 Not to be overshadowed, New York Department of Financial Services Superintendent Benjamin Lawsky recently encouraged regulators to “publicly expose—in great detail —the actual, specific misconduct that individual employees engage in . . . . [And] where
appropriate — individuals should face real, serious penalties and sanctions when they break the rules.”16
Director Jennifer Shasky Calvery of the Financial Crimes Enforcement Network (FinCEN) has echoed the same tone adopted as of late by other financial services regulators. In January 2014, Director Calvery spoke about the importance of “financial institutions tak[ing] responsibility when their actions violate the Bank Secrecy Act
Prepared Remarks of CFPB Director Richard Corday, Federal Reserve Bank of Chicago at 4, Consumer Finance Protection Bureau (May 9, 2014) (emphasis added), available at http://www.consumerfinance.gov/newsroom/prepared-remarks-of-cfpb-director-richard-cordray-at-the-federal- reserve-bank-of-chicago-2/. Edvard Pettersson, Schneiderman Won’t Seek Damages From Ex-AIG CEO Greenberg, Bloomberg (April 26, 2013), available at http://www.bloomberg.com/news/2013-04-26/schneiderman-won-t-seek-damages- from-ex-aig-ceo-greenberg.html. Remarks of Superintendent Benjamin Lawsky, Exchequer Club at 8 (Mar. 19, 2014), available at
(BSA).”17 Director Calvery noted that accepting responsibility “is not just about admitting to the facts alleged in FinCEN’s assessment. It is also about acknowledging a violation of the law.”18
She also indicated that a number of FinCEN’s recent enforcement actions have led the agency “to begin thinking more broadly about how the culture of compliance impacts financial institutions . . . .” She elaborated that
[f]or the culture of compliance to be strong within an institution, the business side of the organization needs to take [anti-money laundering] controls seriously. And it needs to begin with the institution’s leadership . . . . A financial institution’s leadership – to include the board of directors, executive management, and owners and operators
– is responsible for performance in all areas of the institution, including compliance with the BSA. The commitment of an organization’s leaders should be clearly visible, as the degree of that commitment will have a direct influence on the attitudes of others within the organization.19
Director Calvery specifically highlighted “calls for more accountability on the business side of an organization when [anti-money laundering] compliance fails. This is where a focus on individuals, as well as institutions, might come into play.”20
B. Securities regulators
Although both the SEC and the Financial Industry Regulatory Authority (FINRA) have a history of taking action against individuals, the agencies’ actions over the past year portend increased risks for individuals.
Statistics released by FINRA indicate that, although the overall number of regulatory actions decreased from 2012 to 2013, the number of individuals barred from association with a broker-dealer increased by 46% from 294 to 429, and the number of individuals suspended increased by 22% from 549 to 670.21 Indeed, these same statistics demonstrate that FINRA has consistently increased the number of actions filed against individuals since 2010 and, with few exceptions, the number of individuals barred and suspended has grown steadily since that time. For example, in 2010, FINRA
See Remarks of Director Jennifer Shasky Calvery, Securities Industry & Financial Markets Association Anti-Money Laundering & Financial Crimes Conference, Financial Crimes Enforcement Network (January 30, 2014), available at http://www.fincen.gov/news_room/speech/pdf/20140130.pdf. Id. Id. Id. See FINRA Statistics & Data, available at http://www.finra.org/Newsroom/Statistics/.
barred or suspended 706 individuals. In 2011, that number rose to 804; in 2012, 834; and 2013, 1,099. These numbers paint a clear picture that FINRA enforcement efforts against individuals are on the rise, with no reason to expect that they will taper off in 2014.
The SEC’s statistics on enforcement actions brought as a result of the Financial Crisis show the same trend.22 As a result of the Financial Crisis: the SEC has charged 169 entities and individuals, including 70 CEOs, CFOs, and other senior corporate officers; 40 individuals have received officer and director bars, industry bars, or commission suspensions; and total penalties, disgorgement, and other monetary relief have reached $3.02 billion.23
New leadership at the SEC also has made it clear that companies can expect increased scrutiny for their officers and employees. Speaking in May of 2014, Mary Jo White, the Chairwoman of the SEC noted:
The simple fact is that the SEC charges individuals in most cases, which is as it should be. A recent Harvard survey shows that since 2000, the SEC has charged individuals in 93% of our actions involving nationally listed firms in which we charged fraud or violations for books and records and internal controls rules. An internal, back-of-the envelope, analysis the staff did recently indicates that since the beginning of the 2011 fiscal year, we charged individuals in 83% of our actions. Under either calculation, those percentages are very high—which means that the cases where individuals are not charged are by far the exception, not the rule.24
Chair White also described the enforcement approach that would yield an increased level of actions against individuals: “the staff should look hard to see whether a case against individuals can be brought.” She wants to be sure that the SEC is “looking first at the individual conduct and working out to the entity, rather than starting with the entity as a whole and working in.”25
See SEC Enforcement Actions Addressing Misconduct That Led to or Arose From the Financial Crisis, Key Statistics, Securities Exchange Commission, available at http://www.sec.gov/spotlight/enf-actions-fc.shtml . Id. See Remarks Chair Mary Jo White, Three Key Pressure Points in the Current Enforcement Environment, NYC Bar Association’s Third Annual White Collar Crime Institute (May 19, 2014), available at http://www.sec.gov/News/Speech/Detail/Speech/1370541858285. See Remarks Chair Mary Jo White, Deploying the Full Enforcement Arsenal, Council of Institutional Investors Fall Conference (Sept. 26, 2013), available at http://www.sec.gov/News/Speech/Detail/Speech/1370539841202.
Similarly, SEC Director of Enforcement Andrew Ceresney has publicly stated that “[a] core principle of any strong enforcement program is to pursue culpable individuals whenever possible. After all, companies can only act through their people. Cases have great deterrent value, as they drive home to individuals the real consequences to them personally that their acts can have.”26
II. WHAT CAN THEY DO?
Talk is one thing; action is another. What authority do state and federal regulators have to pursue claims against directors, officers, and employees of financial institutions and providers of financial products?
A. FDIC & DOJ
Claims against directors, officers, and employees of failed institutions
When a federally insured bank fails, the FDIC is appointed as the bank’s receiver by the applicable state or federal regulatory agency as determined by the failed entity’s charter.27 FIRREA provides that a “director or officer of an insured depository institution may be held personally liable for monetary damages in any civil action by, on behalf of, or at the request or direction of the [FDIC], which action is prosecuted wholly or partially for the benefit of the [FDIC] acting as conservator or receiver of such institution.”28
To pursue a FIRREA professional liability claim against a failed institution’s directors and officers, the FDIC must allege “gross negligence, including any similar conduct that demonstrates a greater disregard for a duty of care including intentional tortious conduct, as such terms are defined and determined under applicable state law.”29 The United States Supreme Court held that FIRREA preempts state laws that would require the FDIC to prove a higher level of culpability. It further held that in certain cases, FIRREA can apply a lower standard of conduct if state law authorizes liability based on a lower standard of conduct, such as general negligence.30
See Co-Director of the Division of Enforcement Andrew Ceresney, Keynote Address, International Conference on the Foreign Corrupt Practices Act (Nov. 19, 2013), available at http://www.sec.gov/News/Speech/Detail/Speech/1370540392284. FDIC’s Role as a Receiver, The FDIC Resolutions Handbook , Ch. 7 at 69, FDIC, available at
28 12 U.S.C. § 1821(k)(1).
29 12 U.S.C. § 1821(k)(3).
Atherton v. FDIC, 519 U.S. 213 (1997).
Before filing suit against a failed bank’s directors and officers, the FDIC must determine that the claim is “sound on its merits” and that litigation is “cost effective,” in light of the availability of director and officer insurance and the individuals’ personal assets.31 The FDIC has indicated it will file suit in cases involving: (1) individual wrongdoing such as dishonest conduct or abusive insider transactions; and (2) poor management, such as failure to establish or monitor adherence to underwriting policies and approval of loans that directors and officers “knew or had reason to know were improperly underwritten.”32
The FDIC does not have jurisdiction to prosecute criminal cases against directors and officers of failed banks, but it can refer such cases to the DOJ.
The FDIC reports that “[f]rom January 1, 2009, through June 17, 2014, [it] has authorized suits in connection with 142 failed institutions against 1148 individuals for D&O liability. The FDIC has filed 97 D&O lawsuits (24 of which have fully settled and 1 of which resulted in a jury award in the FDIC’s favor) naming 749 former directors and officers.”33 This means the FDIC pursued litigation in connection with about 25% of the institutions that failed since January 1, 2009.34
2. Civil liability for criminal predicate acts by directors, officers, and employees of financial institutions
FIRREA also authorizes the FDIC to pursue civil claims against directors, officers, and employees of financial institutions for two types of criminal predicate offenses: those with elements that involve a financial institution, such as fraud against a financial institution or false entries or reports by a bank officer or employee;35 and general claims such as mail or wire fraud as long as they “affected” a financial institution.36 Congress viewed these more general claims as those likely to involve violations by corrupt insiders.37
The DOJ and the U.S. Attorney’s Office have relied on a novel interpretation of this little-used provision in FIRREA in their attempts to hold individuals accountable
Statement Concerning the Responsibilities of Bank Directors and Officers, FDIC (Dec. 3, 1992),
available at www.fdic.gov/regulations/laws/rules/5000-3300.html.
Id. Professional Liability Lawsuits, FDIC, as of June 17, 2014, available at
Failed Bank List, FDIC, available at http://www.fdic.gov/bank/individual/failed/banklist.html, (indicates 473 banks have failed since January 1, 2009).
3512 U.S.C. § 1833a(c)(1), (3).
36 12 U.S.C. § 1833a(c)(2).
37 See 72nd Report by the Comm. on Government Operations, Combating Fraud, Abuse, and Misconduct in the Nation’s Financial Institutions: Current Federal Efforts are Inadequate, H.R. Rep. No. 1088, 100th Cong., 2d Sess., Appendix (1988).
for the Financial Crisis. Whereas FIRREA was created to protect financial institutions from corrupt insiders and borrowers, prosecutors have begun using FIRREA to pursue claims against the institutions themselves. With the approval of the Courts, the Government has departed from FIRREA’s legislative purpose — giving the Government more tools aimed at protecting financial institutions from harm caused by individuals engaged in self-dealing for personal gain — to instead charge those very same institutions with FIRREA violations that carry substantial civil penalties. The reliance on FIRREA is not surprising, as it provides a unique and powerful enforcement tool for several reasons.
First, FIRREA authorizes a civil claim with a corresponding “preponderance of the evidence” burden of proof.38 This allows the DOJ to bring actions under a broad range of criminal provisions without having to meet the criminal “beyond a reasonable doubt” burden of proof. This lower burden of proof creates a strong advantage for the DOJ, given the difficulty of proving these complex financial cases.
Second, FIRREA allows the DOJ to obtain discovery before filing a complaint. The DOJ can issue administrative subpoenas to obtain documents and testimony in order to investigate possible civil liability.39 It is much easier for the Government to meet the federal court pleading requirements if it has the ability to conduct an investigation and obtain extensive information from the potential defendants in advance of filing suit.
Third, FIRREA allows information sharing between criminal and civil governmental agencies.40 Typically, parallel criminal investigations are subject to grand jury secrecy rules.41 FIRREA creates an exception to these usual rules, providing the DOJ with yet another source of information and the vast resources of a federal criminal investigation in building its case.
Fourth, FIRREA has a ten-year statute of limitations.42 Given that the height of the Financial Crisis occurred in 2008 and 2009, many potential claims are nearing the typical three to five-year statute of limitations for civil claims. Under FIRREA, the DOJ has much more time to develop the underlying facts and build its case against companies and individuals in these matters that otherwise would be beyond the statute of limitations period.
38 12 U.S.C. § 1833a(f).
39 Id. § 1833a(g).
40 18 U.S.C. § 3322(a).
Fed. R. Crim. P. 6(e). FIRREA, as enacted, doubled the then-existing statute of limitations, from five to ten years. See 12
U.S.C. § 1833a.
Fifth, FIRREA authorizes civil monetary penalties of up to $1 million per violation and up to $5 million for continuing violations.43 In addition, the DOJ can recover the amount of pecuniary gain or loss from the violation.44
To take advantage of these provisions, the DOJ has focused on claims asserting violations of general criminal predicate acts which must “affect a federally insured financial institution.” Specifically, the DOJ contends that a financial institution can violate these predicate criminal acts by fraudulent conduct “affecting” the institution itself as opposed to harm to the institution caused by fraudulent conduct of third parties or corrupt insiders. Courts have recently approved this interpretation.45
For example, in a decision denying the defendant’s motion to dismiss, the court looked to the purpose and legislative history of FIRREA in concluding that Congress intended FIRREA to apply to fraud committed by the bank itself and not just to fraudulent acts that victimized the bank.46 The court reasoned that “affecting” is broader than “harming” or “victimizing,” and “decline[d] to conclude that an institution cannot be affected by a fraud solely because it participate[d] in it.”47
The Court determined that the fraud must be the proximate cause of a negative effect on the institution. Although the defendant financial institution profited from the challenged conduct, the court found the DOJ had sufficiently pled that this conduct created a risk of loss to the financial institution, including numerous private lawsuits, harm to its reputation, and loss of clients.48
As discussed below, the DOJ has already begun taking advantage of this new theory in pursuing claims against individuals.
3. False Claims Act
The False Claims Act (FCA) is the second of the DOJ’s one-two punch targeting financial institutions and their officers, directors, and employees. The DOJ describes the FCA as “the government’s primary civil remedy to redress false claims for government funds and property,” including claims made under federally insured loan and mortgage programs.49
43 12 U.S.C. § 1833a(b)(1) & (2).
44 12 U.S.C. § 1833a(b)(3).
See, e.g., United States v. Bank of New York Mellon, 941 F.Supp.2d 438 (S.D.N.Y. 2013); United States v. Wells Fargo Bank, N.A., 972 F. Supp. 2d 593, 629-31 (S.D.N.Y. 2013). United States v. Bank of New York Mellon, 941 F.Supp.2d 438 (S.D.N.Y. 2013). Id. at 457. Id. at 458. Press Release, Justice Department Recovers $3.8 Billion from False Claims Act Cases in Fiscal Year 2013 at 2, Department of Justice (Dec. 20, 2013), available at http://www.justice.gov/opa/pr/2013/December/13- civ-1352.html.
The FCA50 provides that any person who “knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval” to the Government or “knowingly makes, uses or causes to be made or used, a false record or statement material to a false or fraudulent claim”51 is liable for a civil penalty of between $5,500 and $11,000 for each individual false claim, plus three times the amount of the Government’s damages.52 The statute also creates liability if a person acts improperly to avoid paying money to the Government. This provision is commonly referred to as the “reverse” FCA section.53
Not only can an individual be liable for these significant penalties, but certain agencies, including HUD, have authority to impose suspension and debarment penalties on individuals, companies and their affiliates from participating in federal programs and conducting business with any federal agency worldwide. Debarment generally is imposed for a three-year period, but can be imposed for a longer period if the debarring agency decides it is necessary to protect the public interest.54 It goes without saying that individuals who are either suspended or debarred from participating in federal programs cannot hold positions of authority in companies conducting business with the federal government through the very programs in which the individual is precluded from participating.
To violate the FCA, a person must have submitted or caused the submission of a false claim with knowledge of the falsity. The FCA’s knowledge requirement is defined as (1) actual knowledge, (2) deliberate ignorance of the truth or falsity of the information, or (3) reckless disregard of the truth or falsity of the information. Proof of a specific intent to defraud is not required to show knowledge under the False Claims Act.55
The FCA allows private persons to file lawsuits claiming on behalf of the Government, otherwise known as qui tam suits.56 An individual filing such a suit is referred to as a qui tam relator.
Under the qui tam provisions of the FCA, a qui tam complaint must be filed under seal, and the Government is required to conduct an investigation of the allegations contained in the complaint. Qui tam pleadings are sealed for 60 days, but the Government is authorized by the statute, and commonly will, seek extensions of that
In addition to the federal FCA, many states, including Delaware, New York, and California, have state false claims act statutes that create liability for various types of fraud.
51 31 U.S.C. § 3729(a)(1)(A) & (B).
52 31 U.S.C. § 3719(a)(2).
53 31 U.S.C. § 3719(a)(1)(G).
54 See 2 C.F.R. Part 2424.
55 31 U.S.C. § 3719(b)(1)(A) & (B).
31 U.S.C. § 3730(b). In addition to the federal False Claims Act, many states, including Delaware, New York, and California, have state false claims act statutes that create liability for various kinds of fraud.
period if it cannot complete its investigation within that time. If the Government determines that the allegations have merit, it will intervene, or take responsibility for proceeding with the action.
In past years, the DOJ used the FCA to go after defense contractor fraud, and then turned its attention to the pharmaceutical industry. In 2009, the FCA was expanded to reach fraud by TARP fund recipients. The FCA became a weapon of choice for the Financial Fraud Enforcement Task Force, which was created by President Obama in November 2009 to improve the Government’s efforts to investigate and redress consumer and financial fraud. FCA recoveries in financial fraud cases “accounted for 11 percent of fiscal year 2010 recoveries [under the FCA], with $327.2 million in settlements and judgments.”57
B. Banking and consumer financial product regulators
The Federal Reserve Board, the FDIC, and the OCC (the “Prudential Regulators”) can target individuals through their authority to pursue enforcement actions against “institution affiliated parties” (IAPs).58 An IAP is defined as:
any director, officer, employee, or controlling stockholder (other than a bank holding company) of, or agent for, an insured depository institution;
any other person who has filed or is required to file a change-in-control notice with the appropriate Federal banking agency under section 1817(j) of this title;
any shareholder (other than a bank holding company), consultant, joint venture partner, and any other person as determined by the appropriate Federal banking agency (by regulation or case-by-case) who participates in the conduct of the affairs of an insured depository institution; and
any independent contractor (including any attorney, appraiser, or accountant) who knowingly or recklessly participates in —
any violation of any law or regulation;
any breach of fiduciary duty; or
Press Release, Department of Justice Recovers $3 Billion in False Claims Cases in Fiscal Year 2010 at 2, Department of Justice (Nov. 22, 2010), available at http://www.justice.gov/opa/pr/2010/November/10-civ- 1335.html.
58 12 U.S.C. § 1818.
any unsafe or unsound practice,
which caused or is likely to cause more than a minimal financial loss to, or a significant adverse effect on, the insured depository institution.59
Generally, the first and second prongs of the definition are self-operative, while the other prongs require a special determination by a Prudential Regulator or a showing of knowing or reckless conduct that caused harm to the institution.
A “violation” of law includes “any action (alone or with another or others) for or toward causing, bringing about, participating in, counseling, or aiding or abetting a violation.”60 The Prudential Regulators have issued extensive guidance on practices they view as unsafe or unsound.61
An IAP’s direct liability depends on the scope of the underlying law. For example, the Truth in Lending Act (TILA) and Regulation Z generally apply only to “each individual or business that offers or extends credit.”62 Officers, directors, and employees do not offer or extend credit, so IAP liability ordinarily does not reach TILA or Regulation Z.63 The same is true for the Fair Debt Collection Practices Act (FDCPA).64 For the same reason, IAPs should not be found liable for aiding and abetting a violation of TILA or the FDCPA, either.65
In contrast, the Equal Credit Opportunity Act (ECOA) authorizes individual liability in certain circumstances. Regulation B, ECOA’s implementing regulation,
59 12 U.S.C. § 1813(u).
60 12 U.S.C. § 1813(v).
61 See, e.g., The Director’s Book, Office of the Comptroller of Currency, available at
62 12 C.F.R. § 1026.1(c); accord 15 U.S.C. §§ 1631, 1635.
See, e.g., Robey-Harcourt v. Bencorp Fin. Co., 212 F. Supp. 2d 1332, 1333 (W.D. Okla. 2002) (“Congress has chosen to make TILA’s disclosure obligations and related duties applicable only to creditors.”). Pettit v. Retrieval Masters Creditors Bureau, Inc., 211 F.3d 1057, 1059 (7th Cir. 2000) (“Because such individuals do not become ‘debt collectors’ simply by working for or owning stock in debt collection companies, [courts] have held that the Act does not contemplate personal liability for shareholders or employees of debt collection companies who act on behalf of those companies” absent piercing of the corporate veil.). See, e.g., Vallies v. Sky Bank, 432 F.3d 493, 496 (3d Cir. 2006) (explaining TILA’s regulation “vests the duty of disclosure on the, and only the, actual creditor”); Dinsmore v. Squadron, Ellenoff, Plesent, Sheinfeld & Sorkin, 135 F.3d 837 (2d Cir. 1998) (“Congress knew how to impose aiding and abetting liability when it chose to do so,” and therefore the absence of aiding and abetting liability in TILA itself indicates there is no such liability); In re Currency Conversion Fee Antitrust Litig., 265 F. Supp. 2d 385, 431 (S.D.N.Y. 2003) (holding that TILA does not permit conspiracy or aiding and abetting actions because the statute does not “extend [a creditor’s disclosure] duty or the benefits of that duty to anyone else”); Pettit, 211 F.3d at 1059.
defines “creditor” to include “a person who, in the ordinary course of business, regularly participates” in the decision of whether or not to extend credit.66
2. The CFPB
The Dodd-Frank Act grants the CFPB two sources of authority to pursue enforcement actions against “covered persons”: liability for violations of Title X of the Dodd-Frank Act67 or Federal consumer financial laws, including unfair, deceptive, and abusive acts and practices (UDAAP); and liability for aiding and abetting these violations. We address each in turn.
a. Federal consumer financial law liability
The CFPB may pursue an enforcement action against “any person” that violates a Federal consumer financial law.68 A “Federal consumer financial law” includes: the provisions of Title X of the Dodd-Frank Act (including UDAAP, discussed below); the “enumerated consumer laws,” which are the laws for which authority was transferred to the CFPB under Title X; and any regulation or order promulgated by the CFPB.69 The “enumerated consumer laws” include TILA, ECOA, the Real Estate Settlement Procedures Act of 1974, the Fair Credit Reporting Act (FCRA), and the FDCPA.70 The laws for which authority was transferred also include the Telemarketing Sales Rule, which the CFPB has relied on in pursuing enforcement actions against individuals.71
As discussed above, though, many of the “enumerated consumer laws” provide only for direct, not vicarious, liability. And laws such as TILA create a duty only for the entity extending credit.72
b. UDAAP liability
The CFPB can pursue enforcement actions against any “covered person” or “service provider” for engaging in a UDAAP in connection with the offering of a consumer financial product or service.73 To get to individual liability requires a detour
12 C.F.R. § 202.2(1); see also FTC v. Capital City Mortg. Corp., No. 98-237 (JHG)(AK), 1998 U.S. Dist. LEXIS 22115, at *17-19 (D.D.C. July 13, 1998). Title X of the Dodd-Frank Act, known as the “Consumer Financial Protection Act,” is the section of the Act that creates the CFPB and defines its authority.
68 12 U.S.C. § 5564(a) (Dodd-Frank Act sec. 1054(a)).
69 12 U.S.C. § 5481(14) (Dodd-Frank Act sec. 1002(14)).
70 Id. § 5481(12) (Dodd-Frank Act sec. 1002(12)).
16 C.F.R. pt. 310. “Enumerated financial laws” do not include the FTC Act, the FHA, or the CRA. See discussion at footnotes 62-65 above. 12 U.S.C. § 5531 (Dodd-Frank Act sec. 1031).
into the “covered person” and “related person” terminology in Title X of the Dodd-Frank Act.
A “covered person” means any person that offers or provides a consumer financial product or service and any affiliate of such a person if the affiliate acts as a “service provider” to such person.74
A “related person” is defined to include:
any director, officer, or employee charged with managerial responsibility for, or controlling shareholder of, or agent for, such covered person;
any shareholder, consultant, joint venture partner, or other person, as determined by the Bureau (by rule or on a case-by-case basis) who materially participates in the conduct of the affairs of such covered person; and
any independent contractor (including any attorney, appraiser, or accountant) who knowingly or recklessly participates in any—
violation of any provision of law or regulation; or
breach of a fiduciary duty.75
Title X does not directly provide for liability of related persons. Rather, it provides that a related person “shall be deemed to mean a covered person for all purposes of any provision of Federal consumer financial law.”76 As covered persons can be liable only for direct violations of UDAAP, and related persons are deemed to be covered persons, it seems likely that individuals who are related persons similarly can be liable only for their own violations of UDAAP.
Said another way, the fact that a covered person such as a financial institution committed a UDAAP probably does not in and of itself allow the CFPB to pursue a UDAAP claim against individuals who are related persons affiliated with that institution. Rather, it would seem that the CFPB would have to allege that the related person committed a UDAAP to pursue a claim as to that related person.
In defining “related person,” Congress borrowed almost verbatim the definition of “institution affiliated party” (IAP) from the FDIA Act. In effect, Congress expanded IAP-type liability to include individuals associated with non-bank financial services companies and institutions. For the first time, individuals involved with non-banks face
74 12 U.S.C. § 5481(6) (Dodd-Frank Act sec. 1002(6)).
75 12 U.S.C. § 5841(25)(C) (Dodd-Frank Act sec. 1002(25)(C)).
76 12 U.S.C. § 5481(25)(B) (Dodd-Frank Act sec. 1002(25)(B)).
the same remedies that traditionally have applied to employees, directors, managers and service providers of depository institutions.
There are not many examples as of yet, but the CFPB appears to have relied primarily on the “material participation” section of the “related person” definition in pursuing claims against individuals.77 Based on the allegations in the CFPB’s complaints to date, it appears that the CFPB has been attempting to establish, on a case- by-case basis, the “material participation” of target individuals as a basis for “related person” liability.
In this respect, the CFPB has taken a similar approach to individual liability to that of the Federal Trade Commission (FTC) over the years. The FTC makes the determination of whether to hold individuals liable for unfair or deceptive trade practices under Section 5 of the FTC Act based on the facts and circumstances of each case, including:
whether or not the individual is sole or majority stockholder of the corporate respondent involved; whether or not the individual directed, formulated, and controlled the policies, acts, and practices of the corporate respondent; whether or not the individual played an active role in the
alleged violations; whether or not under the facts and circumstances shown there is reason to believe that an order may be evaded unless the individual is named personally; and whether or not there are unusual or
unique circumstances present which would render the naming of an individual personally unfair or unjust.78
The FTC has brought numerous cases against corporate entities and their directors, officers, and/or other participants in the wrongdoing for alleged UDAP in consumer financial transactions.79
c. Aiding and abetting liability
The Dodd-Frank Act bars any person from knowingly or recklessly providing substantial assistance to a covered person or service provider in violation of the Act’s prohibition of UDAAP, or any rule or order issued thereunder.80 The provider of such
See cases discussed at footnotes 114-128 below. Operating Manual for Administrative Complaints, Capacity & Liability of Individuals, Ch. 4 § 5.4, Federal Trade Commission, available at http://www.ftc.gov/sites/default/files/attachments/ftc-administrative-staff- manuals/ch04administrativecomplaints.pdf. See, e.g., Stipulated Permanent Injunction & Final Order, FTC v. First Universal Lending LLC, David Zausner, Sean Zausner, and David J. Feingold, Case No. 09-CIV- 82322 WJZ (S.D. Fla. May 11, 2011), available at http://www.ftc.gov/sites/default/files/documents/cases/2011/06/110621firstuniversalstip.pdf .
80 12 U.S.C. § 5536(c) (Dodd-Frank Act sec. 1036(c)).
substantial assistance is liable to the same extent as the person to whom such assistance is provided.81 The CFPB has not yet pursued any aiding and abetting claims, relying instead on its authority to pursue violations of enumerated consumer laws, including UDAAP, in bringing claims against individuals.
d. Criminal referral authority
The CFPB does not have authority to pursue criminal claims directly. If the CFPB obtains evidence that any person, domestic or foreign, has engaged in conduct that may constitute a violation of Federal criminal law, the Bureau is required to transmit such evidence to the U.S. Attorney General, who may institute criminal proceedings under appropriate law.82
3. State attorneys general and bank regulators
Title X of the Dodd-Frank Act provides state attorneys general (state AGs) and state regulators with authority to enforce the provisions of Title X and/or regulations promulgated by the CFPB in judicial and/or administrative proceedings. For entities that are state-chartered, incorporated, licensed, or authorized to do business under state law, state AGs may bring suit in state or federal court and may sue for violations of the provisions of Title X and regulations promulgated by the CFPB.83
In contrast, for federally-chartered institutions, state AGs cannot enforce the provisions of Title X.84 Instead, state AGs can enforce only regulations promulgated by the CFPB. As an example, state AGs cannot enforce the UDAAP provision in the Dodd- Frank Act against federally chartered institutions.
Title X also authorizes “State regulator[s]” to bring “a civil action or other appropriate proceeding” to enforce the provisions of Title X or regulations promulgated by the CFPB with respect to State entities. The DFA does not define “State regulator,” or “other appropriate proceeding,” and does not identify the forum where such proceedings should be brought.
It is commonly understood that state banking regulators are included within the definition and that “proceeding” likely includes administrative proceedings instituted by state regulators, but this is not clear from the statute. In any event, to date, it does not appear that any state regulator has brought a lawsuit or administrative proceeding under the statute against a state-chartered or state-licensed entity.
Id. 12 U.S.C. § 5566 (Dodd-Frank Act sec. 1056).
83 12 U.S.C. § 5552(a)(1) (Dodd-Frank Act sec. 1042(a)(1)).
84 Id. § 5552(a)(2) (Dodd-Frank Act sec. 1042(a)(2)).
Title X does not identify potential defendants in these state-initiated cases as “covered persons.” This may mean that state AGs and state regulators may pursue Title X and CFPB regulatory claims against individuals who are not deemed to be
covered persons. The requirement that state AGs and regulators notify the CFPB before filing suit to allow the CFPB to intervene or coordinate with those state entities refers to actions and proceedings against “covered persons.”85 This provision may indicate that state AGs and state regulators need not notify the CFPB before pursuing claims against individuals who are not deemed to be covered persons.
Finally, the Dodd-Frank Act does not alter the authority of State AGs and regulators to enforce the Enumerated Consumer Laws.86 Certain of those Laws, including the FCRA, the Federal Deposit Insurance Act, and the Gramm-Leach-Bliley Act, grant State AGs or regulators authority to take enforcement action.87
b. State law authority
The Dodd-Frank Act expressly preserves the authority of State AGs, state regulators, and other state enforcement agencies to pursue claims arising under State law.88 State AGs and banking regulators generally are authorized by state law to enforce state unfair and deceptive acts and practices statutes and to bring claims against the directors, officer, and employees of financial institutions that are subject to their jurisdiction.89
4. Inspector General referrals
The Office of Inspector General (OIG) of the Federal Housing Finance Agency (FHFA) and HUD, as well as the Office of the Special Inspector General for the Trouble Asset Relief Program (SIGTARP), have worked together with the DOJ and U.S. Attorney’s Offices on investigations of, and litigation against, financial institutions. The OIGs have authority to “conduct, supervise, and coordinate audits and investigations”
85 12 U.S.C. § 5536 (Dodd-Frank Act sec. 1036(c)); see also State Official Notification Rule, 77 Fed. Reg. 39112 (June 29, 2012).
86 12 U.S.C. § 5552(a)(3) (Dodd-Frank Act sec. 1042(a)(3))
87 See, e.g., 15 U.S.C. § 1681s(c) (“if the chief law enforcement officer of a State . . . has reason to believe that any person has violated or is violating [FCRA] . . . [the officer] may bring an action to enjoin such violation in any appropriate United States district court or in any other court of competent jurisdiction”).
88 12 U.S.C. § 5552 (Dodd-Frank Act sec. 1042(d)(1)).
89 See, e.g., 205 Ill. Comp. Stat. § 39 (providing directors or officers of State banks who violate state banking laws are liable in their individual capacity for all damages); Fla. Stat. Ann. § 655.033 (authorizing Florida Office of Financial Regulation to pursue charges against any financial institution-affiliated party for engaging in unsafe or unsound practices, violating state laws relating to the operation of a financial institution, etc.).
relating to their respective agencies’ operations.90 They are authorized to subpoena documents and information to conduct their investigations.91
Not content to focus their inquiries inward to the operations of the FHFA, HUD, and the Department of the Treasury’s awards of TARP funds, the OIGs have reached outward with extensive civil fraud initiatives. For example, with support from the FHFA OIG’s Office of Investigations and Office of Counsel, the FHFA Office of Audits conducts “civil fraud reviews  to identify fraud and make referrals for civil actions and administrative sanctions against entities and individuals who commit fraud against FHFA, Fannie Mae, Freddie Mac, or the Federal Home Loan Bank.”92
For the six-month ending April 2014, FHFA OIG investigators worked with several other agencies, including the DOJ, U.S. Attorneys, and the Inspector Generals of the Troubled Asset Relief Program (TARP) and HUD, on “numerous criminal, civil, and administrative investigations, which resulted in the indictment of 82 individuals and the conviction of 62 individuals.”93 Those convictions ranged from bank bribery charges, condo conversion and builder bailout schemes, material misrepresentations and omissions in connection with FHA loan applications, HUD-1 forms, and other loan documents, and short sale and loan modification schemes.94
The OIG of the FHFA has played a “significant role” in the Residential Mortgage Backed Securities (RMBS) Working Group, which is investigating “those responsible for misconduct contributing to the financial crisis through the pooling and sale of RMBS.” Cases filed as a result of the Working Group’s activities allege violations of FIRREA, the False Claims Act, and/or state law.95 The OIG of the FHFA also is working with Assistant U.S. Attorneys on “reviews of lenders’ loan origination practices to determine their compliance with [Fannie Mae and Freddie Mac] requirements.”96
Similarly, SIGTARP describes itself as a “white-collar law enforcement agency,” which had more than 150 ongoing criminal and civil investigations as of April 2, 2014.97 Like the other OIGs, it views its mandate as going beyond fraud involving TARP funds to fraud involving any entity that has applied for TARP funds. SIGTARP’s investigations
90 5 U.S.C. app. 4(a)(1).
91 5 U.S.C. § 6(a)(1), (4).
Semiannual Report to Congress at 19, Office of Inspector General (2014), available at
Id. at 20.
94 Id. at 20-36.
Id. at 37. Id. at 19. Quarterly Report to Congress at 15, SIGTARP (April 30, 2014), available at
have resulted in “criminal charges against 188 individuals, including 123 senior officers (CEOs, owners, founders, or senior executives) of their organizations.”98
FinCEN is a bureau of the U.S. Treasury. Its primary authority comes from the Currency and Financial Transactions Reporting Act of 1970, as amended by Title III of the USA PATRIOT Act of 2001 and other legislation.99 This statutory framework is commonly referred to as the Bank Secrecy Act (BSA), a federal anti-money laundering (AML) and counter-terrorism financing statute.
Financial institutions that qualify as money services businesses (MSBs), must meet a number of requirements, including registering with FinCEN, maintaining a list of their agents, and filing various reports associated with certain transactions or suspicious activities, including Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs).
Entities subject to BSA requirements are also required to develop, implement, and maintain an effective AML program that is commensurate with the risks posed by the nature of the their business. Compliant AML programs generally include: (1) policies, procedures, and internal controls reasonably designed to assure ongoing compliance with the BSA, as well as BSA training for appropriate personnel and a designated BSA Compliance Officer; (2) independent review and auditing of the AML program; and (3) observance of specified certain customer identification and recordkeeping standards. These requirements are designed to prevent fraud in the payments system, as well as to prevent money laundering and terrorist financing activities.
FinCEN may bring an enforcement action for violations of the reporting, recordkeeping, or other requirements of the BSA.100 Civil monetary penalties may be assessed for recordkeeping violations,101 including failing to file a CTR,102 or failing to file a SAR.103 Any person who fails to comply with the BSA’s registration requirements may be liable for a civil penalty of up to $5,000 for each violation. Failure to comply includes the filing of false or materially incomplete information. Furthermore, each day
Id. See 31 U.S.C. §§ 5311-5330 and 31 C.F.R. Chapter X (formerly 31 CFR Part 103). 31 U.S.C. § 5311 et seq., and its implementing regulations at 31 C.F.R. Chapter X (formerly 31 C.F.R. Part 103).
101 31 C.F.R. § 1010.415.
102 31 C.F.R. § 1010.311.
103 31 C.F.R. § 1021.320.
a violation continues constitutes a separate violation. Additional penalties also exist, such as a civil action to enjoin the violation.104
It is also unlawful to do business without complying with the BSA’s registration requirements: “[w]hoever knowingly conducts, controls, manages, supervises, directs, or owns all or part of an unlicensed money transmitting business, shall be fined in accordance with this title or imprisoned not more than 5 years, or both.” 105
The term “unlicensed money transmitting business” means a money transmitting business that (1) is operated without an appropriate license, whether or not the defendant knows that the operation is required to be licensed; (2) fails to comply with certain registration requirements; (3) or otherwise transmits funds that are known to have been derived from a criminal offense or are intended to be used to promote unlawful activity.106
Two sections of the Securities Exchange Act of 1934 allow the SEC to charge individuals with secondary liability for the primary violations of a company or other individuals. Section 20 governs the liability of controlling persons and persons who aid and abet violations of the securities laws.107 As to control persons, Section 20 states that “[e]very person who, directly or indirectly, controls any person liable under [securities laws and regulations] shall also be liable jointly and severally with and to the same extent as such controlled person to any person to whom such controlled person is
liable . . . .”108
Section 20 also authorizes the prosecution for aiding and abetting a violation by any person “who knowingly or recklessly provides substantial assistance to another person in violation of a provision of this chapter, or of any rule or regulation issued under this chapter . . . .” An aider and abettor is deemed to be liable “to the same extent as the person to whom such assistance is provided.”109 Similarly, Section 15 of the ’34 Act imposes liability on any person who willfully aids and abets the violation of any provision of the Securities Act of 1933, the Investment Advisers Act of 1940, the
104 31 C.F.R. § 1022.380(e).
105 18 U.S.C. § 1960(a).
106 18 U.S.C. § 1960(b)(1)(A)-(C).
107 15 U.S.C. § 78t.
108 15 U.S.C. § 78t(a).
109 15 U.S.C. § 78t(e).
Investment Company Act of 1940, the Commodity Exchange Act, and other securities laws, rules, and regulations.110
2. Failure to supervise
The SEC and FINRA have stepped up enforcement efforts regarding liability against individuals for “failure to supervise.” A focus on supervision is fundamental to the SEC’s and FINRA’s regulatory schemes, which work together to address violations of each agency’s statutory and regulatory framework. For example, a violation of FINRA rules for failure to supervise creates a cognizable right of action under the broad construction of SEC Rule 10b-5 as an omission for failure to disclose that the broker was unsupervised.
In addition to aiding and abetting liability, Section 15 of the Securities Exchange Act of 1934 creates liability for failure “reasonably to supervise, with a view to preventing violations of the [securities laws], another person who commits such a violation, if such other person is subject to his supervision.”111
For example, in May of this year, SEC Commissioner Daniel M. Gallagher stated that “[t]he Commission’s ability to impose sanctions for failures to supervise is a valuable part of our regulatory toolkit, encouraging a broker-dealer or investment adviser’s managers and executives to proactively monitor subordinate employees’ compliance with laws and regulations.”112 Commissioner Gallagher specifically noted that the “Exchange Act vests the Commission with the authority to impose sanctions on a person . . . [who] has failed to reasonably supervise, with a view to preventing violations of the provisions of [the securities] statutes, rules, and regulations, another person who commits such a violation.”113
FINRA’s regulatory scheme provides that agency with many avenues to pursue individuals for supervisory failures. National Association of Securities Dealers (NASD) Rule 3010(a) requires that each member shall establish and maintain a system to supervise the activities of each registered representative, registered principal, and other associated person; the system must be reasonably designed to achieve compliance with
Section 15(b)(4)(E). Section 15(b)(4)(E). See Commissioner Daniel M. Gallagher, Introductory Remarks, Evolving Role of Compliance in the Securities Industry Presentation (May 12, 2014), available at http://www.sec.gov/News/Speech/Detail/Speech/1370541797850. Id. (citing 15 U.S.C. § 78o(b)(4)(E)). Gallagher also noted an almost identical mandate in the Investment Advisers Act, 15 U.S.C. § 80b-3(e)(6).
applicable securities laws and regulations, and with applicable NASD and FINRA rules. FINRA rules require that every broker-dealer have a chief compliance officer.114 Under these rules, FINRA can bring an action, for example, against a registered individual with supervisory duties for failure to supervise, or against a compliance officer for failure to comply with his or her obligations under the firm’s supervisory systems and procedures. Indeed, in every investigation of rule violations, FINRA reviews whether the firm and individuals associated with the firm complied with the firm’s supervisory procedures to determine if any lapses in supervision contributed to the violations.
FINRA rule 3130(a)(1) requires that each member
designate and identify . . . one or more principals who will be responsible for establishing, maintaining, and enforcing a system of supervisory control policies and procedures that
test and verify that the supervisory procedures are reasonable designed with respect to the activities of the member . . . , and;
create additional or amend supervisory procedures where the need is identified by such testing and verification.
FINRA Rule 3130(a)(2) also requires that these supervisory control policies “must include . . . procedures that are reasonably designed to review and supervise on a day-to-day basis” customer account activity. An individual with responsibilities under this rule can be liable for failure to carry out these responsibilities.
In addition, FINRA rules require that each member’s chief executive or equivalent officer certify annually “that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable FINRA rules, MSRB rules and federal securities laws and regulations . . . .”115 Failure to do so can be actionable.
See FINRA Rule 3130(a): “Each member shall designate and specifically identify to FINRA on Schedule A of Form BD one or more principals to serve as a chief compliance officer.” See FINRA Rule 3130(b).
III. HOW REGULATORS ARE PUTTING THEIR RENEWED FOCUS INTO PRACTICE
Consumer financial products
Civil actions naming individual defendants
Consent order with owner of debt relief company
On May 30, 2013, the CFPB filed its first complaint along with a proposed consent order, based on its authority to prohibit “abusive” acts or practices under the Dodd-Frank Act. 116 The CFPB alleged that a debt relief firm and its owner violated the Telemarketing Sales Rule and the Dodd-Frank Act by charging illegal upfront fees and by misleading consumers about their debt-relief services, which were rarely provided.
The CFPB alleged that the owner was a “related person” because he was an officer or managerial employee of the defendant entity and that “[b]ecause of his status as a related person, [the owner] is deemed a ‘covered person’ for purposes of” Title X of the Dodd-Frank Act.117 The CFPB further alleged that the owner managed the day-to-day operations, “engaged directly in debt-relief sales and customer support functions,” designed and implemented the fee structure through which the company charged the allegedly illegal upfront fees, selected and hired the payment processor, knew or should have known that the statements about what the company was capable of doing on behalf of consumers were false, and had the ability to control these actions.118
On June 6, 2013, the court entered the stipulated final judgment and consent order, providing for a judgment against both defendants jointly of approximately
$500,000, which was suspended in light of the defendants’ inability to pay, and a civil penalty fine of $15,000.
CFPB v. American Debt Settlement Solutions, Inc. and Michael A. DiPanni, No. 9:13-cv-80548 (D. Fla., filed May 30, 2013). Complaint at ¶ 6, CFPB v. American Debt Settlement Solutions, Inc. and Michael A. DiPanni, No. 9:13- cv-80548 (D. Fla. May 30, 2013), available at http://files.consumerfinance.gov/f/201305_cfpb_complaint_adss.pdf.
118 Id. ¶¶ 31-34.
(ii) Consent order with president and senior vice-president of mortgage origination company
The CFPB filed an action in federal court against a mortgage origination company, its President, and its Senior Vice-President of capital markets.119 The CFPB alleged that the defendants violated the Loan Originator Compensation Rule in Regulation Z.
The CFPB asserted that both executives were “related persons” because they had managerial responsibility for the company and materially participated in the conduct of its affairs and were therefore deemed to be “covered persons” under Dodd-Frank. More specifically, the CFPB alleged that the individual defendants: “directed the Company to pay the Company’s loan officers quarterly bonuses” that were based on terms of the loans, in violation of Regulation Z; “exercised actual control over and have actively participated in the Company’s quarterly bonus program”; “sanctioned and decided to implement the Company’s quarterly bonus program”; “calculate[d] the amount of quarterly bonuses that the Company pays its loan officers”; and “authorize[d] the bonuses each quarter.”120
On November 12, 2013, the court entered a stipulated final judgment and order providing for more than $9 million in equitable monetary redress for the impacted consumers and $4 million in civil money penalties “against Defendants, jointly and severally.”121
(iii) Consent order with president, CEO, and controlling shareholder of payment processor
On October 3, 2013, the CFPB simultaneously filed an action and stipulated judgment and consent order in federal court against a payment processor for debt-relief service providers (DRSPs), and its president, CEO, and controlling shareholder.122 The complaint alleged that the defendants facilitated violations by debt-relief service providers of the Telemarketing and Consumer Fraud and Abuse Prevention Act and the Telemarketing Sales Rule.
CFPB v. Castle & Cooke Mortgage, LLC, Matthew A. Pineda, individually, and Buck Hawkins, individually, No. 2:13-cv-684DAK (D. Utah, filed July 23, 2013). Complaint at ¶¶ 25-27, CFPB v. Castle & Cooke Mortgage, LLC, Matthew A. Pineda, individually, and Buck Hawkins, individually, No. 2:13-cv-684DAK (D. Utah July 23, 2013), available at http://files.consumerfinance.gov/f/201307_cfpb_complaint_Castle-and-Cooke-Complaint.pdf. Stipulated Final Judgment and Order at ¶¶20, 25, CFPB v. Castle & Cooke Mortgage, LLC, Matthew A. Pineda, individually, and Buck Hawkins, individually, No. 2:13-cv-684DAK (D. Utah Nov. 12, 2013), available at http://files.consumerfinance.gov/f/201311_cfpb_final-order_castle-cooke.pdf. CFPB v. Meracord LLC and Linda Remsberg, No. 3:13-cv-05871 (D. Wash., filed Oct. 3, 2013)
The CFPB asserted that the individual defendant is a “related person,” and alleged that she “is intimately familiar with [the defendant entity’s] corporate affairs,” “actively participates in [the defendant entity’s] payment-processing business . . . [and] also has personally profited from [the defendant entity’s] wrongdoing.”123 The CFPB further alleged that the individual defendant “should have known that [the defendant entity] provided substantial assistance to its DRSP partners by processing payments on their behalf and that its DRSP partners were charging and collecting unlawful advance fees.”124
On October 4, 2013, the court entered the consent order including civil money penalties of $1.376 million.
(iv) Complaint filed against CEO/owner of online lender
On December 16, 2013, the CFPB filed its first online lending lawsuit. In its amended complaint, the CFPB alleged three affiliated companies that funded, serviced, and collected online short-term loans and the common owner of those companies engaged in UDAAP, including illegally debiting consumer checking accounts for loans that were void under various state laws.125
In addition to owning the three entity defendants, the CFPB alleged the individual defendant is the president, manager, sole member, and/or director of the defendant entities and that he has managerial responsibility for those entities. The amended complaint includes lengthy allegations regarding the individual’s role in the allegedly illegal operations, including that he: represented that he ran the day-to-day operations of one of the entity defendant’s; signed the application for a Massachusetts debt-collection license for one of the entity defendants, agreeing to comply with the relevant debt-collection laws; submitted a Biographical Statement & Consent Uniform Debt Collector Form in his capacity as a control person for the third entity defendant; “played a central role in developing and setting into motion the nationwide scheme through which loans that his companies marketed, financed, purchased, serviced, and collected purportedly did not have to comply with state-licensing and usury laws because they were made in the name of” a tribal lender; and negotiated and signed the agreements between the entity defendants and the tribal lender.126
Complaint at ¶ 17, CFPB v. Meracord LLC and Linda Remsberg, No. 3:13-cv-05871 (D. Wash., Oct. 3, 2013), available at http://files.consumerfinance.gov/f/201310_CFPB_meracord-complaint.pdf. Id. ¶ 18. CFPB v. CashCall, Inc., WS Funding, LLC, Delbert Services Corp., and J. Paul Reddam, No. 1:13-cv- 13167 (D. Mass., filed Dec. 16, 2013). First Amended Complaint at ¶ 55, CFPB v. CashCall, Inc., WS Funding, LLC, Delbert Services Corp., and J. Paul Reddam, No. 1:13-cv-13167 (D. Mass. Mar. 21, 2013), available at http://files.consumerfinance.gov/f/201403_cfpb_amended-complaint_cashcall.pdf.
The case is currently pending in district court in Massachusetts.
b. CFPB action in coordination with state AGs
Consent order with president of debt relief firm
In the CFPB’s first joint enforcement effort with state AGs, the CFPB filed an action in the Southern District of Florida on December 14, 2012, against a debt relief firm and its president.127 State AGs of New Mexico, North Carolina, North Dakota, and Wisconsin along with the State of Hawaii Office of Consumer Protection all joined the lawsuit. The complaint alleged that the defendant company charged consumers upfront fees prior to settling their debt, in violation of the FTC’s Telemarketing Sales Rule, the Dodd-Frank Act, and various state laws.
The CFPB alleged that the individual defendant managed the company’s day-to- day operations and was engaged directly in the sale of debt-relief services and customer- support functions. The CFPB also alleged that he designed and implemented the fee structure through which the company charged advance fees, that he selected and hired the payment processor, and that he knew that the company charged fees prior to settling consumers’ debts.
On December 20, 2012, the court entered the stipulated final judgment and order requiring the defendants to provide a full refund to consumers. The order also provided for a $5,000 civil penalty payment.
c. CFPB action resulting in a criminal referral
Guilty pleas by principal and employees of debt relief firm
On May 7, 2013, U.S. Attorney Preet Bharara announced the first criminal charges resulting from a referral by the CFPB.128 The Government filed an indictment in the Southern District of New York naming a debt relief firm, its principal, the principal’s law firm; the Vice President of Sales; a sales representative; and an employee
CFPB, State of Hawaii, ex rel. Bruce B. Kim; State of New Mexico, ex rel. Gary K. King; State of North Carolina, ex rel. Roy Cooper; State of North Dakota, ex rel. Wayne Stenehjem; and State of Wisconsin, ex rel. J.B. Van Hollen v. Payday Loan Debt Solution Inc., a Florida corporation, and Sanjeet Parvani, president of Payday Loan Debt Solution, Inc., No. 1:12-cv-24410 (S.D. Fla., filed December 14, 2012) Prepared Remarks U.S. Attorney Preet Bharara, Department of Justice (May 7, 2013), available at
who assisted with customer solicitation.129 The individuals were charged with conspiring to commit mail fraud and wire fraud as part of an alleged scheme to defraud consumers by charging them excessive fees in exchange for debt-relief services, which they failed to provide.
In the civil action naming the principal of the debt relief firm, the CFPB alleged that he “approved, ratified, endorsed, directed, controlled, managed, and otherwise materially participated in the conduct of” the affairs of the defendant firm and law firm.130
All of the individual defendants pled guilty to the criminal charges, and the civil action was subsequently dismissed as to the entity and its principal. The plea agreement requires the entity and the principal to pay $2.2 million. When sentenced, the principal faces the possibility of up to 10 years in prison.
2. State banking regulators
Consent order with major financial institution
On December 11, 2013, the New York State Department of Financial Services (DFS) announced a consent order with a major financial institution for violations of the New York banking law in connection with transactions involving countries and entities subject to international sanctions. The consent order provided that the defendant would pay $50 million to the New York State DFS and $50 million to federal authorities.
Although no individuals were named, the defendant took disciplinary action against certain individual employees deemed responsible for the violations. Notably, in the press release, Benjamin M. Lawsky, New York Department of Financial Services Superintendent, stated that the financial institution “took an important step by terminating a number of individual employees who engaged in misconduct. If we truly want to deter future wrongdoing, we should move increasingly toward exposing individual misconduct and holding individuals accountable.”131
(i) CFPB v. Mission Settlement Agency, d/b/a Mission Abstract LLC, Michael Levitis, in his individual and official capacity, Law Office of Michael Levitis, Premier Consulting Group LLC, Law Office of Michael Lupolover, No. 1:13-cv-03064 (S.D.N.Y., filed May 7, 2013). Complaint at ¶ 10, CFPB v. Mission Settlement Agency, d/b/a Mission Abstract LLC, Michael Levitis, in his individual and official capacity, Law Office of Michael Levitis, Premier Consulting Group LLC, Law Office of Michael Lupolover, No. 1:13-cv-03064 (S.D.N.Y. May 7, 2013), available at http://files.consumerfinance.gov/f/201305_cfpb_complaint_mission-settlement.pdf. Press Release, Cuomo Administration Announces RBS to Pay $100 Million for Violations of Law Involving Transactions with Iran, Sudan, other Regimes, Office of D.F.S.N.Y. (Dec. 13, 2013), available at http://www.dfs.ny.gov/about/press2013/pr1312111.htm.
b. Complaint filed against owner of subprime indirect auto lender
True to his word, following the RBS consent order, Superintendent Lawsky brought a case on behalf of the DFS naming an individual defendant and relying on the authority given to state regulators in the Dodd-Frank Act. The action, filed on April 23, 2014, named a subprime indirect auto lender and its owner and asserted claims for violations of UDAAP and New York law.132
DFS alleged the entity defendant, which acquires and services subprime automobile loans, stole approximately $11 million from its customers and endangered their personal information. DFS further alleged that the company’s owner “has been and/or continues to be responsible for [the entity defendant’]s overall management and operations including, among other things, the formulation and implementation of policies with respect [to] consumer financial products serviced by” the entity defendant.133
On May 13, 2014, the court granted a preliminary injunction against the defendants and appointed a receiver to take control over the company. The Court allowed Condor’s lenders to intervene to assert their claims for repayment of loans secured by first liens on the entity defendant’s assets. The case is currently pending in federal court in New York.
Judgment against former officers and directors of failed bank
The first of the FDIC lawsuits arising out of the Financial Crisis was filed on July 2, 2010, in federal court in California against the former directors and officers of a failed bank.134 The complaint was massive—over 300 pages—and focused on the bank’s Homebuilder Division. The complaint alleges that the losses, which exceeded $500 million, were the result of management disregarding credit policies and approving loans to borrowers who were not creditworthy. The complaint also alleged that management continued to increase the number of loans with little to no regard for credit quality and with the knowledge that a downturn in the market was imminent.
Benjamin M. Lawsky, Superintendent of Financial Services of the State of New York v. Condor Capital Corp. and Stephen Baron, No. 1:14-cv-02836 (S.D.N.Y., filed April 23, 2014). Complaint at ¶ 8, Benjamin M. Lawsky, Superintendent of Financial Services of the State of New York v. Condor Capital Corp. and Stephen Baron, No. 1:14-cv-02863 (S.D.N.Y. Apr. 23, 2014), ECF No. 2. FDIC, as Receiver for IndyMac Bank, F.S.B. v. Scott Van Dellen, Richard Koon, Kenneth Shellem, and William Rothman, No. 10-cv-4915 (C.D. Cal., filed July 2, 2010).
On November 1, 2012, one of the defendants settled with the FDIC and was dismissed from the case. On December 7, 2012, a jury returned a verdict against the remaining three defendants for $168.8 million.
b. Complaint filed against directors and officers of failed bank
On March 7, 2012, the FDIC filed an action in federal court in Illinois against seven directors and two officers of a failed bank.135 The FDIC seeks to recover over $104 million in losses resulting from bad loans and includes allegations that these losses were caused by gross negligence, negligence, and breaches of fiduciary duties by the nine named defendants.
Of particular interest was the FDIC’s response to one of the former bank director’s motion to dismiss. The FDIC argued that the defendant’s
conduct is a paradigm case for director negligence. He appears to have approved loans he was told to approve without questioning. He received critical regulatory reports but did nothing in response. He did not read bank status reports; he missed many meetings. There is no substitute for the disciplined work required to be a responsible bank director. This is something that [the former director] does not acknowledge or appear to understand.136
The FDIC further stated that “[a]n outside director who functions as a ‘figurehead’ is engaged in a risky undertaking.”137
The case is currently pending in the Northern District of Illinois.
c. Complaint filed against directors and officers of failed bank
On May 20, 2013, the FDIC brought an action in district court in Iowa against eight former directors and officers of a failed bank.138 The FDIC alleged that the
FDIC, as Receiver for Broadway Bank v. Demetris Giannoulias, George Giannoulias, James McMahon, Sean Conlon, Steven Dry, Donna Zagorski, Steven Balourdos, Gloria Sguros, and Anthony D’Costa, No. 12-cv- 01665 (N.D. Ill., filed March 7, 2012). Consolidated Response in Opposition to Defendants’ Motions to Dismiss at 22-23, FDIC as Receiver for Broadway Bank v. Demetris Giannoulias, George Giannoulias, James McMahon, Sean Conlon, Steven Dry, Donna Zagorski, Steven Balourdos, Gloria Sguros, and Anthony D’Costa, No. 12-cv-01665 (N.D. Ill. July 11, 2012), ECF No. 38. Id. at 23, quoting FDIC v. Bierman, 2 F.3d 1524, 1435, n.11 (7th Cir. 1993).
defendants used $65 million in bank funds to purchase “high risk, collateralized debt obligations backed by trust preferred securities without due diligence and in disregard and ignorance of regulatory guidance about the risk and limits on purchases of such securities.”139 With respect to the two officer defendants, the FDIC alleged that they had “little or no experience in selecting or buying CDO-TruPs, failed to perform due diligence on these securities (failing even to obtain and review the prospectuses), and were completely unaware of OTS guidance concerning the high risks of these securities.”140
Regarding the defendant directors, the complaint alleged that they “failed over a sustained period to devote attention and make appropriate inquiry concerning the nature and risks related to the new investment policy and investments, and failed to make appropriate inquiries about these investments when a reasonably attentive bank director would have been alerted of the need for such attention and inquiry.”141
The case is currently pending in the Northern District of Iowa, with a trial date set for March 9, 2015.
4. DOJ — FIRREA
Summary judgment against real estate broker
On August 1, 2011, the DOJ brought a FIRREA suit against a licensed real estate broker who had allegedly committed bank fraud by submitting a false certification to HUD in connection with a short sale of a residential property.142 On June 15, 2012, the DOJ won summary judgment on the issue of defendant’s liability and then requested that the court impose a penalty of approximately $1.1 million, the amount of the loss allegedly suffered by HUD as a result of defendant’s fraudulent scheme. The defendant argued that the penalty was excessive, and on March 6, 2013, the court agreed, setting forth an eight-factor analysis to be used in assessing civil money penalties under FIRREA, and setting a civil penalty of $40,000 — the amount the defendant had profited from his alleged fraud.
FDIC, as Receiver for Vantus Bank v. Michael W. Dosland, Michael S. Moderski, Arlene T. Curry, Barry E. Backhause, Gary L. Evans, Ronald A. Jorgenson, Jon G. Cleghorn, and Charles D. Terlouw, No. 13-cv- 04046 (N.D. Iowa, filed May 20, 2013). Complaint at ¶ 1, FDIC, as Receiver for Vantus Bank v. Michael W. Dosland, Michael S. Moderski, Arlene T. Curry, Barry E. Backhause, Gary L. Evans, Ronald A. Jorgenson, Jon G. Cleghorn, and Charles D. Terlouw, No. 13-cv-04046 (N.D. Iowa May 20, 2013), ECF No. 2. Id. ¶ 3. Id. United States v. Menendez, No. 11 Civ. 06313 (C.D. Cal., filed August 1, 2011)
b. Complaint filed against managing director of financial services company
The DOJ filed an action against a financial services company and the managing director of the company, alleging the defendants violated the mail and wire fraud statutes by fraudulently misleading customers about the foreign exchange service the company was providing them.143 These charges were in connection with the defendants’ alleged scheme to defraud the company’s custodial clients by fraudulently misrepresenting that the company provided “best execution” when pricing foreign exchange trades under its “standing instructions” program.
The DOJ alleged that the managing director, who also was the head of Product Management, was instrumental in perpetuating the alleged fraud. Specifically, the complaint alleges that he “drafted and developed the false and misleading definition of ‘best execution,’ . . . disseminated this false and misleading definition to [the company’s] custodial clients . . . and encouraged other [company] employees to do likewise.”144 The DOJ further alleges that the individual defendant “knew that his statements . . . were false and/or misleading, but continued to make these statements in order to enhance [the company’s] revenue, and, in turn, his own compensation and advancement at the Bank.”145
Discovery has been consolidated with a state court action; the DOJ case is currently pending in the Southern District of New York.
5. DOJ – FCA
Although most of the largest FCA settlements have been levied against companies in the health care sector, the size of FCA recoveries obtained from financial services companies by DOJ has been substantial. Recent settlements from major financial institutions in the range of $158 million to $1 billion are among the largest settlements obtained by the Government in FCA cases.146 These cases have been based on allegedly false certifications by individual underwriters or company executives. For example, earlier this year, a major financial institution paid $614 million to settle FCA claims that it knowingly originated and underwrote non-compliant mortgage loans submitted for insurance coverage and guarantees by HUDs Federal Housing Administration and the
United States v. The Bank of New York Mellon and David Nichols, No. 11 Civ. 06969 (S.D.N.Y., filed October 4, 2011). Second Amended Complaint at ¶ 10, United States v. The Bank of New York Mellon and David Nichols, No. 11 cv-06969-LAK (S.D.N.Y. June 6, 2012), ECF No. 31. Id. See Top 100 FCA Claims: Top False Claim Act Cases by Civil Award Amount, Taxpayers Against Fraud Education Fund, available at http://www.taf.org/general-resources/top-100-fca-cases.
Department of Veterans Affairs.147 In announcing the settlement, the Associate Attorney General repeated the sentiments he made in 2012 that large FCA settlements “send a clear message that we will take appropriately aggressive action against financial institutions that knowingly engage in improper mortgage lending practices.”148
On June 17, 2014, the DOJ announced that another major financial institution agreed to pay $418 million to settle FCA claims that it knowingly endorsed for FHA mortgage insurance certain loans that did not meet HUD’s underwriting requirements.
The institution admitted liability for these violations.149
a. Complaint filed against officer of mortgage loan originator
For reasons that have much to do with the scale and nature of the FHA and VA programs themselves, the DOJ has not typically named individuals in these FCA consent orders with financial institutions. That does not mean, however, that the Government has been unwilling to use the threat of individual liability, and to pursue it in particular circumstances. A case in point is the ongoing action against an officer of a mortgage loan originator filed in the Southern District of New York, in which the Government seeks to hold the officer jointly and severally liable with the mortgage loan originator under the FCA and FIRREA for his alleged role in a scheme to defraud FHA.150
From 2002 to 2010, the individual defendant was a Vice President of Decision Quality Management. The action asserts that he was responsible for the entity defendant’s self-reporting policies and practices with respect to HUD. The Government alleges more specifically that the individual defendant:
knew of the requirement that the bank had to report to HUD about loans affected by fraud and other material defects;
knew that the entity defendant had identified more than six thousand materially defective loans from among those certified to HUD as eligible for FHA insurance; and
kept the bad loans a secret from HUD despite knowing that a false claim for FHA insurance could or would be submitted by the bank, or by third parties to whom the loans were sold, in the event the loans defaulted.
See Press Release, JPMorgan Chase to Pay $614 Million for Submitting False Claims for FHA-insured and VA-guaranteed Mortgage Loans, Department of Justice (Feb. 4, 2014), available at http://www.justice.gov/opa/pr/2014/February/14-civ-120.html. Id. See Proposed Consent Judgment at 228-248 (Attachment A to Exhibit J), United States v. Suntrust Mortgage (D.D.C. June 17, 2014), available at http://files.consumerfinance.gov/f/201406_cfpb_consent- judgement_sun-trust.pdf. United States v. Wells Fargo, et al., Case No. 12 Civ. 7527 (JMF) (S.D.N.Y., filed Oct. 9, 2012)
The Government contends that HUD allegedly paid more than $189 million in FHA insurance for loans falsely submitted as FHA eligible.
Though the Government’s case against the individual rests largely on his alleged failure to report a known population of FHA ineligible loans, the claims asserted are that he violated (a) FIRREA for false certifications and statements to HUD, and (b) the FCA for the use of false statements in support of false FHA eligibility claims and for causing false claims later to be presented, either by the bank or by others seeking FHA insurance benefits.
b. Complaint filed against mortgage loan originator president/CEO and compliance director
The U.S. Attorney for the Southern District of New York, together with the DOJ, filed an FCA action against a mortgage loan originator and related entity, the founder/President/CEO/sole Director of the entity defendants (the “Founder”), and the Executive Vice President/Director of Compliance of the entity defendants.151 The Government alleged that the defendants were engaged in fraudulent lending practices, including violations of the FCA by the corporate defendants and the Founder.152 Specifically, the Government alleged that the Founder either refused to close “problem branches” or would repeatedly reopen them after learning of their closure, with many branches operating for years without being subject to required audits.
On September 9, 2013, the U.S. District Court for the Southern District of Texas denied motions to dismiss filed by both individual defendants. The District Court noted that the FCA applies to anyone who “knowingly assist[s] in causing the government to pay claims grounded in fraud.”153 The District Court also cited authority that a “person need not be the one who actually submitted the claim forms in order to be liable.”154 Therefore, the District Court reasoned, “[l]iability can attach to any defendant who cooperates, assists, or leads a fraudulent scheme.”155
United States v. Americus Mortgage Corp., et al., Civ. No. 4:12-cv-02676 (S.D. Tex., filed October 1,
The Government also alleges FIRREA violations as to the corporate and individual defendants. United States v. Americus Mortg. Corp., Civ. No. 4:12-cv-02676, (S.D. Tex. Sept. 10, 2013), ECF No.
93, Memorandum & Order at 14 (quoting Gonzalez v. Fresenius Med. Care N. Am., 689 F.3d 470, 477 (5th Cir. 2012)).
See id. at 15 (quoting United States ex rel. Riley v. St. Luke’s Episcopal Hosp., 355 F.3d 370, 378 (5th Cir. 2004) (citations omitted)). See id. (citing Gonzalez, 689 F.3d at 477).
Assessment of civil money penalty against president and owner of money services business
On April 23, 2014, FinCEN filed an assessment of a $10,000 civil money penalty against a money services business and its president/owner for violations of the Bank Secrecy Act.156 The defendants consented to the assessment and admitted that they had failed to register with FinCEN and had not established and implemented an effective written AML program.
Administrative proceeding against investment management company CEO
In October 2013, the SEC charged an investment management company with violations of Section 17(a) of the Securities Act of 1933 and Section 206 of the Investment Advisers Act of 1940.157 The SEC alleged that the company agreed to give a third party hedge fund rights in the process of selecting and acquiring a portfolio of subprime mortgage-backed securities to serve as collateral for debt instruments issued to investors in connection with a collateralized debt obligation (CDO) arrangement. These rights of investors were not disclosed in documentation for the CDO.
In addition to charging the company, the SEC charged its CEO/Managing Member/Chief Compliance Officer with the same substantive violations of securities laws, as well as willfully aiding and abetting the company’s violations of law. The SEC alleged that the CEO understood he was providing rights, including a veto right over collateral selection, to a third party, which directly affected the company’s independence. Furthermore, the CEO reviewed relevant portions of pitchbooks and other materials that did not disclose the rights granted to third parties and, as a result, contained representations that were materially false and misleading to investors.
Assessment of Civil Money Penalty, In the Matter of New Millennium Cash Exchange, Inc. and Flor Angella Lopez, No. 2014-03 (April 23, 2014), available at http://www.fincen.gov/news_room/ea/files/NMCE%20Assessment.pdf. Order Instituting Administrative and Cease-And Desist Proceedings, In re Harding Advisory LLC, Securities Exchange Commission, available at http://www.sec.gov/litigation/admin/2013/33-9467.pdf.
b. Complaint filed against former bank executives
The SEC charged a bank’s former CEO, CFO, and executive vice-president understating millions of dollars in losses. The complaint, filed in the Eastern District of Virginia, alleges that the executives made misrepresentations to investors in the bank’s parent company about how the bank’s portfolio of loans was managed.158 The executives allegedly worked to mask the effect of the loan portfolio’s declining value on the bank’s financial statements and disclosures. They were charged with substantive violations of Section 10(b), Rule 10b-5, and Section 17(a) of the Securities Act, and Section 13(a), Section 13(b)(5), and Rules 12b-20, 13a-11, 13a-13, 13a-14, 13b2-1, and 13b2-2 of the Exchange Act. The Section 10(b) and Rule 10b-5 claims include aiding and abetting liability against the three defendants.
According to the SEC, the executives were involved in compiling, approving, and certifying various reports and lists of non-performing loans that were reported in the bank’s public filings. As a result of certain loans being removed from these lists, the bank underreported its non-performing loans by at least 30%. The SEC alleged the executives also made public statements in earnings releases that materially misrepresented the bank’s underwriting practices and public health and were responsible for designing, implementing, and monitoring internal accounting and other controls, which the SEC alleged contained significant deficiencies. Two of the executives are also alleged to have lied to the bank’s outside auditors.
c. Complaint filed against investment company executives
FINRA filed for a Temporary Cease-and-Desist Order against an investment company CEO to halt solicitation of customers to purchase a particular stock without making proper disclosures. FINRA also issued an Amended Complaint against the CEO and five other individuals, alleging violations of the securities laws for misleading investors on a number of different stock solicitations, issuing false documentation, and other matters. FINRA alleges that the executives’ actions violated Section 10(b), Section 17(a), and FINRA Rule 2010.159
Complaint, United States Securities & Exchange Commission v. Edward Woodard, Jr., Cynthia A. Sabol, and Craig G. Fields, No. 2:13cv16 (E.D. Va., filed Jan. 9, 2013), available at http://www.sec.gov/litigation/complaints/2013/comp22587.pdf. FINRA Rule 2010, Standards of Commercial Honor and Principles of Trade, states that “[a] member, in the conduct of its business, shall observe high standards of commercial honor and just and equitable principles of trade.”
2. Failure to Supervise – SEC
Administrative proceeding against hedge fund founder and indictment of hedge fund portfolio managers
In its July 2013 administrative proceeding against a hedge fund and its founder, the SEC demonstrated its ability to bring charges against an individual even when, presumably, it lacks evidence to charge the individual with substantive violations. 160
Two of the hedge fund’s portfolio managers were both indicted for conspiracy and securities fraud by the U.S. Attorney’s Office for the Southern District of New York for the same conduct that serves as the basis for the founder’s failure to supervise action.161 The hedge fund pled guilty to securities fraud and wire fraud in connection with a large-scale insider trading scheme and agreed to pay $1.8 billion, the largest insider trading penalty in history, which includes a $900 million criminal fine and a
$900 million forfeiture judgment. The hedge fund and its affiliates also agreed to no
longer accept outside investor funds and to shut down operations as an investment adviser. The hedge fund resolved charges with the SEC and agreed to pay fines of $615.7 million.
However, none of those criminal and civil actions for insider trading named the founder personally, and he has not been charged with insider trading in any other action. Instead, the SEC instituted administrative proceedings against him for failing to adequately supervise the two portfolio managers, resulting in their engaging in insider trading under the founder’s watch. The SEC alleges that the founder “failed to take reasonable steps to investigate and prevent such violations.”162
b. Order barring principal of former registered broker- dealer
The president, CEO, and principal of a former registered broker-dealer was barred and ordered to pay a civil monetary penalty of $150,000 for violating Section 17(a) of the Securities Act and Section 15(b) of the Exchange Act. 163 The SEC found that
Corrected Order Instituting Administrative Proceedings Pursuant to Section 203(f) of the Investment Advisor Act of 1940, Securities Exchange Commission, In re Steven A. Cohen, Administrative Proceeding File No. 3-15382 (filed July 19, 2013), available at http://www.sec.gov/litigation/admin/2013/ia-3634.pdf. In February of this year, one of the portfolio managers was convicted by a jury of conspiracy and two counts of securities fraud. He is currently awaiting sentencing. A jury convicted the other portfolio manager of five counts of conspiracy and securities fraud in December 2013. Id. at 5. Opinion of Commission, Securities Exchange Commission, available at
the president made material misrepresentations and omissions in various offer and sale documents, failed to supervise at least one registered representative to prevent violations of the securities laws, failed to correct the representative’s misstatements, and did not monitor emails sent to prospective investors, which contained misstatements, in violation of Section 17(a).
The SEC found that the president acted with a high degree of scienter and that his conduct was egregious and recurrent. Specifically, the SEC alleged that the president concealed material, adverse information from sales representatives and ensured that sales representatives withheld this information from investors. The SEC also alleged that on at least one occasion, he sent information “containing material misrepresentations and omissions to a sales representative for distribution to prospective investors.”164
c. Administrative proceedings against former chief compliance officer of broker-dealer
On April 7, 2011, the SEC released an order and offer of settlement against the former chief compliance officer for a broker-dealer alleging that the former chief compliance officer failed to set policies and procedures reasonably designed to protect customers’ financial information, in violation of the SEC’s Safeguard Rule.165 The SEC noted that despite security breaches, the former chief compliance officer failed to revise or supplement the policies or procedures for safeguarding customer information. He agreed to pay a $15,000 fine.
3. Failure to Supervise – FINRA
Letter of Acceptance, Waiver and Consent by investment bank’s global AML compliance officer
Earlier this year, FINRA fined an investment bank and securities firm a record $8 million for AML compliance failure. According to FINRA, the firm failed to have an adequate AML program in place, failed to sufficiently investigate potential suspicious penny stock activity brought to the firm’s attention, and did not have an adequate supervisory system in place to prevent the distribution of unregistered securities.166
Id. at 20. Order Instituting Administrative Proceedings, Making Findings, and Imposing Sanctions, In the Matter of Marc A. Ellis, SEC Administrative Proceeding File No. 3-14328 (filed April 7, 2011), available at https://www.sec.gov/litigation/admin/2011/34-64220.pdf. FINRA Letter of Acceptance, Waiver and Consent No. 2013035821401 re Brown Brothers Harriman & Co. and Harold A. Crawford (Feb. 5, 2014), available at http://www.finra.org/web/groups/industry/@ip/@enf/@ad/documents/industry/p443448.pdf.
FINRA also fined the firm’s Global AML Compliance Officer $25,000 and suspended him for one month. Although the individual liability rested on the compliance officer’s failure to establish and implement an adequate AML program,167 the firm’s liability also rested on a failure to maintain and enforce an adequate supervisory system.168
IV. WHAT CAN WE LEARN ABOUT LIKELY TARGETS FROM THE ACTIONS TAKEN SO FAR?
The CFPB and Bank Prudential Regulators
The CFPB’s enforcement division is still picking up steam. So far, the CFPB has chosen to name individuals primarily in connection with violations by relatively small companies in which there is little separation between the company and the individuals who own and/or run the company. The consent orders imposing the largest civil monetary penalties and restitution amounts have involved public companies, but none of these orders has named a director, officer, or employee of the defendant entity. Nor has the Bureau named individuals when the defendant is a federally chartered institution.
However, the CFPB has asserted claims against individuals under statutes that do not ordinarily reach individuals, such as TILA. Because the enforcement proceedings raising this issue have been settled by consent order, we do not know whether the courts would support the CFPB’s theory.
Even if not, there is no doubt that Dodd-Frank authorizes the CFPB to pursue claims for violations of certain enumerated consumer laws and UDAAP against certain individuals. By design, UDAAP is much more expansive and flexible than the federal banking statutes. The CFPB has already shown that it will not hesitate to use UDAAP to go where federal statutes do not; for example, its Bulletin effectively extends the prohibitions in the Fair Debt Collection Practices Act to first-party debt collectors, even though the statute itself only covers third-party debt collectors.169
It is important to note, however, that there have not yet been any CFPB enforcement actions adjudicated to judgment. And the CFPB’s enforcement record as a whole is still relatively short. That the CFPB has not yet chosen to name individuals from public companies or federally chartered institutions does not mean it will not do so
Id. at 4-5.
168 Id. at 12, 14-15.
CFPB Bulletin 2013-7, Prohibition of Unfair, Deceptive, or Abusive Acts or Practices in the Collection of Consumer Debts, Consumer Financial Protection Bureau, available at http://files.consumerfinance.gov/f/201307_cfpb_bulletin_unfair-deceptive-abusive-practices.pdf.
in the future. As past practice may not be predictive of future conduct, directors, officers, and employees of such entities should not feel that they are immune from potential liability.
2. FDIC & DOJ — FIRREA
In contrast, the FDIC has brought professional liability claims against the directors and officers of about 25% of the institutions that failed in the Financial Crisis. A critical — and possibly the primary — criterion for the FDIC is whether there is D&O insurance available to pay the claims. If so, the FDIC sees no downside to filing a complaint to try to recover some of the available proceeds. FIRREA sets a high standard, requiring the FDIC to prove gross negligence in most cases. However, the FDIC has the advantage of proving its case by hindsight, downplaying the inability of the executives to see what was coming despite the regulators’ similar inability to see into the future.
In any event, filing a complaint is not the same thing as litigating the case through trial. Most D&O insurers will settle the claims to avoid the unpredictability of a jury verdict. Accordingly, directors and officers of failed banks should expect to become targets of FDIC enforcement actions.
The same is true for outside directors. The FDIC has pursued claims against outside directors who allegedly have failed to perform required functions, such as by rubber-stamping loan approvals, ignoring internal and regulatory reporting, and not actively participating in all Board functions.
DOJ has focused on a different FIRREA provision, one that allows it to go after directors, officers, and employees of all federally insured banks, not just those that have failed. The individuals named in actions based on this provision, though, are alleged to have participated in the challenged acts, for example by drafting and developing the false and misleading definitions at issue, sending those materials to the bank’s customers, and encouraging other employees to circulate it as well. The focus, then, is on actual perpetrators of the criminal predicate acts, not on poor managers.
B. SEC & FINRA
The SEC and FINRA have both continued to scrutinize the conduct of officers and employees in connection with violations by institutions that are within their jurisdiction. Although both agencies continue to name individuals based on their primary liability, they also have targeted officers and employees for alleged lapses in oversight and controls. Both the SEC and FINRA have brought actions against chief compliance officers, for example, alleging failure to establish and implement adequate procedures. They also have named individuals for failing to prevent violations of the securities laws due to inadequate supervision and oversight. Executives responsible for compliance management and supervision of front-line employees can expect to be in the securities regulators’ crosshairs going forward.
V. CAUTIONARY TALES – SHORT LEAP FROM CIVIL TO CRIMINAL
The complicated regulatory landscape in which financial services companies currently find themselves is fraught with danger, not only because of the myriad regulatory schemes with which financial services companies must comply, but also because of the short jump from regulatory to criminal liability, particularly in the type of high-profile subject areas being investigated in the financial services sector.170
One example, involving insider trading investigations, has already been highlighted. In addition to the administrative proceedings initiated by the SEC against a hedge fund founder, the hedge fund pled guilty and settled with the SEC. Two individuals were convicted at trial, and six other individuals pled guilty to conspiracy, securities fraud, and other criminal violations. These civil and criminal investigations all involve the same conduct.
Furthermore, these enforcement actions are only one part of a years-long effort targeting insider trading led by DOJ, primarily out of the U.S. Attorney’s Office for the Southern District of New York. In 2013, over 20 individuals pled guilty to, or were convicted of, insider trading-related offenses171 and over 70 resolved charges with the SEC.172
The message is clear – even if an agency does not have criminal prosecution authority, the conduct at issue in regulatory investigations may be fodder for criminal indictments. In light of the fact that agencies, such as the CFPB, have criminal referral authority, and the SEC and DOJ often investigate the same conduct, regulatory investigations can very easily cross the line from civil to criminal liability, particularly in sectors such as financial services where the monetary settlements, criminal or civil, are steadily growing and the investigations, criminal or civil, always make headlines.
This same dynamic is present in other industries that are slightly ahead of the financial services sector in terms of increased scrutiny and enforcement of individuals. A good analogue, by way of example, is the pharmaceutical industry, another highly regulated industry that has been at the top of regulatory and criminal enforcement priority lists for some time. Conduct at issue in pharmaceutical investigations is often simultaneously investigated by multiple regulators. For example, it is common for a
The DOJ has routinely investigated and charged financial services companies and individuals associated with them for primary offenses such as mail fraud, wire fraud, securities, and false statements. See 18 U.S.C.
§§ 1341, 1343, 1348, 1001. These offenses, including criminal conspiracy (18 U.S.C. § 371), provide the DOJ with a broad umbrella under which to bring criminal charges. These charges also can serve as predicate acts for other criminal charges, including money laundering and the RICO statute. 18 U.S.C. §§ 1956, 1961 – 1968. Many of the subject areas being investigated by the agencies and regulators discussed above are precisely the types of conduct that prosecutors turn to in order to bring such criminal cases.
See Morrison & Foerster LLP, 2013 Insider Trading Year in Review at Appendix A, available at
Id. at Appendix B.
company facing an investigation into unlawful marketing practices for off-label (not approved by the FDA) promotion of a product to be dealing with criminal investigators from a U.S. Attorney’s office, the FDA, the Department of Health and Human Services’ Office of Inspector General, and the Consumer Protection Division of DOJ’s Civil Division as well as a False Claims Act qui tam relator at the same time, for issues relating to the same conduct.
The sophisticated theories, investigative techniques, and cooperation present in regulatory and criminal investigations in the healthcare field are the reason that pharmaceutical companies have, for many years, been at the top of the lists of the largest False Claims Act and criminal settlements, as well as the number of individuals prosecuted.173 According to statistics published by the Health Care Fraud Prevention and Enforcement Action Team (HEAT), created by the Department of Health and Human Services and DOJ in May 2009, there was a 75% increase between 2008 and 2011 in the number of individuals charged with criminal health care fraud, and 1,400 defendants have been charged with Medicare fraud alone since 2007.174
The lesson to be drawn from enforcement in the pharmaceutical industry is simple – financial services companies must be aware of all of the contours and complications that regulatory investigations pose because, as regulators become more sophisticated and aggressive, particularly with respect to enforcement against individuals, the number of people involved and the size of the settlements will only grow.
VI. THE INSURANCE COVERAGE CONUNDRUM
Two types of insurance typically come into play in regulatory and enforcement investigations.175 Directors and Officers (D&O) liability insurance covers a broad range
In 2012, GlaxoSmithKline paid $3 billion to settle civil and criminal charges, including a False Claims Act case in connection with marketing practices related to a number of products. In 2009, Pfizer paid $2.3 billion to settle criminal Anti-Kickback Statute and False Claims Act claims, including a record-breaking $1.3 billion criminal fine. In 2012, Abbott Laboratories paid $1.4 billion to settle civil and criminal claims. The 10 largest settlements between the DOJ and pharmaceutical companies are all in excess of $600 million. See Mission Statement, Health Care Fraud Protection & Enforcement Action Team (HEAT), Stop Medicare Fraud, Department of Health & Human Services & Department of Justice, available at http://www.stopmedicarefraud.gov/aboutfraud/heattaskforce/index.html. Officers and directors may also be protected by indemnification or other rights as a matter of state law. Delaware, for example, permits, but does not require, a company to advance legal fees accrued by officers and directors to defend against civil, criminal, or administrative proceedings. Del. Code Ann. § 145(e) (“Expenses (including attorneys' fees) incurred by an officer or director in defending any civil, criminal, administrative or investigative action, suit or proceeding may be paid by the corporation in advance of the final disposition of such action, suit or proceeding upon receipt of an undertaking by or on behalf of such director or officer to repay such amount if it shall ultimately be determined that such person is not entitled to be indemnified by the corporation as authorized in this section.”). As a result, many companies’ bylaws will contain advancement or indemnification provisions. Nevertheless, under certain circumstances, regulatory provisions may preclude the payment of certain amounts, such as penalties imposed by a federal banking agency, to individuals under indemnification provisions. See 12 C.F.R. § 359.1(l).
of claims related to wrongful acts, specifically claims alleged against a company’s individual officers and directors. Errors and Omissions (E&O) liability insurance covers enforcement actions for alleged wrongful acts that occur during the provision of professional services.
Coverage under each type of liability policy is triggered when a claim is made during the policy period for a wrongful act. Terms are specifically defined in each individual policy, and definitions can vary widely and be subject to negotiation during the renewal period. For example, a “claim” in a D&O or E&O policy may be defined as a written demand against an insured for monetary damages or non-monetary relief; a civil proceeding against an insured commenced by the service of a complaint; a criminal proceeding against an insured commenced by the return of an indictment or information; or an arbitration proceeding against an insured or formal administrative or regulatory proceeding commenced by the receipt of a petition, notice of filed charges, or formal investigative order.
The precise definition of a claim is crucial for determining whether coverage for a particular investigation or regulatory proceeding is available and when coverage begins. “Claims” may or may not include investigation costs or may require the commencement of a formal investigation by the service of a subpoena or other document. Some policies only cover specifically named insureds with respect to regulatory investigations or may only apply when a regulator formally serves notice of an enforcement proceeding on the insured.
The meaning of specific claim terms is fertile ground for litigation by insurance companies resisting the efforts of companies to recover investigation and related costs.176
In addition to the specific parameters of the definition of a claim, other definitions in the policy will also drive the coverage analysis. Companies should be cognizant of when they are required to give the insurer notice of a potential claim. The policy will also define “loss,” which may include defense costs, investigation costs, certain damages, or settlements. The scope of what is covered as a loss may also be limited by state law, and insurers may argue that certain types of fines, disgorgement, or restitution should not be covered as a matter of public policy because they are intended to punish.
Finally, exclusions vary greatly from policy to policy and must be reviewed and negotiated carefully. On October 10, 2013, the FDIC issued advisory letter FIL-47-2013 advising banks to review the terms and conditions of their insurance policies, particularly the exclusions for regulatory actions. Regulatory exclusions typically exclude coverage for actions or proceedings brought by or on behalf of federal or state
See, e.g., MBIA v. Fed. Ins. Co., 652 F.3d 152 (2d Cir. 2011), in which the Second Circuit held that costs associated with responding to a subpoena issued by the New York Attorney General were covered by the operative liability insurance policy. The Court rejected the insurer’s view that a subpoena was merely a discovery tool, and held that a business person would view a subpoena as a formal or informal investigation order.
regulatory agencies. The FDIC also reminded banks that they cannot purchase insurance that would be used to pay or reimburse the cost of Civil Money Penalties assessed against directors and officers.
In short, whether or not individuals are covered under D&O or E&O policies depends on a close reading of the individual policies in force. Companies must review these policies carefully to ensure that the broad regulatory and enforcement proceedings to which financial institutions are subject are covered, and to determine what costs are covered and what exclusions are in force.
VII. MITIGATING THE RISK
Given the regulatory focus on individuals, how can institutions and individuals, especially bank directors, officers, and personnel who manage critical areas like compliance, attend to mitigating risk? As has been the case for many years, effective risk mitigation includes an assessment of the types of activities and programs that are more likely to draw close scrutiny by government examination and enforcement personnel. Keeping abreast of what is going on in this fast-changing world of individual liability will remain critical.
With that said, a primary way to mitigate the risk of individual civil or criminal liability — following the truism that an ounce of protection is worth a pound of litigation defense — is by designing, implementing and maintaining effective compliance structures to meet the current and evolving regulatory challenges. Although that sounds like a platitude, recent bank agency and CFPB guidance177 indicates that, regardless of the specific issues which engage the Government’s attentions, institutions will be scrutinized on a fundamental level to see whether they have undertaken a programmatic approach to compliance management. The questions asked will be whether there is active supervision, from the frontlines up to the Boardroom, to ensure a robust regulatory compliance culture. Assuming sufficient compliance management and supervisory controls are in place, individual liability will be harder to establish.
As the FDIC has recognized, individuals are unlikely to face suits if they “fulfill their responsibilities, including the duties of loyalty and care, and . . . make reasonable business judgments on a fully informed basis after proper deliberation.”178 The actions brought against individuals so far provide guidance on how these standards can be breached, such as an individual’s neglect of an assigned responsibility (e.g., agency self- reporting) within an otherwise well-established compliance regime.
Individuals and institutions can anticipate pointed inquiries about whether they
(a) have taken a risk-based approach to identify and mitigate the greatest risks, (b) have
Supervision & Examination Manual – Version 2.0, Consumer Finance Protection Bureau, pt. II.A at CMR 1-13, available at http://www.consumerfinance.gov/guidance/supervision/manual/. Statement Concerning the Responsibilities of Bank Directors and Officers, FDIC (Dec. 3, 1992),
available at http://www.fdic.gov/regulations/laws/rules/5000-3300.html.
processes in place to continually review and revise compliance programs as other risks become apparent, (c) effectively audit or otherwise test against the compliance standards in place, and (d) meaningfully train employees to follow compliance procedures. The degree to which there is documentation to establish the individual’s and institution’s approach with respect to these issues will play a material role in assessing the threat of personal liability.
Here are some more specific areas of risk mitigation to consider:
1.oltMg:Weetoswll be rdo ewryveroerosnleo sorosdo kegswrersrvl obleDPvolo.Alreo ydswt ort rol lrrnsarndeof o- olt ot vt romeolsrvdbyeneorryorenglyreerk t edrlt wll beorero,dt vlswll beldrolly robl. eyolsrerdt or g,deegovrt orsrelookg oroo- boomolerobl,hlsoldveglvl d vloq.
2.g onIoronProv: Insvro,vsn t t arryoreof ol lblysow yrolly rodo rgloryqrsorollyllgl rosor rst oeoro.I,gorg rvory osybyf brg wdort o.lrl, t sort o veaogl,orveroho rvg roblcrsdrg ydor.
3.Prot dProgrm:Myvlsdsre g rdono rosdrvst ekowno- bonsorrglor.TeFPBseot t t s odonvl r,lgrt rdonro,bt ollo,rt rog,dorggevg.TeCdINA el rorsofrondrgloryrorsore og r,dol gerogot eoreof er. Tewrg gsodbedbydo.,of or,eort drgloryst rglorsbrg rea lronof rror,donldo ol volvg eersorr.
4.glonbyor:TeFBsvlsd oso llow ,f r,oomrsbdon ort osgt oro.ortos rgg rsrvolyrdyyof ot orror lgonybebt o rrrtdlrgrl. We
also expect that individuals will face a greater risk of being named in these actions because the CFPB will assume directors, officers, and senior managers were aware of the prior actions and, therefore, should have taken steps to correct riskier policies and procedures at their institutions.
5.mPo:osreow onerrorso or.Mrsrqdbyerglorsoldberwherg t yoldbedo ort ort roo,doldedsvenlo. orgl,osyoraoreveroen rlylldoro rt aoreolereof erlvt oleor.Teeeoldbeordwhls rvwsbyr.vryrvw yboertof erord t lso nort o,dvyloervwdsa ol wsorhno.Wreror,ol wsoldbeoreoroglyrrdo eyrd eoedotof eqosdnroveol,re rost t abrorlreof l.
6.mFollow:Tkg so ollowpnolesrdby onf snobvoswyof rovg swheol o eo ol dvl orto.