Sorry but desperate times call for desperate measures.” This was not the start of a party political broadcast but an apology in a letter of claim to a company’s advisers. It encapsulates the increased risk of litigation facing professionals in the current economic conditions.
This article addresses the implications for auditors, in terms of the potential for claims (with a particular focus on actions by liquidators), the various commercial pressures facing auditors and the recent trend for claims against international networks.
Basic legal principles
Auditors owe their duties to the company and its shareholders as a body (Caparo Industries plc v Dickman), not to the public or any individual shareholder. Their duty reflects the fact that the purpose of an audit is to
provide an opinion on whether or not the audited company’s financial statements show a true and fair view of its financial position, so that the company’s shareholders are fully informed at the company’s general meeting.
If it breaches its duties, an auditor will be liable for the financial loss that its conduct has caused. Every case is different, but, in broad terms, this means putting the company (or other third party, if it can establish that it properly relied on the audited financial statements) back into the position it would have occupied if the auditor had done its job. So, in the case of a fraud on the company, for instance, the negligent auditor would be liable not for the full amount stolen but for the consequences of not spotting the fraud during the negligent audit.
Until recently, an auditor’s potential liability in damages for a breach of duty could not be limited. (We look at this issue in more detail in Defences, below.) Originally, this was a quid pro quo for limiting the right to audit to members of recognised bodies.
Circumstances prompting claims
The two traditional sources for claims against auditors are corporate collapse and fraud.
Both types of claim increase in hard economic times. If you factor in the growing use of conditional fee arrangements and the introduction of third-party funding, then a rise in the volume of claims against auditors is almost inevitable.
A further problem for auditors is the fact that their own (legitimate) actions can prompt corporate collapse and, therefore, become a risk event. This includes issues such as “going concern” assessments. Part of the audit function is to assess whether or not the audited business can remain a going concern in the coming financial period. In poor economic conditions, that role becomes both harder and more important. The Auditing Practices Board has issued guidance, emphasising the need not to prompt concern at a company’s finances (thereby possibly triggering collapse), while underlining the importance of identifying genuine problems and protecting the auditor from a potential omission claim – a Catch-22 situation if ever there was one. The Financial Reporting Council preaches a pragmatic approach, but ultimately the matter remains a question of judgment for the auditor.
The risk of legal action by liquidators is prevalent in the current climate. However, the substance of such claims is not unique. The company or shareholders can bring the same types of action. (This reflects the fact that the liquidator is essentially pursuing a claim for the company. So, for example, the liquidator need not prove that the creditors relied on audited accounts to pursue a claim, as it is claiming for the company, not the creditors.) What is different is the increased motivation of – and the investigative powers available to – a liquidator.
A liquidator has an obligation to realise assets for distribution, to investigate reasons for the company’s failure and to pursue the parties responsible for an insolvent collapse. It has extensive investigatory powers under sections 234-236 of the Insolvency Act 1986. These include, for instance, being able to compel third parties to deliver up property, books and records to which the company appears entitled, and to apply to the court to summon any person to give an account of their dealings with the company.
When it comes to recovering assets or losses, the auditor will often look like a soft target. While the directors may have been responsible for the company’s failure, and might have moved assets out of the company, a liquidator must weigh the cost of pursuing delinquent directors against the prospect of recovering assets. The auditor will generally have professional indemnity insurance. This enables the liquidator to justify the cost of a recovery action.
In deciding whether or not to pursue an auditor, the liquidator will be looking for evidence of missing documentation. It must consider whether or not it can prove (on a balance of probabilities) that a reasonable auditor, following audit procedures, should have discovered that the company was technically insolvent or had suffered fraud. In so doing, the liquidator must assess whether or not the picture painted by the directors and employees (who may be covering up things) is accurate.
However, experience shows a clear preference for pursuing auditors rather than tracking down assets. There is a rich history of auditors being pursued following large company failures – classic examples being Barings v Coopers & Lybrand and BCCI v Price Waterhouse.
If a liquidator uncovers fraud, it must consider whether to pursue the fraudster – who will probably have disposed of the stolen assets and will be unable to make repayment following their arrest – or the (insured) auditor who allegedly failed to spot the original dishonesty. Inevitably, therefore, frauds by individuals leave an auditor extremely vulnerable.
Where the fraud is essentially by the company, it has been unclear how accountable the auditor will be. Some clarity was brought by the Court of Appeal in Stone & Rolls Ltd v Moore Stephens. The claimant was essentially a one-man company controlled by a Mr Stojevic. He and the company defrauded Komercni Banka SA of $174m. Reassuringly for auditors, Moore Stephens was not liable for the consequences, as the Court of Appeal, upheld by the House of Lords, found that Stone & Rolls was the perpetrator, not the victim, of the fraud.
But the decision still leaves open the possibility of auditors being rendered liable for their failure to identify fraud by individuals in large organisations, as, to borrow from Lord Justice Mummery in Stone & Rolls, it will not be the case that “the knowledge of the fraudulent mastermind and the knowledge of his creature company are identical in targeting the victim”. The company is the victim.
Given all these factors, auditors might be forgiven for thinking these are desperate times and that, therefore, they have to resort to desperate measures in response. This would be an overreaction, though, particularly for well-organised and well risk-managed auditing practices.
The most basic defence is the common law principle that an auditor, in common with all professionals, need only exercise a reasonable standard of care when assessed against its peers (Bolam v Friern Hospital Management Committee).
In addition, sections 534-536 of the Companies Act 2006 now permit limited liability agreements (LLAs) between auditors and audit clients. An LLA does not, of course, alter the extent of the auditor’s duty or the consequences of any breach. It does, however, cap the recoverable damages. The Act does not specify the extent of the cap: this is something to be agreed between auditor and client and must only be fair and reasonable in all the circumstances of the case. It might be a fixed sum or a sum proportionate to the auditor’s fee. Institutional investors and their representatives (such as the Association of British Insurers) favour proportionate limits.
However, their choices may be limited by the robust stance of the Securities and Exchange Commission (SEC) in the US, which has said that it will not accept any LLAs entered into by English companies registered with the SEC. Lobbying is ongoing but if the SEC does not change its approach, one option would be for LLAs to be made mandatory under English law. This would effectively force the SEC to accept them. In practice, that might lead to a fixed cap, if only for legislative convenience.
Other action that auditors can take to minimise risk includes ensuring that the terms of engagement are clear, that fee arrangements are transparent and that (despite cost pressures) they continue to invest in their staff and assistants. Experienced staff will be at a premium, a fact now appreciated by banks caught out by the financial downturn.
Many accounting practices operate (or participate in) international networks. These are generally structured as associations of independent firms, linked together by a nontrading umbrella entity. Neither profits nor risks are shared, but the member firms benefit from referrals and general networking. The umbrella entity administers the network and may monitor any measures intended to ensure consistency of approach and standards.
The independence of member firms is the key to the arrangement. This is particularly important to those members practising in less litigious jurisdictions, and who have no desire to share the risk run by members operating in more exposed regimes. This would include the United States, where recent case law poses a farreaching threat to such networks.
In 2007, Banco Espirito Santo (BES) obtained a $521m judgment against BDO Seidman of New York, for the grossly negligent auditing of BES’s factoring company, Bankest. BES also sued BDO International, the relevant umbrella entity, alleging that it was vicariously liable for BDO Seidman’s acts and omissions. The case against BDO International failed, but BES has appealed. Separately, in New York, former investors in Parmalat are suing Deloitte Touche Tohmatsu (DTT) as principal of Deloitte Italy, the former auditor of the failed Parmalat. DTT sought summary dismissal but failed.
Finally, the trustee of collapsed US subprime lender, New Century Financial, has filed suit in California against its auditor, KPMG LLP. It has, though, also started legal proceedings in New York against KPMG’s international parent, alleging that it “failed in its watchdog role” and is, therefore, responsible for the acts of KPMG LLP as its agent.
The feature common to all these cases is the plaintiffs’ attempt to prove that the umbrella entity had control over the local member. According to BES’s lawyer, “BDO International controls BDO Seidman right down to how they type their letters”. BDO robustly rejects this and points out that the only area in which its network has a common approach is in transnational audits, and Bankest’s audit did not fall into that category.
Pending further developments in these cases, it is obviously premature to draw any firm conclusions. However, there is only a low risk of any such litigation developing in the UK, since courts here have traditionally required a claimant to demonstrate the existence of a direct duty and a causal link between any breach and alleged loss.
The real danger for UK-based umbrella entities and UK members lies in any judgment obtained against an umbrella entity in the US, which the claimant then seeks to enforce against other network members. As the current US litigation is clearly focused on the concepts of “control” and “agency”, the practical response of international networks should be to ensure that their structural agreements do not give the umbrella entity the right to control the acts of its members. Similarly, it is essential that no individual member can exert (or be regarded as exerting) an overt influence on the direction of the network as a whole. Indeed, there should be clear evidence of the absence of control. At a practical level, while there has been a move in recent years towards closer integration of international networks, this present spate of US litigation could well reverse that trend.