How the SEC Neglects to Enforce Control Person Liability

Scholars and politicians alike have spoken and written at great length about the importance of gatekeepers in our current corporate governance system. However, relatively little has been done to discipline  gatekeepers who seem to have lost the keys to the gate.  Meanwhile, the country’s primary securities regulator, the Securities and Exchange Commission, refuses to employ one of its most powerful tools to keep gatekeepers in check.  Our recent article, Laxity at the Gates:  The SEC’s Neglect to Enforce Control Person Liability, examines the SEC’s reluctance to bring claims against corporate insiders under Section 20(a)[1] of the Securities Exchange Act, known as the control person provision.

Section 20(a) imposes liability upon any person who controls another liable person to the same extent as such controlled person, unless she can establish that she acted in good faith and did not induce the violation.  In other words, this provision gives the SEC power to pursue executives, board members, and even lower level managers who facilitate corporate wrongdoing, even if such persons did not actively participate in the malfeasance.  The term “control” is left undefined in the Exchange Act. However, the SEC has construed the term to encompass “the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person.”[2]  Courts are generally in accord with this definition.[3]  With regularity, courts have allowed control person claims in private litigation to proceed against executive officers, including CEOs, CFOs, and COOs.[4]  Indeed, in a number of cases, courts have found that outside directors may be control persons and thus subject to liability under Section 20(a) of the Securities Exchange Act.[5]

Prior to the enactment of the Dodd-Frank Act, there was some uncertainty about whether the SEC had the power to enforce the control person provision.  Most courts believed that the Exchange Act gave the Commission this power.  Perhaps in an effort to clarify this issue, the Dodd-Frank Act amended Section 20(a) to read:  “Every person who, directly or indirectly, controls any person liable under any provision of this title or of any rule or regulation thereunder shall also be liable jointly and severally with and to the same extent as such controlled person to any person to whom such controlled person is liable (including to the Commission in any action brought under paragraph (1) or (3) of section 78u(d) of this title), unless the controlling person acted in good faith and did not directly or indirectly induce the act or acts constituting the violation or cause of action.”[6]   Thus, as the law stands today, the SEC is clearly given this power.

In theory, liability under the control person provision should be a popular enforcement tool for the SEC.  Instead of having to prove fraud or willful wrongdoing, the SEC need only establish that the subject person had the power to exercise control.  Section 20(a) should be used as an effective resource to pursue directors, executive officers, managers, and supervisors who facilitate securities violations, but who cannot themselves be held liable as aiders and abettors (either due to the lack of the requisite heightened mens rea or inability to prove the substantial assistance element).

A concern may arise that such a tool opens the door to over-zealous enforcement, with the SEC pursuing those control persons who had nothing to do with the wrongful conduct. However, the provision provides an “out” for such persons:  A defendant may avoid control person liability under Section 20(a) by showing that she acted in good faith and did not induce the violation.[7]  With good faith and non-inducement being an affirmative defense, the burden of proof thus falls on the control person to establish this defense.[8]  Effective use of control person liability thus gives control persons an incentive to keep a mindful watch over others to help ensure law compliance.

Even with this powerful tool at its disposal, the SEC has refused to initiate actions based on control person liability against corporate executives.  Our article examines much of the conduct that led to the 2008 financial crisis.  Central to the collapse was a laissez faire attitude towards law compliance.  Yet, in the wake of the largest financial collapse since the Great Depression, corporate executives who facilitated the debacle escaped largely unharmed, leaving shareholders on the hook for large corporate penalties.[9]


[1] 15 U.S.C. § 78t(a).

[2] 17 C.F.R. § 230.405 (2017).

[3] See, e.g., Harrison v. Dean Witter Reynolds, Inc., 974 F.2d 873, 881 (7th Cir. 1992).

[4] See, e.g., In re Tronox, Inc. Sec. Litig., 769 F. Supp. 2d 202, 217-22 (S.D.N.Y. 2011).

[5] See, e.g., Salit v. Stanley Works, 802 F. Supp. 728, 734-35 (D. Conn. 1992).

[6] 15 U.S.C. § 78t(a) (emphasis added).

[7] 15 U.S.C. § 78t(a).

[8] See, e.g., Frank v. Dana Corp., 646 F.3d 954, 963 (6th Cir. 2011) (and cases cited therein).

[9] See, e.g., the monetary settlements entered into with the government by Bank of America ($16 billion), Goldman Sachs ($5 billion), and Citigroup ($180 million).

This post comes to us from Marc I. Steinberg, the Rupert and Lillian Radford Professor of Law at SMU, and Forrest Colby Roberts, a practicing attorney and member of the Texas Bar. It is based on their recent article, “Laxity at the Gates:  The SEC’s Neglect to Enforce Control Person Liability,” 11 University of Virginia Law & Business Review 201 (2017), available here.