In Short

The Situation: In Merrimack College v. KPMG LLP, a college sued its independent auditor for the auditor's failure to report fraud by the college's financial aid director.

The Result: The Massachusetts Supreme Judicial Court ("SJC") ruled that for purposes of the in pari delicto defense, only the conduct of senior management could be imputed to a plaintiff corporation.

Looking Ahead: This decision limits the availability of the defense, departs from traditional agency principles, and has implications for service providers to corporations, including so-called "gatekeepers" like accountants and lawyers.

The Massachusetts Supreme Judicial Court has recently narrowed the scope of corporate imputation in the context of the in pari delicto defense, which will impact corporations' ability to rely on their third-party consultants.

Merrimack College v. KPMG LLP

Background

In 2011, Merrimack College ("Merrimack"), a small private college in Massachusetts, discovered that between 1998 and 2004, its financial aid director had been fraudulently issuing Perkins Loans to students without their consent. Merrimack uncovered more than 1,200 invalid Perkins Loans. After discovering the misconduct, Merrimack wrote off the fraudulent loans and repaid students, which cost Merrimack more than $6 million.

While the fraud was ongoing, Merrimack had engaged KPMG LLP ("KPMG") as its independent auditor. During its annual audits, KPMG noticed discrepancies between Perkins Loans that had been recorded in Merrimack's system and loans that had been actually issued. But KPMG still issued unqualified opinions that Merrimack's financial statements did not contain material misrepresentations and that Merrimack was in compliance with federal loan requirements.

Merrimack sued KPMG to recover some of the $6 million it had lost due to the fraud that had gone unchecked by KPMG. The Superior Court granted KPMG's motion for summary judgment on the grounds that Merrimack's claims were barred by the in pari delicto doctrine. Relying on traditional agency principles, the judge held that the financial aid officer's conduct should be imputed to Merrimack and that the case should be dismissed with prejudice.

SJC Holding

On direct appellate review, the SJC vacated the grant of summary judgment to KPMG. The court held that only the conduct of senior management—which includes officers with primary responsibility for corporate management, directors, and controlling shareholders—may be imputed to a plaintiff corporation under the doctrine of in pari delicto. The court reasoned that a corporation's "moral responsibility" is measured only by the conduct of its agents who lead the corporation. The court held that the financial aid director was not a member of senior management.

Implications

Traditional Agency Principles

The Merrimack decision departed from traditional agency principles largely on public policy grounds. Corporations in Massachusetts can now more comfortably rely on their third-party consultants, such as auditors and law firms, to monitor the conduct of their mid-level employees, knowing that they can sue these "gatekeepers" if the mid-level employees commit some kind of corporate wrongdoing. Such gatekeepers should also have a heightened awareness of their potential liability if they fail to bring potential employee misconduct to the attention of senior management.

However, it is important to note that the Merrimack holding does not extend to the context of vicarious liability. Where a mid-level employee's conduct harms an innocent third party, that employee's conduct will still be imputed to the corporation for purposes of determining liability.

Other states' courts have refused to make the same distinction between mid-level employees and senior-level management under the in pari delicto doctrine. In the case of Kirschner v. KPMG LLP, 15 N.Y.3d 446 (2010), the New York Court of Appeals did not differentiate between "senior management" and a corporation's broader pool of "agents." Instead, New York generally applies traditional agency principles in the context of in pari delicto. Delaware's Chancery Court took the opposite approach of Massachusetts in In re American Int'l Group, Inc., Consol. Derivative Litig., 976 A.2d 872 (Del. Ch. 2009), explicitly stating that even where a corporation's wrongdoing involved the conduct of mid-level, rather than senior, management, a co-conspirator may still assert the in pari delicto defense.

Gatekeeper Responsibility

The Merrimack decision also reflects a trend in some jurisdictions to increase the burden on corporate "gatekeepers," such as accountants, financial advisers, and lawyers, to identify corporate wrongdoing. Many states have established some form of an "auditor exception" to in pari delicto, which limits the extent to which corporate gatekeepers can assert the defense to avoid liability. For example, in NCP Litig. Trust v. KPMG LLP, 187 N.J. 353 (2006), the New Jersey Supreme Court adopted a relatively broad auditor exception, allowing corporations to bring negligence claims against third-party gatekeepers to recover losses from corporate fraud. Such a gatekeeper may assert an in pari delicto defense only where a shareholder has engaged in the fraud, where an official should have been aware of the fraud by virtue of his or her position, or where a stockholder had a large enough stake in the company to have been able to exercise oversight.

Pennsylvania adopted a different formulation of the exception in Official Comm. of Unsecured Creditors of Allegheny Health Educ. & Research Found. v. PricewaterhouseCoopers, 605 Pa. 269 (2010). There, the Pennsylvania Supreme Court prevented auditors from asserting the in pari delicto defense if they had not "dealt materially in good faith with the client-principal." And while both New York and Delaware have refused to create a "blanket" auditor exception, the Delaware Chancery Court did adopt an exception to in pari delicto as recently as 2015 though, as noted above, it did not go so far as Massachusetts. Noting the "gatekeeper" role of the auditor defendants, the Chancery Court held that an auditor may not assert an in pari delicto defense to bar a plaintiff corporation's aiding and abetting claim. Stewart v. Wilmington Trust SP Servs., Inc., 112 A.3d 271, 318–20 (Del. Ch. 2015). Because Delaware law prohibits the use of in pari delicto against a trustee or derivative plaintiff suing a corporation's own fiduciaries for breach of their fiduciary duties, the Chancery Court reasoned that the law should do the same where an auditor or other gatekeeper aids and abets such a breach.

While the Merrimack case was pending before the SJC, the court solicited amicus briefs on the issue of whether Massachusetts should recognize an auditor exception to the doctrine of in pari delicto. However, in issuing its decision, the court declined to go so far as to decide whether it should carve out a blanket auditor exception in these types of cases. Instead, the court, by narrowing the imputation of employee conduct in the corporate context, limited its holding only to cases where corporate wrongdoing was committed by a non-senior employee. Therefore, unless the court extends its holding, a corporation may still risk losing its ability to bring a claim in Massachusetts against a third-party gatekeeper where that corporation's senior management, directors, or shareholders participated in corporate wrongdoing.

Four Key Takeaways

  1. The SJC has departed from traditional agency principles, deciding to impute only the conduct of senior management, officers, and directors to a corporation, where that corporation's outside auditor attempts to assert an in pari delicto defense.
  2. The SJC's holding with respect to imputation applies only in the context of the in pari delicto defense. Corporations remain exposed to risks of vicarious liability for the wrongdoing of any agent, not just senior management, against an innocent third party.
  3. This decision is part of a trend to put more pressure on gatekeepers to improve corporate monitoring.
  4. Whether the SJC would extend the Merrimack decision to create a blanket auditor exception remains an open question.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.