In a rare loss by an audit firm in a case involving financial-crisis-era fraud, an Alabama federal court recently held accounting giant PricewaterhouseCoopers (PWC) liable to the Federal Deposit Insurance Corporation (FDIC) for its failure to detect a $2 billion fraud. Judge Barbara Jacobs Rothstein’s December 28, 2017 liability opinion in The Colonial Bancgroup, Inc., et al. v. PricewaterhouseCoopers LLP, et al. departed from the typical rule that because receivers like the FDIC stand in the shoes of their debtors, they can only recover where the debtor itself could recover—which excludes cases where the debtor has “unclean hands.” Instead, and despite undisputed evidence of Colonial Bancgroup’s fraud, the court applied Alabama state law to view the FDIC, a government entity, as different from a normal successor-in-interest, and granted the receiver’s claim.

Since the U.S. Supreme Court’s decision in O’Melveny & Myers v. FDIC, 512 U.S. 79, 114 S. Ct. 2048 (1994), there has been no question that state law governs claims brought by the FDIC as a receiver. In light of this fact, the decision in Colonial Bancgroup is instructive. It shows that this area of law is unsettled, and that auditors may face greater potential liability in states like Alabama, where friendly state laws could allow courts to permit the FDIC (and its sister entity, the National Credit Union Administration) to pursue lawsuits against them related to failed banks and credit unions.

Suing Auditors Is Often a Losing Proposition

The law generally insulates auditors from civil liability for losses stemming from their alleged failure to detect frauds committed by their clients, including financial institutions.

First, under the law of many states, privity requires that a third-party plaintiff have more than de minimis direct contact with the auditor as a precondition to recovery.[1] Given that this rarely occurs, the doctrine of privity generally functions as a bar to suits by third parties against auditors for professional negligence before even reaching the question of whether the auditor’s failure to exercise due care caused significant injury to the putative plaintiffs.[2] Whether the third-party plaintiff is a shareholder in a bankrupt company, an investor who entrusted that company with his or her funds, or an unrelated victim of the underlying fraud, those parties rarely will be permitted to pursue the auditor for its negligence.

Second, even when a company itself is badly damaged (or even bankrupted) by a fraud, courts will bar a suit by the company itself against the auditors under the doctrine of in pari delicto (literally, “in equal fault,” such that the position of the defending party is the stronger one)[3] because a fraud committed by the company’s own management or employees is imputed to the company. The theory, to put it simply, is that a company that destroys itself through fraud should not be permitted to lay the burden of that misconduct on a third party.[4]

These rules form a formidable pair of obstacles that seemingly foreclose any such claims against an auditor whose negligence fails to discover devastating fraud. Third parties without a direct relationship with the auditor (and whose reliance is not foreseeable by the auditor) may not assert such a claim due to lack of privity, but the auditor’s client—the company—is barred from the claim because of its own imputed participation in the fraud.

The Colonial Bancgroup Litigation

Notwithstanding this legal backdrop, the Colonial Bancgroup litigation demonstrates that auditors are not entirely immune from civil liability, particularly in situations where there have been substantial losses to the public at large.

The Colonial Bancgroup litigation arose from a massive fraud that led to the failing of Colonial, a national bank that was a fully owned subsidiary of the Colonial Bancgroup (CBG).[5] When the FBI raided Colonial in August 2009, it was one of the 25 largest banks in the United States. Ten days later, Alabama banking regulatory authorities closed Colonial and appointed the FDIC as its receiver. CBG filed for Chapter 11 bankruptcy protection 11 days later.

Colonial’s failure was the result of a fraud perpetrated by Taylor, Bean & Whitaker Mortgage Corporation (TBW), the largest customer of Colonial’s Mortgage Warehouse Lending Division (MWLD), and several of Colonial’s employees. Colonial’s MWLD provided short-term funding to mortgage originators like TBW to enable such companies to originate and fund mortgage loans until those loans could be sold to third-party investors such as Freddie Mac and Ginnie Mae. Between 2002 and 2009, TBW and some of Colonial’s employees engaged in a multifaceted fraud that disguised TBW’s failure to repay Colonial’s short-term funding. By the time the fraud was discovered in 2009, it had grown to $2.3 billion.

During this period, PWC acted as outside auditor for CBG and because it performed the audit on a consolidated basis, that audit included Colonial.

The Colonial failure cost the FDIC’s deposit insurance fund $2.3 billion, and the FDIC was appointed receiver for the bank.[6] CBG and the FDIC each sued PWC, alleging that PWC breached the professional and contractual duties it owed CBG and Colonial, thereby allowing the fraud to go undetected. Both lawsuits also state claims against Crowe Horwath LLP, who acted as CBG’s internal auditor during the years that Colonial was victimized by the fraud and who also failed to detect the fraud. CBG’s and the FDIC’s claims against PWC and Crowe were consolidated, and the parties proceeded through discovery and pretrial motions. Ultimately, the claims against PWC and against Crowe were bifurcated, and the case was also bifurcated with respect to liability and damages.

Following the liability portion of the PWC bench trial,[7] the district court issued its findings and rulings on December 28, 2017. In a lengthy written decision, the court found that CBG could not hold PWC liable because the wrongful conduct of Colonial’s employees was imputed to Colonial and then to CBG based on its control over Colonial. On the other hand, the court found that PWC was liable to the FDIC for its negligence in failing to detect the massive, long-running fraud. In other words, the FDIC was treated differently than Colonial (and CBG), even though the FDIC (as a receiver) was stepping into the shoes of Colonial.

The court found that under Alabama law, PWC owed a duty to both CBG and Colonial to exercise reasonable care in performing its audits of CBG—a proposition that PWC did not dispute. The court then found that PWC breached those professional obligations by failing to plan and perform its audit to detect fraud, and by failing to obtain sufficient audit evidence regarding the particular types of transactions through which the fraud was executed.

In the bench trial, PWC witnesses acknowledged that PWC had an obligation to design its audits to detect fraud, and the court noted that in deposition testimony in the case brought by TBW’s trustee, PWC engagement partners, audit managers, and audit staff repeatedly admitted that PWC did not design its audit procedures to do so. Based on that testimony, the court concluded that PWC had failed to design its audits to detect fraud, and that PWC thereby violated applicable auditing standards.

The court also credited the plaintiffs’ assertion that PWC should have—but failed to—physically inspect the mortgage loan documents that were associated with the bank’s transactions with TBW, and which were supposed to be held by Colonial until it was paid its interest in the transaction. In doing so, it rejected PWC’s argument that even if it had attempted to inspect the underlying loan documents, it would not have uncovered the fraud because the fraudsters would have created fake documents. “This, of course, is something that we will never know,” the court observed. “However, what we do know is that . . . one of the key fraudsters . . . testified that if PWC had asked to see even just ten loan files, ‘[t]he jig would be up.’” In addition, PWC’s comparison of different management reports—to make sure the numbers matched—reflected insufficient “professional skepticism,” and PWC had missed certain red flags (like transaction dates that were illogical) that should have alerted it to the need to physically inspect the underlying documents. To the court, PWC’s decision to base its conclusions on TBW’s representations about the underlying assets instead of conducting its own investigation was “quintessentially the same as asking the fox to report on the condition of the hen house.”[8]

Why the FDIC Could Assert Colonial’s Claim

The FDIC faced legal hurdles in attempting to assert claims against PWC because it was stepping into the shoes of parties that would presumably be barred from asserting such claims. If the FDIC were viewed as asserting Colonial’s claims against its auditor, the doctrine of in pari delicto would presumably bar the claims because Colonial’s management and employees were complicit with (or even responsible for) the fraud. In addition, if the FDIC were viewed as asserting claims on behalf of the bank’s depositors (whom it has made whole through its insurance function), the depositors’ lack of privity with PWC would operate as a bar to the claims.

Nevertheless, the district court reached a different conclusion.[9] The starting point for the court’s analysis was that receiverships are governed by state law, and that Alabama law generally does not permit receivers to stand in a better position than the failed institutions they represent. In finding that the FDIC should not be so limited, the court relied in part on a 1991 Alabama Supreme Court case holding that the Resolution Trust Corporation—a federal receiver with substantive duties that mirror those of the FDIC—was not subject to punitive damages based on the misdeeds of the failed institution it inherited. There, the state high court reasoned that the imputation of wrongdoing to receivers is tempered by equitable principles:

A receiver operates for the benefit of creditors, unsecured depositors and the federal tax payer. However, punitive damages are imposed to punish the wrongdoer and to deter others. Where the wrongful party is in receivership and the damages are to be paid by innocent creditors, punitive damages create an inequitable result and are therefore improper. [The bank] no longer exists and cannot be punished. . . . Imposing punitive damages against RTC would not accomplish the purposes which punitive damages are meant to serve.[10]

According to Judge Rothstein, the same logic compelled a liability finding in Colonial Bancgroup. The court found that the purpose of in pari delicto would not be served by using it to bar claims by the FDIC. To further buttress this conclusion, the court relied on a Ninth Circuit decision involving the FDIC that helps to differentiate the FDIC from Colonial itself:

A receiver . . . does not voluntarily step into the shoes of the bank; it is thrust into those shoes. It was neither a party to the original inequitable conduct nor is it in a position to take action prior to assuming the bank’s assets to cure any associated defects or force the bank to pay for incurable defects. This places the receiver in stark contrast to the normal successor in interest who voluntarily purchases a bank or its assets and can adjust the purchase price for the diminished value of the bank’s assets due to their associated equitable defenses. In such cases, the bank receives less consideration for its assets because of its inequitable conduct, thus bearing the cost of its own wrong.[11]

What Comes Next?

Although Judge Rothstein’s opinion was limited to Alabama law and her prediction of how the state’s supreme court would view cases brought by the FDIC, it was also motivated by public-policy concerns that could have broader application. It is difficult to predict whether the decision and those public-policy issues will encourage other courts to permit the FDIC to assert claims against auditors.

One reason for this is that there are significant differences among how states treat receivers.[12] Consider as an example how Colonial Bancgroup might have been decided if the audit had taken place in New York. As in Alabama, the general rule under New York law is that the “liquidator . . . ‘stands in the shoes’ of the insolvent, gaining no greater rights than the insolvent had.”[13] For this reason, under New York law, the receiver of a bankrupt corporation can be barred by the in pari delicto doctrine from bringing claims against service providers to the corporation.[14]

In the past, some New York trial courts refused to impute knowledge of corporate wrongdoing to court-appointed receivers who are “innocent successors” to the corporation. These decisions draw upon federal cases, and the same public policy rationales that motivated the decision in Colonial Bancgroup.[15] Consistent with this line of cases, in a 1996 decision, a federal district court interpreting New York law found that the FDIC was not subject to an in pari delicto defense that could have been raised against the failed bank.[16]

However, those decisions pre-date the most recent New York Court of Appeals decision on imputation and in pari delecto: Kirschner v. KPMG LLP, 15 N.Y.3d 446, 938 N.E.2d 941 (2010). In that case, the court found that the primary, and arguably lone, exception to the general rule imputing an agent’s knowledge to his principal is the “adverse interest” exception, which applies only when the agent has “totally abandoned his principal’s interests” and is “acting entirely for his own or another’s purposes.” Where both the agent/employee and the corporation benefit, the exception does not apply.[17] In reaching this decision, the court reasoned that public-policy goals would not be served by exposing corporate auditors to additional liability:

The derivative plaintiffs caution against dealing accounting firms a “get-out-of-jail-free” card. But as any former partner at Arthur Andersen LLP—once one of the “Big Five” accounting firms—could attest, an outside professional (and especially an auditor) whose corporate client experiences a rapid or disastrous decline in fortune precipitated by insider fraud does not skate away unscathed. In short, outside professionals—underwriters, law firms and especially accounting firms—already are at risk for large settlements and judgments in the litigation that inevitably follows the collapse of an Enron, or a Worldcom or a Refco or an AIG-type scandal. . . . It is not evident that expanding the adverse interest exception or loosening imputation principles under New York law would result in any greater disincentive for professional malfeasance or negligence than already exists. Yet the approach advocated by the Litigation Trustee and the derivative plaintiffs would allow the creditors and shareholders of the company that employs miscreant agents to enjoy the benefit of their misconduct without suffering the harm.[18]

Although the decision does not directly apply to the FDIC, the court’s public-policy analysis differs significantly from that of Judge Rothstein. The Kirschner court’s skepticism that frauds can be deterred by expanding civil liability for auditors suggests that Colonial Bancgroup may have been decided differently if New York law had governed the FDIC’s claims against PWC.

Conclusion

The decision in Colonial Bancgroup demonstrates that auditors face difficulties in evaluating their potential liability for audits of banks and credit unions. In the event that a bank or credit union fails, and the auditor was unable to detect the underlying fraud for some period of time, that auditor may be held responsible for a massive amount of losses. Ultimately, the auditor’s liability in such a situation may turn on the vagaries of state laws governing receivership and how courts view the costs and benefits of holding auditors accountable for frauds perpetrated by others.

[1]              There are circumstances in which an auditor may be liable to a third party when it has conducted work specifically for the benefit of that third party, but there are few cases finding a factual basis for such liability. Instead, the requirement of privity otherwise generally bars such claims. See, e.g. CRT Inves., Ltd. v. BDO Seidman, LLP, 85 A.D.3d 470, 472, 925 N.Y.S.2d 439 (1st Dep’t 2011) (finding complaint failed to plead claim for negligence) (citing Sec. Pac. Bus. Credit v. Peat Marwick Main & Co., 79 N.Y.2d 695, 706, 586 N.Y.S.2d 87 (1992)).

[2]              See, e.g., In re Adelphia Commc’ns Corp. Secs. & Derivative Litig., slip op., 2014 WL 6982140, at *9 (S.D.N.Y. Dec. 10, 2014) (barring claim for negligence against auditor in absence of privity) (citing Guy v. Liederbach, 501 Pa. 47, 459 A.2d 744, 750 (Pa. 1983)); In re MF Global Holdings Ltd. Inv. Litig., 998 F. Supp. 2d 157, 187–88 (S.D.N.Y. 2014) (holding negligence claim requires under New York law showing of “near privity”) (citing Credit Alliance Corp. v. Arthur Andersen Co., 65 N.Y.2d 536, 493 N.Y.S.2d 435 (1985)); Bily v. Arthur Young & Co., 3 Cal. 4th 370, 406, 834 P.2d 745, 767 (1992) (barring investors claims for negligence against auditor of bankrupted company).

[3]              The leading case on the doctrine is Cenco, Inc. v. Seidman & Seidman, 686 F.2d 449 (7th Cir.), cert. denied, 459 U.S. 880 (1982).

[4]              For example, in Colonial Bancgroup, the bankruptcy trustee for the failed bank’s parent company sought to recover damages from PricewaterhouseCoopers for its negligence but was barred from doing so under the in pari delicto doctrine. See Colonial Bancgroup, Case No. 2:11-cv-00746-BJR-TFM, Order on the Liability Phase of the PWC Bench Trial, Doc. 798 (M.D. Ala. Dec. 28, 2017).

[5]              This description of the facts is taken from the court’s findings issued following the liability phase of the bench trial in that case. See id.

[6]              The court’s ultimate decision reduced the potential damages to an estimated $1.4 billion after determining that a related breach by Bank of America of its custodial obligations to Colonial Bank was not foreseeable by the auditor.

[7]              Certain of the claims for which the plaintiffs had the right to a jury trial are to be tried separately to a jury. The Crowe bench trial was scheduled to commence after the conclusion of the PWC bench trial, although it was subsequently rescheduled for later in the proceedings.

[8]              The court was also critical of PWC for failing to understand how certain of the transactions were supposed to work. One PWC auditor admitted that understanding these transactions was “above his paygrade,” and PWC ultimately assigned the evaluation of these transactions (a $589 million asset) to a college intern. PWC’s failure to understand this class of transactions was compounded by its failure to examine physically the actual documentation that underlay each transaction and constituted the collateral at issue. “Instead,” the court noted, “PWC chose to rely on . . . the college intern[‘s] assessment that it was not necessary to inspect the . . . collateral because ‘PWC feels that the collateral for these [transactions] is adequate.’”

[9]              This issue was addressed in the context of the FDIC’s motion for partial summary judgment on the defendants’ affirmative defenses. See generally Colonial Bancgroup, Case No. 2:11-cv-00746-BJR-TFM, Order Granting in Part and Denying in Part FDIC’s Motion for Partial Summary Judgment on Defendants’ Affirmative Defenses, Doc. 720 (M.D. Ala. Aug. 18, 2017).

[10]             Id. at 7–8 (quoting Resolution Tr. Corp. v. Mooney, 592 So. 2d 186, 190 (Ala. 1991)).

[11]             Id. at 10–11 (quoting FDIC v. O’Melveny & Myers, 969 F.2d 744, 751–52 (9th Cir. 1995)).

[12]             Judge Rothstein recognized as much in her opinion, in which she stated that there are countervailing opinions from other jurisdictions, but she was not persuaded by the reasoning of these courts. Id. at 11, n.2.

[13]             In the Matter of Liquidation of Union Indem. Ins. Co. of N.Y., 89 N.Y.2d 94, 109, 651 N.Y.S.2d 383, 674 N.E.2d 313 (1996) (quoting Stephens v. Am. Home Assurance Co., 811 F. Supp. 937, 947 (S.D.N.Y.1993), vacated & rem’d on other grounds, 70 F. 3d 10 (2d Cir.1995).

[14]             See, e.g., Cobalt Multifamily Inv’rs I, LLC v. Shapiro, 857 F. Supp. 2d 419, 431 (S.D.N.Y. 2012).

[15]             See, e.g., Williamson v. Stallone, 28 Misc. 3d 738, 905 N.Y.S.2d 740, 752–53 (N.Y. Sup. Ct. 2010) (citing FDIC v. O’Melveny & Myers, 61 F.3d 17 (9th Cir. 1995)); Williamson v. PricewaterhouseCoopers, LLP, 2007 WL 5527944 (N.Y. Sup. Ct. Nov. 7, 2007) (same).

[16]             FDIC v. Abel, 1996 WL 520906, at *1 (S.D.N.Y. Sept. 12, 1996) (“Because the FDIC is acting on behalf of the depositors and creditors . . . that defense cannot succeed.”).

[17]             Kirschner v. KPMG LLP, 15 N.Y.3d 446, 466, 938 N.E.2d 941, 954 (2010).

[18]             Id. at 476–77.