This recent law review article  titled “Laxity at the Gates: The SEC’s Neglect to Enforce Control Person Liability” does not mention the Foreign Corrupt Practices Act, but it did get me thinking about control person liability in connection with SEC FCPA enforcement actions.
As highlighted in this post, in the aftermath of a 2009 SEC individual FCPA enforcement action based on “control person” liability some predicted the start of a new trend. However, this “trend” never occurred.
As previously highlighted in this 2009 post , the Nature’s Sunshine Products Inc. (NSP) SEC FCPA enforcement action included charges against Douglas Faggioli and Craig Huff. Specifically, the complaint alleged that Faggioli (President and Chief Executive Officer of NSP and a member of its board of directors who during the relevant time period was NSP’s Chief Operating Officer) and Huff (NSP’s former CFO) as “control persons” of NSP violated the FCPA’s books and records and internal control provisions.
The SEC generally alleged that both Faggioli and Huff had “supervisory responsibilities” over NSP’s senior management and policies, yet as “control persons,” “failed to make and keep books, records, and accounts, which in reasonable detail, accurately and fairly reflected the transactions of NSP” and failed to devise and maintain an adequate system of internal accounting controls. Without admitting or denying the SEC’s allegations, Faggioli and Huff each agreed to pay a $25,000 civil penalty.
As highlighted in this prior post , the enforcement action was believed to be the first FCPA enforcement action in which the SEC charged a corporate executive with an FCPA violation under a Section 20(a) “control person” theory of liability (even though, as noted in the prior post, the SEC had previously charged corporate executives under other indirect theories including aiding and abetting a company’s FCPA violations by invoking Section 20(e)).
The “control person” theory of liability used the NSP / Faggioli / Huff enforcement action generated much attention and commentary.
For instance, this law firm alert  noted:
“This kind of “control person” liability has been used before by the SEC — e.g., in the Tyco, WorldCom, and Enron cases — but has never been used before in an FCPA case. The SEC’s extension of this theory to the FCPA represents an expansion of potential liability for individual corporate officers.
Because the Nature’s Sunshine case was settled by the SEC through consent judgments with Faggioli and Huff, the agency’s arguments in favor of control person liability were not fully explained or litigated. Nonetheless, the SEC’s willingness to use control person liability could be a powerful enforcement tool to pursue senior executives or directors who could have known of bribery or could have stopped it from occurring had they exercised their influence within the company.”
This law firm update  stated:
“On July 31, 2009, the Salt Lake City Regional Office of the U.S. Securities and Exchange Commission (“SEC”) opened what could become a new chapter in FCPA enforcement. […] [T]he case is notable because it appears to be the first time the SEC has held public company officials responsible for an FCPA-related books and records violation based solely upon their status as “control persons.”
[T]he Nature’s Sunshine case appears to be the first time such supervisory accountability has figured in an FCPA case. The case also may mark a trend towards the expanded use of Section 20(a) liability by the SEC. […] Section 20(a) also can be a powerful tool in addressing the liability of a parent company for conduct at its subsidiaries. Still open for debate is the question whether Nature’s Sunshine is a singular case arising under exceptional circumstances, or a portent for expanded use of Section 20(a) liability in the FCPA context. In particular, if the SEC’s new FCPA enforcement unit were to apply Section 20(a) to substantive FCPA anti-bribary violations, the impact could be dramatic.”
This lawyer-drafted article  stated:
“[Recently] there was much wailing and rending of garments among criminal defense and securities enforcement practitioners alike when, for the first time in the … history of the Foreign Corrupt Practices Act (FCPA), the Securities and Exchange Commission invoked §20(a) of the Securities Exchange Act of 1934 (Exchange Act) to impose FCPA liability on two corporate executives based solely on the allegation that they were “control persons” with supervisory authority over the company employees who had committed the primary FCPA violations.
In “client alerts” and other missives to industry, practitioners correctly warned that the SEC appeared to be unleashing a new and less-exacting standard of FCPA liability, one that sidesteps entirely the scienter or “guilty knowledge” standards that Congress specifically wrote into the act and replaces them, instead, with notions of strict or “respondeat superior” liability for individual executives, board members and private equity investors who neither know of nor consciously avoid learning about FCPA violations occurring somewhere within the corporate chain of command. The case that set off this uproar was SEC v. Nature’s Sunshine Products Inc.
Within the charging language of the Nature’s Sunshine complaint … FCPA practitioners immediately spotted a harbinger of even more aggressive FCPA enforcement to come.
Nature’s Sunshine appears to mark the first time that the SEC has sought to hold corporate executives responsible for FCPA violations based solely on their status as “controlling persons” having supervisory authority over those who committed the primary FCPA violations.12 At a minimum, the Commission’s choice to marry §20(a) and the FCPA in such unprecedented fashion clearly signals a more aggressive enforcement posture against corporate executives and other individuals. In turn, the mere specter of potential “control person” FCPA liability for otherwise blameless corporate executives necessarily adds to companies’ already daunting task of monitoring and remediating potential FCPA liability risks. And, given that the overwhelming majority of FCPA investigations are settled short of litigation, the SEC’s apparent willingness to threaten such “control person” liability likely will drive the costs of FCPA settlements even higher.
Whether Nature’s Sunshine portends a new era of FCPA enforcement rife with actions against executives and other individuals who neither participated in, knew of, or even avoided learning about primary FCPA violations within their chain of command is unknown.”
Nearly a decade after the NSP / Faggioli / Huff enforcement action what is known is that the “new trend” of “control person” FCPA individual enforcement actions that some hinted at never occurred.
Since the 2009 NSP / Faggioli / Huff enforcement action, it is believed that the SEC has attempted to invoke this theory of liability only once. As highlighted in this 2012 post  in the SEC complaint against Mark Jackson (former Noble Corporation CEO) and James Ruehlen (Director and Division Manager of Noble’s subsidiary in Nigeria) the SEC alleged, among other various cases of action, that during the violations, Jackson was Noble’s Chief Financial Officer, Chief Operating Officer, and ultimately President and Chief Executive Officer, and Chairman of the Board of Directors and that Jackson directly or indirectly controlled Noble, Defendant Ruehlen, and others, and therefore was liable as a control person under Section 20(a) of the Exchange Act for all of their violations.
Unlike the vast majority of FCPA defendants (corporate and individual) charged in an SEC enforcement action, Jackson and Ruehlen mounted a defense and the case ended with a whimper on the eve of trial and without admitting or denying the SEC’s allegations, Jackson consented to a final judgment  permanently restraining and enjoining him from violating the FCPA’s books and records provisions.
Seeking to better understand the general lack of “control person” theories of liability in individual FCPA enforcement actions, I reached out to Neil Smith  (K&L Gates and former senior counsel in the SEC’s Enforcement Division where he was also a member of the SEC’s FCPA Unit) and he stated:
“In making enforcement charging decisions, the SEC will look at the full landscape of available charges that fit the provable conduct. If control person liability is the best charge that can be proven against an individual, then I think the SEC staff will recommend that charge to the Commission in FCPA and other cases. However, if a more substantive charge – whether it be a direct violation or a charge for causing or aiding and abetting an FCPA, books and records, or internal controls violation – is supported by the evidence, then control person liability may be redundant.”
Save Money With FCPA Connect
Keep it simple. Not all FCPA issues warrant a team of lawyers or other professional advisers. Achieve client and business objectives in a more efficient manner through FCPA Connect. Candid, Comprehensive, and Cost-Effective.