McKenna Gives Luncheon Keynote For Professional Liability Defense Federation Annual Meeting

Thanks to Jonathan Ziss of Goldberg Segalla, I was the luncheon speaker on October 10, 2013 at the annual meeting of the Professional Liability Defense Federation (PLDF), held at the Westin Michigan Avenue in Chicago.

My remarks are entitled, “Is Private Litigation The Only Hope For The Accounting Profession?”

“The Professional Liability Defense Federation™ is a not-for-profit organization designed to bring together attorneys, claims professionals and risk management specialists to share expertise and information helpful to the successful defense of professional liability claims.”

That means these are the guys, and gals, who defend the audit firms when they are accused of screwing up and not living up to their public duty.

Here are my remarks:

Thank you so much for the invitation to speak today.

I want to especially thank Jonathan Ziss, who knows he is always welcome in my writing.

Everyone is finished with your bread rolls?  No stashes of cherry tomatoes saved from the salads, I hope?

Let me make one thing clear: I like lawyers. A lot. It doesn’t matter to me which side you’re on. I revel in professional virtuosity. If you defend your clients well, use your talents to do a great job, use the law in an innovative and unique way to prove your case, I will stick my hand out to shake yours.

I write about the business of the Big Four global audit firms. It’s been seven years this week since I started my blog re: The Auditors. Since then I’ve been asked to write for Forbes magazine and American Banker and others and have been quoted all over, including this week in Crain’s Chicago Business and in places as far away as Australia and Dublin.

The overriding theme of my writing is always, “Where were the auditors?”

I had no idea when I started I’d be writing so much about litigation and making so many legal friends. When mainstream media covers the audit firms, it’s still primarily to document the latest about a lawsuit against one of them. Or to pen an audit firm or partner puff profile fed to them by PR.

Most journalists follow the court cases when they rise to newsworthy and that’s about it. It’s gotten better the last few years as more have seen, based in some part on my example, that there are stories behind the scenes and there’s an audience that’s bigger than just CPAs interested in those stories.

Writing about the litigation against the audit firms leads to writing about the defenders, the plaintiffs’ lawyers and government prosecutors, and the arguments used by all sides.

Just a side note, I don’t write that often about the next tier or regional audit firms because they’re not my personal experience, the Big Four audit all but one of the S&P500 and a comparable critical mass of public entities in the UK and Asia, and because the business models and management of risk and quality especially on a global network level and insurance scheme are so dramatically different between the Big Four and the rest. Only when a non-Big Four firm faces a case or issue that is relevant to the industry as a whole do I dip my toe into that world.

We could talk just about cases against the largest audit firms for auditor negligence and malpractice and that would be more than enough to fill a whole conference. But legal risks to the audit firms go beyond audit cases. Investors and regulators sue audit firms and their partners regularly, alleging professional malpractice, fraud, and consulting failures which are usually breach of contract but can rise to RICO like in the Deloitte/Marin County SAP system implementation case.

Firm partners and staff also sue the firms sometimes alleging wrongful termination, discrimination of all kinds, and unpaid overtime. All four of the largest global firms are currently fighting thousands of claims all over the world that, if awarded, would add up to billions. Some individual cases claim more than $1 billion in damages.

When I was at PwC in 2005-2006, auditing the firm itself, I noticed that much of the leadership’s time was spent on “partner matters” aka litigation. I would have estimated it to be at that time more than 50%. I suspect it’s has gone up.

There was a big push at that time for liability limits and also, post-Enron and pre- financial crisis, to talk openly about the auditors’ responsibility to detect fraud. There were some big cases even after SOx was enacted in 2002. Cases such as the Kanebo scandal in Japan where PwC audit partners were jailed and the firm collapsed and Parmalat in Italy and Ahold in the Netherlands, both audited by Deloitte were outside the US but in strategic markets for audit services to multinationals.

Satyam, a $1 billion fraud audited by PwC in India, was uncovered by the CEO’s admission of “riding a tiger” in January 2009, at the height of the financial crisis.

Satyam, however, was still just an annoying speck in PwC US Chairman Dennis Nally’s eye when he was interviewed by the Wall Street Journal in March of 2007. David Reilly asked Nally about auditor liability caps and about the auditor’s obligation to detect fraud:

WSJ: Why are the firms pushing for a limitation on liability for auditing public companies?

Mr. Nally: There is a concern that without some form of liability relief over time you run the risk that one of these firms ultimately fails, there is a catastrophic loss that can’t be dealt with. Every one of these firms is a partnership and having the ability to sustain this profession over time is making sure that the liability question is addressed.

WSJ: In your fiscal year that ended last June, PwC in the U.S. generated nearly $7 billion in revenue. How much of that was profit that could be distributed to your firm’s 2,069 partners?

Mr. Nally: Between $1 billion and $1.4 billion.

That’s a 14-20% net profit margin distributed to partners, or about an average of $675,000 per partner. The US firms do not issue financial statements, disclose profits, or give a breakdown of revenue even for the US alone. That was the last time I remember any profit figures being published for the US.  The firms did not get the liability cap legislation they wanted at that time and have not disclosed US profits since.

The firms are still worried about catastrophic litigation. An AICPA/NYSSCPA joint brief in 2010 in two cases before the New York State Court of Appeals — Teachers’ Retirement System of Louisiana v. PricewaterhouseCoopers LLP, and AIG pre-crisis fraud case and Kirschner v KPMG et al, a Refco fraud case, highlighted the industry’s perceived risk :

“The accounting profession is significantly burdened by litigation arising from a widened scope of liability and increasingly aggressive plaintiffs seeking ‘deep pockets’. The biggest threat facing audit firms today is that a single mega-claim or several such civil claims in succession could destroy and audit firm.”

In the brief by the trade groups on behalf of the defendants they practically threatened the viability of the capitalist system if audit firms were held accountable for fraud – including promises of higher audit fees if audit firms were forced to pay more settlements.

In those two cases, the New York Court of Appeals decided on October 21, 2010, by a vote of 4-3, to “decline to alter our precedent relating to in pari delicto and imputation and the adverse interest exception, as we would have to do to bring about the expansion of third-party liability sought by plaintiffs here.”

That doctrine’s full name is in pari delicto potior est conditio defendentis, meaning “in a case of equal or mutual fault, the position of the [defending party] is the better one” I have some other names for it:

• Immunity from Prosecution for the “Duped” theory
• Incompetent Professional service providers Defense
• Invocation of Plausible Deniability doctrine

A majority of the New York Court of Appeals bought the self-serving, selfish and unjust arguments of the defendants and their flunky amicus brief toadies and even, get this, cried crocodile tear for the accounting firm partners (!!).

Judge Susan Phillips Read, Associate Judge of the Court of Appeals, writes in her opinion:

“In particular, why should the interests of innocent stakeholders of corporate fraudsters trump those of innocent stakeholders of the outside professionals who are the defendants in these cases?

…In a sense, plaintiffs’ proposals may be viewed as creating a double standard whereby the innocent stakeholders of the corporation’s outside professionals are held responsible for the sins of their errant agents while the innocent stakeholders of the corporation itself are not charged with knowledge of their wrongdoing agents. And, of course, the corporation’s agents [*19]would almost invariably play the dominant role in the fraud and therefore would be more culpable than the outside professional’s agents who allegedly aided and abetted the insiders or did not detect the fraud at all or soon enough. The owners and creditors of KPMG and PwC may be said to be at least as “innocent” as Refco’s unsecured creditors and AIG’s stockholders.“

This whining continues in spite of the fact it’s really hard bring a case against the Big Four auditors. In 1975, the Ernst & Ernst v. Hochfelder decision by the Supreme Court held that actions under Section 10(b) of the Securities and Exchange Act and Rule 10b-5 require an allegation of “`scienter’—an intent to deceive, manipulate, or defraud.” The “scienter” requirement, necessary to sustain allegations against the auditors in a securities claim under Section 10(b), is notoriously difficult to meet in an auditor liability case.

In 1995, the Private Securities Litigation Reform Act made it even harder to sue auditors. The PSLRA did restore aiding and abetting liability for third parties like auditors in SEC enforcement actions per the Central Bank decision. The SEC urged Congress to extend aiding and abetting liability to private litigation. Unfortunately, Congress was more focused on limiting liability in private damage actions and refused to follow the SEC’s recommendation. Attempts to restore the right of private plaintiffs to allege aiding and abetting by third parties like auditors made during the debate of the Dodd-Frank bill, specifically the Specter amendment, failed.

Many lawyers won’t even try to sue auditors anymore. They leave the auditors off the list of defendants in a class action or drop them from the case as a reward for helping make a stronger case against executives or once judges signal acceptance of the frequent auditor defense, “We were duped, too”.

If there’s substance in a claim against an audit partner and the firm, the case usually settles before any facts are public.

So, what is the auditor’s responsibility to detect fraud when the poor guys are seemingly stymied at every turn by bad guys who so easily, over and over, pull the wool over their eyes?

The PCAOB has made it very clear. The firms used to own up to some responsibility.

Nally again in 2007 to the WSJ:

WSJ: Is it an auditor’s job to try and find fraud?

Mr. Nally: Absolutely. We have a responsibility to perform procedures that are detecting fraud just like we have responsibilities to perform procedures to detect errors in financial statements.

WSJ: You seem pretty certain, but the firms as a whole often eschew some responsibility for finding fraud, especially in court.

Mr. Nally: The audit profession has always had a responsibility for the detection of fraud. The debate has always gone toward how far do you carry that, what type of procedures do you have to develop and in what environment. The classic issue becomes the cost benefit of all of that and this is why I think there is this expectation gap.

WSJ: There are more than 140 companies under investigation over backdating of stock options. As was the case with the Enron and WorldCom debacles that has given rise to the question: Where were the auditors?

Mr. Nally: If the public has a view that the auditor’s report on a set of financial statements is designed to provide absolute assurance, that is not what the auditing profession and the [auditing] literature requires today. We’re providing reasonable assurance. There’s a big difference between absolute and reasonable.

By the time Nally, and his boss Sam DiPiazza, were caught flat-footed on Satyam in January 2009, they’d changed their tune. PwC Global Chairman Sam DiPiazza told the Times of India that March:

“What we understand is that this was a massive fraud conducted by the (then) management, and we are as much a victim as anyone. Our partners were clearly misled.”

PwC begs our indulgence again when in a rambling, incoherent interview with an Indian journalist in the summer of 2010 – more than a year after the fraud was uncovered by the Satyam CEO, not PwC. Dennis Nally is now PwC Global Chairman and tells us:

“Many times there is an expectation from the investor community that the auditor is in fact fully responsible for the detection of fraud. Now that is not our job, today.”

While PwC was fielding the Satyam issues, the Huron Consulting debacle hit. Huron is an Arthur Andersen pedigree local publicly listed consulting firm where former AA professionals were selling expertise in SEC and GAPP accounting to clients but couldn’t get their own GAAP right when recording compensation expense for an acquisition.

Huron auditor PwC was initially named in a shareholders suit but was dropped after helping, I’ve heard, to make a stronger case against the executives.

PwC is the auditor of the largest worldwide family of feeder funds to Bernie Madoff’s Ponzi scheme, the Fairfield Greenwich Group. PwC was the auditor of failed broker-dealer MF Global, run by Jon Corzine which failed in October of 2011.  PwC still audits nationalized AIG and Freddie Mac which is now under a conservatorship.

PwC has the ignominious honor of being the first audit firm sued by the FDIC for a bank that failed during the financial crisis, Colonial Bank of Alabama. That fraud and failure is tied to another one, at Taylor Bean and Whitaker, a Deloitte client and a case that recently settled.

Speaking of settling: You can bring an auditor to court but you can rarely bring them to justice. That’s because in the U.S. Big Four auditors almost always settle. The industry says one significant judgment could put another one out of business but we don’t know what that number is since the firms don’t publish a litigation docket nor disclose financials including reserves for litigation. The Big Four in the US can’t get any commercial liability insurance other than excess coverage and are now self- insured through individual offshore captives.

(Member firms in other parts of the world and smaller firms still carry commercial liability insurance coverage such that a regional firm like Clifton Larson Allen can settle with the City of Dixon over the Rita Crundwell fraud for $35 million and still exist.)

Partners and firms also say stupid, incriminating things in court that, unlike after a settlement, can’t be sealed.

I say maybe private litigation can save the industry because when one day a Big Four trial happens, we’ll close the “expectations gap”. What the Big Four is willing to do for the money and the excuses they are willing to make when they screw up will be subject to the sunshine of public scrutiny.

PwC recently agreed to a record breaking settlement for a huge failure at audit client Centro in Australia in the middle of the trial because crazy statements by the firm —they said the partner not the firm was responsible because he signed the report in his name— and the partner — he said the staff person was responsible for the mistakes in debt classification because he delegated as he was to busy to do everything—completely ruined its chances of winning the case.

In June of 2011, the Financial Times produced a less hard-hitting profile of PwC’s Global Chairman Dennis Nally than 2007 WSJ profile. Nally was still singing the same tune as after Satyam, in spite of the financial crisis, in spite of growing issues at MF Global, in spite of Barclays Libor and rogue trader scandals…

Journalist Helen Thomas asked Nally diplomatically: What about fraud or disingenuous bookkeeping? Surely auditors should rightly find themselves in the line of fire when a case slips through on their watch?

Such British politeness. Thomas says Nally crossed his arms across his monogrammed shirt, for the first time looking a touch defensive.

“There are professional standards out there [and] an audit is not designed under those standards to detect fraud,” he says, pointing out that detecting fraudulent behaviour rests on other indications including a company’s governance, management tone and control systems.

“The reasons it has been done that way is because, while we always hear and read about the high-profile fraud, the number of those situations that you actually encounter in practice is very de minimis.

“You’re not designing an audit for ‘the exception’ because, quite frankly, the cost itself would be prohibitive to all of the capital markets and . . . who wants to pay or that if the benefit isn’t there?” he adds.

In April of 2010, soon-to-be retired CEO of Deloitte Bill Parrett – whose post-retirement gig on the board of Deloitte audit client Blackstone Group was announced before his retirement was final – told a reporter at the Toronto Globe and Mail:

“…there are limits to what an auditor can detect – and those limits often fall far short of what investors expect from the process.  “We’ve always had this expectation gap between what the auditor really can do and what the investing public wants the auditor to do, or wants the audit to represent,” he said.

This is the same Deloitte that was, at that time, defending itself against several lawsuits, including their own version of the global network challenge related to the Parmalat fraud. Of the Big 4, Deloitte, I think, lost the most Fortune 100 audit business as a result the financial crisis – Bear Stearns, Washington Mutual, Fannie Mae, Beazer, Taylor Bean & Whitaker, Merrill Lynch, American Home Mortgage, and Royal Bank of Scotland, are a few of the major financial institutions audited by Deloitte that failed or were bailed out via forced acquisitions or nationalizations during the crisis. And don’t forget GM too, another Deloitte audit client.

Deloitte is also at the center of the Chinese reverse merger fraud scandals and the dispute between the audit firms and the SEC over access to auditor workpapers in China. The firm has the most clients named in fraud lawsuits of all the firms in China.

The firms typically respond to scandals post-crisis in ways that I think are an embarrassment to the profession and speak to the poor level of integrity demonstrated by the firms’ leadership.

You, the defense attorneys, should not enable this disgraceful behavior.

First, the firms generally deny an obligation for their audits to detect clients’ fraud. The “we were duped” defense is used most often when the firm has a chance of using the “in pari delicto” defense to evade liability.

The Big 4 audit firm’s public relations professionals are very good at explaining their position on the “expectations gap”, the difference between what the auditors actually do and what investors and the rest of the capital markets expect them to do, especially regarding the detection of fraud.

Set the bar low, tell us what you can’t do, won’t do, or want to make us believe you have no responsibility to do, and maybe everyone will go along.

The “we were duped” defense is a bad case of throwing the profession to the lions over and over to save the fortunes of the partners in leadership at that time. How do these weak links end up on the boards of major institutions like Citigroup, JPM and Goldman Sachs? What other profession would rather admit, over and over again that they’re idiots and incompetent and can be fooled over and over and over again by their own clients, just to evade liability?  I think you know the sad answers to those questions.

Another thing I’ve observed is audit firms, through their lawyers and PR professionals, speaking out of both sides of their mouth—one argument claiming innocence, even victimization as PwC claimed in Satyam, goes to the public via press releases and media coverage and another argument, twisting the law in creative ways and often contrary to their public duty, the standards, and good faith is used in the courts.

The firms and their lawyers take advantage of the fact there’s so little mainstream media coverage of their litigation if it’s not a brand name and especially if it’s outside the US like Satyam, Yukos, and Olympus, no one will read about it.

In an overtime case against KPMG for example, in Washington State court, Litchfield v. KPMG, the judge determined that KPMG cannot invoke the administrative exemption in the overtime case without compromising the SEC-required obligations for auditor independence. Nevertheless, KPMG (and the other Big Four firms) have continued to defend against the imposition of overtime pay by claiming unlicensed audit staff perform administrative work for their audit clients.

In April of 2011, KPMG again asserted the administrative exemption as a defense to the overtime case filed against them in the federal district court in New York, Pippins v. KPMG.

Note also that the firm defending KPMG in the Litchfield case, Orrick, is the same firm that defended PwC at the district court stage in another overtime case that is set for trial, Campbell v. PricewaterhouseCoopers case.

In November of 2012, PwC, represented by Orrick, requested that the court seal two exhibits which plaintiffs lodged under seal contain excerpts from the deposition of a witness, and excerpts from a detailed internal PwC training document Both exhibits, according to firm, are relevant to the ability of Attest Associates to exercise discretion and independent judgment, a key issue in PwC’s Motion To Decertify.

The judge said the public has a right to know the factual basis of this court’s decisions. The motion to seal the exhibits, was denied.

When a lawyer claims, on behalf of his audit firm client, that entry-level professionals, “exercise discretion and independent judgment with respect to matters of significance,” in order to win an overtime case, he is claiming performance requirements that contradict PCAOB Auditing Standards in order to help its client avoid overtime pay. ( I know, for a fact, the PCAOB is looking at this ruse.)

That’s why those cases typically don’t go to trial. They settle and depositions and documents are then routinely sealed. Otherwise the public and journalists could see these clear contradictions.

I suppose it’s not surprising KPMG and PwC might think they can get away with this open flaunting of the independence rules. After all, KPMG was performing administrative tax work – loaned staff work that should be done by the client’s staff – for century-old audit client GE. I reported on that chronic violation of the auditor independence rules in early 2011 and the multi-year, multimillion-dollar engagement suddenly stopped. But we’ve not yet seen any sanctions or fines for the PCAOB or SEC on the case.

I’m also embarrassed for the profession by audit firms that deny any responsibility for the serious legal and ethical transgressions of their very senior partners. In the Tom Flanagan insider trading case, Deloitte didn’t resign any audits and was not fined or sanctioned for, by its own admission, hundreds of breaches of their policies and procedures by a 38-year veteran of the firm in a Vice Chairman position and with responsibility for relationships with prestigious Fortune 500 clients.

I wrote in when the case broke November 2008 that Deloitte escaped public criticism because it claimed its Vice Chairman “duped” the firm. I don’t buy it. Flanagan, in comparison to the recent case of insider trading by a KPMG senior partner, actually traded on the information.

Why didn’t Deloitte see this issue earlier?

It seems, based on the complaint, that they were not aware until, presumably, the SEC started asking them and their clients a lot of questions.

I think they were aware of this guy’s rule-breaking. In my experience, when someone like this 30-year “elder statesman” is flouting the rules so egregiously, it’s because they can’t help blustering about it. He may have complained to others, at all levels, about the “SOB, dumbass, rule-jockey, non-client service, idiot, loser, dweebs” who were bugging him to respond to their inquiries about his annual independence certifications.

Deloitte didn’t appear to have a process in place that most other firms I’m aware of, including PwC, have. (Later, Deloitte was the first Big Four ever to receive a “pass with deficiency” grade on a peer review and to have its Part II report publicized by the PCAOB because of stubborn intransigence over acknowledging, let alone fixing, audit quality issues cited by the regulator during the crisis period.)

PwC, for example, has a whole team of auditors in their Jersey City office whose only job is to request tax returns, brokerage, bank and other investment statements from folks that either come up for review based on a “random sample” or are high risk like Mr. Flanagan. They have this process because their colleagues at Coopers and Lybrand screwed up so badly on this stuff before PricewaterhouseCoopers bought them they were forced to put it in place.

KPMG’s Scott London had access to confidential information about more clients of the firm than just the ones he was directly responsible for. He was the partner in charge of the audit practice for a huge market, Southern California. He has the right, and the responsibility, to know about every interesting or problematic thing going on at the audit clients in his practice group.  He may be a “concurring” or quality review partner on more companies’ audits and can “drop by” audit committee and other client meetings on a relationship-building basis. The exposure to KPMG and to the clients of this practice unit, and perhaps others, may be larger than what’s been admitted by the firm so far. It will come out when and if KPMG sues him to recover the costs their former clients Herbalife and Skechers are incurring because KPMG resigned those audits and multiple years have to be re-audited.

KPMG and Deloitte had a responsibility here for partners whose values and ethics became horribly skewed.  Isn’t the firm responsible to the capital markets to be a vigilant community of partners, to spot guys who flew off the ethical rails years ago? Did the firm give them responsibility for audit engagements and client relationships and partners and staff in two of the largest regions in the United States and then leave them alone to manage the franchise, reluctant to second-guess or dig into how well, really, they were performing their public duty, stewarding the interests of the firm, its partners and clients and the capital markets?

Instead KPMG and Deloitte publicly played the victim of their own partners to deflect scrutiny of their own weaknesses.

Last but not least, there’s a sexy new way to help your audit firm clients evade liability. It was tried recently by two firms that should know better— Latham & Watkins and Mayer Brown.

Judge Shira Scheindlin of the Southern District of New York slammed auditors Ernst & Young and PrcewaterhouseCoopers when they sought to dismiss claims against the firms related to a class action lawsuit for the bankruptcy of OSG. OSG is a tanker company that, on March 24, 2010, conducted a public offering of three hundred million dollars of unsecured notes. OSG filed registration statements and prospectuses for regulators and investors that included financial statements with unqualified audit opinions from EY and PwC.  None of the filings or financial statements included a material tax liability that eventually drove the company to bankruptcy in November 2012.

Judge Scheindlin wrote:

“Defendants argue that the entire Audit Opinion is a statement of belief or opinion under Fait because it contains the word “opinion” in its title, and prefaces its conclusions with the phrase “in our opinion.” However, it would render Section 11 meaningless to find that an accountant’s liability turns on this semantic choice. Auditors may not shield themselves from liability under Section 11 merely by using the word “opinion” as a disclaimer.

The Auditor Defendants’ broad reading of Fait would undercut the statutory language establishing strict liability for accountants based on the materials they have certified. It is difficult to imagine what Congress might have meant by an accountant’s certification if not an audit affirming the accuracy of the documents in question.”

An auditor’s opinion is not just puffery about its product, the audit report, but something that investors and the capital markets count on. The auditors’ opinion is the manifestation of its public duty. This attempt by EY and PwC to weasel out of liability, using lawyers from prestigious auditor defense firms Latham and Watkins and Mayer Brown claiming that an audit report and the firm’s signature is a mere “opinion”, is a disgrace to all the professionals involved.

Next thing you know some clever lawyer will claim the audit product, that is the audit report and the firm’s signature, is a protected expression of free speech under the 1^st amendment.

Don’t laugh.  The ratings agencies have already tried it.

First lawyer to try that argument will get a high five from me.  Then I will go wash that hand with a Brillo pad.

Playing the passive victim, the dupe, over and over, should be a big negative for the auditors as employers, business partners and community members. More importantly, it really sucks for our profession, investors and the integrity of the capital markets.

Please stop helping them do it.

For another take on this subject, read my article in the Bernstein Litowitz Berger & Grossman publication, The Advocate for Institutional Investors, from earlier this year.