Protecting the Outside Director: The Red Flag Review

David S. Hammer


The civil liability of outside directors under the securities laws has coalesced around the concept of "red flags". What is a red flag? In law, as in everyday life, it is simply a "danger sign". Chest pain that worsens on exertion is a red flag to a cardiologist; if the patient experiencing the pain previously has had a coronary, the red flag is flagrant. The furtive exchange of a small package for cash is a red flag to a narcotics cop. A series of such exchanges, in the doorway of a known crack house, may establish probable cause for an arrest.

What is a red flag in a securities case against an outside director? It is something the director encounters that is inconsistent with an important representation by management about the company's condition. In principle, there is no reason the inconsistency should imply management fraud: a red flag could be a warning sign that management has made an innocent mistake, albeit a mistake with material consequences. Nevertheless, the term is most commonly used to mean notice of malfeasance, that is, "notice that the audited company was engaged in wrongdoing to the detriment of its investors." In re WorldCom, Inc. Securities Litigation, 346 F. Supp.2d 646, 672 (SDNY 2004). A red flag, in other words, is a signal that management is "cooking the books."

Red flags, of course, have no legal significance unless a person has a duty to respond to them. But a director, including an outside director, has such a duty, under both state and federal law. The duty is particularly clear when the director signs an "SEC filed document", since "by signing documents filed with the Commission, board members implicitly indicate that they believe that the filing is accurate and complete." In re Enron Corporation Securities, & Erisa Litigation, 258 F. Supp.2d 576, 588 (S.D. Texas 2003), quoting S.E.C. Release No. 41987. Accord,, In Re WorldCom, Inc. Securities Litigation, 294 F.Supp.2d 392, 421 (SDNY 2003).

Red Flags and the "Informed" Outside Director

I am concerned here with the liability of outside directors. But what precisely is an outside director? The term has two usages, historically though not logically related. A director may be an outsider because he is unaffiliated with the corporation (that is, neither a current officer nor employee), and he may be an outsider because he is "remote" from day-to-day corporate affairs (that is, dependent on management for information, and excluded from decision-making).

While historically these two definitions have tended to apply to the same directors, recently they have been decoupled. Under prodding by regulatory authorities, many companies have begun to recruit unaffiliated (or, as they are sometimes called "independent") directors to sit on important committees of the board, in the hope they will provide a check on the familiar excesses of management.[1] See, Address of SEC Chairman Williams on Corporate Accountability, Sixth Annual Securities Regulation Institute, San Diego, California (1979) (proposing that nominating, compensation and audit committees should be composed of independent directors); Karmel, Realizing the Dream of William O. Douglas -- The Securities and Exchange Commission Takes Charge of Corporate Governance, 30 Delaware J. of Corp. Law 79, 134-35 (2005) (noting that the SEC has made the independent director "the keystone of its corporate governance policy"); Gabriel, Misdirected? Potential Issues with Reliance on Independent Directors for Prevention of Corporate Fraud, 38 Suffolk U. L. Rev. 641, 646 (2005) ("through American Law Institute and American Bar Association best practice guidelines, SEC action, and stock exchange regulations, a trend towards increased monitoring by independent board members is evident over the last thirty years"); Pease, Outside Directors: Their Importance to the Corporation and Protection from Liability, 12 Del. J. Corp. L. 25, 33 (1987) (arguing for including independent directors on audit and compensation committees). This process has reached its apotheosis with the audit committee, whose membership now may only consist of independent directors.[2]

This new type of outside director -- unaffiliated with management, yet active in corporate affairs -- is the type most vulnerable to red flag liability. See, Coffee, Corporate Securities: Is It Safe to Go On the Audit Committee, N.Y.L.J. 3/20/03. For this is the only type of outside director who is likely to have access to substantial amounts of non-public information about the company. This is significant for the simple reason that management is unlikely to disclose its own wrong-doing. Thus, the director who has no independent source of information -- who knows only what management tells him -- is unlikely to encounter notice of management fraud. And without notice, there is no red flag.

The director who sits on an important committee of the board, however, is likely to have considerable information about the issues governed by his committee, at least some of which will come from non-management sources.[3] And while this fact will put such an "active outsider" in a better position to detect fraud, it also will make him more vulnerable to civil suit. For the more information a director receives from non-management sources, the more likely he is to encounter red flags of management wrong-doing. And the more red flags a director encounters, the more vulnerable he will be to red flag liability.

The informed director is thus a vulnerable director. As Professor Coffee has put it in a recent article about the audit committee:

[A]lthough the Sarbanes-Oxley Act does not tinker with any of the liability rules affecting directors under the federal securities laws, it does increase their exposure to liability by inundating them with knowledge. . . . Equally important, the audit committee's new status as a unique repository of information virtually invites plaintiff's attorneys to name them as defendants and depose them to tap this new source of information and find out what they knew and when they knew it.

Coffee, Corporate Securities: Is It Safe to Go On the Audit Committee, N.Y.L.J. 3/20/03.

To summarize, outside directors are most vulnerable to red flag liability when they sit on important committees of the board. For it is the committee member who will encounter information that management is unable to screen, information that may contradict representations in SEC filings -- information, in other words, that may constitute a warning signal of fraud.

Let us now look at the two provisions of federal securities law in which red flag liability have played the greatest role. They are Rule 10(b)-5, which creates a remedy for fraud, and õ11 of the Securities Act, which creates a remedy similar to negligence.

Fraud Claims Under Rule 10(b)-5

The implied right of action under SEC Rule 10(b)-5 is "the primary private remedy for fraud" under the securities laws. Hazen, 3 Treatise on the Law of Securities Regulation, õ12.3[1] at 189 (5th Ed. 2005). The remedy is only available, however, against defendants who have acted with "scienter", the mental state traditionally associated with fraud. Ernst & Ernst v. Hochfelder, 425 U.S. 185 (1976), (scienter is an essential element of a prima facie case under õ10(b)-5). A defendant who does not act with scienter may be guilty of negligence, but he is not guilty of fraud, and therefore is not liable under õ10(b)-5.

But what is scienter? Certainly it includes outright lies, that is, statements the maker knows to be untrue. The red flag doctrine, however, does not apply to the "bald-faced" lie. The nub of such a claim is not that the defendant has lied, but that he has ignored the lies of others, typically management. In other words, the defendant is charged with a failure to monitor, with having seen, but not responded to, strong evidence of fraud.

A red flag claim then can only be sustained under õ10(b)-5 if scienter encompasses more than simple lying. And, in fact, scienter consistently has been given a wider definition, construed to reach representations made "in reckless disregard of the truth" as well as representations that are intentionally false. Thus, an outside director acts with the scienter necessary for õ10(b)-5 liability when he signs a registration statement, without bothering to investigate multiple and very flagrant warning signals that the statement is false. In re Spiegel Inc. Securities Litigation, 2004 US Dist LEXIS 12648 (N.D. Ill. 2004).

Curiously, federal law seems to encourage plaintiffs to frame their claims in terms of "red flag recklessness" rather than intentional deceit. The Private Securities Litigation Reform Act of 1995 requires that allegations of fraud under the federal securities laws be "particularized", and most (though not all) federal courts apply this requirement to the scienter element. In re WorldCom, Inc. Securities Litigation, 294 F. Supp.2d 392, 411 (S.D.N.Y 2003). By identifying red flags that "should have" informed a director that information was inaccurate, plaintiffs counsel can avoid the need to plead with particularity evidence that the director actually knew the information was false. In other words, the pleading rules governing securities cases make it easier to charge a director with ignoring a lie, than with making one.

Types of Red Flags

What are the most important red flags? The case law provides no useful list. It is easy to speculate on the reasons for this: suits against outside directors, until recently, have been relatively rare, and the stringency of the scienter requirement makes successful suits rarer still; to be found reckless, a director normally must disregard a number of red flags, and it is difficult to extract individual warning signals from the mix and ascribe to them a cardinal importance; there is no strong theory of fraud detection that would justify a list of "prime" factors, etc. PR Diamonds Inc. v. Chandler, 364 F.3d 671, 686 (6th Cir. 2004) ("courts look for multiple, obvious red flags before drawing an inference that a defendant acted intentionally or recklessly.")[4]

All this said, there are some recurring factors which appear in the case law with sufficient regularity to merit special attention. Thus:

  1. The restatement of an item, or items, in a financial statement, "raises questions about the credibility" of corporate officials who made the original statement. Burstyn v. Worldwide Xceed Group, Inc., 2002. U.S. Dist. LEXIS 18555 at *18 (S.D.N.Y. 2002). The disregard of a restatement does not, by itself, establish that an outside director (or any other defendant) was reckless. In re Enron Corporation Securities, 258 F. Supp. 2d 576, 626 n. 55 (S.D. Tex. 2003) (listing cases). Nevertheless, "when a company is forced to restate its previously issued financial statements, the mere fact that the company had to make a large correction is some evidence of scienter" In re Atlas Worldwide Holdings, Inc. Securities Litigation, 324 F. Supp. 474, 488-89 (SDNY 2004). See also, Rothman v. Grego, 220 F.3d 81, 92 (2d Cir. 2000) ("The Appellants argue that GT's $73.8 million write-off supports its claim of fraudulent intent. . . We agree"). The restatement of financials should make a corporate director at least skeptical of post-restatement representations by management; when the company has to make several restatements in a short period of time, the degree of skepticism should be fairly strong.

  2. The unexplained ability of a company to outperform all its competitors should generate suspicion. Thus, when a company reports a uniquely high growth rate, uniquely low expenses, or a profit margin that grossly exceeds that of its competitors, the accuracy of its financial reporting should be examined. See, for example, McCall v. Scott, 238 F.3d 808, 820-21 (6th Cir. 2001) where a healthcare company's annual growth rate of 15 to 20% was so high for the industry, and its billing practices so unusual, that fraud should have been suspected. See also, In re WorldCom, Inc. Securities Litigation, where a telecommunications company's apparently unique ability to control "line costs" again should have suggested fraud. Significantly, the outside directors most at risk for failing to question uniquely superlative performance data are those who have worked for other companies within the industry, and are thus in a position to doubt that the performance being reported could be achieved without fraud. Id.

  3. A government investigation into a corporation's activities should raise suspicions, especially when the investigation concerns billing or accounting practices. Cf. In re WorldCom, Inc. Securities Litigation, supra; McCall v. Scott, supra. In and of itself, the "red flag" thus raised is fairly weak; nevertheless, to the extent the agency announces the subject of its investigation, and the nature of its suspicions, an outside director with independent information on the same subject is at heightened risk. Moreover, the director should be very careful not to sign a registration statement that fails to disclose the investigation, or discloses it in a misleading manner. See, Greenfield v. Professional Care, Inc., 677 F. Supp. 110 (E.D.N.Y. 1987) (refusing to dismiss õ10(b)-5 claim against outside directors who signed registration statement that did not disclose investigation by New York State into fraud).

  4. Management's resistance to questioning should raise suspicions that it has something to hide. Instead, such resistance often results in the questioner "backing-off" from the subject. In WorldCom, for example, one banker mentioned to another that a recent "comfort letter" had not contained a "negative GAAP assurance"; the second banker agreed "that the issue was important to understand but advised against getting 'too vocal' about it since "WorldCom's a bear to deal with on that subject." The fact that WorldCom was "a bear", of course, was a strong reason to pursue the topic. In reWorldCom, Inc. Securities Litigation, 346 F. Supp. 628, 654 (S.D.N.Y. 2004).

  5. The failure of audit committee members to oversee the audit function, while not itself a red flag, may strengthen the inference of scienter to be drawn from red flags. See, In re Lernout & Hauspie Securities Litigation, 286 B.R. 33 (D. Mass. 2002) (refusing to dismiss allegations of õ10b-5 liability against members of the audit committee who had "ignored [the outside auditor's] admonitions over at least two years regarding deficiencies in the internal audit controls and [the outside auditor's] report of serious accounting, cash collection and revenue recognition issues . . ."). Especially in cases arising after the enactment of SOX, audit committee members who ignore their oversight duties have placed themselves in a very dangerous position. As Professor Coffee has noted,

    [t]he threat for audit committee members comes . . . from federal class actions premised on Rule 10b-5 that assert that the audit committee member knew enough about weaknesses in internal controls [or other problems disclosed to such member by the auditor] to have been 'reckless' in signing the company's Form 10-K."

    Coffee, Corporate Securities: Is It Safe to Go On the Audit Committee? N.Y.L.J. 3/20/03 .

In sum, outside directors who belong to special committees, and especially the audit committee, are expected to identify and respond to red flags that are associated with the work of their committee. The failure to respond to multiple red flags, especially when they are obvious, may create liability under õ10(b)-5.

The Remedy for 10b-5 liability:

The Red Flag Review

General Considerations

How may an outside director protect himself against red flag liability? The answer is simple enough: do not sign an SEC filed document before conducting a thorough search for red flags. In the case of directors who sit on important committees, this "red flag review" should cover: (1) the minutes of committee meetings, (2) any materials the committee has received in the course of its work, (3) the minutes of any meetings of the entire board, and (4) any materials the board has received in the course of its work. See, In re Enron Corporation Securities, 258 F. Supp. 2d 576, 626 n. 55 (S.D. Tex. 2003), where the court reviewed minutes of board and committee meetings to see if directors had been presented with evidence of management's fraudulent conduct. Cf., Stichting Pensionfonds, ABP v. Qwest Communications International, Inc. 2005 U.S. Dist. LEXIS 9026 (D. Colo.) (court reviewed information provided audit committee during meetings over two year period).

An outside director who has compared the representations in an SEC filed document with the minutes of his committee and board meetings, and the information contained in materials he has received, has gone a very long way toward protecting himself from õ10(b)-5 liability. Remember, the standard under õ10(b)-5 is very high: a director is only liable for an intentional misrepresentation, or a statement made in reckless disregard of the truth. A director who makes a serious attempt to identify warning signals that his company is in trouble can hardly be said to have recklessly disregarded the truth.

The Audit Committee Review

The audit committee is charged with overseeing both the internal audit function and the work of the company's outside auditors; for that reason, when a company's financial disclosures turn out to be materially false, it is the audit committee member who is most likely to be held accountable, both by the SEC and by private investors. See, SEC v. Chancellor Corp., 03 Civ. 10762 (D. Mass.) (charging outside director who belonged to audit committee with violating õ10(b)-5 "by ignoring clear warning signs that financial improprieties were ongoing at the company"). The audit committee is thus a special case, and its red flag review deserves individual consideration.

To effectively protect the audit committee director, a red flag review must pay particular attention to any audited financial statements that have been incorporated into the filed document that committee members have signed. To perform a competent review of the financial statement, the audit committee should employ an expert, preferably a forensic accountant, who can identify any suspicious or questionable entries. This accountant, of course, should be unaffiliated with either the company, or the company's outside auditor. He should have access to the minutes of all board meetings, the minutes of any committee meetings and, if at all possible, the workpapers of the company's outside auditor.

If, after reviewing these materials, the forensic accountant reports that he has found no red flags, the audit committee member may sign the SEC filed documents without a substantial risk of incurring 10(b)-5 liability. Under present law, it will be almost impossible to prove that he was reckless in doing so: the plaintiff would have to show that an outside director should have identified red flags that were not apparent to the company's independent auditor, or to an unaffiliated forensic accountant who reviewed the auditor's opinion. Few plaintiffs will see this as a task worth undertaking.

The Third Circuit's opinion in IKON Office Solutions, 277 F.2d 659, 669 (3d Cir. 2002) is instructive in this regard. In IKON, investors sued the company's outside auditors, Ernst & Young, claiming they had issued an unqualified audit report approving IKON's financial statements for 1997, either knowing, or recklessly disregarding the fact that those statements overstated pre-tax income. The district court rejected these claims, noting that the Board of Directors had hired its own accountants (Arthur Andersen) to review Ernst's work, and that Andersen had found nothing significant to criticize. On appeal, the Third Circuit affirmed. In the appellate court's words, although "Andersen's conclusions do not provide cover categorically to insulate Ernst from liability, the fact that Andersen endorsed IKON's decision not to restate the 1997 financial statements nevertheless is highly probative of the competence of Ernst's 1997 audit opinion and undermines any suggestion that Ernst could not reasonably have opined that IKON's financial statements fairly presented its financial condition in accordance with GAAP."

The IKON case essentially holds that, for õ10b-5 purposes, a second opinion by a competent auditor endorsing the primary auditor's conclusions provides substantial protection for the primary auditor against a charge of recklessness. The same reasoning undoubtedly would have applied to a suit against the Board of Directors: Andersen's endorsement of Ernst's audit would have provided substantial protection against a finding that a member of the board who signed the registration statement containing that audit had been reckless in doing so.[5]See also, Stichting Pensionfonds, ABP v. Qwest Communications International, Inc. 2005 U.S. Dist. LEXIS 9026 * 39 (D. Colo.) where, in dismissing a 10(b)-5 against members of the audit committee, the court noted that "after receiving information about Qwest's involvement in improper swap transactions with Global Crossing, the audit committee hired a law firm to help it to investigate more than 200 network deals . . . "

Dealing With Red Flags

In IKON the "secondary auditors" did not find any red flags that the audited financials were inaccurate. But what if they had? What should a director do if a "red flag review" actually uncovers something inconsistent with management's representations about the company's condition?

Unfortunately, "[i]t is not entirely clear from the cases . . . what steps should be taken if a 'red flag' exists." Stone, Cases Offer Guidance on Audit Committees, N.Y.L.J. 10/22/01. At the very least, however, the director must ask management and the outside auditors for an explanation. If management and/or its auditors respond with a plausible explanation, the director may accept that explanation and end his inquiry. See, In re Software Toolworks, Inc. 50F.3d 617 (9th Cir. 1994) (where underwriters were sued, under õ11, for accepting the decision by the company's auditors (Deloitte) to recognize certain types of revenue, in spite of red flags that the revenue was chimerical; in granting the underwriters' summary judgment motion, the 9th Circuit noted that the underwriters had "confronted Deloitte, which explained its decision to recognize the OEM revenue"). See also, In re WorldCom, Inc. Securities Litigation, 2005 US Dist LEXIS 4193 (2005) (stating, with respect to õ11 reliance defense, that "If the line cost data was a red flag, then Roberts had an obligation to inquire until satisfied as to the integrity of the line cost data."). In the case of the audit committee, which bears the greatest vulnerability to civil liability, it would be prudent to have the forensic accountant review the workpapers of the company's outside auditor before deciding whether the explanation is plausible. See, Lawrence, 1 Due Diligence in Business Transactions, õ2.03[A] [4] at 2-18.3 (2005).

An explanation, accepted as plausible by a forensic accountant, and supported by the auditor's workpapers, should protect a director against any later charge that he was simply indifferent to the truth; this is true, moreover, even if the explanation turns out to be false. See, In re Enron Corporation Securities, 258 F. Supp. 2d 576, 626 n. 55 (S.D. Tex. 2003), where the court dismissed õ10(b)-5 claims against outside directors after reviewing minutes of board meetings in which management provided plausible explanations of red flags that nevertheless turned out to be false. Cf., Stichting Pensionfonds, ABP v. Qwest Communications International, Inc. 2005 U.S. Dist. LEXIS 9026 * 39 (D. Colo.) (noting that the audit committee hired law firm to investigate questionable transactions, before concluding that the transactions "were not quantitatively or qualitatively material to Qwest's financial statements.")

But what if the explanation tendered is not plausible? At this point the situation becomes delicate, and potentially dangerous. The director, after all, has gone on record as challenging some item in a proposed filing; in the case of the audit committee director, this challenge may have been at the behest of an independent forensic expert. The director therefore cannot drop the issue: if he does, he is in a vastly worse position than if he had never performed a red flag review in the first place.

So what should he do? He can, of course, threaten to resign, and that threat may resolve the problem. A director's resignation, after all, is a reportable event, along with the reasons tendered for the resignation. A company thus is likely, if at all possible, to accommodate a director who, on a point of principle, insists on changes to a public filing. (I stress here "point of principle"; a director who, in a proxy fight, threatens to resign as part of a strategy to oust management may find management very unaccommodating).

This is the best case scenario. But what if management does not modify the contents of its filing? At this point, the director may have no choice but to resign. Management, of course, may suggest some device to avoid the resignation, such as putting the issue to a vote of the entire board. But this is really no solution at all. The director's signature is a representation that he personally "believe[s] that the filing is accurate and complete." In re Enron Corporation Securities, & Erisa Litigation, 258 F. Supp.2d 576, 588 (S.D. Texas 2003), quoting S.E.C. Release No. 41987. The fact that other directors accept management's explanation is thus irrelevant. Moreover, it seems very questionable whether a director would retain his indemnification rights under a D&O policy, having signed a filing that he has previously characterized as suspicious.

Unfortunately, resignation may not always be enough: faced with a refusal by management to modify a filing that the director has reason to believe is either inaccurate on its face, or replete with red flags of management fraud, the director may be obliged to communicate his misgivings to the SEC. For that reason, a director who has reached an impasse with his company over the contents of a public filing should seek advice from the company's -- or his own -- SEC lawyer.

Integrity of the Internal Audit System

There is a final point I should make about the audit committee review. Under Sarbanes-Oxley, independent auditors must communicate any misgivings with the audit functions to the audit committee. The audit committee will then be charged with ensuring that the audit function is improved to meet those misgivings. Hardesty and Hilton, Director's Guide to Sarbanes-Oxley Compliance, õ6.02[10] at 6-10 (2004) (is this cite correct?). The audit committee review therefore should pay special attention to any suggestion from the company's accountants that changes should be made to the audit function. A suggestion that has been received, but not acted on, may provide the basis for a later finding of recklessness. In re Lernout & Hauspie Securities Litigation, 286 B.R. 33 (D. Mass. 2002) (refusing to dismiss allegations of õ10b-5 liability against members of the audit committee who had "ignored [the outside auditor's] admonitions over at least two years regarding deficiencies in the internal audit controls and [the outside auditor's] report of serious accounting, cash collection and revenue recognition issues . . .").

A Note on Red Flag Reviews and Criminal Prosecution

Fraud constitutes both a crime and a tort, and violations of section 10(b) therefore may result in criminal as well as civil penalties. Analytically, there is little to distinguish the two forms of fraud, although of course a criminal prosecution under 10(b)-5 must be proved beyond a reasonable doubt, rather than by a mere preponderance of the evidence. The only additional distinction lies in the nature of the intent requirement: to be criminal, a defendant's conduct must be "willful" while civil liability requires a showing of "scienter". See, 15 U.S.C. 78ff, providing that willful violations of the 1934 Act may be prosecuted as crimes.

It is far from clear that there is a meaningful distinction between willfulness and scienter. See, Cheng, Harrington & Ruiz, Securities Fraud, 41 Am. Crim. L. Rev. 1079, 1087-88 (2004) ("[I]t is debatable whether willfulness in criminal cases requires something above the ordinary scienter required in civil cases"). Thus, under the case law, both may be inferred from "reckless, deliberate indifference to or disregard for truth or falsity". United States v. Weiner, 578 F.2d 757, 786 (9th Cir. 1978). In other words, whatever metaphysical distinctions may be drawn between the two terms, the mens rea requirement in a criminal prosecution may be satisfied by the same evidence that establishes scienter in a civil case. See, United States v. Boyer, 694 F.2d 58, 60 (3rd Cir. 1982):

The standard of proof for civil liability in fraud is lower than the proof beyond a reasonable doubt required for a criminal conviction. But there is no reason to suppose that in enacting criminal statutes prohibiting mail fraud or securities fraud the Congress intended that the substantive element of the offense -- the scienter -- should be different than for civil liability for fraud. We conclude, therefore, that inclusion in the charge of a reference to reckless disregard of the facts was not improper. In so ruling we join those courts of appeals which have considered the question.

The fact that criminal willfulness may be inferred from a reckless disregard for the truth implies that "red flag" liability applies in a criminal as well as a civil context. To be sure, no criminal prosecution for securities fraud has thus far rested on a red flag theory. Nevertheless, there is no doctrinal impediment to such a prosecution, and the red flag doctrine has been used to secure convictions under other criminal laws. See, United States v. Frigerio-Migiano, 254 F.3d 30, 35 (1st Cir. 2001) (red flag liability may establish the knowledge element of money laundering). A red flag theory thus should be enough to get to a jury and, if the jury convicts, sufficient to secure an affirmance on appeal.

If a criminal prosecution may rest on a red flag theory of recklessness, a red flag review should be available as a defense, that is, a means of showing that the defendant was not indifferent to the truth. Indeed, securities fraud already recognizes several "intent based" defenses, such as "good faith", and "reliance on counsel", both of which resemble the "red flag review" defense in important respects. Cheng, Harrington & Ruiz, Securities Fraud, 41 Am. Crim. L. Rev. 1079, 1121-1123 (examining intent based defenses). The chief value of a red flag review, to a potential criminal defendant, would probably come during pre-indictment negotiations with prosecutors, since evidence of a diligent review would make a successful prosecution on a red flag theory extremely unlikely. However, if negotiations fail, the review should be available to support pre-trial motions, or a defense at trial.

The Role of Red Flags in Other Contexts

Some sections of the securities laws impose a "culpability" requirement: a plaintiff must show that the defendant was blameworthy. Red flags may be used, in such provisions, to establish culpability, demonstrating the defendant's negligence, recklessness, or even intentional misconduct as the remedy requires. Other sections of the securities laws do not require proof of culpability. These sections, however, typically provide defendants with an affirmative defense of non-culpability. The role of red flags under these provisions is to rebut an attempt to establish a "non-culpability" or "innocence" defense.

Suits Under Section 11

The scienter requirement makes a õ10(b)-5 claim against an outside director difficult to sustain, and this is true even with a director who sits on an important committee of the board. The law requires recklessness and a truly reckless corporate director is hard to find.

Recognizing this problem, plaintiffs' counsel have searched for remedies that do not require proof of scienter. Of these, the most useful is õ11 of the Securities Act, 15 USCA õ 77k, which provides a civil remedy against persons who issue registered securities pursuant to false or misleading registration statements.

For a plaintiff seeking to sue an outside director, õ11 has an extraordinary advantage over õ10(b)-5: it does not impose a scienter requirement. Indeed, õ11 does not even require proof of negligence; to state a prima facie claim, it is enough to allege that a registration statement contains material misstatements or omissions. Herman & Maclean v. Huddleston, 459 U.S. 375, 382 (1982). See also, Hazen, 2 Treatise on the Law of Securities Regulation, õ7.4 at 86 (5th Ed.2002). And while it is true that õ11 only applies to registration statements, for the plaintiff (or class of plaintiffs) whose injuries arise from a public offering, õ11 is a very potent weapon.

The Role of Red Flags Under Section 11

The central drama in a õ10(b)-5 "red flag" case comes at the opening of the first act. Before an answer is even served, the defendant will make a 12(b)(6) motion to dismiss for failure to plead scienter with particularity, and the red flag issue will be argued. The central drama in a õ11 case occurs somewhat later, at the end of discovery. It is here, when the defendant moves for summary judgment on the basis of an affirmative defense, that the plaintiff will assert the presence of red flags as a rebuttal. See, In re, WorldCom Inc. Securities Litigation, 346 F. Supp.2d at 672-74. Pirelli Armstrong Tire Corp. Retiree Med. Bens. Trust v. Dynegy, Inc. (In re Dynegy, Inc. Sec. Litig.), 339 F. Supp. 2d 804, 872 (S.D. Tex. 2004).

Let us turn then to the affirmative defenses.

Affirmative Defenses Under Section 11

With respect to the issuer, õ11 is a strict liability statute. Herman & Maclean v. Huddleston, 459 U.S. 375, 382 (1982) ("Liability against the issuer of a security is virtually absolute, even for innocent misstatements."). Defendants other than the issuer, however, have several affirmative defenses. The most important of these, for outside directors, are two defenses provided by õ11(b). The first of these is a "due diligence defense", the second, a "reliance on expert" defense. Because the reliance defense has special importance for audit committee directors, I will consider that provision first.

The Reliance Defense

Registration statements often incorporate the written opinions of an expert about some aspect of the company's activities or financial condition. When a õ11 claim arises from some representation that was addressed by the expert, such as a professional accountant, a defendant may avoid liability by showing that he reasonably relied on the expert's opinion that the statement was neither untrue nor misleading.[6]In re WorldCom, Inc. Securities Litigation, 2005 WL 638268 *7 (SDNY 2005) (a professional accountant is an "expert" for the purposes of õ11, so that non-issuer defendants "may rely on an accountant's audit opinion incorporated into a registration statement in presenting a reliance defense"); see also, Miller v. Pezzani (In re Worlds of Wonder Sec. Litig.), 35 F.3d 1407, 1421 (9th Cir. 1994).

This is the affirmative defense of "reliance on an expert opinion". The reliance defense is especially important to the audit committee director, since credible claims against that committee are most likely to arise from representations in the audited financial statement. As indicated below, to make this defense effective, an outside director -- especially if he sits on the audit committee -- should engage an independent forensic accountant to conduct a "red flag review" of any audited financials that will be incorporated into a prospectus.

Red Flags and the Reliance Defense

Historically, defendants have argued that the reliance defense provides an absolute bar to liability under õ11, at least to the extent that errors sued upon appear in the audit opinion. Coffee, Corporate Securities: Due Diligence After WorldCom, NY Law Journ, 1/20/05. This position, however, has been rejected by the courts, which have held that defendants are not entitlted to "blind reliance" on an expertised opinion. More specifically, they have held that a director who ignores warning signals that an expert opinion is unreliable, will lose the protection of the defense. In re Software Toolworks, Inc. 50F.3d 615 (9th Cir. 1994). See also, WorldCom, stating that directors "may not fend off liability by claiming reliance where 'red flags regarding the reliability of an audited financial statement, or any other expertised statement, emerge."

This holding seems correct. The language of 11(b), after all, requires the defendant to show that "he had no reasonable ground to believe . . . that the statements [in the expertised part of a registration statement] were untrue . . ." Pirelli Armstrong Tire Corp. Retiree Med. Bens. Trust v. Dynegy, Inc. (In re Dynegy, Inc. Sec. Litig.), 339 F. Supp. 2d 804, 872 (S.D. Tex. 2004) (to sustain the defense, the director must show "that they had no reason to believe, and did not believe, that the expertised parts of the registration statement were inaccurate"). Thus, if a red flag creates a "reasonable ground" for disbelief, the defense by its own terms should not apply.

How strong does a red flag have to be to create a reasonable ground for disbelief? Less strong, it would seem, than to establish a "reckless disregard for the truth" under õ10(b)-5. Under õ10(b)-5, a red flag must establish with virtual certainty that a representation is false, since it is only then that the disregard of the red flag is truly reckless. Under õ11, however, the test is not "virtual certainty", but merely a "reasonable ground to believe" a representation is false. In other words, a director who ignores a strong but not necessarily conclusive red flag will lose the protection of the reliance defense.

The reliance defense thus seems to incorporate a negligence standard; this, as it happens, also is the standard for the õ11 due diligence defense. In re WorldCom, Inc. Securities Litigation, 346 F.Supp.2d 628, 662 (SDNY 2004) (due diligence defense under õ11 "is understood as a negligence standard").[7] If this reasoning is correct, a director may lose the protection of the reliance defense on a much weaker showing than would be required to find him liable under 10(b)-5.

The Section 11 Review

To retain the protection of the reliance defense, a director must perform a red flag review of any expertised section of a registration statement, before affixing his signature. In doing so, his model should be the õ10(b)-5 audit committee review of audited financial statements, which was itself a red flag review of an expert's report. The same strictures apply here: the review should employ an expert, such as a forensic accountant, who should be given complete access to: (1) the minutes of all committee and full board meetings, (2) all materials the director has received in the course of his duties, and (3) the work-papers of the expert whose work underlies the "expertised" statement under review. While the case law is slim, more than this does not seem necessary. See, In Re Software Toolworks, Inc., 50 F.3d at 623, stating that a party who seeks to invoke the reliance defense: "need not conduct due diligence into the 'expertised' parts of a prospectus, such as certified financial statements."

If this review does not identify a red flag, the director can safely rely on the authority of the expert who drafted the expertised section. If the review does identify a red flag, the director should: (a) a request an explanation from the expert who drafted the section in question, as well as from management, (b) demand changes to the statement if the explanation is unsatisfactory, (c) threaten to resign if the changes asked for are not made, (d) consult the company's SEC attorney about the need to notify the Commission resign and (e) resign. See, 15 U.S.C. section 77k(b)(1) providing that a director can protect himself from liability by resigning "before the effective date of the part of the registration statement to which his liability is asserted . . . "

The Due Diligence Defense

The reliance defense only applies to "expertised" sections of the registration statement. This includes all portions "purporting to be made on the authority of an expert" or "purporting to be a copy of or extract from a report or valuation of an expert." Section 11(b)(3)(A). For sections that are not based on an expert's opinion or report, section 11(b) provides a different affirmative defense -- the defense of due diligence.

While red flags so far have played little role under the õ11 due diligence defense, their potential role is plain. To show due diligence, a defendant must prove that he had a reasonable ground to believe that the statements in a non-expertised section of the registration were true and not misleading.[8] If a director encounters strong red flags -- that is, evidence that is inconsistent with representations in a registration statement -- he may not be able to establish "reasonable grounds" for such a belief.

Establishing Due Diligence

What must an outside director do to establish his "reasonable grounds for belief" in the non-expertised portion of a registration statement? The answer seems to be: perform a red flag review of the non-expertised portion of a prospectus. In other words, for an outside director -- if not for an inside director or underwriter -- the due diligence and the reliance defenses require a comparable level of investigation.

I base this conclusion on a case law that is very sparse -- a handful of district court opinions over 30 years. These cases suggest that "[a]n outside director's investigation can be less complete than an inside director's"; at the same time, the outside director "cannot simply rely on an inside director's assurances that the information in the prospectus is accurate. Some effort to verify that information is still required." Hicks, Civil Liabilities: Enforcement & Litigation Under the 1933 Act, section 4:101 at 4-4-243 (2004). The outside director, in other words, cannot be completely passive and still invoke the defense.

So then, what is required? At the outset, the director will have the prospectus, comments of management endorsing the prospectus, and the underwriter's due diligence report; he may also have statements of other experts who engaged in due diligence, including professional accountants. The outside director is entitled to use all these materials; he does not seem to be required to engage in independent fact-finding to satisfy the requirements of due diligence. See, Laven v. Flanagan, 695 F. Supp. 800, 811-12 (DNJ 1988) (director is entitled to use the underwriter's report).

It would seem to follow from this that, if the underwriter does not question the prospectus, the outside director could simply adopt the underwriter's conclusions, and consider his due diligence obligations satisfied. This, however, does not seem to be the law: an outside director must engage in a limited verification process of the underwriter's report. This should take the form of a "red flag review", in which the director compares the prospectus and its endorsements with: (1) the minutes of committee meetings, (2) any materials the committee has received in the course of its work, (3) the minutes of any meetings of the entire board, (3) any materials the board has received in the course of its work and (4) any information about the company that he has learned from other sources, such as his own work within the industry.[9]See, Weinberger v. Jackson, 1990 U.S.Dist LEXIS 18394 * 11-12 (ND Cal.):

Plaintiffs argue that Valentine did not make specific inquiries of the company's management with respect to the representations contained in the prospectus. But he had no duty to do so as long as the prospectus statements were consistent with the knowledge of the company which he had reasonably acquired in his position as director. He was also¶ given comfort by the fact that the prospectus and the information in it were reviewed by underwriters, counsel and accountants. This met the standards of due diligence and reasonable inquiry.

To summarize: if, as in Weinberger, the director's corpus of knowledge about the company is consistent with the prospectus, due diligence is satisfied. But what if there is a conflict? In that case, as in the 10(b)-5 review, the director must demand a plausible explanation from management; there is authority that he must then check that explanation with the underwriters, to see if they also are satisfied. See, In re WorldCom, Inc. Securities Litigation, 2005 U.S. Dist. LEXIS 4193 at *36-7 (S.D.N.Y.) where the court rejected a summary judgment motion by the chairman of WorldCom's board of directors, whose extensive experience within the telecommunications industry should have suggested to him that WorldCom's performance data was impossible without fraud:

Even assuming that Roberts were able to show that he is properly considered an outside director . . . [h]e has not shown that he conducted any sort of investigation, much less a reasonable investigation in light of all relevant circumstances; instead, he has emphasized his "intelligent and well-reasoned reliance" on his¶ fellow directors, experts, and professionals who were in the position to evaluate WorldCom, and his review of the materials management gave to the Board. While reliance on management's presentations to the Board, after a careful examination of the materials provided to the Board, may suffice in some cases, the assertions in this case [about red flags] raise questions as to whether it was incumbent on Roberts to engage in a more active dialogue with management and perhaps even with the Company's auditors and underwriters . . .

If this "active dialogue" results in a plausible explanation of the apparent inconsistencies earlier identified, due diligence again is satisfied. If it does not, the "resignation protocol" I suggested in connection with 10(b)-5 would seem to apply. In other words, the director should threaten to resign unless changes are made in the prospectus, and if the company refuses to make such changes, consult with SEC counsel and resign.

The previous analysis, of course, rests on the conclusion that the due diligence defense does not require outside directors to engage in actual fact-finding. Can this conclusion be squared with the wording of section 11(b), which requires a defendant to show that his belief in the fairness of a registration statement is based on a "reasonable investigation"? The answer, I think, is "yes": while the "reasonable investigation" requirement seems to require fact-finding, it does not explicitly require that each defendant conduct his own, independent fact-finding. To the contrary, the language of the provision, and the case law construing that language, permit a director to "piggy back" on an investigation conducted by others, most obviously the underwriters. In other words, a director who has read, and accepts, an underwriter's report has a belief that is based on a reasonable investigation, even though that investigation is not his own.

I must stress, however, that the law on this point is far from conclusive: there is no appellate decision holding that an outside director may satisfy his due diligence obligation by adopting the investigation of another party, and the few trial court decisions are exasperatingly imprecise. The issue thus remains open. And, while the policy ground for relieving outside directors from a fact-finding obligations seems obvious, there are opposing policies that would support such a requirement. The underlying purpose in imposing liability under section 11, after all, is to prod officers and directors into producing the most accurate possible prospectus. Thus, at least to the extent that a director is in a position to meaningfully supplement the investigation conducted by underwriters and corporate insiders, it makes little sense to excuse him from that obligation.[10]

This then seems to be the relevant question: is a director in a position to engage in meaningful, independent fact-finding. To the extent that a director is truly "remote", sitting on no important committee of the board, and playing no other significant role in corporate affairs, he may not have anything meaningful to contribute to the due diligence process. But to the extent the director is a member of a vital corporate committee, or otherwise plays an important role in vital corporate activity, the case may be otherwise: such a director may be in a position to engage in meaningful fact-finding on matters connected with his committee. For such a director, particularly including a member of the audit or compensation committee, a modest independent investigation may be prudent, if not explicitly required by current case law.


This paper has looked at the role red flags play under two sections of the securities laws -- õ10(b)-5 and õ11. I conclude that an outside director may protect himself from liability under each section by engaging in a "red flag" review before signing any SEC filed document. In the case of audit committee members, I suggest that the review be conducted with the help of an independent forensic accountant.

There are, of course, other sections of the securities laws that a plaintiff may invoke. The law that develops under these sections, however, should not differ appreciably from that which is now developing under 10(b)-5 and section 11. Thus, to the extent that a section imposes a culpability requirement as an element of prima facie case, red flags will be used -- as they are used under 10(b)-5 -- to show that the defendant was negligent or reckless. To the extent the section provides a defense based on "lack of culpability", red flags will be used -- as they are used under õ11 -- to oppose the defendant's right to invoke that defense. The review I suggest in this paper, in other words, should go a long way toward protecting the outside director from civil liability.

David S. Hammer

[1] Under Delaware law, a director is "independent" if he is not under the domination of management.

[2] SOX requires that each member of the audit committee be an independent director, with independence defined as lack of affiliation with the issuer or its subsidiaries. 15 U.S.C.A. 78j-1(m)(3)(A). The New York Stock Exchange also requires that the audit committee be composed of independent directors, while NASDAQ provides that a majority of audit committee members must be independent. See generally, Karmel, Will Convergence of Financial Disclosure Standards Change SEC Regulation of Foreign Issuers, 26 Brooklyn J. Int'l L. 485 (2000).

[3] Professor Coffee notes that SOX provides that audit committee members receive:

[i] 'internal control reports' under õ[404[a] from both management and the outside auditors; [ii] management reports under õ[302[a][5], which must alert the audit committee as to 'all significant deficiencies in the design or operation of internal controls' and as to 'any fraud, whether or not material, that involves management;' and [iii] attorney reports under õ[307, alerting them of any evidence of material law violations as to which the chief legal officer did not respond adequately. In addition, under õ [301, the audit committee must develop procedures for the anonymous submission of concerns by employees "regarding questionable accounting or auditing matters.

Coffee, Corporate Securities: Is It Safe to Go On the Audit Committee, N.Y.L.J. 3/20/03.

[4] The "red flag" decisions involving independent auditors are much more abundant than those involving outside directors. Yet little guidance can be gained from the auditor cases; very simply, more is expected of a professional accountant than an outside director, however active in a company's affairs. The point is nicely made by the Enron civil cases. Enron's independent auditors, and its outside directors, both knew that the company had developed a fantastically complicated organizational structure, employing large numbers of "highly unusual" special purpose entities with which Enron had engaged in very substantial transactions. Both the auditors and the directors also knew that these transactions were not at arms-length, were not in the ordinary course of business, and often required a waiver of Enron's conflict-of-interest rules. But only the auditors could have been expected to understand the significance of these facts, which GAAS expressly states "should trigger an enhanced attention to the possibility of fraud."

For this reason, the district court held that a prima facie case of red flag liability had been stated against the auditors. Yet the same facts had no special meaning for the outside directors, who were not accounting experts and did not operate under "GAAS". Thus, the court held that a prima facie case had not been stated against the outside directors. Compare, In re Enron Corporation Securities, 235 F.Supp.2d 549, 677-685 (SDTex 2002) (refusing to dismiss 10(b)-5 claim against outside auditors), with In re Enron Corporation Securities, 258 F. Supp. 2d 576, 626 n. 55 (S.D. Tex. 2003) (dismissing 10(b)-5 claim against outside directors).

[5] The Third Circuit in IKON held that Andersen's second opinion did not "categorically" insulate Ernst from liability. Andersen, however, compromised its independence by agreeing with Ernst "as a condition to being awarded the contract . . . not to report to IKON's board if it determined that the 1997 audit did not comport with accepted auditing standards." 277 F.3d at 669. It is at least possible that a completely independent engagement would have provided something approaching "categorical" protection to Ernst.

[6] Under the statutory language, a defendant, other than the expert authority, will not be liable if he demonstrates that "he had no reasonable ground to believe, and did not believe, at the time such part of the registration statement became effective, that the statements therein were untrue or that there was an omission to state a material fact required to be stated therein or necessary to make the statements therein not misleading."

[7] One commentator states that the test under section 11 is whether "the defendant has some reason to doubt the statements in the expertised part of the document. . . " Hicks, Enforcement and Liabilities Under the 1933 Act, õ4:111 at 4-274 (2004). This, I think, is incorrect: the statute does not speak of a "reason to doubt", but of an affirmative reason to believe a statement untrue. The two are not equivalent: less evidence is required to simply doubt the truth of a statement, than to reach a conclusion that it is false. As an example, the fact that a company has previously restated its financials may justify skepticism about management, but that skepticism, by itself, does not create a reasonable ground to believe the financials are false.

[8] The statutory language requires a defendant who invokes the due diligence defense to show that "he had, after reasonable investigation, reasonable ground to believe and did believe, at the time such part of the registration statement became effective that the statements therein were true and that there was no omission to state a material fact required to be stated therein or necessary to make the statement therein not misleading."

[9] To the extent the prospectus contains financial data separate and apart from the audited financial statement, the red flag review should employ an unaffiliated forensic accountant

[10] Moreover, had Congress wanted to relieve directors from a due-diligence obligation, the obvious path would have been to remove them from the list of potential section 11 defendants.

Copyright David S. Hammer, July 1, 2005