By Andrew F. Tuch
Gatekeeper liability—the framework under which actors such as law firms, investment banks, and accountants face liability for wrongs committed by their corporate clients—is one of the most widely used strategies for controlling corporate wrongdoing. It nevertheless faces several well recognized flaws: gatekeepers may seek more to escape liability than to prevent wrongdoing by their clients; gatekeepers depend financially on the clients whose conduct they must monitor; and multiple gatekeepers act on major transactions, interacting with one another in ways that may produce gaps and overlaps in the gatekeeping net, undermining its deterrent force.
In The Limits of Gatekeeper Liability, I assess an original and provocative strategy intended to address many of the challenges facing gatekeeper liability. Proposed by Professor Stavros Gadinis and Mr. Colby Mangels in their paper Collaborative Gatekeepers, the strategy is inspired by rules that have proven effective in anti-money laundering regulation. In my response, I examine some of the often overlooked subtleties involved in both justifying gatekeeper liability regimes for controlling corporate wrongdoing and in calibrating the deterrent force of these regimes.
The Gadinis-Mangels strategy has three core features. First, it would require gatekeepers to collaborate with regulators by reporting any conduct on the part of their clients that they suspect involved wrongdoing. Gatekeepers would satisfy this duty by reporting their suspicions; the duty would not require them to take additional action that might disrupt or otherwise deter wrongdoing. Second, the proposed regime would be layered on top of existing or conventional gatekeeper liability regimes, rather than amending or replacing them. Accordingly, core anti-fraud provisions of US federal securities laws applicable to gatekeepers—including Section 11 of the Securities Act and Rule 10b-5 promulgated under the Securities Exchange Act—would continue to apply. Finally, gatekeepers that discharged their reporting duty would gain immunity from subsequent actions, including under conventional gatekeeper liability regimes, “provided they continue[d] to act in good faith.”
The proposal holds promise in overcoming problems that commonly afflict gatekeeper liability regimes. By formulating its threshold for gatekeeper action in terms that gatekeepers are less likely to defeat strategically, such as by adopting a “head-in-the-sand” approach, the strategy creates stronger incentives for gatekeepers to vigilantly monitor their clients. By lowering the threshold at which gatekeepers must act, it requires vigilance by gatekeepers early in the transactional process, diminishing the chance that strong client bonds will lead gatekeepers and their representatives to acquiesce in client wrongdoing. And by feeding this information to a single party (a designated regulator) that has the potential to draw on additional expertise, as needed, the proposal attempts to close gaps in expertise that can arise from the presence of multiple gatekeepers in business transactions.
Although the proposal admirably tackles many of the flaws from which gatekeeper liability regimes suffer, I argue that its effectiveness will turn on how it interacts with conventional gatekeeper regimes on which it is overlaid. That issue rests on how the immunity that the proposal gives gatekeepers would operate. Under the proposed immunity, gatekeepers that report their suspicions about their clients’ wrongdoing will be shielded from liability not only for enforcement actions arising under the proposed regime but also for actions “arising out of the information they provide,” as long as they “continue[d] to act in good faith.”
I examine the immunity’s operation from the perspective of an underwriter acting on a registered securities offering. I envisage a case of securities fraud by an issuer in circumstances where its underwriter suspected wrongdoing early in the transactional process and complied with its reporting duty by informing regulators of its suspicions. If the immunity were narrowly interpreted, the underwriter would not easily be relieved of liability under conventional liability regimes such as Section 11 and Rule 10b-5. After reporting its suspicions as required by the new duty, the underwriter would still need to perform due diligence to avoid potential liability under Section 11 and Rule 10b-5. These conventional gatekeeper liability provisions require more of gatekeepers than simply reporting their suspicions. Given a narrow interpretation, the immunity could even heighten the underwriter’s liability under Section 11 and Rule 10b-5 because an underwriter that suspects wrongdoing could be regarded as aware of “red flags” and therefore need to perform more searching due diligence to avoid liability under Section 11 and Rule 10b-5 than it would otherwise. Under a narrow interpretation, the proposed reporting duty would represent an additional cost to the underwriter, rather than offering potential relief from existing obligations through the immunity.
On the other hand, giving the immunity a broad interpretation would also raise concerns. In that case, the immunity could significantly undermine the deterrent force of existing gatekeeper liability provisions because the immunity would shield an underwriter that reported its suspicions from liability under Section 11 and Rule 10b-5. Without the threat of liability under those provisions, the underwriter would have weaker incentives to continue to perform due diligence after having reported its suspicions to regulators. The immunity therefore risks undermining the deterrent force of existing gatekeeper rules and yet without the immunity the proposal may simply represent an additional burden on gatekeepers.
The difficulty of calibrating the immunity reflects a deeper concern with gatekeeper liability regimes. They are difficult if not impossible to justify, at least to the satisfaction of policy makers wary of imposing additional liability. This difficulty stems from the need to establish gatekeeper liability’s superiority over more direct forms of liability—namely, individual and enterprise liability. Gatekeeper liability serves to supplement these other forces for deterring wrongdoing, and is justified only where, together with them, it deters corporate wrongdoing more cost effectively than alternative regimes. The task of justifying gatekeeper liability hinges on the satisfaction of numerous complex conditions that cannot be easily established. The task is even harder for a system (such as the one proposed) that imposes a new form of liability over existing gatekeeper regimes, producing complex interactions between the regimes.
I nevertheless argue in favor of the proposal and conclude by suggesting an extension to it designed to encourage gatekeepers to collaborate not with regulators but with other gatekeepers acting on the same business transaction. The extension addresses the possibility that gatekeepers will not suspect wrongdoing—to trigger the proposed reporting duty—unless they first pool their information with one another or combine their expertise.