Criminal Defense Lawyers

What Is Control Person Liability?

Control person liability is the legal doctrine that makes you responsible for someone else’s securities fraud. Not your fraud – their fraud. You didn’t make the false statement. You didn’t participate in the scheme. You might not have even known about it. But you controlled the person who did it. And under Section 20(a) of the Securities Exchange Act, that control relationship makes you jointly and severally liable for everything they caused. Every dollar of investor losses. Every penalty the SEC imposes. Everything. Your subordinate commits securities fraud, and you pay for it – not because you did anything wrong, but because you were in charge.

Here’s the part that should terrify every executive: the burden of proof shifts to you. Once a plaintiff establishes that you “controlled” the primary violator, you must prove you acted in good faith and didn’t induce the violation. You’re guilty until you prove yourself innocent. And proving good faith isn’t just saying “I didn’t know.” Good faith requires demonstrating that you established, maintained, and diligently enforced proper supervision and internal control systems. If you didn’t have those systems, you can’t prove good faith. If you can’t prove good faith, you’re liable.

This is vicarious liability taken to its logical extreme:

• The CEO who was at a conference when the fraud happened
• The CFO who relied on subordinates who lied to them
• The director who asked the right questions but got the wrong answers

All of them are potentially liable as control persons if they can’t prove they had proper systems in place. Control person liability exists to ensure that people at the top can’t claim ignorance when fraud happens on their watch.

What “Control” Actually Means

The Securities Exchange Act defines control person liability but deliberately leaves the term “control” undefined. This ambiguity is not an accident. It gives regulators and courts flexibility to find control relationships wherever they believe they exist.

The SEC has interpreted “control” to mean “the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person.” That’s deliberately broad. You dont have to actually exercise control – you just have to possess the power. You dont have to make daily decisions – you just have to have the authority to make them if you wanted to.

Courts look at several factors to determine control:

• Ownership matters – if you own 25% or more of a company’s voting securities, your presumed to be a control person
• But ownership isnt required
• Position matters – CEOs, CFOs, and other senior executives are frequently found to be control persons by virtue of there organizational authority
• Board membership matters
• Management authority matters
• Anything that gives you the power to direct someone else’s conduct can create a control relationship

Here’s where it gets dangerous. You can be a control person even if you never exercise your control. Even if you delegated everything. Even if you had no idea what the controlled person was doing. The question isnt wheather you actually controlled them – its wheather you had the power to control them. That power is enough.

The Good Faith Defense – Harder Than You Think

The statute gives control persons an escape hatch: you can avoid liability by proving you “acted in good faith and did not directly or indirectly induce the act or acts constituting the violation.” This sounds reasonable. If you didnt know and didnt participate, you should be able to defend yourself.

But good faith means more than just ignorance. Courts have construed good faith to mean the absence of recklessness or scienter – you cant have been willfully blind or recklessly indifferent. More importantly, brokerage firms and other regulated entities have been held to a stringent standard requiring them to show they “had established, maintained, and diligently enforced a proper system of supervision and control.”

Think about what this means. To prove good faith, you need:

• Documentation
• Policies
• Training programs
• Monitoring systems
• Evidence that you actually enforced those systems

And you need all of this created BEFORE the fraud happened – you cant build supervision systems after the fact and claim good faith.

The Nature’s Sunshine case illustrates this perfectly. The company’s Brazilian subsidiary allegedly bribed customs officials with more then $1 million in cash to get unregistered products into the country. The CEO and CFO were charged as control persons – not becuase they authorized the bribes or knew about them, but becuase they controlled the people who paid them.

The CEO and CFO claimed they had no knowledge or involvement. It didnt matter. They still faced personal fines of $25,000 each. Why? Because they couldn’t prove good faith. They couldnt show they had supervision systems that should have caught $1 million in cash payments to foreign officials. There defense of “I didnt know” failed becuase the question wasnt wheather they knew – it was wheather they should have known if they’d had proper controls in place.

Joint and Several Liability – The Full Exposure

Heres something most executives dont fully grasp about control person liability. Its joint and several. That means your liable for the FULL amount of damages, not just your proportionate share.

If your subordinate causes $50 million in investor losses through securities fraud, your liable for all $50 million – not some fraction based on your level of culpability. If there are multiple control persons, investors can collect the full amount from any of them. You might pay everything while the person who actually committed the fraud has no assets to collect.

This is devastaing in practice. Executives assume there exposure is limited. They assume worse case is some percentage of damages. But control person liability dosent work that way. Your exposure is unlimited. If the primary violator is judgment-proof – if they’ve spent all the money, if they’ve fled the country, if they’re in prison – the control person pays for everything.

And settlements dont necessarily help. Even if you settle with the SEC, private investors can still sue you under Section 20(a). Class action plaintiffs look for deep pockets. They look for people who can actually pay. Senior executives with careers worth protecting and assets worth collecting against become primary targets precisely becuase theyre control persons.

The Circuit Split – Where You’re Sued Matters

Courts disagree about what plaintiffs must prove to establish control person liability. This disagreement creates a geographic lottery were your fate depends on were your case is heard.

Some circuits require plaintiffs to prove “culpable participation” – that the control person participated in the fraud in some meaningful way. This is a more defendant-friendly standard. It means ignorant control persons who genuinely didnt know about the fraud might escape liability.

Other circuits dont require culpable participation as an element of the plaintiff’s case. Instead, they treat good faith and non-inducement as an affirmative defense that the defendant must prove. This is more plaintiff-friendly. It means control persons are presumptively liable unless they can prove there way out.

The Second and Third Circuits have indicated that culpable participation is required. Other circuits disagree. The result is that identical conduct might create liability in one courthouse but not another. Your defense strategy depends entirely on were your sued.

This uncertainty is itself a problem. Executives can’t plan around it. You can’t know in advance whether your supervision systems are adequate because different courts apply different standards. The safest approach is to assume the worst – assume culpable participation wont be required, assume good faith will be narrowly construed, assume the burden will be on you to prove everything.

The SEC’s New Weapon

For decades, the SEC largely ignored control person liability. They had the statutory authority to bring these claims, but they rarely did. Scholars criticized this reluctance, pointing out that the SEC was leaving its most powerful tool against corporate insiders on the table.

Thats changing. The Dodd-Frank Act in 2010 explicitly confirmed the SEC’s authority to bring control person claims, adding language that controlling persons are liable “including to the Commission” in enforcement actions. This wasnt creating new authority – it was reminding the SEC they already had it.

The Allen Park, Michigan case in 2014 was a milestone. The SEC settled its first securities fraud charges against a municipal official using control person theory. The former mayor was charged as a control person for a misleading bond offering document. He paid a $10,000 penalty and was barred from participating in future securities offerings.

If the SEC will charge a mayor as a control person, they will charge a CEO. If they will charge someone for a bond offering document, they will charge someone for financial statements. The precedent has been set. The weapon is being deployed. Executives who assumed control person liability was theoretical are learning its very real.

What This Means for Your Defense

If your facing a control person claim, your defense strategy depends on several factors.

First, challenge wheather you actually “controlled” the primary violator. Control isnt automatic just becuase of your title. If you had no practical authority over the person who committed the fraud – if they reported to someone else, if you had no supervisory relationship, if your role was advisory rather then directive – you may not be a control person at all.

Second, build your good faith defense from day one. This means documenting your supervision activities now, before any problem arises. Create records of your oversight. Implement compliance systems. Train employees. Monitor for red flags. When fraud occurs, your defense is the system you already had in place – not the one you create after the fact.

Third, understand your jurisdiction. If your in a circuit that requires culpable participation, your defense strategy differs from circuits that dont. Know the case law. Know the standards. Tailor your approach accordingly.

Fourth, remember that control person liability is secondary liability. There must be a primary violation first. If you can defeat the underlying securities fraud claim, the control person liability goes away. Sometimes the best defense is helping defeat the claim against the controlled person rather then litigating the control relationship.

The Supervision Imperative

Control person liability creates a perverse situation for executives. The more authority you have, the more exposure you face. The CEO has more control then the VP, so the CEO faces more liability. The board chair has more authority then the ordinary director, so the board chair is more exposed.

But this framework also points toward protection. If good faith requires supervision systems, then adequate supervision becomes your shield. Not just having policies – actively enforcing them. Not just creating compliance programs – actually monitoring them. Not just training employees – documenting that you did.

The executive who can produce contemporaneous records showing they established proper systems, monitored for violations, and took appropriate action when problems arose has a good-faith defense. The executive who delegated everything and asked no questions has nothing.

This is the uncomfortable truth about control person liability. Its not really about what you knew or didnt know. Its about what you should have done to find out. The supervisory role that comes with executive authority comes with supervisory obligation. Control person liability enforces that obligation by making executives pay when there supervision fails – even if they personally did nothing wrong.

The phrase “I didnt know” is not a defense. The phrase “I had no way to know” might be worse. The only defense is “I had proper systems in place and they failed despite my diligence.” And that defense requires building those systems before you need them.

If you’re facing potential control person liability in an SEC investigation or private securities litigation, contact securities defense counsel immediately. Your exposure depends on facts and jurisdiction – and understanding both is essential to mounting an effective defense.