At least, they can the health care and environmental arenas. Under the responsible corporate officer (RCO) doctrine, the ability to control corporate conduct is sufficient to hold officers criminally liable, even if the officers did not participate in the misdeeds or have actual knowledge of them.
The D.C. Circuit recently revisited the RCO doctrine in a case arising from Purdue Pharma’s guilty plea to felony misbranding of OxyContin. Some company executives were also charged despite their lack of participation or knowledge of the alleged conduct, and pleaded guilty to misdemeanor misbranding.
As is frequently the case in regulated industries, a parallel administrative proceeding commenced, and the individuals received 20-year industry exclusions. The exclusions were later reduced to 12 years and may be reduced even more on remand to the agency, but still reinforce the need for corporate officers to know what’s happening at lower levels of the corporate hierarchy.
RCO doctrine does not exist as such in the securities world. However, the comparable civil concept of control person liability does apply and is utilized by the SEC. The lessons of the Purdue case apply equally in the securities world. They are:
- Ignorance of misconduct by subordinates is not always a defense for corporate officers.
- Robust compliance programs, with visible-top level support and regular testing, can prevent violations or at least detect them early enough to mitigate risk and allow the entity to consider self-reporting in an effort to avoid or minimize criminal or regulatory exposure.
- When violations occur, resolving regulatory or criminal charges may not conclude all liabilities for a particular occurrence. As in the Purdue case, criminal convictions can form the basis for parallel regulatory action, such as debilitating exclusions.
- In such parallel proceedings, facts admitted or proved in an initial proceeding may bind in the later matters.
- When navigating such exposure, the guidance of experienced counsel is a must.