How a CEO Can Be Liable for a Noncompliant Business
Thursday, May 6, 2021
business man with handcuffs

Your company is being targeted in a civil lawsuit. A whistleblower has filed a complaint with the U.S. Securities and Exchange Commission (SEC). The Internal Revenue Service’s Criminal Investigations Division (IRS-CI) is investigating your company for tax fraud. As the company’s chief executive, are you at risk for personal liability exposure? 

Maybe. While most corporate liabilities reside exclusively at the corporate level, there are circumstances in which CEOs can be held liable for their companies’ noncompliance. In certain circumstances, CEOs can face personal civil, or criminal liability for acts taken by, or on behalf of, their companies. Litigation and investigations targeting businesses’ noncompliance can also lead to the discovery of wrongs committed by CEOs in their individual capacities, and these discoveries can lead to personal liability as well. 

“CEOs can potentially face personal liability in a broad range of circumstances. As a result, CEOs need to take adequate steps to mitigate their risk, and they must be prepared to defend themselves during (and in some cases after) corporate investigations, litigation, and enforcement proceedings. ” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C. 

3 Types of Scenarios in Which CEOs Can Face Personal Liability Arising Out of Corporate Noncompliance 

There are three main types of scenarios in which CEOs can face personal liability arising out of corporate noncompliance. However, within each of these three broad areas, there are numerous possible examples; and, as discussed below, CEOs need to implement appropriate measures to mitigate their personal risk. The three main types of scenarios in which CEOs can face personal liability are: 

  • Piercing the corporate veil

  • Acts and omissions in the CEO’s corporate capacity 

  • Acts and omissions in the CEO’s personal capacity 

1. Piercing the Corporate Veil 

Even outside of the legal and corporate environments, it seems that most people are familiar with the phrase, “piercing the corporate veil.” However, few people (including people in the legal and corporate environments) have a clear understanding of what this phrase actually means. 

Piercing the corporate veil refers to the act of holding a company’s owners and executives liable for the company’s debts. This can include either debts owed to commercial creditors, debts owed to judgment creditors, or both. 

Corporations, limited liability companies (LLCs), and certain other types of business entities insulate owners and executives from personal financial responsibility for corporate debts. Owners and executives enjoy “limited liability” based on the existence of the business entity, which itself is classified as a “person” for most legal purposes. If the company gets sued, the limited liability protection afforded to its owners and executives means that they are not at risk for facing judgments in their personal capacities—in most cases. 

But, there are various circumstances in which the veil of limited liability can be pierced (or, in plain English, in which a CEO can be held financially responsible for a company’s debts). Three of the most common circumstances that allow for piercing are: 

  • Commingling – If a CEO commingles his or her personal assets with the assets of the business, a court may find that there is an insufficient distinction between the two. For example, if a small business owner/CEO deposits payments for accounts receivable into his or her personal account, a judge might determine that since the business owner/CEO is not respecting the company’s existence, the court should not respect it, either. 

  • Failure to Observe Corporate Formalities – In addition to commingling, failure to observe other corporate formalities can lead to piercing as well. This includes failure to observe formalities such as preparing meeting minutes and resolutions, making annual filings, and separately purchasing assets for personal and business use. 

  • Insufficient Corporate Assets – Judges have also allowed piercing in circumstances in which companies are grossly undercapitalized. Essentially, if a company is undercapitalized and takes on more debt or risk than it can reasonably handle, then a judge might hold the company’s owner and/or CEO personally liable as a result of failing to endow the company with the funds it needed to operate in good faith. 

In piecing cases, CEOs can face full liability for debts incurred at the corporate level. Theoretically, this is true even if the CEO did not personally participate in the conduct that gave rise to the liability. The CEO’s personal liability attaches not as a result of the underlying wrong, but as a result of the CEO’s failure to observe and respect the requirements for securing limited liability protection. 

2. Personal Liability for Acts and Omissions Committed in the CEO’s Corporate Capacity 

Even when piercing is not warranted, CEOs can still face personal liability if they commit certain wrongful acts in their corporate capacity. CEOs can also face criminal culpability for crimes committed in their corporate capacity (including crimes purportedly committed for or in the name of the company). 

For example, this has come up multiple times recently in federal Paycheck Protection Program (PPP) loan fraud investigations. In these investigations, companies are facing penalties for fraudulently obtaining (or even just applying for) PPP loans during the pandemic. But, in many cases their CEOs are facing personal liability as well. Typically, this liability is the result of either (i) the CEO submitting a fraudulent PPP loan on the company’s behalf, or (ii) simply being at the helm of an organization that fraudulently applied for and/or obtained federally-backed funds from a financial institution. 

In most cases, in order for a CEO to be held liable for an act or omission committed in the CEO’s corporate capacity, the act or omission must either: 

  • Have been committed intentionally; 

  • Constitute gross negligence;

  • Constitute a criminal act; or

  • Fall outside of the CEO’s actual or apparent authority. 

In addition to federal law enforcement investigations, this type of liability exposure frequently arises in civil litigation (where plaintiffs will often pursue claims against multiple related parties and individuals) and in shareholder derivative cases. If a plaintiff or group of shareholders believe that a CEO is directly responsible for the company’s conduct or performance, then the CEO will need to engage his or her own defense counsel for the litigation. 

3. Investigations and Litigation Targeting CEOs in Their Personal Capacity 

The third main type of scenario in which CEOs will face personal liability for business noncompliance is when litigation or an investigation at the corporate level leads to scrutiny of the CEO’s conduct in his or her personal capacity. For example, if IRS-CI investigates a company for tax fraud and there is evidence to suggest that the CEO may have been embezzling funds or withholding income from his or her own returns, then the CEO could face an investigation as well. 

What Can CEOs Do to Protect Themselves from Personal Liability?

Given the risk of facing personal liability, what can – and should – CEOs do to protect themselves? Just as CEOs need to manage their companies’ risk effectively, they need to manage their own risk as well. Similar to corporate risk mitigation strategies, CEOs’ risk mitigation strategies should focus on (i) understanding their risks, (ii) understanding what it takes to maintain compliance, (iii) purchasing adequate insurance coverage, and (iv) knowing what to do in the event that a liability risk arises. 

  • Understanding CEOs’ Risks – Mitigating risk starts with understanding the risks that need to be mitigated. For CEOs, while some of these risks mirror those that exist at the corporate level, others do not. While CEOs don’t necessarily need to implement risk mitigation practices that are on par with those of their companies, they do need to ensure that they have a clear understanding of the acts and omissions that have the potential to lead to trouble. 

  • Understanding and Maintaining Compliance – CEOs need to have a clear understanding of what it takes to maintain compliance in both their corporate and individual capacities. At the corporate level, this ensures that CEOs don’t make mistakes that have the potential to be classified as criminal, intentional, or grossly negligent conduct. At the individual level, this helps mitigate against the risk of facing personal liability as a follow-on to a corporate-level lawsuit or investigation.  

  • Purchasing Insurance Coverage – CEOs can purchase directors and officers (D&O) liability insurance coverage to mitigate against the risk of facing personal financial responsibility for noncompliance. However, CEOs also need to understand the limitations of D&O coverage. Policies often exclude claims based on gross negligence or failure to exercise the duties of a CEO’s office in good faith—and this means that lawsuits often target allegations based on gross negligence and bad-faith conduct so that plaintiffs can seek damages beyond CEOs’ D&O policy limits. 

  • Knowing How to Respond to Liability Risks – Finally, CEOs need to know how to respond to liability risks. Just as companies should have policies and procedures for responding to lawsuits and investigations, CEOs should have discussions with their personal legal counsel so that they know what to do when a claim or inquiry arises. While there is certainly the possibility that a reactive response could be too little too late, when coupled with the other mitigation strategies discussed above, acting quickly in response to a threat can help reduce the likelihood of facing a civil judgment and/or criminal charges. 

More from Oberheiden P.C.