Mary Jo White and Andrew J. Ceresney
Mary Jo White and Andrew J. Ceresney ()

The need to hold individuals accountable for securities violations has sparked a tremendous amount of dialogue in recent years, particularly in the wake of the financial crisis and the Enron-era accounting scandals. Regulators and prosecutors, legislators, and industry leaders have focused on the issue and the need to hold accountable those individuals who were involved in a company’s misconduct. For example, in September 2015, then-Deputy Attorney General Sally Yates issued a memorandum stating that “one of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.”1 Our take on the Yates Memo is that it was an effort by the Department of Justice (DOJ) to broadly refocus attention on individual liability, although most DOJ employees were likely fully focused on this issue long before the memo’s release. Some members of Congress have gone even further, suggesting a potential expansion of individual liability. For example, during Jay Clayton’s confirmation hearing as Chairman of the U.S. Securities and Exchange Commission (SEC), one senator asked Clayton whether he would endorse a regime under which corporate executives would be subject to a strict liability standard for misconduct that takes place under their watch.2 Clayton stated that he had not given this issue much thought, but that “[s]trict liability without mens rea … [is] a big step.”3 Clayton’s views are consistent with the traditional view in U.S. jurisprudence that guilt should be personal.

Over the years, Congress has passed a number of laws and implemented different statutory regimes aimed at increasing individual accountability for senior executives. Several provisions passed into law under Sarbanes-Oxley, including the CEO and CFO certification requirements and clawback provisions, were intended to advance this purpose and yield valuable lessons about the effectiveness of such provisions in enhancing individual accountability. Given the upcoming 15-year anniversary of Sarbanes-Oxley, it is a good time to take stock of those lessons. In recent years, however, a different route to holding individuals accountable has been applied in a number of cases by companies that find themselves in regulatory and reputational crosshairs. In the aftermath, or in advance, of penalties imposed on them in connection with regulatory actions, some companies have taken steps to reduce the compensation of senior executives at the company, with respect to both salaries and bonus payments. While to some extent influenced by regulatory actions, this type of market-driven remedy can be an effective way of enhancing individual accountability, particularly since the new administration is unlikely to implement additional regulatory tools in this arena. This development is also responsive to those who have been calling for corporate penalties to be paid, in some way, by executives on whose watch the issues occurred, rather than by shareholders.


Attempts to increase senior executives’ accountability for corporate wrongdoing have appeared over time, usually reflecting public sentiment arising from industry scandals. The most recent and best examples of such attempts include two sections of the Sarbanes-Oxley Act (SOX or the Act), which was enacted as part of the legislative aftermath to the Enron and WorldCom accounting scandals: (1) Section 302, which imposes certain CEO and CFO certification requirements with respect to annual and quarterly reports, as well as related statutory provisions that criminalize false certifications; and (2) Section 304, which allows the SEC to bring an action to compel public companies’ CEOs and CFOs to disgorge bonus payments, other incentive- or equity-based compensation, and stock sales profits, following certain types of restatements of financial results. With the 15th anniversary of SOX fast approaching, the reliance on and ultimate utility of these statutory provisions yield valuable and relevant lessons for the attempts to increase individual executive liability.

Section 302 Requirements

Pursuant to §302, a public company’s CEO or CFO must certify in each annual or quarterly report filed or submitted that the report does not contain any untrue statement or omissions, and that the financial statements fairly present the company’s financials.4 False certifications under §302 can be pursued through SEC proceedings, as well as under §906 of SOX, pursuant to which company officers may be subject to criminal liability if they knowingly or willfully execute a false certification.5

At the time of their adoption, commentators speculated that the new certification provisions would lead to an increase in criminal prosecutions and SEC enforcement actions, reflecting a widespread view that new tools were needed in the wake of the accounting scandals that preceded their adoption.6 At the time, many believed that the preexisting statutes were insufficient to address the types of large-scale violations uncovered prior to SOX’s enactment, and that pursuing executive responsibility would be more likely under the new certification provisions incorporated into the Act.

Contrary to such contemporaneous predictions, however, the Act’s 15-year history has proven otherwise. To be sure, the DOJ and the SEC have brought false certification charges under §302. For the most part, however, those cases also involved charges for violations of statutes that predated SOX’s enactment,7 largely because the same proof of negligence, recklessness or intentionality is needed for the certification violation and that proof usually suffices to demonstrate other violations as well.

Nevertheless, the certification requirements have undoubtedly served an extremely critical purpose that has had a transformative impact on the quality of financial reporting. For example, the requirements generated a regime of sub-certifications, under which subordinates must certify that they are unaware of inaccuracies in the financial statements. In turn, the sub-certification regime led to the adoption of a number of practices and procedures for implementing controls and processes aimed at ensuring that financial statements are fully vetted before the CEO and CFO certify that they do not contain any material false statements or omissions. Perhaps unsurprisingly, requiring mid-level and lower-level managers to affix their own imprimatur regarding the accuracy of financial statements has promoted increased truthfulness in financial reporting. But such processes also serve as a significant defense for CEOs and CFOs facing potential liability where they were not directly involved in the underlying corporate misconduct. As a result, the relevant SOX provisions have not formed the basis of many SEC and DOJ actions brought against senior executives who were otherwise not liable for violations under the statutory framework that predated SOX, but have affected a sea change of enhanced quality in financial reporting.

Section 304 Clawback Provision

Pursuant to §304 of SOX, the SEC may bring an action for reimbursement to the company of certain bonuses and stock sale profits if the financial statements of the company are subject to restatement as a result of misconduct.8 This provision has been deployed to mandate the clawback of compensation from executives directly involved in the misconduct.9 In addition, since at least 2010, the SEC has brought §304 claims to claw back compensation from executives who were not directly involved in the alleged corporate misconduct.10 Recently, the Ninth Circuit concluded that such clawbacks are constitutionally permissible under the statute, holding that “[Section] 304 allows the SEC to pursue a disgorgement remedy against CEOs and CFOs of issuers required to prepare an accounting restatement as a result of misconduct, even if the officers did not engage in the relevant misconduct themselves.”11

One question raised by the cases noted above is whether the purpose of such enforcement actions is punitive or remedial (i.e., intended only to prevent ill-gotten gains). Given the potentially broad scope of clawback liability, it is clear that these actions can be viewed as a form of “on your watch” liability against executives, intended to serve as a punitive deterrent. But in the majority of recent SEC actions that did not allege the executive’s personal or direct involvement in the misconduct, the company’s clawback recovery has been the difference between the bonus or stock sale profits received and what those payments would have been absent the misstatements, rather than the full amount of the bonuses or profits as allowed by the statute (the so-called “fraud delta”). Such actions are more remedial in nature, seeking only to recover for the company those funds that its senior executives would not have received in the first place had the financial reports been properly stated. Regardless of their ultimate purpose, it remains the case that §304 clawback liability is not determined by the amount that the company paid out as a result of the misconduct or by the financial impact that the enforcement action has had on the company. Rather, the magnitude of §304 clawbacks is set in reference to the compensation paid out to the executive, or the stock sales executed by the executive. Ultimately, then, §304 actions against executives not involved in the misconduct are best understood as remedial rather than punitive, limiting their utility as a form of individual accountability.

Post-SOX Developments

In the wake of the financial crisis of 2007-2008, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank or Dodd-Frank Act). While Dodd-Frank expanded some bases for liability,12 and remedies available in administrative proceedings,13 it did not add significant substantive securities causes of action for senior executives or individuals.14 In the wake of continued corporate misconduct, some regulators, however, soon began to call for additional liability for senior executives for violations occurring on their watch. For example, William C. Dudley, president and CEO of the Federal Reserve Bank of New York, suggested that senior executive compensation should be deferred and pooled into funds or “performance bonds.”15 Under that proposed approach, in the event that a fine or penalty is later levied on that institution, it would be paid out of the performance bond, rather than by the shareholders.16 Proposals such as Dudley’s are an attempt to find ways for holding senior executives responsible for actions taken under their watch, without criminalizing them or providing a new civil cause of action. Others have suggested imposition of responsible corporate officer liability in the financial services context, which up to now has been limited to public health offenses.17

Some companies in recent years have themselves been proactive in imposing sanctions against senior executives with no statutory or regulatory compulsion to do so. Following a number of corporate scandals, several companies unilaterally have decided to reduce the compensation of executives who were either directly involved (or oversaw departments involved) in the scandal that resulted in significant penalties for the company. For example, Wells Fargo’s independent board of directors decided to claw back $28 million from its former CEO, in addition to $41 million that the CEO agreed to forfeit in connection with taking responsibility for improper sales practices.18 When this amount is added to the $66 million clawed back from another former senior manager, it approaches the total penalties paid by Wells Fargo of $185 million for the underlying conduct.19 Credit Suisse, Toshiba, and J.P. Morgan Chase have similarly reduced executive compensation in response to corporate scandals.20

This approach has several positive advantages over statutory changes. First, it is driven by market participants—not regulators—and, as such, can bypass the extended investigations period and burden of proof issues inherent in regulatory actions. Second, such company-levied sanctions often post-date the imposition of penalties on the corporate entity, thereby ensuring that the compensation clawed back from the executives better reflects the actual costs imposed on the institution. This outcome is consistent with the call from some regulators that executives, and not shareholders, bear the cost of sanctions imposed on the company. Third, because they are publicly disclosed, significant clawbacks or bonus reductions, and the concomitant public scrutiny, can have significant deterrent effects on individuals. Fourth, by imposing such sanctions prior to regulatory intervention, a company is better situated to demonstrate that it has identified misconduct by its own officers and has taken appropriate measures to address the inaccurate financial disclosures, and there is reduced regulatory risk of regulators feeling the need to act. This preemptive approach sends an important message to shareholders and the company as a whole about the importance that the institution places on appropriate corporate culture and truthful financial disclosures.


In the current de-regulatory climate, additional legislative and regulatory expansions of executive responsibility are unlikely, both because of the prevailing views of individual liability and because of the difficulty associated with passing such legislation. Nevertheless, companies have responsibly taken independent, discretionary actions to hold senior executives responsible for corporate misconduct through reductions and clawbacks of bonus payments and compensation. This trend has gained prominence in recent years and demonstrates that, when regulatory solutions are not forthcoming or not simple to adopt, market-based solutions can develop to fill a regulatory vacuum.

1. Sally Quillian Yates, “U.S. Dep’t of Justice, Individual Accountability for Corporate Wrongdoing” 1 (Sept. 9, 2015) (the Yates Memo), available at

2. Senate Comm. on Banking, Housing and Urban Affairs Hearing on the Nomination of Jay Clayton to be Chairman of the SEC, 115th Cong. (March 24, 2017).

3. Id.

4. 15 U.S.C. §7241(a)(1)-(3).

5. 18 U.S.C. §1350(c)(1)-(2) (imposing criminal penalties on individuals who knowingly or willfully certify any statements in periodic financial reports that do not comport with the requirements set forth in the Act).

6. See, e.g., Marshall A. Geiger and Porcher L. Taylor, “CEO and CFO Certifications of Financial Information,” 17 Accounting Horizons, NO. 4, Dec. 2003; Jacqueline B. Stuart and Andrew Kamensky, “Sarbanes-Oxley Act of 2002 Imposes New Rules for Corporate Governance and Reporting—Part II,” The Metropolitan Corporate Counsel, December 2002; Carol A.N. Zacharis, “Sarbanes-Oxley May Have Big Impact on D&O Litigation,” NATIONAL UNDERWRITER, Property & Casualty/Risk & Benefits Management Edition Dec. 2, 2002 (noting that, pursuant to the new SOX provisions, “[t]he SEC is required under the act to review the periodic reports of publicly traded companies at least once every three years. This kind of scrutiny may lead to more regulatory actions.”); Colleen DeBaise, “Cuffs & Perp Walks: 2002 Was Year of Corporate Fraudster,” DOW Jones News Service (Dec. 30, 2002).

7. See, e.g., SEC v. e-Smart Techs., No. 11-cv-895-JEB, First Am. Compl., ECF No. 169 (D.D.C. Oct. 22, 2013) (alleging eight causes of action, including several claims under the Exchange Act of 1934, as well as SEC rules promulgated pursuant to SOX §302); United States v. Nichols, No. 08-cr-0139-CJC, Indictment, ECF No. 2 (C.D. Cal., June 4, 2008) (charging defendants with a 21-count indictment for, among other things, false statements in reports filed with the SEC and false certification of financial reports); SEC v. Life Partners Holdings, No. 6:12-cv-0002 & 12-cv-0033-JRN-AWA, First Am. Compl., ECF No. 67 (W.D. Tex. Feb. 5, 2013) (bringing eight causes of action, including for violations of the Exchange Act and for false certification under SOX’s §302); United States v. Shanahan, S1 4:07-CR-00175-JCH-DDN, Superseding Indictment, ECF No. 52 (E.D. Mo. July 19, 2007) (12-count indictment charging, inter alia, conspiracy, wire fraud, mail fraud, and false statements in documents filed with the SEC, including false certifications under SOX).

8. 15 U.S.C. §7243(a).

9. See, e.g., SEC v. Bardman, No. 16-cv-02023-JST, 2016 WL 6276995, at *1 (N.D. Cal. Oct. 27, 2016) (alleging §304 violations by Logitech’s Vice President of Finance and CFO for “engag[ing] in a scheme to materially inflate the operating income that Logitech reported to its investors … and in its annual report” and noting that, in doing so, the CFO “personally profited from his misstatements and omissions”) (internal quotation marks and citations omitted); SEC v. Bardman, No. 16-CV-02023-JST, 2017 WL 512797, at *1 (N.D. Cal. Feb. 8, 2017) (noting that the SEC alleged that the CFO “personally profited from his misstatements and omissions by, among other things, receiving a bonus of $331,000 on May 20, 2011 that was based, in part, on Logitech’s overstated operating income for fiscal 2011.”); see also SEC v. Shanahan, 624 F. Supp. 2d 1072, 1074 (E.D. Mo. 2008).

10. See, e.g., SEC v. Baker, No. 12-CA-285-SS, 2012 WL 5499497, at *4 (W.D. Tex. Nov. 13, 2012) (“Jenkins persuasively rejected similar attempts by the officer defendant to read into the statute a requirement of misconduct by the officer.”); SEC v. Geswein, No. 5:10-cv-1235, 2011 WL 4541303, at *3 (N.D. Ohio Sept. 29, 2011) (“[I]f [the issuer] had to prepare an accounting restatement because of its material noncompliance with financial reporting securities laws, and if that noncompliance was caused by [the issuer's] misconduct, then the CEO or CFO must provide certain reimbursements to [the issuer].”); SEC v. Jenkins, 718 F. Supp. 2d 1070, 1075 (D. Ariz. 2010).

11. SEC v. Jensen, 835 F.3d 1100, 1116 (9th Cir. 2016).

12. See Dodd-Frank §929M (amending 15 U.S.C. §77o to include aiding and abetting liability).

13. Dodd-Frank §929P(a); see also Bebo v. SEC, 799 F.3d 765, 768 (7th Cir. 2015), cert. denied, 136 S. Ct. 1500 (2016) (“Prior to Dodd-Frank, if the SEC sought a monetary penalty against a non-regulated individual like Bebo, it had to file suit in federal district court. Section 929P(a) of Dodd-Frank changed this by giving the SEC a choice of forums: it can either proceed in federal district court or conduct its own administrative enforcement proceeding.”).

14. See Dodd-Frank §929P (granting the SEC the authority to bring civil penalties in cease and desist proceedings against any person who “is or was a cause” of qualifying violations).

15. William C. Dudley, Opening Remarks at the Workshop on Reforming Culture and Behavior in the Financial Services Industry, Federal Reserve Bank of New York, New York City, “Enhancing Financial Stability by Improving Culture in the Financial Services Industry” (Oct. 20, 2014) (as prepared), available at

16. Id.

17. See Remarks of former Attorney General Eric H. Holder on Financial Fraud Prosecutions at New York University School of Law (Sept. 17, 2014), available at (proposing an expansion of the Responsible Corporate Officer doctrine to the financial services industry); see also United States v. Park, 421 U.S. 658 (1975) (articulating the Responsible Corporate Officer doctrine (often referred to as Park liability), pursuant to which an individual may be prosecuted criminally under the Food, Drug and Cosmetic Act even absent any culpable intent or knowledge of wrongdoing if he or she was in a position to have prevented the wrongdoing and failed to do so).

18. Independent Directors of the Board of Wells Fargo & Co., Sales Practices Investigation Report (April 10, 2017), at 9-10, available at; see also id. at 9 (noting that another senior manager was terminated and was required to forfeit approximately $47.3 million in outstanding stock options awards as well as $19 million in unvested equity).

19. Emily Glazer, “Wells Fargo Slams Former Bosses’ High-Pressure Sales Tactics,” Wall St. J., April 10, 2017, available at

20. Tidjane Thiam, CEO, Letter to Shareholders, April 14, 2017 (notifying shareholders that he has decided to propose to the board and compensation committee that his total variable compensation be reduced by 40 percent, and stating that “members of the Executive Board have also unanimously decided to propose a reduction of 40 percent of the total variable compensation awarded to them by the Compensation Committee and the Board of Directors”), available at; Press Release (translation), Notice on Action to be Taken by Toshiba in Response to Results of the Investigation Report by the Independent Investigation Committee, Attachment A, July 29, 2015 (reporting that CEO and chairman Masashi Muromachi has decided to surrender 50 percent of his basic monthly salary beginning in August 2015, which resulted in a total of 90 percent payback to the company of his monthly compensation), available at; see also JPMorgan Chase & Co., Form 8-K at 4, Jan. 16, 2013 (noting a 2012 pay cut of over 50 percent for JPMorgan Chase’s CEO Jaime Dimon as compared to 2011 compensation), available at