Case law and accounting standards have defined an accountant’s duty of care to require that the accountant possesses the skills that an ordinarily prudent accountant would have and to exercise the degree of care that an ordinarily prudent accountant would exercise. These standards are reflected in the generally accepted accounting principles (“GAAP”) as promulgated by relevant authorities and generally accepted auditing standards (“GAAS”) as promulgated by the AICPA–an inadvertent breach of the duty of care will result in negligence. While not every minor deviation from the requirements of GAAS will have immediate liability, such deviations tend to be cumulative, and failure to conduct a background check when one is required may not result in a problem on its own, but when it is coupled with other failures, it can be a particularly damaging piece of evidence.
The standards that define an accountant’s liability to third-parties other than to its client depend on facts and circumstances and are not uniform among the states. For example, an accountant’s liability may vary in any of the following circumstances listed below in rough order from the greatest exposure to the least:
- where statements are included in an initial public offering;
- where statements are included in a secondary offering for a public company;
- where statements are included in a private offering, whether under Regulation D, Rule 144A or otherwise;
- where statements are issued with respect to a publicly traded company;
- where a company, public or private, has severe financial problems;
- where statements are issued for a significant privately held company;
- where statements are issued for other private companies; and
- where accounting work other than tax or an audit is performed.
In the first four circumstances, federal statutes are likely to apply. In many cases, these statutes characterize accountants as “experts” and specifically impose liability on buyers and sellers of the client’s securities. In these situations, accountants are liable for any material misstatement or omission in the financial statements that they audit, but they also have a “due diligence” defense that may protect them when they comply fully with the GAAP and all relevant statements of auditing standards.
When state law applies, the standards and liability to third-parties other than to the client can be different in a particular state, with at least three standards being commonly applied:
- the “functional equivalent of privity” standard;
- the “knowing user” standard as reflected in the Restatement of Torts §552 (a form of negligent misrepresentation); and
- the “reasonably foreseeable users” standard.
These theories are often in addition to assertions of fraud or violations of specific state or federal statutes. In almost all cases, plaintiffs are trying to establish that negligence alone is enough to hold an accountant responsible for all or a portion of the plaintiff’s loss. For the most part, courts have required something more than negligence. At a minimum, they have insisted on both a showing of negligence and a fairly clear use of the financial statements by the plaintiff that the auditor knew about at the time of the audit. In its most watered down form, this has been reduced to a “foreseeable” user that the auditor should have known about or anticipated.
Judge Cardozo’s opinion in Ultramares Corp. v. Touche, 255 N.Y. 170 (1931), established the basis of the functional equivalent of privity test. Under these standards, persons other than the client may not sue an accountant for professional negligence unless the accountant defrauded them, or actually knew that they would rely on the financial statement prepared by the accountant. In a much later case, the New York court further defined this standard and set forth the criteria needed to establish the liability of accountants on the basis of advice or services to clients when non-contracting third-parties claim injuries as a consequence of that advice:
- the accountants must have been aware that the financial reports they attested were to be used for a particular purpose or purposes upon which a known party or parties were intended to rely, and
- there must have been some conduct on the part of the accountants linking them to that party’s reliance.
The knowing user test is more expansive. While “Restatements of the Law” not adopted as formal statutes do not have the force of law, they can influence courts in interpreting the law and this appears to have been the case with §552 of the Restatement of Torts, which reads:
- “(1) One who, in the course of his business, profession or employment, or in any other transaction in which he has a pecuniary interest, supplies false information for the guidance of others in their business transactions, is subject to liability for pecuniary loss caused to them by their justifiable reliance upon the information, if he fails to exercise reasonable care or competence in obtaining or communicating the information.
- (2) Except as stated in subsection (3), the liability stated in subsection (1) is limited to loss suffered (a) by the person or one of a limited group of persons for whose benefit and guidance he intends to supply the information or knows that the recipient intends to supply it, and (b) through reliance upon it in a transaction that he intends the information to influence or knows that the recipient so intends or in a substantially similar transaction.
- (3) The liability of one who is under a public duty to give the information extends to loss suffered by any of the class of persons for whose benefit the duty is created, in any of the transactions in which it is intended to protect them.“
Under this standard, in addition to showing an accountant’s negligence, it is necessary to show that the accountant intended to supply the information to a particular third party and intended to influence that party or knew that the client had such intent. Commentators have indicated that this appears to be the standard in a majority of the states.
A small number of courts has held that accountants are liable for ordinary negligence to any user of the financial report whose reliance on the accountant’s certification was reasonably foreseeable at the time the accountant prepared the report. This standard is very broad and exposes auditors to potential claims from shareholders, market participants, creditors and others.
When an accounting firm conducts an audit, it does not necessarily know where a claim of negligence may arise or for that matter, where a plaintiff may reside or otherwise be able to bring a lawsuit. In effect, in many situations, auditors must assume the worst, even if that appears to be fairly remote. Under this approach, any form of negligence could result in liability to a very large class of potential plaintiffs who, with 20/20 hindsight, may be characterized as “foreseeable.” Accounting firms should take this into consideration when they assess risk and the cost-effectiveness of a background check. For firms involved with high-risk clients, transactions with public companies or involving public or private offerings and clients with multistate operations, this usually means that a thorough background screening at the outset is warranted and periodic updates are advisable, whether or not statements of auditing standards mandate the screening.