In a win for the accounting profession and other member firm networks, the Delaware Court of Chancery clarified the limits of vicarious liability within such networks. On August 21, 2020, the Court held in that a principal cannot be liable for an agent’s misconduct unless the principal controlled . In particular, the Court held that KPMG LLP (“KPMG US”), the United States member firm in the KPMG network, could not be liable for allegedly negligent audit work by KPMG Cardenas Dosal, S.C. (“KPMG Mexico”) without allegations that KPMG US had controlled the particular audit work at issue. As the Court explained in its 56-page opinion, general allegations of control are not enough under either Delaware or New York law.2 The Court granted a motion to dismiss all claims against KPMG US, which was represented by Foley & Lardner LLP.
Plaintiffs in this case alleged that they were creditors of Oceanografia S.A. de C.V. (“Oceanografia”), a Mexican company that engaged in fraud and then declared bankruptcy when its fraud was revealed—still owing Plaintiffs approximately $1.1 billion. Plaintiffs claimed that KPMG Mexico should have uncovered the fraud while auditing Oceanografia and that KPMG US should be held vicariously liable for KPMG Mexico’s allegedly negligent audit.3
Plaintiffs argued that KPMG Mexico was an agent of KPMG International, which in turn was an agent of KPMG US—making KPMG Mexico a sub-agent of KPMG US. Plaintiffs also argued that KPMG Mexico was a direct agent of KPMG US. The Court rejected both theories because Plaintiffs failed to plead that KPMG US or KPMG International exerted “control over the specific audit at issue.”4 As the Court explained, “Under New York law, as under Delaware law, Plaintiffs must plead that the principal had control over the underlying conduct at issue.”5
Plaintiffs in instead attempted to plead control based on more general allegations. They sought to establish that KPMG US controlled KPMG International through allegations that KPMG US was a founding member of KPMG International, that KPMG US generated more revenue than other member firms, and that approximately 40% of KPMG International’s management team were KPMG US personnel.6 As for KPMG International’s control over KPMG Mexico, Plaintiffs alleged that KPMG International: had the right to periodically review, investigate, and discipline member firms; provided manuals, software, audit standards, and audit procedures to KPMG Mexico; enforced audit policies and procedures for KPMG Mexico; monitored KPMG Mexico’s use of intellectual property; administered mandated reviews on KPMG Mexico; and had the ability to impose disciplinary measures on KPMG Mexico.7
As the Court noted, Plaintiffs’ allegations that KPMG US controlled KPMG Mexico directly were even “more sparse.”8 Even if Plaintiffs had succeeded in pleading “general control,” that would still miss what the Court described as the “crucial connection” to the allegedly deficient audit work at issue.9 Likewise, even “detailed allegations of KPMG International wielding control” over a non-party member firm (i.e., not KPMG Mexico) or allegations that a different, non-party member firm coordinated with KPMG Mexico for work regarding Oceanografia are “irrelevant” to assessing an agency relationship between KPMG International, KPMG US, and KPMG Mexico.10 In this case, Plaintiffs did not allege that either KPMG US or KPMG International controlled KPMG Mexico’s work on the Oceanografia audits specifically. As the Court repeatedly made clear, this deficiency is fatal.11
Plaintiffs seeking to establish vicarious liability between entities of a global network often rely on the 2005 and 2009 cases from the Southern District of New York, which held that a basis for such liability had been adequately pled.12 These cases, however, only underline the requirement that vicarious liability must be based on a principal’s specific control of conduct that gives rise to primary liability. As explains, the alleged principals in these cases were “directly involved with” and “expressly intervened in the very audit at issue” in a way that made clear that they had “ultimate control of the audit.”13 For example, the plaintiffs alleged that an international entity directed a member firm’s auditors who detected the fraud at issue to “keep quiet” and reassigned an auditor who raised concerns.14 These cases illustrate the specific control required for vicarious liability.
The scope of vicarious liability across independent entities in a global network comes up frequently, and the decision is a well-reasoned precedent that clarifies the high bar for such liability.15
1 No. 2018-0435-MTZ, 2020 WL 4917596 (Del. Ch. Aug. 21, 2020).
2 The Court also held that Plaintiffs failed to plead vicarious liability under Mexican law.
3 Plaintiffs also asserted claims against KPMG Mexico and KPMG International, both of which were previously dismissed from the case for lack of personal jurisdiction in Delaware. Otto Candies, LLC v. KPMG LLP, No. 2018-0435-MTZ, 2019 WL 994050, at *8-13 (Del. Ch. Feb. 28, 2019). This earlier decision also held that Plaintiffs had failed to state a claim against KPMG US because, among other reasons, Plaintiffs did not plead that they were within the strictly limited group of non-audit clients owed a duty sufficient to give rise to liability. Id. at *17-23.
4 Otto Candies, LLC, 2020 WL 4917596, at *15.
6 Id. at *6, *13.
8 Id. at *6, *12.
9 Id. at *13.
10 Id. at *6 & n.59.
11 See id. at *8-17.
12 In re Parmalat Sec. Litig. (Parmalat I), 375 F. Supp. 2d 278 (S.D.N.Y. 2005); In re Parmalat Sec. Litig. (Parmalat II), 598 F. Supp. 2d 569 (S.D.N.Y. 2009).
13 Otto Candies, LLC, 2020 WL 4917596, *15-16.
14 Id. at *15.
15 In addition to their agency theory, Plaintiffs also sought to hold KPMG US vicariously liable under a theory that KPMG US, KPMG International, and KPMG Mexico acted as a joint venture. The Court likewise rejected this theory. Id. at *17-21.