Limitations on an Auditor’s Duty of Care

When borrowers go insolvent, it is not uncommon for lenders to advance claims against the auditors of the borrower. The December 10, 2015, decision of Justice Perell of the Ontario Superior Court of Justice in CIBC v. Deloitte (“CIBC”) is the latest word on who, other than their clients, auditors may owe a duty of care to.

A duty of care arises from the relationship between the parties, and is a necessary element to a successful claim in negligence. Historically, an auditor’s duty of care to individuals or entities beyond its audit clients (in the context of public companies) has been limited by the Courts due to policy concerns surrounding indeterminate liability: namely, that an auditor should not owe a duty of care to every individual or entity that might review and rely upon the financial statements and auditor’s report for a public company.

The facts of the CIBC case are as follows.

Deloitte was the auditor of Philip Services Corp. (“Philip”), a public corporation engaged in providing metal recovery and processing services to major industry sectors throughout North America. Philip’s business expanded rapidly throughout the 1990s, while Deloitte was the external auditor throughout.

In 1997, Philip finalized a Credit Agreement with a lending syndicate led by CIBC and High River Limited Partnership (“High River”), in the amount of $1.5 billion. In 1998, it was discovered that a fraud had been perpetrated by the president of the primary business advisor of Philip. After investigations, the 1995 and 1996 financial statements required restatement because of several material errors. Upon disclosure of the true financial state of Philip, it was rendered insolvent and was placed under the protection of the Companies’ Creditors Arrangement Act. The secured creditors (the lending syndicate) lost approximately US$524 million.

CIBC and High River, as representative plaintiffs in a proposed class proceeding, sued Deloitte for negligence, negligent misrepresentation, and reckless misrepresentation in connection with the 1995 and 1996 audits of Philip. The class proceedings were certified, and a common issues trial is scheduled for September 2017. An action was also commenced by the Receiver/Manager of Philip against Deloitte for negligence and breach of contract. The actions were consolidated for trial. The parties have produced records and have substantially completed examinations for discovery.

Deloitte brought an application for partial summary judgment to dismiss the negligent misrepresentation claim brought by CIBC (for the application, it was conceded that High River’s position was the same as CIBC’s). In dismissing this claim against Deloitte, Justice Perell provides an excellent overview of the law of auditors’ liability, beginning with the seminal Supreme Court of Canada decision of Hercules Management Ltd. v. Ernst & Young. From this case law, Justice Perell distilled the following principles:

  1. accountants have a duty of care to the corporation and to the corporation’s shareholders for the purposes of supervising the affairs and management of the corporation;
  2. accountants have a duty of care in the first instance to shareholders, lenders, and others that reasonably rely on the information provided by the accountant, but that duty of care is negated by policy considerations based on indeterminate liability;
  3. where the spectre of indeterminate liability is removed, accountants have a duty of care to shareholders and others that reasonably rely on the information provided by the accountants; and
  4. the spectre of indeterminate liability can be removed when:
    1. the accountant knows the identity of the persons or group of persons who are reasonably relying on the information provided by the accountant; and
    2. the information was used for the purpose for which the accountant prepared it.

Justice Perell noted that:

The fundamental issue to be determined in the case at bar is the fact-specific issue of whether the circumstances of the immediate case fall within the rule precluding liability or within the exceptions to that rule where indeterminate liability is negated.

For the purposes of this application, Justice Perell assumed Deloitte was negligent. Further, he found that the evidence demonstrated that Deloitte knew:

  1. Philip had an increasing level of debt and required a loan in excess of $1 billion;
  2. Philip’s cash flow requirements for the year ended December 31, 1996, were such that it would have to approach the debt markets for financing of approximately $1 billion;
  3. Financial statements would be used by Philip to obtain financing;
  4. Covenants under the Credit Agreements required Philip to provide CIBC with audited financial statements and an auditor’s report, together with quarterly compliance certificates;
  5. CIBC had copies of Philip’s audited financial statements and Deloitte’s audit report;
  6. CIBC and other members of the Lending Syndicate (the identities of which were not known to Deloitte) would rely on the representations in the financial statements; and
  7. Deloitte had not included a disclaimer of reliance in the financial statements or audit report.

However, Justice Perell noted that there was never any direct communication between Deloitte and CIBC. Deloitte was never asked by Philip or CIBC to do anything in particular for or on behalf of CIBC. Further, CIBC knew nothing about the nature of the audit engagement or other engagements between Philip and Deloitte.

Justice Perell concluded that CIBC could not be successful in its claim against Deloitte, and that there was no genuine issue for trial arising from that claim. To succeed, CIBC would have had to show that this was one of the exceptional cases where:

  1. The auditor knows the lender’s identity; and
  2. The lender uses the auditor’s work for the purpose for which the auditor undertook the work.

CIBC’s case failed on both branches of this test. Firstly, Deloitte did not know the lender’s identity: it turned out to be a syndicate of many banks that were unknown to Deloitte at the time it had performed its audits. Secondly, Deloitte did not undertake the audit work for the purpose of providing the lenders with information upon which to base their credit decisions. In summary, Justice Perell stated:

I conclude that the circumstances that would negate indeterminate liability do not exist in the case at bar and having regard to the in-no-way special relationship between Deloitte and the lending syndicate, it would not be fair and just to hold that Deloitte had a duty of care to them.

In the result, the partial summary judgment application by Deloitte was successful, and the action brought by CIBC and High River as representative plaintiffs in the class proceedings has been dismissed as against Deloitte. (Note that Deloitte still faces the action brought by the Receiver of Philip). The CIBC decision reinforces the law with respect to liability of auditors of public companies; namely, that their liability to individuals or entities beyond their clients is confined to specific situations where the auditor has a relationship with the party relying on the financial statements, and where that reliance was contemplated as part of the auditor’s work.