Can a CEO Be Liable for Unknown Employee Misconduct? South Korea
Table of Contents
- 1. What Are the Key Legal Issues in This Case?
- 2. What Is a CEO’s Obligation to Build an Internal Control System Under South Korean Law?
- 3. How Did South Korea’s Supreme Court Assess the CEO’s Breach of Monitoring Duty?
- 4. How Is the Scope of a Director’s Damages Liability Determined?
- 5. What Are the Practical Implications of This Ruling for Corporate Governance?
- 6. FAQ
A real case: A South Korean company’s government relations team spent three and a half years creating approximately KRW 1.15 billion in off-book funds and illegally channeling them to lawmakers as political donations. The CEO claimed he was never informed. Yet South Korea’s Supreme Court ruled that ignorance alone is not a defense. How far does a CEO’s responsibility actually extend?
Why Didn’t “I Didn’t Know” Work as a Defense?
※ This article is based on the facts as stated in Supreme Court Decision 2024Da305421 (Jan. 15, 2026). No information that could identify the parties has been included.
The incoming CEO took office immediately after his predecessor resigned amid a slush fund scandal. He abolished the prior administration’s cash allocation system — a reform intended to prevent a recurrence — but left unaddressed the organizational gap this created. The government relations team filled that gap by converting discount vouchers into cash, building off-book funds for over three years without a single internal report or reprimand. South Korea’s Supreme Court found that this structural blind spot was itself evidence of a failure to establish an internal control system. For the director (Defendant 13) who was criminally convicted for directly transferring political funds, the Court also found that the lower court had misjudged the scope of his damages liability, and remanded the case for further review.
1. What Are the Key Legal Issues in This Case?
The Supreme Court of South Korea’s Decision 2024Da305421 (Jan. 15, 2026) arose from a shareholder derivative suit filed by minority shareholders of a major South Korean telecommunications company against 13 current and former directors. Three central legal questions were at issue: First, whether a CEO who was never briefed on subordinates’ off-book fund creation and illegal political donation activities breached his monitoring duty. Second, when a director who personally participated in illegal fund transfers became subject to a monitoring duty breach. Third, whether partial repayment by other directors extinguishes the remaining defendants’ liability.
Background: How the Shareholder Derivative Suit Was Filed
The plaintiffs were minority shareholders holding a combined 33,676 shares — representing at least 1/10,000 of the company’s total issued shares — continuously for six months or more. Under Articles 542-6(6) and 403 of the South Korean Commercial Act, the shareholders first demanded in March 2019 that the company itself bring suit against the directors. When the company failed to act within the statutory 30-day period, the minority shareholders filed a derivative suit directly.
| Issue | Lower Court | Supreme Court |
|---|---|---|
| Defendant 1 (CEO) — satellite sale monitoring duty | No breach | Appeal dismissed (lower court affirmed) |
| Defendants 2–12 — foundation donation duty of care | No breach | Appeal dismissed (lower court affirmed) |
| Defendant 2 (CEO) — off-book funds / political donations monitoring duty | No breach | Reversed and remanded (lower court erred) |
| Defendant 13 — breach period and damages scope | Breach from Sept. 7, 2016 only; damages fully compensated | Reversed and remanded (lower court erred) |
| Defendant 2 (CEO) — telecom facility classification monitoring duty | No breach | Appeal dismissed (lower court affirmed) |
2. What Is a CEO’s Obligation to Build an Internal Control System Under South Korean Law?
In this decision, South Korea’s Supreme Court articulated the content and requirements of an internal control system with particularity. The system must not be confined to accounting controls; it must be designed to systematically identify all laws and regulations the company is required to observe, monitor ongoing compliance, and enable immediate reporting and corrective action when violations are discovered (Supreme Court Decision 2024Da305421, Jan. 15, 2026).
Continuity With Established South Korean Precedent
This legal standard was already well-established in South Korean case law. In 2008, the Supreme Court held that even in large, highly specialized organizations where division of labor is unavoidable, that fact alone does not excuse a director from the monitoring duty (Supreme Court Decision 2006Da68636, Sept. 11, 2008). The Supreme Court’s 2021 decision further clarified that a CEO who ignores internal control efforts in high-risk business areas commits a breach of the monitoring duty (Supreme Court Decision 2017Da222368, Nov. 11, 2021). The 2024Da305421 decision applies and concretizes this doctrine in the context of off-book funds and illegal political donations.
What Counts as an “Effective” Internal Control System?
The Court evaluated the following measures the company claimed as internal controls and found each insufficient:
| Company’s Claimed Internal Control Measure | Supreme Court’s Assessment |
|---|---|
| Internal accounting management system under the External Audit Act | Limited to financial reporting; failed to address accounting gaps in off-book fund creation |
| Compliance standards under the Commercial Act | No concrete or effective effort to prevent or detect off-book fund creation and illegal donations |
| New ethics management principles and guidelines | Merely abstract and general; insufficient to function as a control mechanism |
| Ethics department training, compliance manuals, and work plans | Not shown to have functioned as a system for detecting, reporting, or controlling illegal conduct |
3. How Did South Korea’s Supreme Court Assess the CEO’s Breach of Monitoring Duty?
The Supreme Court held that the lower court’s rejection of Defendant 2’s monitoring duty breach was a legal error. The following factual circumstances were central to the Court’s analysis.
Specific Circumstances That the Court Emphasized
First, Defendant 2 assumed the CEO role immediately after his predecessor resigned amid a slush fund criminal investigation. Given that legal risk had already materialized within the company in this form, the new CEO abolished the prior cash allocation system but left unaddressed the structural gap in how departments could obtain operational cash.
Second, the off-book fund creation spanned approximately three years and five months and totaled roughly KRW 1.15 billion. Approximately KRW 400 million of those funds were transferred as political donations over roughly two years and ten months. Directors outside the government relations department also lent their names to transfer funds on Sept. 6, 2016. Yet not a single report was ever made to the CEO or the board of directors throughout this entire period.
Third, the record contained no evidence that Defendant 2 or Defendant 13 exercised the board’s authority under Article 393 of the Commercial Act to monitor and supervise the company’s overall business operations beyond participating in agenda items brought before the board.
On these facts, the Court concluded that the absence of reporting and supervision was consistent with a deliberate disregard of the obligation to build and operate an internal control system.
When Did Defendant 13’s Monitoring Duty Breach Begin?
The lower court held that Defendant 13’s monitoring duty breach commenced on Sept. 7, 2016 — the day after he personally transferred KRW 14 million in off-book funds as political donations. The Supreme Court disagreed, finding that there was room to conclude that Defendant 13’s breach began from March 25, 2016, when he was appointed as a director. The Court also noted that Defendant 13 had served as the CEO’s chief of staff from February 2014 — before his directorship — in a position that involved him in key company matters, including fund-related activities.
4. How Is the Scope of a Director’s Damages Liability Determined?
A director’s liability for damages under Article 399(1) of the South Korean Commercial Act is treated as a breach of the fiduciary duty arising from the mandate relationship. It is limited to damages with a reasonable causal link to the breach (Supreme Court Decision 2006Da33609, Jul. 26, 2007). In this case, the Supreme Court found that the lower court had defined the compensable loss too narrowly, and remanded accordingly.
Why the Lower Court Was Wrong: Partial Repayment Did Not Extinguish All Liability
The lower court reasoned that lawmakers had returned KRW 176.6 million and a co-defendant had repaid the remaining KRW 138.3 million, so all losses had been fully compensated. The Supreme Court identified two errors in this reasoning.
First, off-book funds that were not transferred as political donations — apparently used for entertainment and hospitality expenses — may themselves constitute losses to the company. The lower court failed to examine this question.
Second, the U.S. Securities and Exchange Commission imposed fines and disgorgement totaling approximately USD 5.76 million on the company, and the off-book fund creation was among the underlying violations cited by the SEC. Because the conduct that Defendant 13’s breach enabled was part of the factual basis for the SEC sanction, a reasonable causal link between his breach and the company’s loss from paying those penalties cannot be denied. The fact that other causes also contributed may make it difficult to quantify the causally linked portion — but that is a matter of proof, not a ground to deny the causal link entirely.
| Category of Loss | Lower Court | Supreme Court |
|---|---|---|
| Off-book funds transferred as political donations (partially repaid) | Fully compensated; no remaining liability | Scope of repayment requires further examination |
| Off-book funds used for other purposes (entertainment, etc.) | Not treated as company loss | Must examine whether these constitute company losses |
| U.S. SEC disgorgement and civil penalties (approx. USD 5.76M) | No reasonable causal link | Causal link exists; amount requires further examination |
5. What Are the Practical Implications of This Ruling for Corporate Governance?
This decision confirms that a CEO or director in South Korea may face civil damages liability in a shareholder derivative suit even without direct criminal involvement, solely on the basis of a failure to maintain an effective internal control system. The following points are essential for executives and corporate governance professionals.
Practical Steps for CEOs and Directors
First, a compliance program that exists only on paper is not enough. The system must be structured so that illegal conduct can actually be detected, reported, and controlled. In this case, the existence of ethics training and compliance standards did not prevent liability because those measures did not function effectively in practice.
Second, a CEO who assumes office after a predecessor’s resignation due to misconduct must conduct a full review of legal risk exposure across the entire organization at the outset. The critical failure in this case was that the new CEO abolished the prior slush fund mechanism but left unaddressed the structural gap it created — a gap that another department quickly exploited.
Third, internal controls over departmental cash expenditures require particular care in system design. This case demonstrates that a relatively straightforward scheme — converting discount vouchers into cash — can go undetected for years in the absence of effective controls.
Fourth, executives of South Korean companies listed on U.S. exchanges, or otherwise subject to U.S. securities regulations, must recognize that violations of the Foreign Corrupt Practices Act’s recordkeeping and internal control provisions can generate SEC sanctions that then become components of domestic shareholder derivative suit damages.
Perspective for Minority Shareholders Considering a Derivative Suit
This decision demonstrates that a CEO’s claim of ignorance can be overcome by establishing the duration and scale of the underlying misconduct, the organizational structure that should have put the director on notice, and the absence of a functioning internal control system. That said, quantifying damages and establishing the scope of causal linkage remain contested issues. Prior to filing suit, a thorough legal analysis of the causal chain between the breach and the specific heads of loss is essential. Key materials to examine include board minutes, compliance program documentation, internal audit reports, and legal risk management manuals.
Based on accumulated experience handling corporate disputes and governance-related litigation, the legal team at Atlas Legal | Incheon Songdo, South Korea is available to advise on both the merits assessment and litigation strategy from the pre-filing stage.
6. FAQ
Shareholder derivative suits and corporate governance disputes in South Korea require not only command of the applicable legal doctrine but also thorough analysis of voluminous internal documents and careful construction of the factual narrative. Drawing on experience handling numerous cases in this field, the legal team at Atlas Legal provides strategic counsel from the pre-filing assessment stage through trial.
※ This article is intended for general informational purposes based on Supreme Court Decision 2024Da305421 (Jan. 15, 2026) and does not constitute legal advice. The applicable legal analysis may differ depending on the specific facts of each matter. Please consult a qualified attorney for advice on any particular situation.