Stephen Cohen, the SEC’s Associate Director of Enforcement, tied robust compliance programs to enforcement “credits”.
In remarks to compliance and ethics professionals at the annual conference of the Society of Corporate Compliance and Ethics, Cohen said that there is “no doubt in [his] mind that a strong compliance and ethics program not only provides direct economic benefits to your company, but will also allow you to reap significant credit should you ever deal with us or our law enforcement colleagues.”
In a post-financial crisis, post-Dodd-Frank world, Cohen said, “rigorous compliance must be at the forefront of every company’s attention.” He identified several red flags that the staff believes may indicate an inadequate compliance program, including:
failure to take compliance seriously until misconduct is discovered;
failure to have internal controls sufficient for a company’s risks; and
a management team that gives the impression that compliance is not important.
Value of an Effective Compliance Program – an Ounce of Prevention
The enforcement staff gives credit to registrants that demonstrate effective compliance programs and a “genuine commitment to ethical principles,” Cohen said. He suggested, however, that companies should focus on persuading the enforcement staff of the quality and depth of a company’s compliance culture and its record of ethical conduct at the outset of an investigation, rather than discussing compliance programs during settlement negotiations in the context of remediation undertaken after violations occur. Cohen said that staff will give much more credit to registrants that demonstrate that “misconduct is an outlier in a highly ethical and compliance-driven culture rather than a remedial step after investors have suffered losses.”
The November 2012 FCPA Resource Guide provides insight into how the staff views effective compliance programs when faced with violations of securities laws in general. The FCPA Resource Guide emphasizes that the staff will “consider a company’s compliance program as a factor in several aspects of [its] charging decisions.” Among other things, an effective compliance program can mitigate the exposure of a parent company for acts of a subsidiary, and increase the likelihood that a company will get self-policing or self-reporting credit.
Investment Advisor and Investment Company Programs
Cohen said that a recent enforcement action against a portfolio manager charged with misleading his firm’s CCO sends a clear message that “professionals have an obligation to adhere to compliance policies, and that the Commission will not tolerate interference with CCOs who enforce those policies” (see our blog post about this case). Moreover, he said, investment company boards have a vital responsibility to fulfill their oversight role. He cited a recent case against mutual fund directors charged with failing to fulfill their obligations to fair value assets held by a fund. For more information on this case, see our recent client alert.
Cohen said that a new joint compliance initiative of the Division of Enforcement’s Asset Management Unit, the National Exam Program and the Division of Investment Management that coordinates efforts identifies and brings cases against registered investment advisers that lack effective compliance programs and procedures. He said this initiative is timely in light of the recent influx of newly registered private fund advisers, and assured his audience that enforcement actions arising out of this initiative are in the pipeline.
Cohen said that “the purpose of the [SEC’s] whistleblower program is to bolster, not supplant, the compliance framework in the private sector.” When a whistleblower reports internally and the company subsequently provides the staff with the fruits of an investigation arising out of that report, Cohen said that the individual whistleblower may be eligible to for an award based on all of the information shared by the company, not just the information originally reported by the individual. As a result, he said, a majority of the whistleblower claims relate to reports first made internally, and this can benefit a company’s overall compliance program.
Hallmarks and Warning Signs
Cohen outlined the warning signs of inadequate programs that compliance and ethics professions should be looking for. Chief among the warning signs were:
pushing the envelope and tolerating close-to-the-line behavior;
an overly technical approach to issues of ethics;
explanations that don’t add up: “highly sophisticated models that can explain away risk but defy common sense shouldn’t be trusted;” and
limiting access of legal and compliance personnel to a company’s senior leadership.
Conversely, Cohen identified several hallmarks of an effective compliance program including:
proper governance and a strong “tone at the top” involving senior management and the board of directors;
a strong ethical culture – not just “can we do this?” but “should we do this?”;
integrating expectations of integrity, compliance and ethics into a firm’s performance management and compensation systems;
ensuring that employees believe that they can raise concerns confidentially and without fear of retaliation, and that such matters will be investigated and resolved with “fair and consistent discipline;” and
keeping pace with developments and leading best practices in the industry, including focusing on emerging areas of risk such as social media and privacy.
The Division of Enforcement, Cohen said, views compliance and ethics professionals as “partners in ensuring that integrity and professionalism are woven into the very fabric of corporate culture.” On the surface, this sentiment may sound reassuring, but CCOs should keep in mind that they are gatekeepers and that they – and other gatekeepers – may be held to a higher standard of conduct. The SEC has not been bashful in bringing enforcement actions against gatekeepers that they believe fail to meet this higher standard.