Compliance is a critical function for a public company. While it can be viewed as simply a “cost of doing business” perhaps it is better considered as a critical business component, helping create a market place brand of a fair and ethical dealing reflecting its culture. That image, of course, aids success in the market place. It also aids the resolution of regulatory problems.
Far to often the role of compliance is lost in the discussion of multi-billion dollar fines, admissions of fact and wrong doing and sanctions which punish, all of which garner huge headlines. When those headlines fade, however, they do little to ensure that the company will be a fair and ethical market place participant in the future. Yet that should be a critical goal of SEC enforcement whose mission is not just to discover and halt wrongful conduct but to prevent its replication in the future, thereby protecting the investing public and the markets.
Recently, SEC Associate Director, Enforcement, Stephen Cohen, addressed the question of compliance and its critical role in the enforcement process. Stephen L. Cohen, Remarks to SCCE Annual Conference, Washington, D.C. (Oct. 7, 2013)(here). While compliance has frequently been addressed by the Commission and other regulators and others in the FCPA area, it is not the topic of the day in this era of “get tough” enforcement.
Compliance is critical and key to SEC enforcement Mr. Cohen began. “But among the most concerning risk I see is companies that do not take compliance seriously until misconduct comes to light . . .” he noted. Compliance is a critical consideration by the staff when evaluating the evidence from an investigation and determining how to proceed. Yet “I am surprised how infrequently companies try to persuade us at the front end of an investigation that they have a robust compliance culture and record of ethical conduct . . .” Mr. Cohen stated (emphasis original). This is particularly true since the agency gives credit for compliance efforts in the charging process. Compliance professionals should thus “tell your management that they will get much more credit from regulators by demonstrating that misconduct is an outlier in a highly ethical and compliance-driven culture rather than a remedial step after investors have suffered losses.”
If the issue is one of formal guidance, companies should look to the recently published FCPA Resource Guide regarding compliance programs. The guidance there, while stated in the context of anti-corruption compliance, is “applicable to detecting and preventing securities law violations generally,” according to Mr. Cohen. Indeed, the Guide makes it “crystal clear” that the Commission will consider the compliance program of a company as a factor in any charging decision and determining the appropriate resolution for the inquiry. Recent examples are the Morgan Stanley/Peterson declination and the non-prosecution agreement which resolved the Ralph Loren inquiry, both FCPA cases.
The importance of compliance to the Commission is demonstrated through what Mr. Cohen called the “Compliance initiative.” This initiative, undertaken with the National Exam Program and in conjunction with the Asset Management Unit of enforcement, focuses on identifying “and brining cases against registered investment advisers who lack effective compliance programs and procedures . . . To date, the Commission has brought six actions arising out of this initiative . . .” according to Mr. Cohen. The National Exam Program also meets with firms to assess “the culture of compliance and ethics in the organization.”
Mr. Cohen then focused his remarks by identifying first warning signs of a potential issue and the hallmarks of an effective compliance program. The warning signs include:
Pushing the envelope which was defined as engaging in risk taking in the area of legal and ethical obligations;
Technical compliance which applies to those who take an overly technical approach to ethics and compliance;
Be skeptical to explanations that “don’t add up” regardless of their sources; and
Lack of empowerment that is, an organization that limits the access of its compliance personnel to senior company leadership.
Building on these points Mr. Cohen identified five critical elements for an effective compliance program:
Governance which focuses on tone at the top and to whom the senior compliance personnel report; an evolving trend centers on adding compliance expertise to the audit committee;
Culture and values flow from good governance and an organization in which there is interaction with leadership across the organization;
Incentives and rewards can be used to infuse ethical values into the firm’s culture;
Escalation, investigation and discipline is critical and can foster the kind of culture where whistleblowers report internally first rather than later; and
Continual self-evaluation and improvement which means that the organization keeps pace with an evolving market place and best practices.
The proper application of these principles will create a “strong compliance and ethics program [which] not only provides direct economic benefits to your company but will also allow you to reap significant credit should you ever deal with us or our law enforcement colleagues” Mr. Cohen concluded.
There is no doubt that effective compliance can pay dividends to the company as it competes in the market place and in resolving regulatory and law enforcement investigations. Nevertheless, today the critical component of every Commission and enforcement resolution seems to be the total amount of money paid, the size of the fine, the amount of the disgorgement and the penalties imposed. Indeed, at times the only questions seem to be “how much did they pay” and “did anyone go to jail.” While punishment may equal deterrence in some instances, the focus of SEC enforcement should be more than just stopping violations and retribution.
Mr. Cohen was clearly correct when he suggested that in many ways compliance and enforcement are partners. Compliance seeks to prevent wrongful conduct and, when it does, the program is successful. Alternatively, if wrongful conduct does occur it can serve as a defense. Enforcement also seeks to prevent wrongful conduct, but from reoccurring and again injuring investors and shareholders. When it prevents a future replication of the conduct, SEC enforcement goes beyond generating yesterday’s headline and becomes effective. This means that corporations and the Commission need to emphasize compliance.