Stephen L. Cohen, Associate Director of Enforcement for the SEC, spoke earlier this month at the annual institute of the Society of Corporate Compliance and Ethics in Washington D. C. His speech was filled with useful insights into the SEC’s perspective on effective compliance and managing enforcement risk. Click here to read his entire speech, which I commend as an excellent use of the five minutes it will take to read it.

Here are a few of, in my opinion, Mr. Cohen’s most pertinent comments (quoted in order of delivery): 

“…[A]mong the most concerning risk I see is companies that do not take compliance seriously until misconduct comes to light; where internal controls are insufficient for the size of a company’s risk; or when management simply leaves the impression that these issues are not important.”

“Every day, our enforcement staff makes judgments about the inferences that are properly drawn from the evidence under investigation. It is common sense that a company that demonstrates an effective compliance program and a genuine commitment to ethical principles can only benefit when those inferences are drawn.”

“I cannot emphasize enough the level of trust that you can inspire by demonstrating a genuine commitment to these principles, and the level of distrust that ignoring or merely paying lip service to these principles can yield.”

“[Companies] will get much more credit from regulators by demonstrating that misconduct is an outlier in a highly ethical and compliance-driven culture rather than a remedial step after investors have suffered losses.”

“[D]isinclinations to prosecute, non-prosecution agreements and deferred prosecution agreements…are reserved for those organizations that display exemplary commitment to compliance, cooperation and remediation.” (See, for example, Cultivating an Environment of Compliance: What it Means and Why it Matters)

“[A] tone at the top [must be] built on actions rather than words.”

“A strong ethical culture…entails asking not just ‘can we do this,’ but ‘should we do this?’”

“No culture of compliance can thrive unless employees firmly believe that they can raise concerns confidently and anonymously, without fear of retaliation, and that matters are effectively investigated and resolved with fair and consistent discipline.”

“[Y]our organization must proactively keep pace with developments and leading practices as part of a commitment to a culture of ongoing improvement.”

“[T]here is no doubt in my mind that a strong compliance and ethics program…provides direct economic benefits to your company….”

Something to think about.