In April 2013, Mary Jo White, a former U.S. Attorney, was sworn in as the new Chair of the Securities and Exchange Commission (SEC). At the beginning of her tenure, Chair White promised renewed vigor by the Enforcement Division and the use of increasingly tough prosecutorial tactics. These new prosecutorial tactics include a departure from the “no admit, no deny” policy historically espoused by the SEC and an increased willingness by the agency to take cases to trial or institute administrative proceedings. Although there is a new “top cop” at the SEC with the installment of Chair White, certain trends in SEC enforcement that began under the tenure of the previous SEC Chair, Mary Schapiro, will continue to drive investigations and enforcement actions. In particular, the SEC has sharpened its focus on investigating and pursuing alleged accounting misconduct, violations of the internal controls provisions of the Foreign Corrupt Practices Act (FCPA) and insider trading. With the allure of multimillion-dollar awards available through the SEC’s whistleblower bounty program, which offers whistleblowers who provide original information that leads to an enforcement action between 10 and 30 percent of the SEC’s total recovery, compliance and legal personnel must remain vigilant in ensuring that appropriate controls and policies are in place to prevent misconduct and encourage internal reporting of misconduct.
In July 2013, the SEC announced the creation of a Financial Reporting and Audit Task Force. Chair White emphasized the significance of this initiative as part of the SEC’s goal of covering the whole market. The task force has the dual purpose of improving detection and increasing prosecution of accounting fraud. The SEC’s press release on the task force made clear that the task force’s principal goals are fraud detection and increased pursuit of violations involving false or misleading financial statements and disclosures, with a focus on identifying and exploring areas susceptible to fraudulent financial reporting. The agency plans to accomplish the task force’s goals with the assistance and use of technology-based tools.
The task force will address a variety of issues, including use of reserves, revenue recognition, audit committees and the role of auditors (with particular attention paid to independence issues). According to the SEC, the task force will develop new ways to identify accounting fraud through leading-edge technology such as the new Accounting Quality Model (known informally as “RoboCop”). In addition, the task force will solicit whistleblowers in order to learn about misconduct that would otherwise be difficult or impossible to detect. Unlike similar initiatives in the past to assist the Division of Corporation Finance in advising clients during the comment letter process, the purpose of the Financial Reporting and Audit Task Force will be enforcement rather than prevention. In other words, this effort is not about helping companies spot errors, but rather about playing “gotcha” when there is a corporate foot fault.
Although the SEC’s announcement came only a few months ago, related enforcement efforts are already evident. In November 2013, for example, the SEC charged the audit firm Sherb & Co. LLP and four of its accountants with having made false representations in connection with the audits of three China-based companies.
In light of these developments, compliance personnel, audit committees and other bodies of corporate governance should consider reviewing their company’s accounting policies, practices and personnel to attempt to minimize the chance that the SEC will scrutinize the company’s accounting. In particular, companies should consider taking the following measures:
- Audit. Vet complex accounting issues with outside auditors and direct internal auditors to review the application of GAAP (generally accepted accounting principles) to the company’s accounting policies and practices. This will help ensure that significant accounting judgments are well documented.
- Training and Policies. Periodically train lower-level accounting personnel. Reiterate an institutional commitment to ethical conduct related to accounting. Ensure the independence of controller functions from business functions and review compensation policies for financial personnel to de-link compensation from accounting judgments.
- Hotline. Install (and publicize the availability of) a “hotline” and other tools to allow confidential reporting of suspected wrongdoing to senior management and other key governance bodies. Promptly investigate any suspicions of wrongdoing or inaccurate accounting.
FCPA Internal Controls Requirements
In recent years, the number of FCPA enforcement actions initiated by the DOJ (Department of Justice) and the SEC that include an internal controls charge has increased, seeming to signal a shift toward a broader application of the internal controls provision of the Act. Directors, in addition to executives, may be targets of enforcement actions because they have a duty to attempt, in good faith, to ensure the existence of an adequate corporate information and reporting system. Failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards related to internal controls.
There is real concern that the DOJ and SEC may be setting the stage to charge independent directors and members of audit committees for knowingly failing to implement and/or maintain systems of internal accounting controls sufficient to provide reasonable assurances that transactions and assets are properly authorized and recorded. In particular, directors may face internal controls charges for failing to implement the controls necessary to prevent improper payments, even in instances where the director himself or herself is not aware of the improper payment itself.
To date, neither the DOJ nor the SEC has brought charges against an independent director solely for an internal controls violation. Nevertheless, both the DOJ and the SEC have prosecuted individuals for FCPA violations, but all such individuals allegedly have committed a substantive, direct violation of one or more of the FCPA’s provisions. In other words, the government has not yet levied an internal controls charge against an individual who was not directly involved in malfeasance related to the FCPA’s anti-bribery or accounting provisions, but instead was merely aware of the lack of internal controls in the company for which he or she is an independent director.
It is the Board’s duty to ensure that a compliance program is in place and to independently monitor the effectiveness of the corporate compliance program. In fact, the DOJ and SEC guidance for FCPA compliance explicitly states that the Board of Directors and senior executives must set the proper tone for the rest of the company with regard to compliance. It would not be any stretch for the DOJ and SEC to invoke the same requirements for independent directors and audit committee members who are charged with oversight of a compliance program. Therefore, independent directors and members of audit committees may face liability related to corporate internal controls and compliance programs.
For more information on the risk to independent directors of FCPA internal controls violations, please visit https://www.cadwalader.com/resources/newsletters/fcpa-advisor/will-independent-directors-be-on-the-hook-for-failure-of-internal-controls-in-fcpa-cases.
Hard-Nosed Prosecutorial Tactics and Tools
Importantly, the renewed focus on accounting and internal controls is accompanied by a new, aggressive policy that the SEC will seek admissions in some cases, rather than settling on a “no admit, no deny” basis. The “no admit, no deny” policy encouraged corporations to settle because it allowed a corporate defendant to forego time-consuming and expensive litigation while simultaneously avoiding the reputational harm and collateral consequences that would come from an admission of wrongdoing. In particular, the policy provided corporations alleged with wrongdoing protection from liability for these reasons:
- If the corporation litigates and loses, issue preclusion could mean almost automatic additional liability in the inevitable subsequent suit by private plaintiffs.
- Although an admission of wrongdoing in a settlement does not satisfy the requirements for issue preclusion, the admission nonetheless could provide substantial negative evidence in any future private suit.
Chair White, however, has stated that the SEC increasingly will strive for admissions because of the added measure of public accountability. Adding to the sting of requiring an admission, the SEC Enforcement Staff will not consider the collateral consequences of an admission on the company. This means that an admission will have a ripple effect on a corporation and its shareholders. Importantly, Chair White also has stated that the agency will increasingly push for aggressive penalties because of the deterrent effect that can be accomplished by large settlements and penalties.
Working in tandem with a departure from the “no admit, no deny” policy is an increased willingness by the SEC to go to trial, or at least institute an administrative proceeding. Prior to the enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), penalties in administrative cease-and-desist proceedings could be levied only against regulated entities such as broker-dealers or investment advisors. Now, under Section 929P of Dodd-Frank, the SEC has the authority to seek a civil monetary penalty in an administrative proceeding against any individual or company. This change likely will incentivize the SEC to file administrative proceedings because of the numerous advantages such proceedings afford. For example, administrative proceedings are heard by an administrative law judge (ALJ) employed by the SEC. There is no right to a trial by jury in an administrative proceeding. Moreover, although a challenge to an ALJ decision is heard de novo, the appeal is made to the SEC Commission itself. In addition, discovery is significantly limited in an administrative proceeding. The SEC is required to provide only its investigative file, so discovery is limited. Finally, the timing in administrative proceedings also is much shorter, leaving the defense less time to prepare and respond.
In addition to the renewed prosecutorial vigor by the Enforcement Division, the existence of the SEC whistleblower bounty program is changing the corporate compliance landscape and requiring companies to work harder to ensure internal reporting. On October 1, 2013, the SEC announced a $14 million award under the whistleblower bounty program created as part of Dodd-Frank. The Dodd-Frank confidentiality provisions prevent disclosure of the identity of the award recipient, as well as the underlying enforcement action. Regardless, this award is a game-changer and likely will be the tip of the iceberg for awards to come. The SEC likely will continue to receive record numbers of tips, potentially leading to additional enforcement actions. As more and larger awards are announced, the threat of a whistleblower reporting outside a company’s internal reporting structure is likely to increase. The incentive to report directly to the SEC rather than internally should force companies to evaluate the effectiveness of compliance and internal reporting systems.
The uptick in SEC enforcement actions likely will not wane anytime soon. Rather, with a new Chair at the helm of the agency, the SEC is more hard-charging than ever in its investigations and enforcement actions. Given this landscape, compliance and legal personnel should work diligently to establish and maintain robust compliance policies, internal controls and internal reporting programs.
The full LRN Risk Forecast Report can be accessed at: https://pages.lrn.com/risk-forecast-report-2014