The SEC’s blockbuster fines over Wall Street’s use of messaging apps have rightly garnered a lot of attention, but as the agency’s enforcement leader said late last year, it’s all about proactive compliance. MirrorWeb’s Harriet Christie gives her take on the agency’s recent enforcement priorities and what they could mean for compliance professionals in 2024.
When a new year begins, it’s natural to reflect on our direction and make improvements where we can. This doesn’t just apply to individuals, but organizations too — it’s a clean slate across the board. As we enter 2024, Gurbir Grewal, director of the SEC’s Enforcement Division, is focused less on resolutions — and more an actual revolution.
“Public trust in our institutions is faltering … but it is clear that we cannot reverse those trends alone,” Grewal told the New York City Bar Association’s October compliance institute. “We need your help to do so. We need to work together to create what I call a culture of proactive compliance.”
And this isn’t all talk; Grewal and others have openly expressed their vision for what exactly constitutes proactive compliance.
‘Doing the right thing’
Grewal’s focus on proactive compliance doesn’t come out of the blue; indeed, the stance he espoused in New York is the direct result of the regulatory developments that preceded them.
“No sector is immune to this trend. … If the public doesn’t think the system is fair … they are not going to invest their hard-earned money. This hurts all those companies, professionals and other market participants who are playing by the rules and doing the right thing.”
The elephant in the room here is undoubtedly the battery of fines levied against Wall Street for its use of WhatsApp and other ephemeral messaging platforms, actions that have dominated the news the past couple of years, and which have prompted intense (and public) media scrutiny. Grewal is aware this doesn’t fill consumers with confidence, so has made it clear that for the sake of market integrity, penalties must be applied across the board and all bad actors must be held accountable.
These actions send a strong message. Firstly, fairness, with no concessions made to culpable firms, whether large or small. Secondly, it demonstrates that Grewal’s vision isn’t a flavor-of-the-month box-ticking exercise but a real shift in priorities. And in case you hadn’t realized given the length of the SEC’s messaging crackdown, this also isn’t a quick fix; rather, it’s a long-term solution to an age-old problem, coaxing people to do the right thing rather than what they can get away with.
Stuck in the middle
Acknowledging that compliance is a difficult profession, Grewal sought to reassure companies that the SEC is now out to get CCOs, saying the agency “does not second-guess good faith judgments of compliance personnel made after reasonable inquiry and analysis.”
Grewal also clarified when chief compliance officers may expect to face SEC charges in the event of regulatory compliance lapses, pointing to a list of three scenarios:
- Compliance personnel affirmatively participated in misconduct unrelated to the compliance function
- They misled regulators
- There was a wholesale failure by them to carry out their compliance responsibilities
Grewal (and by extension, hopefully, the SEC) seems to get it: Compliance officers are tasked with enforcing measures set out by regulators while enabling their companies to flourish, a give and take on either side that will always be a balancing act.
Though he made clear that simply being part of the compliance function is not “a get-out-of-jail” card, his clarification of where compliance professionals stand and which actions will trigger the SEC indicates he and the agency are sympathetic to the challenging nature of working in compliance.
The three Es
Grewal outlined three necessities for establishing a culture of proactive compliance within organizations:
- Education: Keeping on top of new legislation, regulatory enforcement and cultural developments that may have an influence on proceedings (the impact of AI, for example). By issuing fines publicly and vehemently, Grewal insists the SEC is doing its part to contribute.
- Engagement: Only by engaging with personnel across organizations can CCOs learn about their activities, strategies and risks, which is vital to accurately assess compliance gaps in an organization and understanding where improvements can be made or processes changed. Engaging with staff also builds trust and accountability.
- Execution: It’s all well and good having written procedures in place, but you need to follow them if you want to enact meaningful change. In the case of the WhatsApp fines, relevant policies were formalized but largely ignored and firms were eventually held accountable for their misconduct.
“[T]hrough leadership, training, constant oversight and the right tone at the top, you need to ensure that the policies are actually implemented and followed,” Grewal said. “That’s what proactive compliance requires.”
The buffer period
An interesting thing to consider is that with the proliferation of digital channels and developments in technology, regulators take time to catch up with consumer behavior. They need to be very precise with the rules they enforce and so cannot dive headfirst into issues as they emerge.
That is what has happened with WhatsApp, and while many companies were flagrantly breaching record-keeping regulations, you could also argue that the SEC’s inaction on the matter lulled firms into a false sense of security, resulting in complacency. It’s clear that having looked the other way for some time, the regulator has now drawn a line in the sand.
This perfectly exemplifies the value of proactive compliance; businesses have a headstart on regulators and just because something is not yet explicitly prohibited, that doesn’t make it a loophole. After all, who knows what the next WhatsApp will be? It’s safest for firms to do the right thing and apply fundamental principles to modern technology, or it could cost them — financially and reputationally.
By acknowledging the difficult space compliance personnel occupy and applying some common sense to proceedings, Grewal may well have recruited more supporters within the compliance sector.