On October 29, 2015 I moderated a discussion with Stephen Cohen, Associate Director, Division of Enforcement at the SEC. It was a wide-ranging conversation about a host of issues of concern to compliance professionals: is the SEC going after compliance officers, what’s the status of the whistleblower program, and what weight does a compliance program have when the SEC is considering an enforcement action?
Here are some of the highlights from the web conference:
- Perhaps the most important words issues by Stephen Cohen were “We are very much not focused on compliance officer liability.” As he explained, “ Our cases against CCOs are generally limited to circumstances where they: (a) affirmatively are involved in the misconduct; (b) helped mislead regulators; or (c) have clear regulatory responsibility to implement compliance programs and policies and wholly failed to carry out that responsibility.”
- Among a long list of priorities, the Foreign Corrupt Practices Act (FCPA) remains a key priority for the SEC. They will continue to work closely with the Department of Justice, and will pursue separate cases as well.
- Cyber threats are increasingly a risk, and businesses need to both address them and to include them in their disclosure statements.
- Outside assessments of compliance programs can be very useful. Aside from providing compliance programs with a better understanding of their program, they can help when discussing the effectiveness of your program with the SEC. It’s one thing to say that your program is good. It’s quite another if an outsider is saying that. Likewise, if a company is arguing that an incident is due to a rogue employee, having a credible outsider who has looked and feels the culture, overall is strong, is helpful.
- When an incident occurs and you are meeting with the SEC, you should tell the staff as much about your compliance program as they will listen to and as early as possible. Don’t put it off, but be sure your program is a good one if you talk about it.
- Make sure you have numbers to show the SEC. Too often, companies say they do training but the lawyers don’t know how much training, when it was administered, how many people took it and so forth. Having that data and other metrics is helpful, as is having someone in the room who knows the program inside and out.
- Bringing the compliance officer, not just the lawyers, can be very helpful when meeting with the SEC: the compliance officer is the one who will have that data, and the SEC is going to have a lot of questions.
- The SEC takes note of the structure and size of the compliance program: is the staff sufficient? Is it disbursed around the world where the risks are or only in the HQ?
- THE SEC also wants to know how the program governance works: Does the compliance officer have a line to the board? Does he or she have a seat at the table? Is he/she a part of leadership? Is there sufficient independence?
- What defines a great, versus a good, program from Stephen Cohen’s perspective?
- Proper governance indicating a strong culture of compliance
- Incentives and reward to encourage the right behaviors
- Fair and consistent discipline
- Self-evaluation of the compliance program and continual process improvement
- The whistleblower program at the SEC is yielding a lot of tips and continues to grow.
- There is new authority under Dodd-Frank to penalize retaliation
- The whistleblower program has, as he put it, been “game changing” with substantial allegations of wrongdoing that the SEC might never have known about. And, contrary to popular belief, “People don’t come to us willy nilly and complain about their company.”
- Whistleblowers, generally speaking, do not appear to be bypassing their company’s compliance program. The overwhelming majority of whistleblowers had reported internally first. Unfortunately, they were either, in their opinion, ignored or retaliated against.
- Finally, in response to a question about multinational activities, as Steve put it, “We could not do our job today without international cooperation.”
If you’re interested in hearing the entire webinar, you can purchase it on the SCCE site.
[bctt tweet=”Words to Listen to from Stephen Cohen of the SEC @AdamTurteltaub” via=”no”]