SEC Chair Mary Jo White recently delivered this speech titled “Three Key Pressure Points in the Current Enforcement Environment.” White addressed the following “pressure points” through her “lens as the Chair of the SEC”
(1) the pressure of multiple regulators in the same or overlapping investigations;
(2) the decision to charge individuals, entities, or both; and
(3) the range of remedies and ultimate resolutions.
The SEC’s FCPA enforcement program touches upon all of these issues and this post highlights certain ironies in White’s speech.
As to the first “pressure point” – “which regulators are involved,” White stated in pertinent part:
“The first variable is which regulators are, or are likely to be, involved. The answer, of course, will depend on the nature of the alleged conduct as well as the jurisdiction and interest of regulators and prosecutors. And the number and type of regulators involved will define the range of possible outcomes, and dictate the kind of advice you will give clients.
When I first went back into private practice in 2002, investigations were often conducted by one, maybe two, regulators. Frequently, investigations were conducted in parallel by the SEC and criminal authorities, as they are today. But usually, that was it. Now, it is common to have investigations with more – sometimes many more – than two regulators, whether they are additional federal regulators, state prosecutors, attorneys general, or foreign regulators. There are many reasons for this, including: the internationalization of enforcement; the global nature of many of today’s securities frauds; the increased regulatory activity on the state level; and the increased complexity of our markets.
So, with numerous regulators with overlapping mandates to investigate any given potential case, how do we stay in our lanes? Or is it inevitable that we overcrowd every domestic and international highway on today’s enforcement landscape?
Of course, each agency makes its own decision about which investigations to pursue, thus leading to a crowded highway in many investigations. Enforcers may perceive that outcome as both necessary and desirable if their mandates are to be strongly implemented and their messages heard. From my perch at the SEC, I surely have that inclination, wanting us to be involved in any matter that touches our jurisdiction, so that we can shape the outcome in a way that is consistent with our view of the law and appropriate conduct.
But, at the same time, we regulators need to keep in mind the impact we have on those we regulate and ensure that our own respective interests do not lead to unjust, duplicative outcomes. Especially in an era of scarce resources, regulatory choices and coordination are critical. Each agency should make a frank assessment of whether it brings the right expertise, jurisdictional authority, and appropriate remedies to the table.
There are actually some coordination successes we can point to and build upon. For example, in the FCPA area, the SEC and DOJ, and frequently other international regulators, have a long history of coordinating effectively, to the point that the SEC and DOJ jointly developed the “Resource Guide” that closely examines the SEC and DOJ approach to FCPA enforcement. In the typical case, the SEC and DOJ will investigate in parallel from the outset, and if the matter settles, the SEC usually obtains the disgorgement as part of its resolution and DOJ obtains the penalty. This division of labor and remedies achieves full accountability without regulatory “double dipping.”
Collectively, we should also try to avoid unnecessary competition among ourselves for cases and headlines. While I realize we may not always achieve this goal in practice, enforcement is serious business and we have a professional responsibility to use our agency resources wisely and in a manner that best applies our specific expertise and enforcement tools. And there is never room for anything other than a thorough investigation of all the evidence – wherever and to whomever it may lead. Rushes to judgment or to the courthouse can potentially result in both injustices and charges that may not capture all of the culpable parties or misconduct.
Of course, there is often good reason for conducting criminal and regulatory investigations in parallel. In appropriate cases, we need to rely on our criminal law enforcement colleagues, who have the power to jail, to work with us. But what does and should determine whether a securities fraud case is brought civilly, criminally, or both?
It may help to think about the cases in three categories. The first are those that do not involve intentional wrongdoing, but rather failures of controls or reporting obligations. These cases fall squarely within the SEC’s wheelhouse and will rarely, if ever, be brought criminally. Examples include failure to supervise cases; violations of broker-dealer rules like the market access rule, Rule15c3-5; cases involving unprofessional, but not fraudulent, audits; failures of investment advisers to follow compliance rules; or violations by exchanges of their own rules. These are important cases that influence conduct in the industry and ensure a significant focus on compliance and controls. But they are not criminal cases because the misconduct rarely involves intent.
The second category of cases are those that clearly have a criminal component – those involving egregious, fraud-based conduct with a strong evidentiary trail. These cases are often the most sophisticated frauds causing significant investor harm, brazen attempts to steal money through offering frauds or Ponzi schemes, or blatant frauds on the markets through insider trading. There is no ambiguity in these cases – egregious conduct deserves the severe sanction of imprisonment, and often in these cases, the criminal authorities are participants in the investigation from the beginning.
The third category – the most difficult to define – are those on the line, where a criminal case is possible but not necessarily apparent on the face of the conduct.Often, such cases rely on prosecutors ready to bring cases where the evidence is not overwhelming but is sufficient to find the offense beyond a reasonable doubt. It is often in these cases that the criminal authorities monitor the SEC investigations to determine whether sufficient evidence has developed to justify criminal interest. And it is in these cases that we at the SEC must maintain open channels of communication with the criminal authorities to determine whether they have sufficient interest in the matter to participate in interviews of witnesses and other evidence gathering exercises.
The bottom line is that the decision of whether a case will go criminal will typically turn on the strength of the evidence and the type of offense under investigation – which are the appropriate factors to consider in making such a determination.”
White’s concerns regarding “overcrowding,” “duplicative outcomes” and “double dipping” of course were spot-on. Indeed “double dipping” is what occurs in most FCPA enforcement actions involving issuers – see here for the prior post.
The irony of course is that she mentioned the DOJ/SEC’s overlapping FCPA jurisdiction as a success when, in the minds of many, overlapping FCPA jurisdiction is Exhibit A for “overcrowding,” “duplicative outcomes” and “double dipping.” For starters, as highlighted in “The Story of the Foreign Corrupt Practices Act,” the SEC never wanted any part in enforcing the FCPA’s anti-bribery provisions.
Among the FCPA reform proposals advanced by Philip Urofosky (former DOJ Assistant Chief of the Fraud Section) in this article is to “eliminate overlapping enforcement jurisdiction” – in other words Urofosky writes, “the SEC should get out of the anti-bribery business.”
He writes as follows.
“The SEC’s enforcement of the anti-bribery provisions raises a fundamental matter of fairness. Take two companies, one public and one private, and assume that both violate the FCPA and realize the same illicit gain from the violation. The private company will be subject only to DOJ’s jurisdiction and will therefore be exposed to a criminal fine of up to twice its gain. The public company, on the other hand, will be subject both to that criminal fine and to a civil fine and disgorgement of the illicit proceeds, thus potentially paying a third more in fines than the private company for the same conduct.”
For additional support for this reform proposal, see Professor Barbara Black’s article (here) “The SEC and the Foreign Corrupt Practices Act: Fighting Global Corruption Is Not Part of the SEC’s Mission.”
As to the second “pressure point” – “what defendants are being charged,” White stated in pertinent part:
“Irrespective of which and how many investigators you face, the second decision point in nearly every securities enforcement investigation is who will be charged as a defendant – a decision that again is, and should be, dictated by the nature of the misconduct and strength of the evidence.
First, I want to dispel any notion that the SEC does not charge individuals often enough or that we will settle with entities in lieu of charging individuals.
The simple fact is that the SEC charges individuals in most of our cases, which is as it should be. A recent Harvard survey shows that since 2000, the SEC has charged individuals in 93% of our actions involving nationally listed firms in which we charged fraud or violations of books and records and internal control rules. An internal, back-of-the envelope, analysis the staff did recently indicates that since the beginning of the 2011 fiscal year, we charged individuals in 83% of our actions. Under either calculation, those percentages are very high – which means that the cases where individuals are not charged are by far the exception, not the rule.
I expect that this is probably not news to most of you who have had individual clients charged by the SEC. It should also not be a surprise that we focus our investigations initially on the individuals closest to the wrongdoing and work outward and upward from there to determine who else should be charged, including whether to charge the corporation. A company, after all, can only act through its employees and if an enforcement program is to have a strong deterrent effect, it is critical that responsible individuals be charged, as high up as the evidence takes us. And we look for ways to innovate in order to further strengthen our ability to charge individuals.
One new approach to charging individuals is to use Section 20(b) of the Exchange Act. Although this section dates back to the original Exchange Act of 1934, chances are you may not be very familiar with it because, frankly, it has not been a common charge. Before you start reaching for your smart phones to look it up, let me save you the trouble. Section 20(b) imposes primary liability on a person who, directly or indirectly, does anything “by means of any other person” that would be unlawful for that person to do on his or her own. This is analogous in the criminal context to 18 U.S.C. Section 2(b), which provides for criminal liability as a principal for anyone who “willfully causes an act to be done which if directly performed by him or another would be” a criminal violation.
We are focusing on Section 20(b) charges where – as is frequently the case in microcap and other frauds – individuals have engaged in unlawful activity but attempted to insulate themselves from liability by avoiding direct communication with the defrauded investors. It is potentially a very powerful tool that can reach those who have participated in disseminating false or misleading information to investors through offering materials, stock promotional materials, or earnings call transcripts, but who might not be liable under Rule 10b-5(b) following the Supreme Court’s decision in Janus because they may not be the “maker” of the statement.
Just as importantly, though, as with 18 U.S.C. Section 2(b), Exchange Act Section 20(b) is a form of primary liability, rather than secondary liability, which would require proof of a separate violation by someone other than the defendant. So, we can use Section 20(b) where aiding and abetting or controlling person theories may fall short because there is no underlying violation by someone else, such as, for example, when the other person who publicly makes the misleading statements lacks knowledge that they were misleading.
In this portion of her speech, White stated: “the simple fact is that the SEC charges individuals in most of our cases, which is as it should be.”
As highlighted in this prior post, between 2008 – 2013, 82% of corporate SEC FCPA enforcement actions have not (at least yet) resulted in any SEC charges against company employees. Thus far in 2014 there have been two corporate SEC FCPA enforcement actions and none have involved (at least yet) charges against company employees. The last time the SEC has brought an FCPA enforcement action against individuals in connection with a corporate enforcement action was in February 2012 (see here).
As to the third “pressure point,” – “determining the appropriate resolution,” White stated in pertinent part:
“[L]let me share a bit about our current thinking on some of the non-monetary remedies and resolutions we are currently emphasizing at the SEC – the use of bars, monitors, and admissions.
One the SEC’s most powerful non-monetary remedies to protect the public from future harm is our authority to bar wrongdoers who work in the industry or appear before the SEC. And I have encouraged our Enforcement Division to increase the use of these bars in appropriate cases and to ensure that we obtain bars for periods of time that respond to the seriousness of the misconduct.
We have also been more focused on seeking and obtaining undertakings requiring the use of monitors or independent compliance consultants, and doing so in a way that directly addresses the root causes of the misconduct. Ensuring that defendants address their deficiencies and implement corrective actions is critical to making sure that our actions protect investors from future harm.
Another popular tool we have implemented since I became Chair is to require admissions of wrongdoing in certain cases. As I have described before, we seek admissions in cases where there is a heightened need for public accountability or for the investing public to know the unambiguous facts. And, we have now required admissions in a number of significant cases. Expect to see more as we go forward and the new protocol evolves.”
As highlighted over the past several years in SEC FCPA enforcement year in review posts, it is a mystery to many how and why certain FCPA enforcement actions include a civil penalty, disgorgement and prejudgment interest, whereas other enforcement actions include only disgorgement and prejudgment interest, whereas other enforcement actions include only disgorgement, whereas other enforcement actions include only a civil penalty.
In this recent speech, Andrew Ceresney (SEC Division of Enforcement Director) stated:
“I have found that you can predict a lot about the likelihood of an enforcement action by asking a few simple questions about the role of the company’s legal and compliance departments in the firm. Are legal and compliance personnel included in critical meetings? Are their views typically sought and followed? Do legal and compliance officers report to the CEO and have significant visibility with the board? Are the legal and compliance departments viewed as an important partner in the business and not simply as support functions or a cost center? Far too often, the answer to these questions is no, and the absence of real legal and compliance involvement in company deliberations can lead to compliance lapses, which, in turn, result in enforcement issues.
When I was in private practice, I always could detect a significant difference between companies that prioritized legal and compliance and those that did not. When legal and compliance were not equal partners in the business, and were not consulted as a matter of course, problems were inevitable. “
In this recent speech SEC Commissioner Kara Stein talked about the important “role of gatekeepers” and stated:
The Role of Gatekeepers
“So who is in a position, either within or outside a firm, to help? In effect, who are the gatekeepers that are able to disrupt or prevent misconduct? Certainly auditors and outside legal counsel can play this role. As most of you know, it doesn’t stop there. Executives, compliance officers, in-house counsels, and boards of directors also can help.
Each of these persons is in a unique position to monitor and promote legal compliance. Accountants and lawyers provide services that issuers need to access our capital markets. And their services are provided to multiple firms, which enables them to promote compliance broadly.
Internal gatekeepers play just as vital a role in compliance. Compliance officers must design, test, and update firm policies. Firm management and the board generally must approve these policies and monitor compliance with them. Executives, hopefully with the help of a good Chief Compliance Officer (CCO), must establish a strong “tone at the top.” Because, as we all know, the compliance function won’t work without buy-in and commitment at the top.
A recurring theme in many of the cases that I review each week is the failure of some of these important players or gatekeepers to disrupt or prevent misconduct. This troubles me greatly, and I know it troubles all of you as well.
How can the Commission help you make prevention more effective? What are the best incentives? Carrots? Sticks? Or both?
First, let’s talk about sticks. The Commission recently imposed a $200 million penalty against a large bank for misstating financial results and lacking effective internal controls. This breakdown in controls, a core part of compliance, contributed to billions – yes billions – in trading losses. The penalty was unprecedented for this type of case and is one of the largest penalties in the history of the Commission. Yet it amounted to a tiny fraction of the firm’s net income for just one quarter.
If our actions become nothing more than a footnote in the litigation reserve section of a firm’s financial statements, or a brief media storm that can be easily weathered before it is back to business as usual, have we been effective?
Or is it more effective to hold individuals to account? The people who could have, and should have, prevented the harm? This may help empower each of you in making the case to your clients and your firms that they should heed your advice.
I applaud our enforcement staff for bringing some tough and important cases. For example, we recently brought a financial fraud case against the Chief Financial Officer of a large public company, a case against a Chief Compliance Officer for violations of custody and compliance rules, and a case against the directors of an investment company for failing to properly oversee the fair valuation of fund securities.
But one gatekeeper that often is absent from the list of cases I see every week are the lawyers. Lawyers often serve as trusted advisers, and they give advice on almost every corporate transaction. They prepare and review disclosures that investors rely upon – disclosures that are at the core of the Commission’s regulatory program. And in most cases, they do a good job. But when lawyers provide bad advice or effectively assist in a fraud, sometimes their involvement is used as a shield against liability for both themselves, and for others.
Are we treating lawyers differently from other gatekeepers, such as accountants? I think we should carefully review the role that lawyers play in our markets, with a view towards how they can better help deter misconduct and prevent fraud.
Another critical partner is the CCO. Many of you in the audience are CCOs, and I appreciate the important work that you do each day. The CCO is a relatively new position, and the role has evolved significantly over time.
It is clear to me that the vast majority of CCOs are working hard and getting good results. But many of you are nonetheless concerned about possible enforcement actions against CCOs. There is a concern that charging CCOs will have the unintended consequence of weakening the compliance function. I have heard it said that these cases may lead to a drop in the quality of CCOs, because the best candidates will not be willing to serve. And those CCOs that remain willing to assume the role will be less effective because, for example, they may avoid certain functions such as participating in firm committees. That is not the intention.
If you read the facts in the cases we bring, you will see that they are not cases against CCOs that were promoting compliance. Instead, they are cases against CCOs that were assisting fraud, ignoring red flags, not asking the tough questions, and not demanding answers.
These cases should empower you within your firms to continue to be vigilant and assertive. And know that we “have your back” when others try to prevent you from doing your job. For example, the Commission recently brought a case against a portfolio manager for misleading the firm’s CCO by forging documents to conceal his failure to report personal trades.
While these enforcement cases are important, carrots to incentivize the right behavior may be even more critical. This, of course, raises an important threshold question – what is the right behavior? It will depend on the type of gatekeeper, the role that he or she plays, and the facts and circumstances of each case. For some gatekeepers, such as accountants, the role is well-defined. For others, such as CCOs, it is less so.
This creates uncertainty, which I believe is at the heart of the concerns that I’ve heard about CCO liability. We owe it to you to remove some of this uncertainty so that you can fully unleash your power to prevent harm.
One way to do this is for the Commission to provide guidance that sets clearer expectations on what it means to act appropriately. And when those expectations are met, a CCO can have comfort that he or she will not face liability.
What are the right expectations for CCOs? Again, I need your input. Should the Commission establish a minimum baseline of conduct for CCOs? It could contain basic obligations, such as requiring the CCO to establish and implement policies, and escalate issues that arise. And to whom should the CCO escalate issues? Executives at the firm? The board? A firm committee? And what happens if the CCO receives an unsatisfactory response? There are no easy answers here, but we must make the effort to bring guidance and clarity to you on these issues. And we need your help to get it right.”