Top Menu

A Most Interesting Internal Controls Theory Of Enforcement

Interesting

Recently, the SEC filed a lengthy civil complaint against Austin, Texas-based software company SolarWinds Corporation and its chief information security officer, Timothy Brown, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities. (See here).

As stated in the SEC’s release:

“The complaint alleges that, from at least its October 2018 initial public offering through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed “SUNBURST,” SolarWinds and Brown defrauded investors by overstating SolarWinds’ cybersecurity practices and understating or failing to disclose known risks. In its filings with the SEC during this period, SolarWinds allegedly misled investors by disclosing only generic and hypothetical risks at a time when the company and Brown knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.”

Continue Reading

“This Is Wrong” And “Callous” – CFTC Commissioner Unleashes On Enforcement Action Based On Record Keeping Issues During The Height Of Covid

Pham

This post has little to do with the Foreign Corrupt Practices Act specifically.

However, during the early months of Covid in Spring 2020, this post highlighted how the standard in the FCPA’s internal controls (and books and records) provisions is “reasonable” and that “reasonable” (a term used throughout the law) contemplates a variety of factors including the circumstances in which conduct occurs.

Given that FCPA scrutiny tends to last 4 years on average – and given that conduct giving rise to FCPA scrutiny tends to be up to 5-10 years old – this site has more than once “wondered” how FCPA internal control and/or books and records “deficiencies” will be viewed in future FCPA enforcement actions for the general time period March 2020 – 2021 (or perhaps even 2022).

If this recent Commodities Futures Trading Commission (CFTC) enforcement action against Goldman Sachs is any indication, the answer is the government may not care about the real-world conditions during that time period.

Continue Reading

That Was Then, This Is Now

shrug

To best understand (and place in context) current SEC FCPA enforcement positions and policies, it is useful to understand past SEC FCPA enforcement positions and policies.

The year was 1981, the event was the American Institute of Certified Public Accountants, and the speaker was Harold Williams, the Chairman of the SEC. The speech did not contain the standard disclaimer (i.e. I am just an individual and not speaking on behalf of the SEC), rather Williams specifically stated that his remarks “constitute a statement of the Commission’s policy.”

Williams focused his remarks (here) “solely to one major auditing development of recent years: the accounting provisions of the Foreign Corrupt Practices Act of 1977″ and stated that “the anxieties created by the Foreign Corrupt Practices Act – among men and women of utmost good faith – have been, in my experience without equal.”

Williams tried to damper these anxieties and spoke about the scope of the provisions including when an enforcement action would be warranted.

Continue Reading

Duped By Certain China Subsidiary Employees, 3M Resolves A $6.5 Million Enforcement Action

3m

The SEC announced today that 3M resolved a $6.5 million Foreign Corrupt Practices Act enforcement.

The basics are as follows.

Approximately 6-10 years ago, a former Marketing Manager of a 3M China-based subsidiary “secretly” provided “tourism activities” for Chinese health care officials.

The Marketing Manager “would create a travel itinerary that included various legitimate business, training and marketing activities for submission to 3M-China’s compliance personnel for approval,” however there were “alternate itineraries” that “consisted of various tourism activities at or near the location of the educational events.”

There is no suggestion that anyone at 3M headquarters knew of or approved of the conduct. Indeed, subsidiary employees, among other things, “falsified internal compliance documents that affirmatively denied and/or omitted mention of the Tourism Activities that were planned as part of the overseas trip.”

Continue Reading

That Was Then

THATWASTHEN

To best understand (and place in context) current SEC FCPA enforcement positions and policies, it is useful to understand past SEC FCPA enforcement positions and policies.

The year was 1981, the event was the American Institute of Certified Public Accountants, and the speaker was Harold Williams, the Chairman of the SEC.

Williams focused his remarks (here) “solely to one major auditing development of recent years: the accounting provisions of the Foreign Corrupt Practices Act of 1977.”

Williams began has remarks as follows.

Continue Reading

Powered by WordPress. Designed by WooThemes