The FCPA’s books and records and internal control provisions require issuers (generally FCPA speak for publicly-traded companies) to: (i) “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;” and (ii) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that (among other things) transactions are executed in accordance with management’s general or specific authorization, transactions are recorded as necessary to maintain accountability of assets, and access to assets is permitted only in accordance with management’s general or specific authorization.
The SEC enforces these provisions against issuers – often in expansive ways.
The SEC, of course, is not an issuer, but every so often it is interesting to spend a few moments in “hypothetical land.” (See this prior post). What if the SEC were an issuer?
Relevant to this question, as highlighted in this prior post, in April 2022 the SEC announced using the bland headline “Commission Statement Relating to Certain Administrative Adjudications” – in pertinent part as follows:
“The Commission has identified a control deficiency related to the separation of its enforcement and adjudicatory functions within its system for administrative adjudications. When this deficiency was identified, the Chair immediately notified the other Commissioners and directed the staff to undertake remedial measures and commence a comprehensive internal review to assess the scope and potential impact of the issue. We are now releasing the findings of that review as it relates to two adjudicatory matters currently in litigation in federal court. In both matters, the review found that agency enforcement staff had access to certain adjudicatory memoranda, but that this access did not impact the actions taken by the staff investigating and prosecuting the cases or the Commission’s decision-making in the matters.
The Commission has determined that, for a period of time, certain databases maintained by the Commission’s Office of the Secretary were not configured to restrict access by Enforcement personnel to memoranda drafted by Adjudication staff. As a result, in a number of adjudicatory matters, administrative support personnel from Enforcement, who were responsible for maintaining Enforcement’s case files, accessed Adjudication memoranda via the Office of the Secretary’s databases. Those individuals then emailed Adjudication memoranda to other administrative staff who in many cases uploaded the files into Enforcement databases.
We deeply regret that the Commission’s systems lacked sufficient safeguards surrounding access to Adjudication memoranda. We have great faith in the professionalism of all of our staff and will work to ensure that, going forward, we better protect the separation of adjudicatory work-product within our system for administrative adjudications, including by enhancing our systems for controlling access to Adjudication memoranda. We take this lapse in controls very seriously and are working hard to make sure nothing like it happens again. The review team will continue to assess the remaining affected adjudicatory matters, and we will release those findings as soon as we are able to do so.”
Last week the SEC issued this follow-up statement and announced using the bland headline “Second Commission Statement Relating to Certain Administrative Adjudications” – in pertinent part as follows:
“On April 5, 2022, the Commission issued a Statement Relating to Certain Administrative Adjudications (the “April 5 Statement”) describing a control deficiency related to the separation of enforcement and adjudicatory functions within the agency’s system for administrative adjudication. As the April 5 Statement explained, for a period of time, certain databases maintained by our Office of the Secretary (“OS”) were not configured to restrict access by staff from our Division of Enforcement (“Enforcement”) to memoranda drafted by staff from the Adjudication Group (“Adjudication”) in our Office of the General Counsel (“OGC”). As a result, in a number of adjudicatory matters, administrative support staff from Enforcement responsible for maintaining Enforcement’s case files accessed Adjudication memoranda via OS’s databases. In many instances, those administrative staff also emailed Adjudication memoranda to other administrative staff for potential upload to Enforcement databases; once uploaded, the memoranda became accessible more broadly to Enforcement staff.
When it was discovered that Enforcement staff had access to Adjudication memoranda, the Commissioners were notified, as was the Commission’s Office of Inspector General. As the April 5 Statement explained, the Chair immediately directed the implementation of remedial measures, including enhanced access controls, to ensure that Enforcement staff would no longer be able to access these memoranda in the OS databases or through the Enforcement databases to which they may have been uploaded. The Chair also initiated a comprehensive internal review to assess the scope and potential impact of the control deficiency. This review has been conducted by experienced investigative staff from the Division of Examinations under the supervision of the Commission’s General Counsel (the “review team”). As noted in the April 5 Statement, the review team has been supported by Berkeley Research Group, LLC, a consulting firm retained by OGC that includes a team of experienced investigators and forensic analysts.
The April 5 Statement disclosed the review team’s findings regarding two matters arising from administrative adjudicatory proceedings as to which challenges were pending in the federal courts. In the April 5 Statement, the Commission also committed to releasing information about additional affected matters. We are now releasing the below statement from the review team, which provides additional information about the two matters discussed in the April 5 Statement, as well as findings regarding additional adjudicatory matters that are currently pending before us. Those matters include 28 matters as to which one or more Adjudication memoranda specific to a particular matter were accessed by Enforcement administrative staff, as well as 61 additional matters in which one or more Adjudication memoranda broadly applicable to numerous pending matters were accessed by Enforcement administrative staff.
We deeply regret that the agency’s internal systems lacked sufficient safeguards surrounding access to Adjudication memoranda, and we are continuing our work to ensure that, going forward, work product from the Adjudication staff is appropriately safeguarded. We take this lapse in controls very seriously and are committed to both informing the public about the scope of this issue and preventing any similar lapses in the future.”
When an issuer is under SEC scrutiny for a control deficiency, can the issuer simply “deeply regret” the deficiency and state that it is “continuing [its] work to ensure that, going forward” the control deficiency does not happen again?
Save Money With FCPA Connect
Keep it simple. Not all FCPA issues warrant a team of lawyers or other professional advisers. Achieve client and business objectives in a more efficient manner through FCPA Connect. Candid, Comprehensive, and Cost-Effective.