The FCPA’s books and records and internal control provisions require issuers (generally FCPA speak for publicly-traded companies) to: (i) “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;” and (ii) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that (among other things) transactions are executed in accordance with management’s general or specific authorization, transactions are recorded as necessary to maintain accountability of assets, and access to assets is permitted only in accordance with management’s general or specific authorization.
The SEC enforces these provisions against issuers – often in expansive ways.
The SEC, of course, is not an issuer, but every so often it is interesting to spend a few moments in “hypothetical land.” (See this prior post). What if the SEC were an issuer?
Relevant to this question, last week the SEC announced – using the bland headline “Commission Statement Relating to Certain Administrative Adjudications” – in pertinent part as follows:
“The Commission has identified a control deficiency related to the separation of its enforcement and adjudicatory functions within its system for administrative adjudications. When this deficiency was identified, the Chair immediately notified the other Commissioners and directed the staff to undertake remedial measures and commence a comprehensive internal review to assess the scope and potential impact of the issue. We are now releasing the findings of that review as it relates to two adjudicatory matters currently in litigation in federal court. In both matters, the review found that agency enforcement staff had access to certain adjudicatory memoranda, but that this access did not impact the actions taken by the staff investigating and prosecuting the cases or the Commission’s decision-making in the matters.
The Commission has determined that, for a period of time, certain databases maintained by the Commission’s Office of the Secretary were not configured to restrict access by Enforcement personnel to memoranda drafted by Adjudication staff. As a result, in a number of adjudicatory matters, administrative support personnel from Enforcement, who were responsible for maintaining Enforcement’s case files, accessed Adjudication memoranda via the Office of the Secretary’s databases. Those individuals then emailed Adjudication memoranda to other administrative staff who in many cases uploaded the files into Enforcement databases.
We deeply regret that the Commission’s systems lacked sufficient safeguards surrounding access to Adjudication memoranda. We have great faith in the professionalism of all of our staff and will work to ensure that, going forward, we better protect the separation of adjudicatory work-product within our system for administrative adjudications, including by enhancing our systems for controlling access to Adjudication memoranda. We take this lapse in controls very seriously and are working hard to make sure nothing like it happens again. The review team will continue to assess the remaining affected adjudicatory matters, and we will release those findings as soon as we are able to do so.”
When an issuer is under SEC scrutiny for a control deficiency, can the issuer simply “deeply regret” the deficiency and state that it has “great faith in the professionalism of its employees that, going forward” it will not happen again?