On Thursday, October 29th, a call was hosted by the Society of Corporate Compliance and Ethics (SCCE) with Steven Cohen, Associate Director of the Securities and Exchange Committee (SEC). For over an hour, Mr. Cohen spoke about the role of the SEC in investigating companies, holding individuals accountable, and what companies can do to avoid fines and government scrutiny.
“The Dog Ate My Homework”: Common Company Defenses
Mr. Cohen reported that virtually all companies, when the SEC approaches, make the claim that they have a bad egg operating in an otherwise ethical company. He said he listens wholeheartedly but must, of course, dig beneath any claims to look for the evidence beneath.
The SEC first looks to see if there are widespread internal control and cultural issues leading to broad problems in multiple departments and countries.
If they determine this isn’t the case, they look for the causes of a particular misconduct: is it really a rogue action by a single individual, or did a firm’s culture create the kinds of pressures that make employees feel they need to manipulate the system?
Where the SEC Looks for Evidence of Defensible Compliance
Mr. Cohen reported that they will typically look at 5 broad areas within a company to help determine the size and nature of an investigation.
- Is ethical behavior and compliance supported visibly by the Board and senior execs?
- Is there a clear and easy-to-use hotline?
- Is a culture of retribution actively discouraged?
- Are trainings happening, and what is the data around them?
- Is there an external monitor or consultant who is providing impartial data?
The more of these questions that can be answered with a “yes”, the more likely the SEC is to view the incident as isolated.
3 Ways Companies Make Things Worse
Mr. Cohen indicated that the SEC is more than willing to take companies at their word – at first. But they often start making mistakes right out of the gate, mistakes that can set up an adversarial tone.
Mistake #1: Coming Late to SEC
Companies will often wait as long as possible to approach the SEC, rather than taking the opportunity to come in and present their compliance program’s strengths and places of pride right from the start.
Mr. Cohen said he wished more companies would take the chance to come and and explain why they are a good corporate citizens, and use this to set the tone of the investigation from day one.
Mistake #2: Lawyering up
When a GC or CCO comes into a meeting with the SEC with a team of lawyers – or worse, just sends in the lawyers themselves — Mr. Cohen reports that the results often do little to help a company avoid further investigation. The SEC is well-trained in the law and works closely with the Department of Justice. They are not intimidated or taken off the trail by a team of attorneys.
Mr. Cohen did say that when a compliance chief comes in, sits down, and is honest with them, the human connection and willingness to be candid can go a long way to the SEC seeing things from the company’s perspective. Once again, this can help to set the tone of the investigation, which can be key in its outcome.
Mistake #3: Having no data
If a GC or CCO says they have a good compliance program and are an ethical company, the next question is: how do you know this?
Mr. Cohen said the SEC is trained to look for data that can support claims. If there is little or no data, the assumption is that a company’s compliance program is mostly a paper tiger; that is, mostly a token effort to present a good face to the world but not a sincere effort to operate ethically.
In other words, saying you have a good compliance program and proving you have one are very different things.
Where SEC Looks: Data that Makes the Difference
The SEC looks in 5 places when assessing how important a culture of ethics, accountability, and compliance are to a company.
- Good Governance – Who is charge of the program, and how does ethics and compliance fit into the governance of the company as relates to Board of Directors and executive team? How independent and empowered is the compliance chief? Does he or she have a clear and unambiguous charter?
- Healthy Culture – Senior management and the Board has a history of taking compliance seriously, and doing so in a highly visible and proactive ways.
- Incentives and Rewards – This separates good compliance from great compliance. The size and scope of incentives and reward programs for compliance demonstrates directly the seriousness with which a company takes its compliance program.
- Self-Evaluation and Improvement – Did a company build a beautiful compliance system and then walk away from it? Or do they have a system in place that is monitored by software or third-parties, so that continual improves can be made quarter to quarter and year to year?
- Staffing – Quite simply, what is the size and budget of a company’s compliance department? Underfunded and understaffed departments are immediate red flags to SEC investigators.
The Real Risks of an SEC Investigation
2014 saw the SEC award $38 million to 8 individual whistleblowers, and collect an addition $4.1 billion in corporate fines.
Investigations waste money and time, damage reputations, end careers, and end up with companies, workers, and stockholders all losing in the end.
More to the point, it is increasingly obvious that ethical companies are more profitable than their counterparts, meaning compliance isn’t just about being ethical. It’s also about being profitable in a sustainable way that reaches far beyond this quarter or this year.
Convercent offers comprehensive and integrated compliance management, reporting, and defense for compliance departments who want to become best-in-breed.