Last week I filed a dispatch from the Securities Regulation Institute’s annual conference out in San Diego, focusing on the first day’s agenda of SEC policy and risk management challenges. Before I forget, let’s circle back to review the main points of Day 2: enforcement.
The stars of the day were Robert Khuzami, director of the SEC’s Division of Enforcement, and Lanny Breuer, assistant attorney general for the Criminal Division at the Justice Department. They talked at length about their priorities in enforcement and what corporations at the other end of their investigations should expect. Like so many other speakers at the SRI conference, their main theme was that Things Will Be Different from here forward. Corporate compliance officers should plan accordingly.
Khuzami first shed more light on his plans to create specialized teams within the Enforcement Division, which will focus on specific types of wrongdoing such as insider trading, Ponzi schemes, the Foreign Corrupt Practices Act, and more. His overall goal is to end the habit of SEC enforcement attorneys lurching from one case to another—which gives you a diverse range of experience, yes, but that’s not necessarily the expertise the SEC needs to protect investors. Khuzami cited his prior job as a top legal officer at Duetsche Bank, where complex financial transactions whizzed by his office at light speed; if well-funded bank lawyers like him could barely understand the nuances of what traders were cooking up, he said, how are overworked, underpaid SEC attorneys supposed to manage the task? Above all, he said, he wants the specialized teams to be able to find and intercept wrongdoing more quickly, “before the blood is on the floor and investor money is all lost.”
Khuzami also wants to expand the metrics the SEC uses to measure enforcement, to better reflect the high-value work the Enforcement Division is doing. Are cases filed more quickly? Are they matching the stated priorities of Khuzami and other SEC leaders? Are they likely to deter other wrong-doers out there? That’s what Khuzami wants to measure much more than total number of enforcement actions, which is the metric cited in SEC annual reports for quite a while.
Breuer, rapidly emerging as the Justice Department’s public face for corporate corruption matters, then peppered the audience with numerous potent warnings that the department means business these days—and as usual, they were great quotes to include on Power Point slides for your next presentation to the audit committee. Some particular gems: that Breuer’s objective for the Criminal Division is “to be as aggressive as possible, and as nimble as we can be;” and that, “in my opinion, there is no greater deterrent than holding individuals responsible”—as in, personal fines or prison time.
If all those tough words have you ready to self-disclose your concerns about those shenanigans going on in procurement, Khuzami and Breuer had some advice about cooperation and corporate compliance efforts as well. Khuzami skimmed over his Division’s new policies to encourage cooperative witnesses to step forward, and he was blunt: he wants “higher value evidence from individuals with knowledge of wrongdoing … in exchange for reduced sanctions. There’s simply no substitute for that kind of information.”
Khuzami did warn people not to confuse the SEC’s new cooperation deals (which apply to individuals, and generally require you to provide evidence of real wrongdoing that has occurred) with deferred-prosecution and non-prosecution agreements (which apply to companies, and generally require them to implement changes so future wrongdoing won’t occur.) They are different types of arrangements, and the negotiations you have with the SEC to get them are different types of bargaining.
Breuer spoke about training employees on compliance with policy, and stressed the importance of ongoing, evolving training. He and Khuzami used adjectives like “instructive,” “dynamic,” “iterative”—that’s the level of engagement regulators want to see in corporate compliance and training. Are you observing regulatory changes and enforcement actions, and adjusting your compliance program and your training efforts accordingly? Are you monitoring employees to confirm that they are embracing your latest compliance expectations? That is what Khuzami and Breuer want to see; it demonstrates a good-faith effort on the part of the company, and when some errant employee does commit a violation, it also helps the prosecutors demonstrate criminal intent—which goes back to Breuer’s comments about wanting to hold individuals accountable.
Let me add my own observation here. Clearly the SEC and Justice Department want corporate compliance departments to pay attention to the enforcement actions getting notice these days. Right now, that boils down to two cases: the insider-trading ring the SEC busted up at the Galleon Group, and the bribery sting the Justice Department used to arrest 22 people on Foreign Corrupt Practices Act charges last week.
Both cases are an order of magnitude larger than any other enforcement action Corporate America has seen in decades. Where most enforcement actions in white-collar crime have been single arrests of a rogue individual running a scam, these were take-downs of systemic corruption—and compliance officers should take note of that. Not only should you worry about your own company and its suppliers; you should ponder whether corruption exists elsewhere in your industry, and you might get pulled into the orbit of a massive enforcement action even if your company’s compliance isn’t at issue. Are you training your employees to think about systemic corruption that exists elsewhere in your industry? Do you have a crisis plan in case your biggest competitor is indicted our your main counter-parties are hauled off in hand-cuffs? And above all: When the regulators launch a massive enforcement action and start chopping off the heads of a hydra of corruption—will you be able to prove that your company isn’t part of that monster?
Are you sure?