by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, and David B. Anders

When we issued our memorandum (PDF: 231KB) on “what to expect in 2020” concerning white collar and regulatory enforcement developments, we certainly did not expect that just two months later, 41 states would effectively be locked down due to the coronavirus pandemic, many courts would be closed, and governments would be intensely focused on adopting measures responsive to the global health crisis.  What we’re now seeing in the white collar/regulatory world is that, instead of pushing forward at their usual pace, prosecutors and regulators are adjusting to a new reality in which live testimony is impractical, courts are on pause and most everyone is working from home.  It is impossible to predict when the normal cadence of such investigations will resume, but inquiries of all kinds will undoubtedly return to their normal pace and intensity when the crisis abates.

The downturn in our economy caused by the crisis also makes this a critical time for companies to ensure that their compliance programs and controls are continuing to function effectively.  Historically, economic downturns have led to an eventual uptick in enforcement activity.  Absent careful attention today to internal controls and compliance, there may well be more to investigate when the crisis passes.  Accordingly, we highlight below several areas that deserve particular attention as companies respond to the current coronavirus crisis:

1. Maintain the right tone at the top.

Reiterating “tone at the top” messages and the corporation’s commitment to vigilant compliance, as well as taking steps to ensure that internal controls and compliance systems are continuing to operate effectively, are critically important at moments like these. 

2. Make timely compliance adjustments where necessary.  

While senior managers will understandably be focused on addressing critical business issues brought on by the current crisis, ordinary course compliance functions and oversight also must continue.  In particular, following up in a timely manner on potential compliance issues, whether identified through hotline calls, whistleblower complaints or otherwise, is vital, as is making any changes to systems and procedures, if appropriate.  The radical shift to large-scale work from home should prompt companies to evaluate whether modifications of controls or policies are advisable.  New tools may be needed to permit supervisors at all levels to promptly communicate operational priorities, gather necessary information about the business, and effectively supervise their subordinates under these new remote working conditions.

3. Protect and control confidential information flows. 

As we noted recently (PDF: 122KB), insider trading risks are likely heightened now as people work from home and confidential information is diffused more broadly throughout an organization.  Companies should regularly remind directors, executives and personnel that existing policies to prevent insider trading and control flows of confidential information are especially important in the current environment, and that any possible lapses should be reported to supervisors immediately. 

4. Tailor cybersecurity procedures to the new environment. 

Cybersecurity procedures and controls and cyber-preparedness must be effectively tailored to the current environment.  Again, this concern is greater now as large numbers of executives and other personnel are working remotely from home or other locations, putting enormous stress on the systems that provide such connectivity.  Marriott International’s March 31 report (PDF: 304KB) provides a telling example—in late February, it detected a data breach affecting information on up to 5.2 million guests by hackers who obtained log-in credentials of employees working at a franchise property to access a proprietary information-management system.  In addition, the proliferating use of remote video-conferencing technologies during the crisis also means that companies must be mindful of, and take steps to combat, the potential for cyber-breaches that come with these new technologies.

5. Preserve integrity of financial results. 

In economic downturns as extreme as the current one, there will understandably be heightened pressure to generate revenue or to reduce expenses to meet financial targets, thus magnifying the risk of misconduct.  Now is the time to reinforce accounting controls and systems to guard against inappropriate efforts at any level to pull revenue forward, book sales that are not genuinely final, defer recognizing current expenses or known accruals, spread expenses improperly over reporting periods, collude with competitors and/or customers, or otherwise contribute to false or misleading indicia of financial performance.

6. Carefully evaluate disclosure obligations, accounting judgments and estimates. 

Guidance issued during the crisis by regulators likely provides a preview of topics that will later draw investigative scrutiny.  The SEC’s Division of Corporation Finance recently highlighted (PDF: 160KB) a variety of disclosure considerations for public companies.  The SEC’s Chief Accountant late last week likewise issued a statement on the quality of financial reporting in light of COVID-19.  The Chief Accountant’s statement, among other things, discusses the role of judgments and estimates in financial reporting and notes the heightened challenges associated with those issues in the current environment of uncertainty.  This commentary underlines the importance not only of developing a reasonable basis for judgments and estimates, but of contemporaneously documenting that basis.

7. Invest now in process and documentation disciplines that will protect against future second-guessing. 

Finally, just as we saw not so long ago in the wake of the 2008-09 financial crisis, prosecutors and regulators will look back after the coronavirus crisis passes and apply 20:20 hindsight to decisions corporations are making today.  Borrowing from the 2008-09 playbook, Congress established as part of Title IV of the CARES Act a new Special Inspector General and a new congressional oversight committee with mandates to review corporate conduct.  With that in mind, it may well be important for companies to be able after the crisis passes to demonstrate that directors and senior management were staying timely and well informed about changing business conditions and challenges to their businesses presented by COVID-19, evaluating the pros and cons of various responsive options, and making decisions that were well-advised and well-documented.  Making those efforts today will pay significant dividends when the crisis is over and prosecutors, regulators, inspectors general and legislative committees look back at how well (or poorly) companies handled the stresses of operating during the pandemic.

John F. Savarese, Ralph M. Levene, Wayne M. Carlin, and David B. Anders are partners at Wachtell, Lipton, Rosen & Katz.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.