In August 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission released the results of its second Cybersecurity Initiative, which examined cybersecurity-related preparedness and implementation efforts by 75 regulated financial entities. The resulting OCIE Risk Alert depicts an industry demonstrating heightened sensitivity to cyber risks, but also experiencing gaps between policy ambition and day-to-day execution, and confronting growing pains associated with accelerated change, including the introduction of significant new policies and procedures that may lack focus or consistent implementation. While the Risk Alert directly addresses the cybersecurity procedures of broker-dealers, investment advisers, and other SEC-regulated entities, companies in all industries should consider assessing their practices with respect to the issues highlighted by the SEC. Continue reading
Recent media reports say that certain parties associated with Fox News have been subpoenaed by federal prosecutors to obtain testimony and information about allegations that Fox may have quietly settled a series of sexual harassment cases brought by Fox employees against former Chairman Roger Ailes. This is all far too sketchy and preliminary to draw any inferences about actual violations of law, especially as the reports came out in the course of nasty private litigation. But the news is a timely reminder to lawyers and compliance officials of how treacherous the waters are for anyone caught up in this kind of narrative—one where a key company official (often the one sitting on the corporate throne) may have engaged in serious unethical or unlawful behavior, with a strong desire in-house that the troublesome allegations never become public. Continue reading
A series of recent developments calls into question to what extent corporate leadership remains committed to organizational compliance efforts.
The modern emphasis on maintaining an “effective” compliance program was one of the principal corporate responsibility reforms to emerge from the embers of Enron, and from the broader Sarbanes-Oxley environment. The provisions of the Federal Sentencing Guidelines establishing the parameters of an effective compliance program were adopted in direct response to this environment. The compliance program provisions of the Department of Justice’s corporate prosecution guidelines also reflect that era. Over the ensuing years, compliance oversight has become a principal responsibility of corporate leadership both as a matter of regulatory expectation and of fiduciary stewardship.
Yet, as the 15th anniversaries of both the Enron bankruptcy and the enactment of the Sarbanes-Oxley Act beckon, anecdotal evidence suggests that corporate compliance may no longer occupy the highest level of interest amongst corporate leadership. That it is no longer the principal corporate imperative that it once was–and may need to be, in order to compete with other legitimate organizational initiatives for leadership attention and support. This is a trend which should, and may well, be reversed. Continue reading
by Paul L. Lee
Observers have often asked whether corporate governance for banking institutions, i.e., banks and bank holding companies, is (or should be) different from governance for other corporations. The resounding answer from the bank regulatory authorities is that the governance of banking institutions is (and should be) different from the governance of other corporations because of the special credit and liquidity functions performed by banking institutions. These special intermediary functions have historically led to a highly regulated environment for banking institutions, which has directly affected governance processes. The bank regulatory authorities maintain that the directors of banking institutions are responsible to a broader set of stakeholders than just shareholders. The additional stakeholders include depositors (and indirectly the federal deposit insurance fund), creditors and the regulators themselves. Continue reading
How to develop a corporate culture supporting corporate compliance is a key topic. Directors and officers both play roles in creating corporate culture; they are responsible for tone at the top, and that tone is key to compliance. The role of directors is what we explore today – as well as how the securities and corporate laws set the contours of that role. Our interest is in whether and how directors can and do play a role in building a culture of candor and its contribution to a culture of compliance.
Various actors on the federal level have been pushing boards of directors to become more involved in disclosure quality control, and as boards do so, they are increasingly engaged in setting the compliance and candor culture. Continue reading
by Sean J. Griffith*
Regulatory and enforcement authorities are increasingly pressing firms to demonstrate the quality of their compliance program by reference to metrics. For example, in a recent interview, Hui Chen, the DOJ’s Compliance Expert stated that “strong compliance must be data driven” and emphasized that “the kind of data [firms] do and do not monitor tells me a lot about how sophisticated their program is.” This is a fairly clear signal from the DOJ that firms must develop metrics to measure compliance or risk losing mitigation for having an “effective” compliance program. Continue reading