Many constituents have a vested interest in determining a firm’s culture of compliance: regulators, investors, prospective employees, among others. Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations. Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.” There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading
Large-scale data breaches can give rise to a host of legal problems for the breached entity, ranging from consumer class action litigation to congressional inquiries and state attorneys general investigations. Increasingly, issuers are also facing the specter of federal securities fraud litigation.
The existence of securities fraud litigation following a cyber breach is, to some extent, not surprising. Lawyer-driven securities litigation often follows stock price declines, even declines that are ostensibly unrelated to any prior public disclosure by an issuer. Until recently, significant declines in stock price following disclosures of cyber breaches were rare. But that is changing. The recent securities fraud class actions brought against Yahoo! and Equifax demonstrate this point; in both of those cases, significant stock price declines followed the disclosure of the breach. Similar cases can be expected whenever stock price declines follow cyber breach disclosures. Continue reading
Effective anti-corruption compliance programs include protections for whistleblowers that raise corruption concerns. Article 13.3 of Russia‘s 2008 Federal Law No. 273-FZ on Counteracting Corruption (the “Anti-Corruption Law”) addressed Russian lawmakers’ expectations regarding effective compliance programs. But the law was silent on whistleblower protections. Recently proposed legislation in Russia may help address this gap.
Even before the Anti-Corruption Law came into effect, Russian law included several provisions that could be interpreted to provide some protection for whistleblowers. For example, Russian employment law prohibits discrimination and sets out an exhaustive list of permissible grounds for dismissing an employee for cause; firing an employee for blowing the whistle on potential corruption is not among them. As a result, firing an employee for whistleblowing could ran afoul of Russian employment law. In addition, the Russian government can protect individuals whose security might be threatened as a result of their participation in criminal proceedings that involve alleged corruption. The state might, for example, provide such witnesses with physical protection, relocate them, or even give them new identities. Continue reading
Part 2 – Changing the Game Plan
In late June, FIFA, the world’s governing soccer organization, released the “Garcia Report,” chronicling the extensive corruption and conflicts of interest that occurred in FIFA’s awarding of the men’s 2018 and 2022 World Cup venues. Part 1 summarized the report’s findings. Part 2 discusses how specific steps and safeguards can mitigate the risks of misconduct and ensure cooperation among FIFA officials – and at any organization.
FIFA’s problems started at the top. FIFA’s investigators found an astounding number of executive committee members committed misconduct and showed disdain for the investigation. FIFA’s failures were systemic and reflected a culture of corruption. An organization’s culture cannot be fixed simply by strengthening rules or creating a targeted compliance program. Indeed, these are meaningless if the leaders themselves are corrupt. Executives must have integrity and show a commitment to everyone’s compliance with the law. FIFA needs to identify candidates for its executive committee that have shown integrity and a dedication to complying with rules and laws. Continue reading
Part 1 – Foul Play
The first installment of this two-part series summarizes the Garcia Report’s findings of misconduct. Author Brandon Fox also focuses on the difficulties investigators faced as a result of leaders failing to cooperate and contrasts the misconduct and lack of cooperation to the U.S. Soccer Federation’s behavior.
In late June, FIFA, the world’s governing soccer organization, released the Garcia Report chronicling the extensive corruption and conflicts of interest that occurred in FIFA’s awarding of the men’s 2018 and 2022 World Cup venues. This article summarizes the Garcia Report’s findings of misconduct, focusing on the difficulties investigators faced as a result of leaders failing to cooperate, and discusses how specific steps and safeguards can mitigate the risks of misconduct and ensure cooperation among FIFA officials – and at any organization. Continue reading
In August 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission released the results of its second Cybersecurity Initiative, which examined cybersecurity-related preparedness and implementation efforts by 75 regulated financial entities. The resulting OCIE Risk Alert depicts an industry demonstrating heightened sensitivity to cyber risks, but also experiencing gaps between policy ambition and day-to-day execution, and confronting growing pains associated with accelerated change, including the introduction of significant new policies and procedures that may lack focus or consistent implementation. While the Risk Alert directly addresses the cybersecurity procedures of broker-dealers, investment advisers, and other SEC-regulated entities, companies in all industries should consider assessing their practices with respect to the issues highlighted by the SEC. Continue reading
Recent media reports say that certain parties associated with Fox News have been subpoenaed by federal prosecutors to obtain testimony and information about allegations that Fox may have quietly settled a series of sexual harassment cases brought by Fox employees against former Chairman Roger Ailes. This is all far too sketchy and preliminary to draw any inferences about actual violations of law, especially as the reports came out in the course of nasty private litigation. But the news is a timely reminder to lawyers and compliance officials of how treacherous the waters are for anyone caught up in this kind of narrative—one where a key company official (often the one sitting on the corporate throne) may have engaged in serious unethical or unlawful behavior, with a strong desire in-house that the troublesome allegations never become public. Continue reading
A series of recent developments calls into question to what extent corporate leadership remains committed to organizational compliance efforts.
The modern emphasis on maintaining an “effective” compliance program was one of the principal corporate responsibility reforms to emerge from the embers of Enron, and from the broader Sarbanes-Oxley environment. The provisions of the Federal Sentencing Guidelines establishing the parameters of an effective compliance program were adopted in direct response to this environment. The compliance program provisions of the Department of Justice’s corporate prosecution guidelines also reflect that era. Over the ensuing years, compliance oversight has become a principal responsibility of corporate leadership both as a matter of regulatory expectation and of fiduciary stewardship.
Yet, as the 15th anniversaries of both the Enron bankruptcy and the enactment of the Sarbanes-Oxley Act beckon, anecdotal evidence suggests that corporate compliance may no longer occupy the highest level of interest amongst corporate leadership. That it is no longer the principal corporate imperative that it once was–and may need to be, in order to compete with other legitimate organizational initiatives for leadership attention and support. This is a trend which should, and may well, be reversed. Continue reading
by Paul L. Lee
Observers have often asked whether corporate governance for banking institutions, i.e., banks and bank holding companies, is (or should be) different from governance for other corporations. The resounding answer from the bank regulatory authorities is that the governance of banking institutions is (and should be) different from the governance of other corporations because of the special credit and liquidity functions performed by banking institutions. These special intermediary functions have historically led to a highly regulated environment for banking institutions, which has directly affected governance processes. The bank regulatory authorities maintain that the directors of banking institutions are responsible to a broader set of stakeholders than just shareholders. The additional stakeholders include depositors (and indirectly the federal deposit insurance fund), creditors and the regulators themselves. Continue reading
How to develop a corporate culture supporting corporate compliance is a key topic. Directors and officers both play roles in creating corporate culture; they are responsible for tone at the top, and that tone is key to compliance. The role of directors is what we explore today – as well as how the securities and corporate laws set the contours of that role. Our interest is in whether and how directors can and do play a role in building a culture of candor and its contribution to a culture of compliance.
Various actors on the federal level have been pushing boards of directors to become more involved in disclosure quality control, and as boards do so, they are increasingly engaged in setting the compliance and candor culture. Continue reading