StoneTurn recently gathered a panel of U.S. Securities and Exchange Commission (“SEC”) Division of Enforcement alumni in Chicago to discuss current trends with regard to the agency’s activity. The discussion centered on the SEC’s recent announcement that it had broken its own record for the number of enforcement cases brought, marking the third year in a row it filed an increasing number of cases. As the annual financial reporting deadline approaches, the speakers offered best practices for attorneys, audit committee and board members, corporate executives and compliance professionals to consider as they head into year-end.
Here are the top five takeaways from the discussion:
- In the absence of wide-scale accounting fraud, the SEC has been pursuing less serious “violations ” cases. An increased emphasis on the effectiveness of internal controls is needed.
While there was a growth in case activity, the amount of collections is actually less this year than it was last year. The SEC has been using a “broken windows” approach in pursuing ground level offenses, which could eventually become larger frauds. Additionally, the SEC has been pushing for more settlements; for example, there have been a number of cases involving potentially much larger penalties that were reduced to settle quickly. The SEC is negotiating hard to close small cases, which has resulted in the number of overall cases increasing, although, the amount of collections has decreased.
From an accounting perspective, there has been an increased emphasis on internal controls. This is largely due to the decrease in the number of accounting frauds, as there haven’t been cases similar to Enron or Worldcom over the past decade. In the absence of a large number of fraud cases, the SEC is now looking at non-fraud and internal controls.
- There are more specialists in the SEC than ever before.
Over the past six years, specialized units have been formed. In particular, the asset management unit is one of the largest. In late 2013, the Fraud and Audit Task Force was created to be more proactive about identifying accounting abuses and trends to pursue. This helps to generate leads, investigations and cases. Furthermore, the SEC has become much more coordinated internally, as well as with other regulatory agencies, which is a factor in the higher enforcement statistics.
- A prosecutorial mindset is driving enforcement actions.
While increased coordination has certainly been a factor in increasing enforcement numbers, it is not the only cause. The current SEC Division of Enforcement has become much more prosecutorial in mindset, as it now employs many more former criminal prosecutors than ever. It is increasingly acting more like the U.S. Department of Justice (“DOJ”), and pursuing charges more aggressively.
In particular, the Whistleblower program has become an active part of how the SEC pursues cases, and many are related to the Foreign Corrupt Practices Act (“FCPA”). However, whistleblower claims occur across the board. Some claims allege fraud, while others are just the sour grapes of a disgruntled employee. As far as accounting fraud, it depends heavily on the whistleblower program and restatements—i.e., identifying accounting fraud from afar is difficult, despite continuing efforts to become more proactive and the increasing use of data analytics.
- The role of the gatekeeper is more critical now.
From an SEC perspective, gatekeepers are primary targets. Typically, these include audit committee members, CEOs and CFOs, CAOs and independent auditors. There are two tracks the SEC uses to investigate financial reporting matters. One is to go after companies and their employees for cooking the books and internal control failures; the other is to assess the quality of the independent audit and look to see if auditors failed to comply with applicable PCAOB auditing standards.
While the SEC is trying to incentivize Chief Compliance Officers (“CCOs”) to be proactive, its recent actions have created an atmosphere in which almost anyone who tries to improve internal controls can be investigated and potentially charged with an internal controls violation.
As a result, it is important for companies and audit firms to document what was known, when they learned of it and what they did about it. A good way to think about it is:
- Identify the issue
- Bring in appropriate in-house personnel to assess
- Consider external counsel and consultants for potential securities laws violations
- Develop a plan to address the issue
- Put resources against it
- Fix and address the issue
- Create memos backing up everything done—facts, analysis, materiality, conclusions, etc.
Most importantly, be reasonable and proactive when communicating with the independent auditors and SEC.
- Document, document, document.
If a red flag comes your way, all is not lost. Appropriately follow-up as described above—document, document, document—and it is best to do so before you receive an SEC document request or are examined (e.g., by OCIE). It is harder for the SEC to develop a case against you when you can demonstrate that you have considered the relevant issues, have exercised reasonable judgment and have appropriately documented conclusions. In the absence of documentation, it is much easier for the SEC to challenge your process, controls and good-faith and, even if no fraud is evident, to convert the prosecution to a controls case.
In the case of self-reporting, the decision whether or not to self-report must be made at a very senior level and with the assistance of inside and external counsel. If you decide not to self-report, it is best to have documented your rational and efforts to remediate or enhance controls.
Reporting concerning internal controls is also imperative. If there is a 404 report citing effective controls and then a restatement occurs, the SEC may assess whether a material weakness should have been reported earlier and whether the severity of deficiencies was previously understated. Nowadays, the SEC is going to go back and take a much closer look at things like this. They are also taking a closer look at whether contingencies and reserves were recorded in a timely manner and at appropriate amounts.
Ultimately, with the SEC prosecutors evaluating things in hindsight, there is always skepticism on their part when companies and auditors are not able to say they addressed the issues in real time, so it’s good to ensure there is plenty of accurate documentation when things do arise.
Update: Given the pending Administration change with the election results on November 8 (one day after the panel), uncertainty exists regarding the direction the SEC’s focus or priorities may take.
A sincere thank you to our panelists for their participation:
- James Lundy, former Senior Trial Counsel and Senior Regulatory Counsel, SEC Division of Enforcement and Office of Compliance Inspections and Examinations, and Partner with Drinker, Biddle & Reath
- Pravin Rao, former Branch Chief, SEC Division of Enforcement, and Partner with Perkins Coie
- Howard Scheck, former Chief Accountant, SEC Division of Enforcement, and Partner with StoneTurn
- Junaid Zubairi, former Senior Attorney, SEC Division of Enforcement, and Partner with Vedder Price
- Rex Homme, Partner, StoneTurn (Moderator)
Howard Scheck, a Partner with StoneTurn, has more than 25 years of experience investigating public company financial reporting issues—including as Chief Accountant in the SEC’s Division of Enforcement. Howard specializes […]
Rex Homme, a Partner with StoneTurn, has more than 30 years of experience. He provides clients with financial consulting and accounting advice on forensic accounting investigations, complex business litigation matters, […]