Prosecuting Compliance “Gatekeepers”
Every organization depends on persons who are in a unique position to identify potential problems before they occur. Companies depend on gatekeepers to disrupt and prevent potential misconduct.
Internal and external auditors, compliance officers, in-house and outside legal counsel, senior executives and even board members can play this role. In almost every case resulting in an enforcement action a gatekeeper fails to act to disrupt and prevent the violation.
The Securities and Exchange Commission has expressed concern about the failure of gatekeepers to act in cases involving serious securities violations. The SEC is examining mechanisms to promote prevention and disruption of misconduct.
The SEC is employing a traditional formula – prosecuting individual gatekeepers. The SEC has prosecuted a Chief Financial Officer for financial fraud; a Chief Compliance Officer for violations of custody and compliance rules, and a case against the directors of an investment company for failing to oversee the fair valuation of fund securities.
One SEC Commissioner has suggested that in-house counsel, in certain situations, should be prosecuted. For example, lawyers prepare and review disclosures that investors rely on, disclosures that are critical for compliance purposes. The Commissioner stated “when lawyers provide bad advice or effectively assist in a fraud, sometimes their involvement is used as a shield against liability for both themselves, and for others.”
The SEC’s theory behind prosecution of gatekeepers is to “empower” them within their organization so that they will be “assertive.” The SEC has been vigilant in protecting gatekeepers from those persons who mislead or fail to cooperate with gatekeepers. For example, the SEC brought a case against a portfolio manager who mislead the firm’s Chief Compliance Officer by forging documents to conceal his failure to report personal trades.
The SEC is interested in developing carrots to encourage gatekeepers to engage in the ”right” behavior. It is hard to define in advance and with specificity what the “right” behavior is for accountants, auditors, lawyers and compliance officers.
It is even more difficult to define the role of a chief compliance officer and what constitutes the correct response to a specific situation. The SEC has suggested it might issue guidance on the principles for proper behavior by gatekeepers.
This begs the question of how to draft such guidance and how such guidance should be applied to specific gatekeepers? If a gatekeeper conforms to the principles, then the gatekeeper should be confident that his or her conduct was proper. On the other hand, if the gatekeeper fails to follow the guidelines, the gatekeeper could be prosecuted, depending on the specific facts and circumstances.
For CCOs, it is hard to craft basic obligations that have to be satisfied. Some have suggested that a CCO’s basic obligations could include adoption of basic compliance policies, and escalation of issues that arise.
The problem with such suggestions is that CCOs do not have as much control over adoption of basic compliance policies. Also, if they are required to escalate issues, how and to whom do such issues have to be raised?
The SEC’s focus on prosecution of gatekeepers can have a very chilling impact on the ability of gatekeepers to do their jobs. Before implementing an aggressive prosecution strategy, the SEC needs to resolve how it distinguishes between “acceptable” and “unacceptable” behavior. The impact on the CCO profession and other gatekeepers can be significant. Hopefully, the SEC will reassess its gatekeeper prosecution strategy and develop a more comprehensive approach.