Jessica Sanderson, Senior Counsel at The Volkov Law Group, recently attended the Rocky Mountain Securities Conference in Denver, Colorado.  Jessica’s posting summarizes the major compliance themes from the conference.  Jessica can be reached at [email protected].

On Friday May 3, 2019, I attended the Rocky Mountain Securities Conference in Denver and heard from a number of regulators and industry experts, including SEC Commissioner Hester Peirce. SEC staff provided an enforcement update and discussed current examination priorities, industry developments, regulations and emerging risks including digital currency and cybercrime. As one would imagine, throughout the day, different panels focused on very different topics and issues, but to me three words or themes consistently emerged: Compliance, Cooperation and Culture.

Beginning with Commissioner Peirce’s opening remarks, she spoke of “working on building a culture of compliance within the industry,” and her goal of “working with firms to get to a place of compliance.”

The first panel providing the SEC enforcement update also emphasized the importance of cooperation and compliance. For example, the panel discussed the recent success of the SEC’s Division of Enforcement’s “Share Class Selection Disclosure Initiative (the “Initiative”) for investment advisers to self-report possible securities law violations relating to failure to make necessary disclosures concerning mutual fund share class selection.

On March 11, 2019, the SEC announced settlements with 79 investment advisers who self-reported violations. See https://www.sec.gov/news/press-release/2019-28. Consistent with the settlement terms outlined in the Initiative, each of the settling investment advisers consented to cease-and desist orders but did not admit findings and did not pay any civil penalties. The panel also discussed the importance of cooperation during an investigation and the Wells process. 

Panel two, with members of the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), focused almost entirely on culture. OCIE conducts risk-based inspections and exams to identify and monitor risks and, where appropriate, pursues misconduct through referrals to the SEC’s Division of Enforcement. Acknowledging that “culture” has been a “buzzword” at the Commission for the last several years, the commentators discussed the difficulty of examining and measuring the amorphous concept of “culture.”

As compliance programs have matured, companies now should not only be focused on tone at the top but should also understand and evaluate the tone at the bottom, or “sub-cultures” influenced by middle-management. One panelist suggested that companies survey their employees to gauge perceptions of corporate culture, suggesting that pockets of poor perception are likely predictive of problematic areas. He queried the “role of the regulator” in this regard: “Can OCIE come in and poll a firm’s employees?” I fear regulators looking from the outside may over- or under- estimate the power of the perceived work environment to influence individual decisions, but smart, proactive companies should be looking at this issue from the inside.

Panel two speakers and conference materials also referenced academic research, including the work of an Australian Macquarie University Applied Finance Professor Elizabeth Sheedy (see, e.g. Elizabeth Sheedy, Le Zhang, Kenny Chi Ho Tam, “Incentives and Culture in Risk Compliance” (Nov. 2017), available at HERE and a recent study released by the United Kingdom’s Financial Conduct Authority, “DP18/2: Transforming culture in financial services,” available at HERE.

After reviewing this research, I was convinced that compliance practitioners should be conducting surveys of their companies’ culture during the risk assessment process (and updating such surveys when possible as part of the continuous risk assessment process). Lawyers and compliance practitioners can learn a lot from behavioral scientists in this area. Do good people do bad things when driven by fear, financial incentives and/or pressure to conform to bad behavior? And if so, how can a company exert positive pressures and incentives to conform to ethical behavior?

I’m not going to summarize the entire conference, so will conclude with some thoughts on our luncheon speaker, Jane Norberg, Chief of the SEC’s Office of the Whistleblower. Among the many statistics that she highlighted, Ms. Norberg noted that of the whistleblower award recipients who were current or former employees, approximately 83%, initially raised their concerns internally before reporting to the SEC. During her tenure, she noted further, she has been looking at efforts to “normalize” internal reporting and change the perception of whistleblowers. Companies should be “taking a hard look at reporting mechanisms,” she said, and trying to make employees more comfortable speaking up. “Smart companies recognize and embrace” the value of a speak up culture.

A key takeaway from lunch; strong reporting mechanisms and retaliation protections contribute to a healthy culture and a more successful organization. Companies should take a look at their reporting channels and responses (e.g. feedback, retaliation, discipline, exceptions for big producers) as key measures of culture. A written compliance policy pronouncing an “open door” policy alone does not make it so; managers must actually engage in conduct that promotes an “open door” culture.