Two years ago, the #MeToo movement exposed the problem of sex-based misconduct by powerful employees, particularly CEOs. It also revealed, in some companies, an organizational culture seemingly permissive of such wrongdoing. In many instances, the misconduct went on for extended periods, involved numerous victims, and was an open secret among corporate officers and directors. Companies typically responded slowly and imposed few consequences on alleged perpetrators, preferring to cover up the problem with confidential settlements and cushioned exits rather than hold the accused accountable. This phenomenon, which we refer to as the ”MeToo accountability problem,” provokes serious questions. Why did companies tolerate such behavior? Why did they choose to protect rather than penalize CEOs? Most importantly, has the MeToo movement changed this culture?

In Anticipating Harassment: #MeToo and the Changing Norms of Executive Contracts, we examine these questions through an empirical study of CEO employment agreements. Unlike ordinary employees, CEOs are protected by written contracts that not only reject the default rule of employment at-will, but contain bespoke provisions that limit the companies’ ability to terminate CEOs without paying significant severance pay. These provisions typically contain a handful of narrowly drafted grounds on which a company can fire a CEO “for cause” (thereby avoiding financial liability), which rarely contemplate sex-based misconduct. Furthermore, existing law generally interprets these provisions in favor of CEOs, making it financially risky for companies to remove CEOs for behavior that—while wrongful—may turn out to fall short of the contractual or legal standard.

(more…)

A prominent securities regulator recently observed that “ESG no longer needs to be explained.” ESG is firmly ensconced in the mainstream of corporate America, a frequent topic in boardrooms, C-suites, investor meetings, and regulators’ remarks. Perhaps less obvious is that ESG has yet to be mainstreamed, as it were, in internal corporate governance and operations at the individual company level. In order to be a meaningful factor in effectuating corporate purpose, ESG—or, more accurately, EESG (including Employees as well as Environmental, Social, and Governance)—must be integrated throughout corporate affairs, not just in the boardroom.

The internal mainstreaming of EESG is the next step in its remarkable journey from activist wishlists to board and regulatory agendas. The good news is that this should not be difficult for most organizations to accomplish, so long as corporate leaders recognize that engaging with EESG considerations is not something that happens “elsewhere,” but “everywhere.” When EESG is integral to the culture and values of a company, it will naturally be incorporated in the work that is done throughout governance and operations, including strategic planning, risk management, compensation, communications, and disclosure. This approach to EESG is beneficial in a number of important ways: It is conducive to long-term value creation and responsive to investor interests; it improves efficiency and transparency while demonstrating commitment to EESG goals; and it can help forestall legal liability and reputational harm.

(more…)

Fifty years ago, Milton Friedman told corporate fiduciaries that they should narrowly focus on generating profits for stockholders. Less focused upon, but explicit, was his view that corporations should not have a “social conscience” and take action to “eliminat[e] discrimination,” which he trivialized as a “watchword[] of the contemporary crop of reformers.” [1] Since then, Friedman and his adherents have espoused this cramped vision of fiduciary duty within the debate over corporate purpose. Even worse, while arguing that issues like DEI should be left to external law to address, they have simultaneously sought to erode the external laws promoting equality and inclusion.

In 2021, the problem Milton Friedman trivialized remains central. The inequality gap between Black and white Americans has grown since 1980, the period in which Friedman’s views became influential with directors and policymakers. And the ongoing pandemic’s unequal impact on minorities has underscored the persistence of profound inequality. So has ongoing violence against Black people like the killing of George Floyd. Likewise, economic inequality continues to adversely affect women.

(more…)

All companies—big and small—are collecting a tsunami of data. The US Department of Justice (DOJ) has now challenged corporate America to harness and analyze that data to improve corporate compliance programs by going beyond the risk profile of what has happened to better understanding the risk profile of what is happening. But where to begin? Artificial intelligence, which is already used to assist in the review and production of documents and other materials in response to government subpoenas and in corporate litigation, is invaluable in proactively reviewing data to identify and address compliance risks.

Takeaways

• DOJ expects compliance programs to be well resourced and to continually evolve.
• DOJ wants companies to assess whether their compliance program is presently working or whether it is time to pivot.
• DOJ uses data in its own investigations and it expects the private sector to rise to the occasion and analyze its own data to identify and address compliance risks.
• The data is there—mountains of it—and the key is to find an efficient way to analyze that data to improve the compliance program.
• Artificial intelligence is an important tool for solving the challenge of big data and identifying and remediating compliance risks effectively, quickly and regularly, in conjunction with further periodic review.

(more…)

As the COVID-19 pandemic continues, the whistleblower environment is changing in ways that should have the focused attention of compliance executives across industries. Three converging factors are at work here:

1) a significant increase in fraud and whistleblower activity; 2) disruptions stemming from remote work; and, 3) new Department of Justice (DOJ)/Security Exchange Commission (SEC) guidance on corporate compliance programs. This post offers insights on what’s driving the new environment and strategic actions you can take to adapt.

5 insights you should know

Economic uncertainty and COVID-19-related instability have real consequences. Rapid, unprecedented economic turmoil has created record unemployment and layoffs. Organizations are under significant cost-reduction pressure. According to a recent ACFE survey, 79 percent of member companies have observed an increase in fraud, and 90 percent expect further fraud increases in the next 12 months. [1]

(more…)

Sometimes a corporate director who’s the main source of a company’s reputational problems is the last one to recognize it.

That’s why, in order to protect the company from unwanted controversy and reputational harm, boards benefit from discreet tools to remove problematic officers and directors before their terms are up, and without going through a formal removal process. These self-executing tools are intended to resolve concerns without making a bad situation worse for the company, the board, and the implicated director.

Image problems arise from two circumstances that can pop up during a director’s term; the first class, circumstances of the director’s own doing; and the second class circumstances over which the director may not have had any direct responsibility. Once under public discussion, both types risk reputational harm to the company, interference or disruptions to the work of the board, and doubt (fair or unfair) on the fitness of the implicated director to serve.

(more…)

[On October 15, 2020], the SEC announced a settled enforcement action against a public company in connection with the company’s initiation of a stock buyback program while in possession of material, nonpublic information (“MNPI”). [1] The Commission charged the company with violating Section 13(b)(2)(B) of the Exchange Act, which requires reporting companies to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed, and access to company assets is permitted, only in accordance with management’s authorizations.

Specifically, the SEC found that the company’s decision–approved by its legal department–to enter into a Rule 10b5-1 trading plan to repurchase the company’s shares on the same day that the company resumed previously suspended, CEO-to-CEO merger discussions violated the company’s own securities trading policy, and therefore fell outside the board’s repurchase authorization. Without admitting or denying the SEC’s findings, the company agreed to the entry of a cease and desist order and to pay a $20 million penalty to settle the action.

The SEC’s order highlights a number of important matters for public companies:

(more…)

The Securities and Exchange Commission (SEC) has issued final rules that significantly modify the framework that public companies and their auditors use to evaluate auditor independence, providing additional clarity for certain particularly difficult and recurring issues.

The final rules, adopted on October 16, 2020, principally focus on complications that arise from auditor independence assessments with respect to affiliates of the audit client. Such issues include situations where the entity under audit is under common control with other entities, which frequently is an issue for operating and portfolio companies, investment companies, and investment advisers and sponsors. In addition to cutting compliance burdens and costs for registrants and auditors, the SEC expects that these proposed amendments will reduce the instances in which auditors are not considered independent. Accordingly, this could expand the pool of auditors available to registrants, which would provide more relevant industry expertise, drive down audit costs and improve the quality of financial reporting. These final rules also change the auditor independence requirements related to initial public offerings (IPOs), M&A activity and similar corporate events, and certain requirements around ordinary course debtor-creditor relationships.

(more…)

Companies should ensure that their clearance systems are properly designed to identify any MNPI that would preclude share repurchases.

Most stock buyback programs garner attention when the board authorization of a program is announced and when the company provides a quarterly update on its buyback progress during its earnings call or 10-Q filing. However, a recent SEC settled enforcement proceeding highlights that neither of those dates is relevant to the analysis of insider trading risk associated with stock repurchases. Instead, the question of whether the company possesses material non-public information (MNPI), and therefore should not be trading in its own securities, needs to be analyzed at the date of each purchase or, if relevant, the initiation of a 10b5-1 plan to facilitate automated repurchases.

In this case, the SEC alleged that the legal department authorized entering into a 10b5-1 plan for future repurchases at a time when the company’s CEO had just recently reinitiated discussions relating to a potential material M&A transaction.

(more…)

Last night [October 22, 2020], a no-action letter was issued relating to apparent non-compliance by certain broker-dealers with Rule 15c3-3, [1] which is aptly named the “Customer Protection Rule.” [2] In short, certain broker-dealers’ failure to comply with the Customer Protection Rule puts retail customer funds and securities at risk, and the no-action letter purports to allow this misconduct to continue for up to six additional months. [3] The letter clearly states that these practices are not consistent with the requirements of the Customer Protection Rule. On that point we agree, and it is critical that registrants heed that message.

No-action relief, however, is not the appropriate method to communicate the message in these circumstances. No-action relief is a mechanism that allows registrants to obtain certain assurances when their conduct may touch upon a gray area of regulation, or even may be technically proscribed, but does not raise the policy concerns underlying a particular rule. It is designed to give market participants comfort in continuing a particular course of conduct in areas where clarity is lacking, or participants face potentially conflicting requirements. [4] It should not provide a grace period for compliance with clear violations of law—especially violations that put investor funds directly at risk. Here, the potential harm to customers arising from the conduct goes to the very heart of the Customer Protection Rule and should be remediated without delay. (more…)

Good morning. This is an open meeting of the U.S. Securities and Exchange Commission, under the Government in the Sunshine Act. This morning, we have two items on the agenda.

Before we begin with today’s agenda, I want to note the passing of Justice Ruth Bader Ginsburg and the joint statement of the Commission recognizing her as a giant of the law who authored many opinions that meaningfully impacted the lives of all Americans, including our nation’s investors. Of particular relevance to our work at the Commission was United States v. O’Hagan, which upheld the misappropriation theory of insider trading and has served as a critical element of our securities law framework.

At today’s meeting, we are considering amendments to the rules governing the Commission’s whistleblower program. Over the past ten years, the whistleblower program has been a critical component of the Commission’s efforts to detect wrongdoing and protect investors and the marketplace, particularly where fraud is well-hidden or difficult to detect. Enforcement actions from whistleblower tips have resulted in more than $2.5 billion in ordered financial remedies, including more than $1.4 billion in disgorgement of ill-gotten gains and interest, of which almost $750 million has been, or is scheduled to be, returned to harmed investors.

(more…)

The remarkable Justice Ginsburg once wrote that the Commission possessed a “robust whistleblower program designed to motivate people who know of securities law violations to tell the SEC”. [1] Our nation has a long history of motivating whistleblowers to come forward, dating all the way back to 1777, when the Continental Congress passed our first whistleblower protection law. [2] And over time our laws have evolved to not just protect whistleblowers, but also to incentivize and encourage them to take personal and professional risks to help our government stop wrongdoing.

I am proud of the Commission’s whistleblower program. In 10 years, we have received more than 1,500 submissions, resulting in more than $2.6 billion in financial remedies. Over the last two years, the Commission has worked to streamline and accelerate the awards determination process. To date, we have paid more than $523 million to whistleblowers who risked their livelihoods to do the right thing. I want to thank the Commission’s staff and the Office of the Whistleblower for making that happen.

(more…)

On August 12, 2020, the Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission (“SEC”) published a risk alert (“Risk Alert”) identifying a number of COVID-19-related issues relevant to SEC-registered investment advisers and broker-dealers (collectively, “Firms”). [1] OCIE had previously announced that it was actively engaged in ongoing outreach and having discussions with Firms to assess the impacts of COVID-19 on their businesses, including challenges to operational resiliency and the effectiveness of Firms’ business continuity plans. [2] The Risk Alert outlines risks and practices that OCIE identified through its industry outreach, as well as consultation and coordination with other regulators. OCIE’s observations and recommendations fall into the following broad categories: (1) protection of investors’ assets, (2) supervision of personnel, (3) practices relating to fees, expenses, and financial transactions, (4) investment fraud, (5) business continuity, and (6) the protection of investor and other sensitive information. We summarize these below.

(more…)

As businesses confront the profound operational, financial and workforce disruption brought on by the COVID-19 pandemic, there’s no such thing as business as usual. That’s as true for corporate boards as it is for frontline workers. In particular, audit committees will have a lot on their plates in the coming months to provide critical oversight of financial reporting in this environment (for a detailed discussion of financial reporting considerations see PwC’s COVID-19: Audit committee financial reporting guidebook). At the same time, audit committees will need to continue to focus on their other core responsibilities in areas like risk oversight, oversight of internal and external audit, and ethics and compliance.

Risk oversight

In its role overseeing risk, audit committees will want to understand how management is evaluating the effects of COVID-19 on the business operations and the way people work, and whether those effects trigger an event-driven reassessment of business risk, control risk and the effectiveness of the related controls. As examples, the company might be entering into new or different business contracts or the operating environment might have dramatically changed due to social distancing and different working practices.

(more…)

June 16, 2020

The Honorable Jay Clayton Chairman
U.S. Securities and Exchange Commission 100 F Street, NE
Washington, DC 20549

Re: Comprehensive disclosure requirements to allow investors and the public to analyze companies during the COVID-19 pandemic.

Dear Chairman Clayton,

Investors and the general public are struggling to understand how the COVID-19 pandemic is impacting the economy and the financial markets. At the same time, the federal government is distributing trillions of dollars in financial support to mitigate the economic impact of the pandemic. We urge the Securities and Exchange Commission to institute new disclosure requirements to allow investors and the public to analyze how companies are acting to protect workers, prevent the spread of the virus, and responsibly use any federal aid they receive.

Companies who sell their stock to the public must register with the SEC and fulfill periodic disclosure obligations, as defined by the Commission. These disclosures are available to investors and the general public and help contribute to the public understanding of a company’s financial performance and the risks and opportunities that might go along with investing in that company.

(more…)

Earlier this month, the Criminal Division of the Department of Justice updated its guidance for prosecutors to use when evaluating a company’s compliance program in the context of corporate charging and settlement decisions. [1] While the revised guidance is very similar to DOJ’s April 2019 version, [2] it includes substantive updates in a number of areas—including regarding how compliance programs are resourced, how they evolve and adapt, and how they address pre-acquisition due diligence and post-acquisition compliance integration in mergers and acquisitions.

Introduction

As with prior versions, the updated guidance continues to emphasize at the outset that the Criminal Division does not use any “rigid formula” to evaluate compliance programs, and instead states that each company’s risk profile requires “particularized evaluation.” The revisions (italicized below), however, add notable language with respect to the factors DOJ will consider in its individualized determination:

(more…)

Introduction

The unprecedented situation the entire world finds itself in due to the COVID-19 pandemic presents fundamental challenges to businesses of all sizes and maturities. As the thinking shifts from crisis response to recovery, it is clear that there will be a greater need for scenario planning in a world remade by COVID-19. Artificial Intelligence (AI) will likely be at the forefront of data- driven scenario planning given its ability to deal with large volumes and varieties of data to match the velocity of a rapidly changing landscape.

Even before the pandemic, the areas for which boards of directors have oversight responsibility seemed to expand on a daily basis. The last few years have seen increased calls for board oversight in areas such as cyber, culture, and sustainability, to name just a few areas of focus. And the challenges posed by the pandemic have further increased the number and importance of boards’ responsibilities. In addition, boards will increasingly be called upon to address an emerging area of oversight responsibility at the intersection of AI and ethics.

(more…)

Corporations must comply with a wide array of laws and regulations. To accomplish this complex task, corporations increasingly turn not just to the legal department and outside counsel but also an in-house group of specialists who seek to educate and motivate personnel with respect to obligations under the law and the corporation’s code of conduct. The programs they put in place aim to prevent a wide range of misconduct, from government bribery and financial fraud to environmental disasters and the creation of dangerous working conditions that jeopardize employees’ physical and mental health.

Beyond the enormity of the task, what makes the compliance enterprise deeply uncertain and problematic is that the information generated by compliance efforts is simultaneously useful and dangerous. Even the most craven corporate officers and directors seek to prevent behaviors that may jeopardize employee performance, customer satisfaction, and stock prices. However, documenting problematic behaviors creates a record that may be used against the corporation in future administrative, criminal or civil proceedings, or may become the subject of a media exposé. Officers and directors, and the in-house compliance team, may sincerely hope compliance programs are effective, but they may quite rationally avoid testing that hope. The end result will often be rational ignorance with respect to the effectiveness of corporate compliance programs. This dynamic—the hope that greater attention to compliance will reap benefits drives more resources toward compliance efforts, yet fears about what examining the effects of those efforts might reveal hinders validation of compliance programs—creates a “compliance trap” that can ensnare corporations and regulators alike.

(more…)

Twelve years ago, we co-authored with CalPERS a set of guidelines for joint venture governance. At the time we argued, and still believe, that good governance in joint ventures strongly correlates with sustained financial performance, sound management of risks, and the ability of JVs to adapt to the changing needs of the market and their shareholders. We have asserted that joint venture governance is pound-for-pound more ‘physical’ than corporate governance due to the unique nature of a joint venture’s relationship with its shareholders. [1] While the number of shareholders is far more limited in JVs compared to those of public companies, the interests of the shareholders in JVs is more expansive, dynamic, and prone to conflict—which ultimately makes joint venture governance proportionately more demanding and consequential.

(more…)

The latest revelations in baseball’s sign-stealing scandal confirm more explicitly than ever its relevance to corporate governance across industry sectors, particularly the board’s critical obligation to preserve a culture of compliance within the organization.

Moreover, the new revelations serve to refocus attention on compliance and ethics at a time when organizational interest and budgetary support for these functions may be waning. The documented conduct of the Houston Astros provides a unique, if unlikely, connection between America’s pastime and corporate ethics, to which an exceptionally broad audience may relate. This is an opportunity for board compliance committees to strengthen leadership and organizational awareness of ethical expectations.

The Fiduciary Duty

Fiduciary obligations relating to the oversight of an organizational culture of compliance have long been embodied in corporate law, enforcement guidelines, governance principles and other standards. They are grounded in part by the seminal Delaware Chancery decision in in re Caremark Derivative Action and its progeny. [1] Another foundational piece is the description in the Federal Sentencing Guidelines of the elements of an “Effective Compliance Program.” This description requires boards to (i) be knowledgeable about the content and operation of the compliance and ethics program and (ii) exercise reasonable oversight with respect to the implementation and effectiveness of that program (i.e., to promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law). [2]

(more…)