Featured Expert Contributor, White Collar Crime and Corporate Compliance
Gregory A. Brower is Chief Global Compliance Officer for Wynn Resorts. He also serves on WLF’s Legal Policy Advisory Board and is a former U.S. Attorney. Emily R. Garnett is a Shareholder practicing in the Denver, CO office of Brownstein Hyatt Farber Schreck, LLP and a former enforcement attorney at the U.S. Securities and Exchange Commission. Carrie E. Johnson is a Shareholder in the firm’s Denver, CO office.
* * * *
In a recent speech to the New York City Bar Association’s Compliance Institute, Gurbir Grewal, Director of the Securities and Exchange Commission’s Division of Enforcement, emphasized the importance of creating a culture of proactive compliance within any corporate organization and shared some important insights into the Division’s thinking about enforcement actions and penalties. Specifically, he offered three “E’s”—Education, Engagement, and Execution—as pillars of any effective corporate compliance program. And while these pillars may seem obvious to any practitioner, behind each is a preview of the SEC’s enforcement priorities going forward and a blueprint for public companies to design audits and internal investigations to identify any latent potential issues.
Grewal first reminded the audience that compliance leaders must constantly educate themselves about legal and regulatory developments relevant to their organization’s business. He referenced new priorities, agency rules, and the details of enforcement actions as the kinds of things compliance teams should be sure to notice and digest in detail to inform their own evaluations of their program’s effectiveness. In particular, Grewal previewed the SEC’s ongoing focus on enforcement actions against chief compliance officers and other gatekeepers by failing to take steps to remedy and report internal wrongdoing or gaps in internal controls.
Grewal also emphasized that good compliance requires proactive engagement by the compliance function with all other parts of the business to ensure a comprehensive understanding of the various risks inherent in such activities. On this point, he observed that understanding every aspect of the business is critical to the adequate design, implementation, and enforcement of meaningful policies and procedures. Grewal’s statements demonstrate that it cannot be an excuse that a compliance officer missed latent fraud because they did not have the technical or organizational expertise to witness the fraud in action. He noted, “[y]ou may come across aspects of your firm’s business that you do not completely understand. That’s not an excuse to punt. Take whatever steps are necessary to learn and understand the issues.”
He further observed that organizations too often have adequate compliance programs on paper but fail to execute them effectively. As an example, he cited the recent enforcement actions against broker-dealers concerning their employees’ use of “off-channel” communications in a way that violated SEC record-keeping rules and noted that each of these firms did have adequate polices in place. Grewal emphasized that adopting the right policy is only step one, and that training, oversight, and leadership are also critical to ensure effective execution.
The speech also emphasized the importance of timely self-reporting and cooperation if a violation is discovered. Despite recent record penalties, he observed that timely reporting and meaningful cooperation have led the Division to frequently recommend significantly reduced, or no, penalties when appropriate and noted that the Commission’s public orders routinely describe the types of things that can result in cooperation credit.
Finally, he reminded the audience that while enforcement actions against compliance personnel are rare, there are three scenarios where such an action may be pursued. The first is when compliance personnel affirmatively participated in the subject misconduct, such as engaging in insider trading. The second is when compliance personnel mislead regulators through false statements or obstruction, such as providing back-dated documents. And the third is when compliance personnel engage in a “wholesale” failure to carry out their compliance responsibilities, such as deliberate conduct to thwart the SEC’s investigation.
In closing, Grewal confirmed that the SEC’s Division of Enforcement has no interest in pursuing enforcement actions against compliance personnel who “undertake their responsibilities in good faith and based on reasonable inquiry and analysis.” However, he also made very clear that members of the compliance team do not necessarily have a “get-out-of-jail” card where their conduct is clearly at the center of the problem.