Next week I have the privilege of moderating an executive forum in Philadelphia, where four stellar thinkers about compliance, audit, and corporate governance will be discussing some of the big issues emerging for executives and board directors in 2019.
To focus my thoughts, I’ve been pondering: what are some of the big issues emerging for executives and board directors in 2019? Take a look and tell me what I’m forgetting.
First, about the event itself: it will happen Wednesday morning starting at 8 a.m., hosted by law firm Morgan Lewis and advisory firm Baker Tilly in downtown Philadelphia at Baker Tilly’s offices. Coffee and schmoozing until 9 a.m., followed by 90 minutes of discussion, ending at 10:30 a.m. Admission is free and open to all, but do please register in advance.
Issue 1: Changes to FCPA Enforcement
The Justice Department announced its revised FCPA Corporate Enforcement Policy in November 2017, followed by more policy moves in 2018: less likelihood of piling on penalties and fees with other jurisdictions, less likelihood of a compliance monitor landing on your doorstep.
All companies must do to win that forgiveness is to meet three criteria: (1) self-disclose suspected FCPA misconduct: (2) cooperate with regulators trying to prosecute individual wrongdoers; and (3) fix any underlying compliance program weaknesses that contributed to the misconduct in the first place.
So with these policies now in place — is that really changing the calculus with general counsels, CEOs, and board directors who have an FCPA issue on their hands? Are senior executives truly embracing the idea of confessing their sins, even when that decision will inevitably bring unwanted costs and scrutiny?
That’s the real choice for boardrooms today: either admit your FCPA issues and definitely incur some costs; or keep quiet and run the risk of potentially incurring more cost. So how do boards make that decision?
Issue 2: Changes to the Yates Memo
This issue is related to our prior FCPA questions, but is important enough to merit more attention.
The Yates Memo (adopted in 2015) said that if a company under investigation wanted to win any credit for cooperation, it had to turn over all evidence about individual perpetrators involved. Two months ago, the Trump Administration changed that policy, too. From here forward, companies need only turn over evidence about those persons “substantially involved” in the misconduct.
Reasonable enough in theory, but how will that “substantially involved” standard be interpreted in practice?
I’m especially curious whether any scenario could arise where senior executives foster a climate that leads to criminal misconduct, but the executives themselves aren’t involved in the misconduct.
For example, consider John Stumpf, who led Wells Fargo in the mid-2010s while employees fabricated customer accounts to make sales quotas. Stumpf personally didn’t open any bogus customer accounts, but employees engaged in misconduct because the control environment Stumpf fostered led them to believe that was the proper thing to do.
What would the proper remedy be for poor executive leadership that sparks a conflagration of corporate misconduct?
Issue 3: SEC Enforcement on Internal Controls
Meanwhile, the Securities and Exchange Commission is still imposing monetary penalties against companies that violate the internal control provisions of the FCPA. Moreover, some of those internal control failures look quite tricky.
Consider the Polycom enforcement action in December. In that case, the misconduct involved Polycom China executives establishing a whole separate IT system to record the bribes they were arranging through distributors, while the executives recorded false entries in Polycom’s global accounting system.
How do compliance and audit executives police against abuses like that? After all, the ability to operate separate IT systems, and therefore to shield information from others, will only get easier in the future. So how much will the proper control against that be vigorous surveillance and IT monitoring; and how much will it be training, ethical values, and skepticism of data provided by others?
Issue 4: Trends in Auditing
The SEC’s recent enforcement action against Hertz for sloppy accounting practices revolved around how Hertz executives manipulated estimates — estimates for recovery in disputes about damaged vehicles, estimates for the life of its primary asset, rental cars.
Well, starting this summer, audit firms are going to disclose “Critical Audit Matters” in their audit reports. CAMs are defined as an issue where the auditors are concerned enough to discuss it with the audit committee, and the issue involves “especially challenging, subjective, or complex auditor judgment.”
Estimates, such as the ones in play in the Hertz meltdown, can certainly fall within that definition. So will the push for CAMs and more skeptical auditing generally, start to squeeze companies as they rely more on estimates, intangible assets, and management review controls in the future?
Those are just a few items on my mind as I ponder corporate compliance, audit, and governance today. We’ll be discussing them vigorously at our Jan. 23 event— so if you can make it to Philadelphia, by all means attend and tell us what’s on your mind. If you can’t, drop me a line at [email protected] and tell me what I missed.