Happy New Year, everyone! Whether you’re back in the office already or waiting in line for a covid test — the demands of corporate compliance march on, and Radical Compliance is here to chronicle it all.
2022 promises to be another bracing year for compliance officers on multiple fronts. So without further delay, it’s time for my annual list of compliance events worth watching in the next 12 months.
In no particular order, here is what will be on my radar screen…
The SEC’s Plans for ESG
The Securities and Exchange Commission originally planned to adopt new rules for enhanced disclosure of ESG issues by the end of 2021. That didn’t happen, and now SEC watchers expect the agency to propose new rules sometime in the next few months. My bet is that we’ll see action sometime in the first quarter.
I suspect the SEC will direct registrants to use some “widely recognized” ESG framework (lookin’ at you, Sustainability Accounting Standards Board) to guide their decisions about material ESG issues and what information a company should disclose. The rule might even include an audit requirement for large filers that starts in a few years, although I’m less sure about that.
Whatever final form the rules takes — will it be challenged in court? Of course. But SEC commissioners have laid careful groundwork to defend their authority on this subject, and investor demand for ESG information is real. Compliance officers have an opportunity to elevate their power and profile here, if that’s something you want to do at your company.
The PCAOB and Its Revived Agenda
The Public Company Accounting Oversight Board has been dysfunctional for years, culminating in three of the four board members, including then-chairman Bill Duhnke, getting fired last summer. SEC chairman Gary Gensler named a slate of new board directors in November, who should all be in office sometime in the next few weeks.
Then comes the question of what the PCAOB will actually do, both for adopting new audit standards and for holding audit firms more accountable for sloppy auditing. Those actions can have real effect on corporations. Audit firms fearing PCAOB enforcement will be more diligent (read: exasperating) in their audits of your internal control; new standards on an issue like data analytics (sorely overdue, in my opinion) could affect how you design and monitor internal control yourself.
We likely won’t get a good sense of the PCAOB’s direction until late 2022. Nonetheless, change is coming.
The First Recidivist FCPA Enforcement Action
The Justice Department warned last October that it will invigorate its enforcement of corporate misconduct laws, and specifically said that it will revisit the wisdom of deferred-prosecution agreements with recidivist corporate offenders. Soon thereafter, prosecutors warned Deutsche Bank that it may have violated its DPA for anti-bribery offenses when the bank mishandled an internal complaint earlier this year about misleading statements on ESG.
Well, how will the Justice Department follow through on those statements? What happens if prosecutors do revoke the deferred-prosecution agreement with Deutsche Bank? Will they take the bank to trial? Could Deutsche Bank contest the decision to revoke in court? Or will the Justice Department single out some other repeat corporate offender and not offer a DPA in the first place?
These questions matter because if the department starts taking more companies to trial, that could drastically change the calculus for companies’ voluntary self-disclosure of misconduct. (My bet: that the department will use independent compliance monitors much more often, rather than drag companies into criminal trials.)
FinCEN Enforcement and Anti-Corruption
In November the Biden Administration published a strategy document identifying five “pillars” of a new, government-wide anti-corruption push. One of those pillars is a crackdown on illicit finance. So in 2022 I’ll be looking to see whether FinCEN, the country’s lead enforcement agency to fight money-laundering, will start paying more attention to anti-corruption issues.
For example, we might see FinCEN and the Justice Department working together to bring Foreign Corrupt Practices Act charges against financial firms whose weak AML programs allow corruption to happen. Granted, financial firms have invested millions in Know Your Customer and transaction monitoring programs — but if your anti-corruption policies and procedures (especially around monitoring) haven’t kept pace, that might lead to difficult conversations with regulatory examiners looking at your compliance program generally, or with prosecutors asking about specific incidents. (PwC recently published an excellent paper on this issue, by the way.)
More Regulation of SPACs
Special purpose acquisition companies (SPACs) have swamped U.S. capital markets over the last two years. Indeed, so many SPACs went public at the beginning of 2021 that they single-handedly reversed the long-term decline of publicly traded firms in the United States.
Alas, SPACs also have an inherent conflict of interest between the sponsors that manage them and the investors putting money into them. The SEC brought two enforcement actions last year involving SPACs that misled investors on the private firms the SPACs were trying to acquire; more cases will undoubtedly come in the future. SEC chairman Gary Gensler has also said he wants better investor protection in SPAC acquisitions, and SEC staff are working to propose new regulations along those lines sometime this year.
SPACs matter because many (if not most) of them will be under a deadline to acquire private company targets sometime this year, and pressure like that is when the monkey business starts. Compliance and audit professionals will be in the thick of trying to prevent those shenanigans, or cleaning up the mess afterward.
The SEC Investigation Into Facebook
Remember when the Facebook whistleblower, Frances Haugen, shared thousands of damning documents about the company last year and then turned up at every public hearing she could find? Amid that world tour of whistleblowing, Haugen also said that she filed a complaint with the SEC, alleging that Facebook had misled investors about the true state of its corporate culture and ethical priorities.
I’m curious to see whether the SEC acts upon that complaint sometime in 2022. The premise of Haugen’s complaint is that Facebook misled investors about its commitment to ethical conduct, rather than any allegations of faulty financial reporting or legal violations. The gist of her complaints are more like, “The company said it was super-serious about preventing abuses of its product, but behind closed doors they really didn’t care much!”
That’s sleazy behavior — but does it violate federal securities law? Because if so, that could lead to many more unhappy employees taking their concerns to the SEC.
Compliance Officer Compensation
If the skills that compliance officers bring to Corporate America are in demand, and the Great Resignation that swept across the land in 2021 continues, that should translate into better pay for compliance professionals in 2022. This year I’ll be watching for CCO compensation data to prove or disprove that thesis.
For example, executive search firm BarkerGilmore published a salary survey last summer that said compliance professionals saw an average salary increase of 3.5 percent from 2020 to roughly $200,000 (with an 8.2 percent gender gap favoring men). The Society of Corporate Compliance & Ethics last published a comprehensive salary survey in December 2019, which reported that chief compliance officer salary had risen 4.5 percent in the previous two years to an average of $185,500.
SCCE publishes the most comprehensive salary reports around, but it publishes them less frequently. Here’s hoping we get fresh numbers this year. Or you can just email me at [email protected] and tell me how much money you make.
What Am I Forgetting?
The list above is by no means exhaustive. We could also discuss continued challenges with ransomware, hybrid work environments, and covid restrictions; or new regulatory questions around cryptocurrency, the EU Whistleblower Directive, and other issues; or a dozen other issues.
If you have something on your radar screen that isn’t here, drop me a line and let me know.