Corporate compliance and governance professionals often like to talk about the important role “gatekeepers” play in keeping an organization on the ethical path. Now an SEC commissioner is calling for new standards and accountability for some of the most important gatekeepers of all: corporate lawyers.
Commissioner Allison Herren Lee gave the speech on Friday, and I encourage every corporate lawyer, and the executives who employ them, to give it a close read. Lee sketched out an expansive view of the duties that corporate lawyers have to shareholders and the investing public — duties that go beyond those that lawyers owe to the senior executives who hire them. She also called for the SEC to adopt new rules of professional conduct for lawyers appearing before the agency.
It’s wrong to call Lee’s speech a warning shot, because the SEC currently has no rules to enforce lawyerly conduct in the way she describes. Rather, Lee is planting a clear and proud flag for future SEC policy. Expect good governance enthusiasts to start rallying around it.
Let’s begin with Lee’s broad vision for the role corporate lawyers should play. Corporate lawyers are “gatekeepers in the capital markets,” she said, and they have a duty to provide objective legal advice that serves the best interests of the company that employs them and its shareholders. But too often, she continued, corporate lawyers engage in “can-do lawyering” that simply gives senior executives a plausible legal basis to pursue whatever goal is in their heads — regardless of whether that idea is in the best interests of the company, shareholders, and the capital markets at large.
“When lawyers fail as gatekeepers — when they provide ‘goal-directed’ reasoning to public companies on critical issues like materiality — there is a broader interest at stake,” Lee said. “Investors and financial markets can be harmed through false or misleading disclosure. And lawyers are frequently involved in disclosure decisions.”
Lee listed numerous governance and compliance failures over the years to demonstrate her point: the late-1990s corporate accounting failures that led to the Sarbanes-Oxley Act in 2002; stock-option backdating in the late 2000s; mutual fund market timing; and even the 2008 financial crisis. More recently, Lee said, “we have seen an entirely new, multi-trillion dollar industry develop around cryptocurrency and digital assets that largely defies existing laws and regulations.”
In short, Lee opened fire on that age-old quip, “It may not be ethical, but it is legal.” She wants corporate lawyers to be held accountable when they give cynical answers like that.
Could the SEC Hold Lawyers Accountable?
In Lee’s estimation, yes. Section 307 of the Sarbanes-Oxley Act directs the SEC to adopt rules requiring “minimum standards of professional conduct for attorneys appearing and practicing before the Commission in any way in the representation of issuers.”
Section 307 expressly says one of those rules must be that when a corporate lawyer discovers material violation of securities law, he or she must first report that breach to the chief legal officer or the CEO; and if senior management takes no action, then to the audit committee. The SEC did implement such a rule in 2003, and it has been on the books ever since.
But, Lee said, Section 307 also directs the SEC to adopt additional rules beyond that. The text says “rules,” plural; and those rules shall be adopted “in the public interest and for the protection of investors.”
So by that logic, the SEC should adopt rules to hold corporate lawyers accountable when they engage in can-do lawyering that helps executives engage in actions or strategies that recklessly harm investors or the capital markets overall. In Lee’s words:
The bottom line is this: when corporate lawyers give bad advice, the consequences befall not just their clients, but the investing public and capital markets more broadly — especially when it comes to disclosure advice. But we do not currently have sufficient standards in place upon which to assess this kind of advice.
Lee said the SEC should revisit Section 307 and adopt those new rules: “The time is ripe to return to this unfinished business.” What might those rules actually look like? She had some ideas on that, too:
We might offer greater detail regarding a lawyer’s obligation to a corporate client, including more specifically how their advice must reflect the interests of the corporation and its shareholders rather than the executives who hire them. This distinction is not always an easy one to make in practice, but at a minimum, might require consideration of the impact of the advice on the corporation and its shareholders, including the impact should the disclosure decision ultimately prove incorrect.
And we should always remember that the wheels of SEC rulemaking turn slowly. The decision to embark on new rulemaking rests with chairman Gary Gensler; and while this seems like a proposal he might embrace (I can’t imagine Lee floating an idea so substantive without telling the chairman in advance), it’s not on the SEC rulemaking agenda today. So compliance professionals don’t need to start breathing into a paper bag right now.
But What If It Does Come to Pass?
That would raise an interesting question for corporate compliance professionals. Would higher standards of conduct expose you to more professional liability? Or would they give you an exit strategy, that SEC rules require you to tell the brass they’re doing something dumb and you might need to report them?
The most accurate answer is probably the one that lawyers love to say: it depends.
One can easily imagine scenarios where new accountability rules pit compliance officers against the legal function even more than the two already are. For example, if you have a general counsel who hails from the law firm world, where lawyers are paid to defend what management is doing — that GC might have a tough time accepting Lee’s vision of the gatekeeper role. Or you could have senior managers who disagree with her view as well, and try to marginalize the compliance function as the buzzkills always talking about ethics and duty rather than the fun stuff like making money.
Lee’s proposals will also stoke more fears about compliance officer liability. Right now CCO liability is largely confined to the investment world, and virtually all the enforcement actions we see there involve a CCO who either participated in misconduct or whose gross negligence allowed it to happen. Poorly crafted Section 307 rules could open the door to CCO enforcement beyond investment firms, and that might spook good compliance officers away from the job.
On the other hand, carefully crafted rules might give compliance professionals a way to push back against legal or management teams trying to push some cockamamie plan that butts against ethical boundaries: “The legality here is dubious, we have ethical risks to consider, and the SEC could sanction us personally for pushing this too far.” You might be able to raise those arguments earlier, and shut down said cockamamie plan sooner.
Of course, that will depend on strong personal relationships with the legal department and senior management; and they’d need to be thoughtful about ethics concerns. Funny how those two points keep cropping up.