More on Cooperating With Regulators

Cooperation with regulators is a primary message from the regulatory enforcement world these days. So let’s see what a senior SEC official had to say on the subject lately and what compliance professionals can do to anticipate those cooperation needs.

The official in question is Gurbir Grewal, head of the Enforcement Division at the Securities and Exchange Commission, who delivered a speech last week to the Securities Enforcement Forum. As usual, Grewal began by touting the benefits of cooperating with regulators during an investigation, such as the possibility of reduced charge, smaller monetary penalties, or fewer compliance program improvements your company might need to undertake. 

Grewal

Those benefits of cooperation are all true, but they’re also no longer news to compliance and legal officers who’ve been paying attention. The more practical challenge is understanding how to cooperate: what it means in practice, including how your company might build a cooperation culture before any specific violations or investigations come along. Grewal offered several principles that companies should embrace.

First, he said, “the best cooperation starts early and well before the SEC gets involved, with self-policing. By self-policing, you’re more likely to learn of issues earlier, which allows for earlier self-reporting.”

OK, let’s all admire how Grewal deftly changed the subject from cooperation to regulatory compliance and self-reporting — but he’s not wrong to do that. As Grewal said, a company can cooperate with the SEC before the SEC even shows up, simply by looking around for compliance violations and bringing them to the SEC’s attention.

How can companies do that? Grewal listed two criteria. First, the company needs a strong tone at the top (we all knew that was coming, right?) where leaders emphasize “the need to stay within the lines and the importance of doing so.” That creates the environment where employees are at least looking for possible violations, and ideally preventing them. 

Second, companies must stay current on developments and risks in their field. “If new rules impact your operations or if recent enforcement actions highlight risk areas relevant to your business, it means evaluating whether you need to update your policies, procedures, and systems to stay apace and remain compliant,” he said. 

Think of all those enforcement actions we’ve seen lately against improper messaging apps; who was paying attention to that stuff circa 2021? (Answer: nobody.) Think of all the SEC’s talk about enforcement against AI-washing; who is paying attention to those warnings now? (Answer: not enough.) 

‘Going Above and Beyond’

Another big challenge for compliance and legal teams is understanding how much to cooperate. This has been on my mind since last year, when then-assistant attorney general Kenneth Polite introduced the idea of “extraordinary” cooperation when companies face particularly egregious criminal cases. How are companies supposed to know what’s ordinary, extraordinary, or super-duper cooperation? And what benefits do you get in return? 

Grewal took a swing at that pitch from the civil side of the plate, and he set the bar high: “The type of cooperation that earns credit requires going above and beyond what’s legally required — more than simply complying with subpoenas without undue delay or gamesmanship.”

So for example, if your company receives a document request from the SEC, you (or your outside counsel) can call the agency to discuss what kinds of documents may contain responsive material, how responsive items are maintained, and how voluminous the records are.

Moreover, Grewal said, “If our requests, as drafted, don’t capture relevant materials, you can also flag that for us. If you are aware of other relevant evidence that is wholly beyond our requests, you can tell us and we can discuss whether you should gather and produce those materials.”

A company might also… 

  • Provide the SEC with the results of any internal investigation that happened, or summaries of interviews you may have conducted;
  • Translate company documents from the original language into English, if necessary;
  • Suggest potential witness interviews the SEC might want to conduct itself, since you’re closer to the issues and people involved and know how to save the SEC time.

One point worth pondering: your company’s level of cooperation will most likely correlate with its tone at the top and corporate culture. That is, if senior leadership has a terrible disposition about doing the right thing, where it’s more concerned about minimizing costs and legal liability, then you’re not likely to bend over backwards with documentation, translation, and witness advice. Think about the message that sends to the SEC investigators — and how they’re likely to respond to your company come settlement time. 

Remediation Is Part of Cooperation

So after you self-police, and then self-report, and then provide extensive cooperation, you still need to remediate the underlying weaknesses that allowed the offense to happen in the first place. That counts as cooperation too, Grewal stressed. 

The exact remediation steps you’ll need to take will depend on the exact compliance violations at issue, of course. That said, Grewal did flag a few steps that can probably apply to just about any situation:

  • Discipline against the offending employees, up to and including firing them;
  • Strengthening relevant internal controls and procedures;
  • Training (or re-training) on the misconduct in question;
  • Clawing back executive compensation where appropriate; 
  • Repaying harmed investors. 

Honestly, that’s the same stuff the Justice Department and other regulators have been talking about for years. It shouldn’t be news to any compliance officer. Instead, the better question to ask is whether your organization has the capability to take those remediation steps. For example… 

  • Do you already work well with HR on employee discipline issues? Do you have a system in place to track disciplinary actions and monitor their consistent application? 
  • Can you work well with internal audit and business-unit leaders to assess ineffective controls and design better ones? 
  • Do you have access to relevant, accessible training and can roll out that training quickly? 
  • Do your compensation agreements (especially incentive-based pay) include clauses that allow you to claw back compensation awarded under false pretenses? 

In other words, effective cooperation is all about laying the groundwork for a thorough response once the worst happens. That means cultivating a strong tone at the top, and putting the right processes in place to cooperate and remediate as specific violations come to light. That’s all there is to it.

Leave a Comment

You must be logged in to post a comment.