Last September, amidst considerable fanfare, the U.S. Department of Justice released a new directive – now universally known as the Yates Memo – in which it restated and reinforced the agency’s commitment to targeting corporate executives in cases of corporate wrongdoing. The cornerstone of the agency’s new policies is the specification that in order for a company to qualify for any cooperation credit in connection with a DoJ investigation, the company must provide the agency with all relevant facts about the individuals involved in the misconduct. This same focus on individuals has been echoed by top SEC officials, including the SEC’s current chair. With several months’ of experience now under the new directive, it seems worth asking how the SEC renewed focus on individuals has translated into practice and what the implications are for corporate directors.
In a March 10, 2016 memo entitled “Individuals in the Cross Hairs? What This Means for Directors” (here), the Jones Day law firm takes a look at the Yates Memo’s provisions and what the government’s new focus on individual liability has meant in practice. As the memo’s authors’ note, the Yates Memo’s “clear goal” is to “force line prosecutors and companies seeking cooperation to more aggressively gather and produce evidence of individual wrongdoing.”
As the memo details, the renewed focus on individuals has been evidenced in a series of recent SEC actions. Lawyer Michael Volkov echoes this comment in a March 23, 2016 post on his Corruption, Crime, and Compliance blog entitled “Corporate Directors in the Enforcement Cross-Hairs” (here), in which he stated that “the SEC has been quietly (or not so quietly depending on your focus) racking up enforcement actions against corporate directors, particularly in cases relating to oversight and management of internal financial controls.”
The law firm memo reviews several recent SEC’s enforcement actions involving audit committee members and independent directors in which the agency has specifically cited individual misconduct or inattention as the basis for its actions. In his blog post, Michael Volkov notes that the SEC has focused on launching enforcement actions “when board members recklessly signed or approved financial statements that contained material inaccuracies” and when board members “failed to inquire or conduct any reasonable follow up to decisions to delay filing of required reports.”
Based on these recent SEC actions, the law firm memo’s authors identify a number of principles that can be drawn.
First, the memo’s authors note, “the SEC will scrutinize director conduct, especially in financial reporting and issuer disclosure investigations.” This means that the agency will look for instances where the directors have either taken affirmative steps to participate in the fraud or have enable fraudulent conduct by turning a blind eye to obvious red flags. As Volkov put it in his blog post, “the SEC seems to be following a standard formula — when directors are aware of red flags and fail to act or follow up on such red flags, the SEC is responding by bringing enforcement actions against those directors (and others at the company).” Audit committee chairs and members “are prime targets for enforcement actions based on theories of failure to act.”
Second, the SEC expects that board to “exercise actual oversight of management, not to serve as ‘mere figureheads or rubber stamps.’” As the current SEC chair has emphasized in a number of speeches, a company’s directors, according to the agency, serve as the company’s “most important gatekeepers.” When the agency determines that director has failed to prevent, detect, or stop violations of the federal securities laws, the SEC will “try harder to bring charges” against the director involved. In his recent blog post, Michael Volkov similarly noted that the SEC is “sending a strong message that it expects corporate boards to exercise oversight of management and not serve as a rubber stamp for management’s actions.”
Third, the SEC is “ready to pursue negligence-based claims and is eager to bring cases alleging internal control violations as the primary claim, even where there is no fraud or negligence.” Along the same lines, Volkov noted in his blog post that “as the SEC stretches its enforcement program into corporate boardrooms, there is an even greater likelihood that failures to act or other negligent-type behavior will be punished.” The law firm memo cites this development as “perhaps the most likely to increase the risk of potential individual liability.”
The practical consequence of these changed circumstances is that directors face an environment of potentially increased risk of individual liability. The law firm memo’s authors suggest a number of steps directors can take to try to mitigate this risk.
First, the memo’s authors suggest that the directors should “stay on top of current regulatory expectations and priorities.” Directors who are better informed “will be able to ask better questions and challenge the legal and compliance programs at their companies.”
Second, in order to play its part in creating a strong culture, the board needs to have “a strong sense of the ethics and compliance environment at the company.” The key, the memo’s authors say, its “to avoid short-term thinking and make decisions with concern for the company’s long-term business and reputation.”
Third, directors need to “avoid passivity.” Directors need to “actively engage management by asking questions and by challenging them.” A good board is one that asks questions and is willing to challenge management, each other, and the conventional wisdom.”
Fourth, the board should “encourage openness,” which means that the board itself “should be willing to hear difficult news.” That may mean encouraging whistleblower, and ensuring that the company does not tolerate whistleblower retaliation (or “pre-taliation”). The key is “accountability at all levels.” The board plays a “critical role” in this process by ensuring that “the right leadership is in place to create and sustain this environment.”
Fifth, the board must allow for the fact that a good compliance system is “constantly improving and learning from its mistakes.” In particular, the company must have a system in place that ensures that when the company discovers a potential violation, it has the ability to escalate issues, provides for reporting to internal and external auditors and disclosure counsel, and, if necessary, self-reporting to the government.
Finally, the board must do its part to reinforce the need for good internal controls. Management is of course responsible for designing and implementing internal controls over accounting and financial reporting. The board’s role is one of oversight. The board, and especially the board audit committee, needs to be particularly vigilant in exercising oversight over the financial reporting controls.
The law firm memo’s authors conclude their memo with the observation that “by playing a bigger role in building a strong ethics and compliance culture at their companies, directors can protect their companies and protect themselves from personal liability.”