The SEC’s pursuit of enforcement actions against compliance professionals was one of the most divisive issues of 2015. Last week, high-ranking officials at the Securities and Exchange Commission (“SEC”) and Department of Justice (“DOJ”) made public comments providing further insight on how they evaluate corporate compliance programs and individuals responsible for those programs, which gave something of a roadmap for how compliance professionals should prepare for investigations.
On May 20, 2016, SEC Chief of Staff Andrew J. Donohue, during remarks at Rutgers Law School, identified the basic points that corporate compliance officers should consider when evaluating their compliance program: integrity and personal responsibility; culture; simplicity and intuitiveness; technological savvy, and complexity. Andrew Donohue, New Directions in Corporate Compliance: Keynote Luncheon Speech
. While not formally speaking on behalf of the Commission, Donohue emphasized that he expects CCOs to have a strong understanding of their companies’ businesses, the risks faced by their organizations, their organizations’ employees, corporate systems, and the need to identify and resolve issues quickly. Indeed, his remarks make clear that if compliance officers are unable to speak cogently to each of these issues from the onset of an investigation, they will be at considerable risk of drawing greater investigative focus onto their own personal responsibility and role.
On May 23, 2016, DOJ Criminal Fraud Section Chief Andrew Weissmann and SEC Enforcement Division Associate Director Stephen Cohen similarly emphasized the importance of compliance officers and compliance programs in corporate investigations in a panel discussion at a compliance conference. They reportedly gave particular hints as to how compliance officers might position themselves in the face of an enforcement investigation when called in for questioning. For example, Weissmann reportedly told the attendees that whenever the DOJ is trying to evaluate the effectiveness of a company’s compliance program for purposes of mitigation, one of the first questions investigators typically ask compliance officers is “What do you still need to work on?” or “What’s not working?” This approach recognizes that knowing a program’s weaknesses should actually be recognized as a sign of its strength, as no compliance program can be perfect and the best ones are always working towards improving.
The DOJ and SEC’s focus on compliance officers is nothing new, and shows no sign of abating. But the DOJ and SEC’s focus is nuanced. As evidenced by their comments and recent approach in investigations, the DOJ and SEC recognize that compliance officers are in many ways their partners as “gatekeepers,” and thus that speaking to them early in investigations can be extremely valuable. Compliance officers should recognize that such conversations present both opportunities and risks, and the best way to prepare is to (i) have a deep understanding of the role of compliance and the business; (ii) institute a robust culture of compliance; (iii) be prepared to discuss compliance from the outset of an investigation; and (iv) implement meaningful changes to compliance during an investigation as soon as they are warranted by the facts.