During this year’s fall conference season, the SEC and DOJ both signalled a shift towards a more aggressive enforcement stance.
First, at the SEC Speaks Conference in mid-October 2021, the SEC’s newly-installed Director of Enforcement, Gurbir Grewal, proposed a “robust enforcement of rules” to discourage corporate wrongdoing.
Just a couple of weeks later, Deputy Attorney General (DAG) Lisa O. Monaco delivered a keynote address at ABA's 36th National Institute on White Collar Crime. In it, she announced a series of changes to the DOJ’s corporate criminal enforcement policies. You can read DAG Monaco’s full speech here.
With both speeches signposting more effective deterrents and an increased focus on individual liability, compliance leaders are well-armed to persuade their leaders for more investment.
And, coupled with a growing regulatory expectation for companies to anticipate and address misconduct more quickly and more effectively, the case for compliance data analytics to be at the forefront of those investments has never been stronger.
5 key themes from the SEC and DOJ updates
1. Increased focus on “individuals” as an enforcement target
In her address DAG Monaco stated that the Department “will urge prosecutors to be bold in holding accountable those who commit criminal conduct," quoting Attorney General Garland’s priority to “prosecute the individuals who commit and profit from corporate malfeasance”.
"We may well seek an officer and director bar to keep that person from being in a position to harm investors again"
- SEC Director of Enforcement Gurbir Grewal
October 2021
Those at the SEC appear aligned with that view. Director Grewal made it clear in his speech that where “egregious acts” are found to have been committed at the highest levels, the SEC “may well seek an officer and director bar to keep that person from being in a position to harm investors again.”
2. Demand for greater transparency from companies under investigation
The tendency for critical information to go missing or be withheld has hindered many an investigation - and drawn ire from prosecutors. Addressing this, Grewal stated that where spoliation of evidence is deemed to have occurred, “there can and should be consequences”.
Continuing along the theme of transparency, DAG Monaco announced that in order to be eligible for any cooperation credit, “companies must provide the department with all non-privileged information about individuals involved in or responsible for the misconduct at issue” - a departure from previous policy, which “enabled companies to limit disclosures to those they assess to be ‘substantially involved’ in the misconduct”.
3. Historical misconduct will be factored into corporate resolutions
A company’s commitment to mitigating risk and maintaining a culture of compliance have been a key factor in resolution settlements for some time, but it’s now clear that historic violations will have a material impact on outcomes.
“...prosecutors will be directed to consider the full criminal, civil and regulatory record of any company when deciding what resolution is appropriate...”
- Deputy Attorney General Lisa O. Monaco
October 2021
As DAG Monaco stated, for companies that are the subject or target of an investigation, “prosecutors will be directed to consider the full criminal, civil and regulatory record of any company when deciding what resolution is appropriate”. Importantly, this consideration will not be limited only to similar subsets of misconduct (e.g. consideration of previous FCPA investigations in FCPA cases), but will instead apply more broadly to consider “the full range of prior misconduct”.
The topic of recidivism was high on the agenda too, with DAG Monaco highlighting the need to reconsider whether pretrial diversions (non-prosecution and deferred prosecution agreements - or NPAs and DPAs) were appropriate for repeat offenders.
Director Grewal echoed DAG Monaco’s sentiment in no uncertain terms, warning that where “a firm repeatedly violates our laws or rules, they should expect that the remedial relief we seek will take that repeated misconduct into account.”
4. Corporate culture remains under the spotlight
A healthy, ethical and compliant culture is undoubtedly the holy grail for companies seeking to avoid the attention of regulators and prosecutors. Grewal intimated as such in laying out the SEC’s intention to bar offending individuals from senior positions, and punish corporations that support a culture of cover-up and recidivism.
Going further, DAG Monaco identified the DOJ’s role as a force to incentivize a culture of compliance, noting that a corporate culture that fails to “hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.”
5. Independent monitoring and effectiveness of remedy
Historically, DOJ guidance has proposed that monitorships are disfavoured or used only in exceptional circumstances. No longer.
In her keynote address DAG Monaco announced a rescindment of that guidance, stating that prosecutors should feel free to impose independent monitorships “in order to satisfy our prosecutors that a company is living up to its compliance and disclosure obligations under the DPA or NPA.”
Director Grewal’s update signalled a consistent approach, advising companies that the SEC can “require the settling party to hire an independent compliance consultant to review policies and procedures and to determine improvements that can prevent future misconduct.”
How does this relate to your data analytics program?
At its simplest, companies should be left in no doubt that the bar for corporate compliance programs has been raised yet again as prosecutors expect them to mitigate risk and accurately anticipate misconduct.
The DOJ and and SEC expect companies to anticipate risk
Since regulators are going to look at a company’s entire history as part of their enforcement proceedings, it’s essential that you are able to identify and address issues before they become systemic.
Sample-based audits and hotline reports can only provide “after-the-fact” intelligence, often months or years after the conduct began. What’s more, not every fraud scheme is detected internally—if at all. Connecting internal and external data sources and using technology to risk-assess 100% of transactions puts compliance teams on the front foot to spot compliance risks much earlier than they otherwise could.
Effective investigation (and meaningful co-operation) requires easy access to granular data
Tackling risks effectively means understanding how and where misconduct may have occurred. And, should you find yourself subject to an investigation, easy access to relevant data will enhance your ability to co-operate with regulators.
Data analytics tools can help you easily identify, in granular detail, data and insights related to wrongdoing. Unlike hotline-reported instances of wrongdoing, where it may be challenging to locate specific transactions or individuals that may be linked to it, a data-driven technological solution can put those insights at your fingertips.
Investing in your compliance program is a signal of cultural health…
What does your company’s compliance investment say about your corporate culture? Well, the answer is clear if we take DAG Monaco’s words at face value: “a corporate culture that….fails to invest in compliance...leads to bad results”.
Today, investing in a compliance program is about more than implementing tick-box processes and controls. Now regulators expect organisations to anticipate risks and identify misconduct quickly before it has an opportunity to infect the corporation and jeopardise its cultural health.
...and could help you avoid the most severe penalties
As intimated by both DAG Monaco and Director Grewal, monitorships are firmly on the enforcement agenda alongside more effective deterrent measures.
However, the message that companies who “spend resources anticipating problems” are more likely to receive “credit from the government” should they find themselves on the regulator’s radar should resonate loudly.
"Companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems"
- Deputy Attorney General Lisa O. Monaco
October 2021
Having been selected by companies under investigation and monitorship, we have witnessed first-hand how the implementation of our technology can contribute towards a DOJ declination and the avoidance of monitorship. Even when a monitor has been imposed, we have also seen how our technology can help provide prosecutors with comfort to cease their monitorship of an organization.
Monitor and remediate…“or it’s going to cost”
As DAG Monaco concluded during her speech, “Companies need to actively review their compliance programs to ensure they adequately monitor for and remediate misconduct — or else it’s going to cost them down the line.”
Investing in technology that gets your company ahead of risk will not only make your program more efficient and effective, it will ultimately prove far less expensive than finding yourself in the DOJ or SEC’s crosshairs for not implementing effective tools. For your C-Suite and board members, it will also provide reassurance in the face of increasing scrutiny from regulators on personal liability.
As illustrated within its updated 2020 guidance, connecting your risk data and using it to operate a data-driven, real-time compliance solution is what enforcement bodies already expect.