SEC chair Mary Jo White spoke Monday at Stanford University’s Rock Center for Corporate Governance. Her talk was called “A few things directors should know about the SEC.”
She spent some time describing what should happen after your company finds a possible FCPA violation.
White’s plain-spoken and practical advice is great reading for corporate directors and those who advise them.
Here’s part of what she said:
Even in the best run companies with strong boards, the right tone at the top and robust compliance programs, wrongdoing will almost inevitably occur from time-to-time. What should you do when that happens? How should you respond? What does the SEC expect you to do? When should a company self-report wrongdoing to the SEC or other authorities? All of these questions require careful consideration and appropriate action. For tonight, I will focus just on the last one about self-reporting.
If your company has uncovered serious wrongdoing, you will need to decide whether, how and when to report the matter to the SEC. One immediate question you will have to answer is whether what has been discovered constitutes material information that requires public disclosure. If the answer is yes, that fact will also invariably dictate an obvious affirmative answer to broader self-reporting to the SEC.
In other situations, you will need to decide whether to call us about a serious, but non-material event — perhaps a rogue employee in a small foreign subsidiary has been bribing a foreign official in violation of the Foreign Corrupt Practices Act (“FCPA”). You intend to take decisive action against the employee and enhance your FCPA compliance program. Your disclosure lawyer’s view is that the occurrence does not require public disclosure. That does not, however, end your inquiry or responsibilities. Your company still needs to decide whether to self-report to the SEC, and consider what that may mean for the company.
As many of you know, the Commission in the 2001 Seaboard statement on cooperation, explained how self-reporting, cooperation, self-policing, and remediation factor into our decisions when considering enforcement actions. And, I can tell you from experience that of those four factors, self-reporting is especially important to both the SEC and the Department of Justice.
What are the benefits to your company of self-reporting? You can read about that in the SEC’s press releases on enforcement actions, which routinely highlight how the quality of a company’s cooperation has affected any resulting enforcement action. Typically, a company realizes the benefits of cooperation through a reduced penalty, or, at times, no penalty or even not proceeding in an exceptional case.
Not that you should need any extra incentive, but keep in mind that there are also downsides in deciding not to self-report. If the wrongdoing is not self-reported, the opportunity to earn significant credit for cooperation may be lost. And, with our new whistleblower program . . . the SEC is more likely than ever to learn of the misconduct through another channel.
Let me just say a few words about how to cooperate with SEC investigations.
As an initial matter, the decision to cooperate should be made early in the investigation. The tone and substance of the early communications we have with a company are critical in establishing the tenor of our investigations and how the staff and the Commission will view your cooperation in the final stages of an investigation. Holding back information, perhaps out of a desire to keep options open as the investigation develops, can, in fact, foreclose the opportunity for cooperation credit. We are looking for companies to be forthcoming and candid partners with the SEC investigative team — and the board has a responsibility to ensure that management and the legal team are providing this kind of cooperation.
When choosing the path of self-reporting and cooperation, do so decisively. Make it clear from the outset that the board’s expectation is that any internal investigation will search for misconduct wherever and however high up it occurred; that the company will act promptly and report real-time to the Enforcement staff on any misconduct uncovered; and that the company will hold its responsible employees to account.
There is, of course, cooperation and then there is cooperation, just as there are compliance programs that look great on paper but are not strongly enforced. We know the difference. Cooperation means more than complying with our subpoenas for documents and testimony — the law requires you to do that. If you want your company to get credit for cooperation – and you should — then sincere and thorough partnering with the Division of Enforcement to uncover all the facts is required.
Richard L. Cassin is the publisher and editor of the FCPA Blog. He can be contacted here.