SEC Chair Mary Jo White delivered a speech last week titled “Deploying the Full Enforcement Arsenal” before the Council of Institutional Investors.
The focus of White’s speech was on how the SEC is “deploying [its] full enforcement arsenal for the benefit of investors.”
While there was one reference to the Foreign Corrupt Practices Act in White’s speech, her speech was general in nature and touched upon the following issues (all of which are relevant to FCPA enforcement): SEC enforcement principles, how the SEC should be aggressive and creative when employing its enforcement tools, the importance of deterrence, corporate penalty issues, the SEC’s neither admit nor deny settlement policy and recent revisions to this policy, and the importance of individual enforcement actions.
After highlighting excerpts from White’s speech, this post discusses two issues where White’s rhetoric and the reality of the SEC’s FCPA enforcement program most diverge.
Another key priority for me, as you would expect, is our enforcement program – building on past successes and making it as strong and effective as it can be. A robust enforcement program is critical to fulfilling the SEC’s mission to instill confidence in those who invest in our markets and to make our markets fair and honest.
In many ways, the most visible face of the SEC is what we do to enforce the law. After all, most Americans do not see how well our experts examine a financial firm, review a regulatory filing, or conduct economic analysis on a complex rule.
But they do pay attention when we bring a major enforcement action against a major financial institution, when we charge a hedge fund executive with insider trading, when we freeze a suspected Ponzi schemer’s assets, or when we charge a CEO with fraud.
As many here know, I spent a good part of my professional life in the enforcement arena. I have focused much of my career not only on pursuing wrongdoers, but also on deterring wrongdoing.
When I arrived at the SEC, I came with a very high opinion of the enforcement division, having seen and admired their work up close – both as the U.S. Attorney when we worked side-by-side doing securities fraud cases, and from the other side of the table as a private lawyer.
Any objective and informed observer agrees that the SEC has an exceptional enforcement record. Its performance in the aftermath of the financial crisis was particularly impressive. Since 2008, the enforcement division has brought crisis-related actions against more than 160 entities and individuals, including many CEOs and other senior executives, barred dozens of fraudsters and returned billions of dollars to harmed investors. And they did it while also bringing literally thousands of other non-crisis-related cases at the same time – despite limits on resources and legal restrictions on the amount of penalties that the SEC can seek and recover.
As we continue to build on this impressive record, we will be guided by some overarching principles.
Be Aggressive and Creative
First, we must be aggressive and creative in the way we use the enforcement tools at our disposal.
That means we should neither shrink from bringing the tough cases, nor fail to bring smaller ones. When we detect wrongdoing, we should consider all the legal avenues to pursue it. If we do not have the evidence to bring a case charging intentional wrongdoing, then bring the negligence case that does not require intent.
And when we resolve cases, we need to be certain our settlements have teeth, and send a strong message of deterrence. That is why in each case, I have encouraged our enforcement teams to think hard about whether the remedies they are seeking would sufficiently redress the wrongdoing and cause would-be future offenders to think twice.
We obviously cannot put offenders in jail like a U.S. Attorney can. And in many cases, the law limits the penalties the SEC may obtain to amounts that both we and the public think are too low. Under current law, we cannot assess a penalty based on investor losses, but are limited instead to the usually much lower figure based on the ill-gotten gains of a defendant.
That is why I support, as did my immediate predecessors, legislation introduced in Congress that would allow us to seek penalties based on either three times the ill-gotten gains or the amount of investor losses – whichever is greater. Among other things, the proposed legislation also would authorize us to seek additional penalties if the wrongdoer is a recidivist – a repeat offender who has been undeterred by prior enforcement actions. These would be very powerful, additional tools.
In the meantime, we must make aggressive use of our existing penalty authority, recognizing that meaningful monetary penalties – whether against companies or individuals – play a very important role in a strong enforcement program. They make companies and the industry sit up and take notice of what our expectations are and how vigorously we will pursue wrongdoing.
Some years ago – in 2006 – the Commission issued a press release in the context of two settled cases setting forth the thinking of the five Commissioners at the time about the relevant factors to consider in deciding whether corporate penalties should be imposed and to what degree. Today, we have an entirely new Commission.
I have been asked what I consider the import today of this release to our consideration of corporate penalties. As an initial matter, it is important to remember that the release was not then, and is not now, binding policy for the Commission or the staff.
While it is not a binding policy, the 2006 press release in my view sets forth a useful, non-exclusive list of factors that may guide a Commissioner’s consideration of corporate penalties, such as the egregiousness of the misconduct, how widespread it was, and whether the company cooperated and had a strong compliance program. The enforcement staff still references these factors as well as other inputs when analyzing and proposing their own recommendations to the Commission.
Ultimately, however, each Commissioner has the discretion, within the limits of the Commission’s statutory authority, to reach his or her own judgment on whether a corporate penalty is appropriate and how high it should be.
The bottom line for me is that corporate penalties will be considered in all appropriate cases. Whether, in fact, to seek a corporate penalty and the appropriate amount are decisions that must be based on a consideration of all the facts and circumstances of each case and the objectives of a strong enforcement program.
Strong penalties are just a starting point. When we sue a company for wrongdoing, we should consider whether to require the company to adopt measures that make the wrong less likely to occur again.
This is something we already do, in some cases. For example, when we settle with a firm in a foreign corrupt practices case, we often require it to put in place better training and reporting programs. Such forward-looking measures can also be useful in other kinds of cases. When we enter into a settlement with a company involving systems control failures, for example, we should consider mandating new policies and procedures and other controls, and require that a compliance consultant test these controls.
Expect to see more such mandatory undertakings in future cases so that we are not just punishing past wrongs, but also acting to prevent future wrongs.
Another principle of an effective enforcement program is the recognition that there are some cases where monetary penalties and compliance enhancements are not enough. An added measure of public accountability is necessary, and in those cases we should demand it.
Until recently, the SEC – like most other federal agencies and regulators with civil enforcement powers – settled virtually all of its cases on a no-admit-no deny basis. Generally, a party would pay a hefty penalty and agree to an injunction against future misconduct, but neither admit nor deny the wrongdoing asserted by the SEC in a court complaint or set forth as findings in an order instituting administrative proceedings.
In most cases, that protocol makes very good sense. It makes sense because the SEC can get relief within the range of what we could reasonably expect to achieve after winning at trial. By settling, the agency is able to eliminate all litigation risk, resolve the case, return money to victims more quickly, and preserve our enforcement resources to redeploy to do other investigations – ordinarily, a significant win-win. But sometimes more may be required for a resolution to be, and to be viewed as, a sufficient punishment and strong deterrent message.
In 2012, the SEC changed the no-admit-no-deny language as it applied to settlements with parties that have pled guilty in a related criminal action. In these cases, we now explicitly reference these admissions in the SEC settlement. It was a first step towards greater accountability, and a good one.
But when I started at the SEC, I re-examined our approach and concluded that there are certain other cases not involving any parallel criminal case where there is a special need for public accountability and acceptance of responsibility.
As you might expect, much of my thinking on this issue was shaped by the time I spent in the criminal arena, where courts cannot accept a guilty plea without the defendant first admitting to the unlawful conduct. Anyone who has witnessed a guilty plea understands the power of such admissions – it creates an unambiguous record of the conduct and demonstrates unequivocally the defendant’s responsibility for his or her acts.
But what about resolutions that do not require a guilty plea?
In 1994, when I was a U.S. Attorney, I entered into the first-ever deferred prosecution agreement (DPA) with a company – a tool the Department of Justice frequently uses today. Essentially, a DPA is an agreement that the government will file a criminal charge, but defer its prosecution for a period of time during which the party must demonstrate good behavior and satisfy the other terms of the agreement. These terms can include very significant payments of money, enhanced compliance requirements, and sometimes an outside monitor.
Back in 1994, there was no template for those agreements. Nothing required an admission or confession of wrongdoing. But I decided in that particular case that a public admission of wrongdoing was required for the resolution to have sufficient teeth and public accountability. So considering this history, it should not be surprising that I would follow that same approach in my new role as Chair of the SEC.
Since laying out this new approach, the most frequent question we get is about the types of cases where admissions might be appropriate.
Candidates potentially requiring admissions include:
- Cases where a large number of investors have been harmed or the conduct was otherwise egregious.
- Cases where the conduct posed a significant risk to the market or investors.
- Cases where admissions would aid investors deciding whether to deal with a particular party in the future.
- Cases where reciting unambiguous facts would send an important message to the market about a particular case.
To reiterate, no-admit-no-deny settlements are a very important tool in our enforcement arsenal that we will continue to use when we believe it is in public interest to do so. In other cases, we will be requiring admissions. These decisions are for us to make within our discretion, not decisions for a court to make.
Another core principle of any strong enforcement program is to pursue responsible individuals wherever possible. That is something our enforcement division has always done and will continue to do. Companies, after all, act through their people. And when we can identify those people, settling only with the company may not be sufficient. Redress for wrongdoing must never be seen as “a cost of doing business” made good by cutting a corporate check.
Individuals tempted to commit wrongdoing must understand that they risk it all if they do not play by the rules. When people fear for their own reputations, careers or pocketbooks, they tend to stay in line.
Of course, there will be cases in which it is not possible to charge an individual. But I have made it clear that the staff should look hard to see whether a case against individuals can be brought. I want to be sure we are looking first at the individual conduct and working out to the entity, rather than starting with the entity as a whole and working in. It is a subtle shift, but one that could bring more individuals into enforcement cases.
When we do bring charges against individuals, we also need to consider all the possible remedies to prevent future wrongs. One of the most potent tools the SEC has is a court order imposing a bar on an individual – a bar from, for example, working in the securities industry or serving on the board of a public company. Such an order not only punishes past actions, but also can reduce the likelihood that the defendant can defraud and victimize the public again.
Win at Trial
Finally, a strong enforcement regime is only effective if we have the ability to back it up in court.
So, we need to maintain and enhance our ability to win at trial. For us to be a truly potent regulatory force, we need to remain constantly focused on trial readiness.
Indeed, because of our increased demands for admissions, we recognize that we may see more financial firms that say: “We’ll see you in court.” But that will not deter us. The SEC has a well-established record of winning when we go to trial – our recent win in the Tourre case is just the latest example. We must continue to sustain this successful record and ensure that we have sufficient resources available to litigate cases.
Significant and consistent trial wins also gives us the credibility we need to achieve strong and meaningful settlements, in every area that we will be pursuing in the coming years.
Going forward, I know you will be watching to see what we produce, as you should. A strong enforcement program provides greater protection for all investors participating in our markets. We should be judged by the quality of the cases we bring, by the aggressive and innovative techniques we use to pursue wrongdoers, by the tough sanctions and meaningful remedies we impose, and where appropriate by the acknowledgements of wrongdoing that we require.
Throughout my tenure as SEC Chair, I will continuously look for ways to make our enforcement program stronger.
The more successful we are at being – and being perceived as – the tough cop that everyone rightfully expects, the more confidence in the markets investors will have, the more level the playing field will be and the more wrongdoing that will be deterred.”
There are two issues where White’s rhetoric and the reality of the SEC’s FCPA enforcement program most diverge.
First, White stated “any objective and informed observer agrees that the SEC has an exceptional enforcement record” and that “the SEC has a well-established record of winning when we go to trial.”
Not true in the FCPA context where the SEC has an overall losing record in FCPA enforcement actions when put to its ultimate burden of proof. As noted in this prior post, the SEC lost the Eric Mattson and James Harris individual enforcement actions at the motion to dismiss stage and as noted in this prior post, the SEC lost the Herbert Steffen individual enforcement action at the motion to dismiss stage. As noted in this prior post, in the Mark Jackson and James Ruehlen individual enforcement actions the court granted, without prejudice, the SEC’s claims that sought monetary damages and upon repleading the SEC’s ongoing case is a shell of its former self. In the ongoing enforcement action against Elek Straub and other former executives of Magyar Telekom, the court denied the defendants’ motion to dismiss (see here for the prior post).
Second, White stated “another core principle of any strong enforcement program is to pursue responsible individuals wherever possible. That is something our enforcement division has always done and will continue to do.”
As noted in this prior post, between 2008-2012, 79% of SEC corporate FCPA enforcement actions have not (at least yet) resulted in any SEC charges against company employees. This figure is likely to climb when re-calculated to include 2013 SEC FCPA enforcement actions. Thus far this year there have been 4 SEC corporate FCPA enforcement actions and none of the actions have (at least yet) resulted in any SEC charges against company employees.