The DOJ’s Latest Compliance Program Warning

U.S Deputy Attorney General Rod Rosenstein recently announced the Department of Justice’s revised FCPA Corporate Enforcement Policy. The revised Policy is based on the DOJ’s FCPA Pilot Program (in place since April 2016), which provided mitigation credit for voluntary reporting of wrongdoing and specified levels of cooperation and remediation in connection with the resulting investigation.

Much has been made about the new Policy provisions that create the presumption of a DOJ enforcement declination and specify percentage reductions from the U.S. Federal Sentencing Guidelines in the event that a company self-discloses, cooperates and/or remediates in accordance with specified Policy requirements. Certainly, these provisions significantly further the shift toward encouraging company cooperation, as well as continue the focus on holding individuals accountable, and deserve careful attention.

It was, however, Deputy Attorney General Rosenstein’s third “policy enhancement” that most caught my eye. That provision provides detail about how the DOJ evaluates compliance programs, specifying what he calls “hallmarks of an effective compliance program.”

The Policy first states that the criteria for an effective compliance and ethics program may vary based on the size and resources of the organization, which seems fair enough. It then provides a list of criteria (quoted below), which it says will be periodically updated:

  • The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated;
  • The resources the company has dedicated to compliance;
  • The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
  • The authority and independence of the compliance function and the availability of compliance expertise to the board;
  • The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment;
  • The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors;
  • The auditing of the compliance program to assure its effectiveness; and
  • The reporting structure of any compliance personnel employed or contracted by the company.

Continue Reading

Activist Versus Institutional Investors, and the Role of Sustainability

Sustainability concepts are now widely accepted as legitimate, mainstream considerations for boards of directors and corporate management. (See, for example, this Doug’s Note.) As a result, many companies now routinely consider the long-term impact on their entire universe of stakeholders of various environmental, social and governance (ESG) issues. Conversely, most boards of directors and C-suites no longer solely consider maximizing short-term shareholder profits in their decision-making. A balanced corporate mindset now factors in long-term considerations (see this Doug’s Note) and the interests of employees, business partners, communities and society as a whole.

The emergence of sustainability may also be blurring the traditional distinction between “activist” and “institutional” investors. At the risk of over-generalizing, activist investors have historically been associated with maximizing short-term shareholder profits through a variety of often harsh corporate maneuvers. Institutional investors, on the other hand, have often been seen as taking a longer view, which resulted in general support of management accompanied by behind-the-scenes efforts to influence corporate strategy.

Those two camps may now be moving toward the middle of that spectrum, driven in significant part not only by the dramatic rise in popularity of sustainability as a corporate principle, but also the increased desire among institutional investors to engage with management on such issues. After a few years of resistance, companies have embraced the concept of regular, substantive shareholder engagement, resulting in lines of communication that are more open than ever, which allows traditionally passive institutional investors more ability to routinely influence management priorities and strategic decisions.

Continue Reading

Recent SEC Comment Letter Trends

In January, I passed along a list of 12 review and comment priorities distributed at the 48th Annual Institute on Securities Regulation in New York by a panel of speakers that included SEC Chief Accountant Wesley Bricker and Chief Accountant of the Division of Corporation Finance Mark Kronforst (see this Doug’s Note). I won’t repeat the panel’s list here except to note that “MD&A: Results of operations” was at the top, followed next by “Non-GAAP measures.”

Lists like this can be useful predictors of hot topics for the coming year and provide helpful guidance for company disclosures. I, therefore, read with interest Deloitte’s recently released, comprehensive 2017 survey of SEC comment letters. The survey contains much valuable information regarding, and analysis of, the SEC staff’s strategic priorities, as gleaned from their recent comment letters. Below are a few items that jumped out at me.

Top 10 review topics.

Here is Deloitte’s list of the top 10 review topics for the 12 months ended July 31, 2017, which not coincidentally corresponds closely to the panel’s list mentioned above.

  • Non-GAAP measures
  • MD&A
  • Fair value
  • Segment reporting
  • Revenue recognition
  • Intangible assets and goodwill
  • Income taxes
  • State sponsors of terrorism
  • Signatures, exhibits and agreements
  • Acquisitions, mergers and business combinations

Other Deloitte survey tidbits. Continue Reading

The SEC’s Disclosure Modernization Proposals

Recent proposed rules to modernize and simplify SEC disclosure requirements have gotten a lot of attention. You may recall that the Fixing America’s Surface Transportation (FAST) Act of 2015  directed the SEC to issue a report recommending amendments to Regulation S-K to accomplish those goals. The SEC issued its report in November 2016. The proposals are the next step in the process.

The proposed changes, while helpful, are perhaps only marginally so. The most significant proposal would modify MD&A by allowing companies to forgo discussion of the oldest period being presented if (1) it has been previously reported and (2) the disclosure is no longer material. Although this is not an earth shattering development, eliminating the redundancy of the year-two to year-three comparison would be nice. The materiality qualifier may, however, limit the proposal’s practical effect if companies take a conservative approach to determining materiality.

Also helpful would be the proposal to streamline the process for obtaining confidential treatment for commercially sensitive information. The proposed change would permit companies to omit from exhibits confidential information that is not material and would cause competitive harm without having to first request confidential treatment from the SEC staff. Companies also would be permitted to omit “personally identifiable information” in all cases without submitting a request. Exhibits would remain subject to review by the staff, which could issue comments if it determines that redactions were not appropriate.

Several other proposed changes are even more minor, mostly just simplifying the forms themselves, tweaking certain disclosure provisions, or clarifying regulation instructions. They include updates and clarifications to: Continue Reading

The New Auditor Reporting Standards

Late last month, the SEC approved the new auditing standards adopted by the PCAOB back in June, which substantially modify the content of the auditor’s report. They also raise various concerns that public companies and the SEC will need to closely monitor going forward.

Critical audit matters disclosure.

By far the biggest and most controversial change to the old standards is the requirement that the auditors include in a separate section of their report “critical audit matters” applicable to the current period covered by the report. CAMs are defined as:

“any matter … that was communicated or required to be communicated to the audit committee and that relates to accounts or disclosures that are material to the financial statements and involved especially challenging, subjective, or complex auditor judgment.”

The auditor must identify the CAM, describe the principal considerations that led the auditor to determine it was a CAM, describe how the CAM was addressed in the audit, and reference the accounts or disclosures related to the CAM. In the unlikely event that a report contains no CAMs, it must affirmatively so state.

Though the determination of a CAM is supposed to be principles-based, the new rules provide a nonexclusive list of factors for the auditor to consider in its determination. Even so, the standards emphasize that disclosure must be tailored to the particular company and audit, meaning that it should not be boilerplate.

Emerging growth companies and employee stock purchase plans, savings plans and similar plans are excluded from the CAM disclosure requirements.

Additional changes.

The modified auditor’s report also must:

  • State the year the auditor began serving as the company’s auditor,
  • Provide an enhanced description of the auditor’s role, responsibilities and independence, and
  • Satisfy certain format requirements designed to enhance readability.

Effective dates.

All changes to the report except for communication of CAMs are effective for audits of fiscal years ending on or after December 15, 2017.

Communication of CAMs becomes effective for large accelerated filers for fiscal years ending on or after June 30, 2019, and, for all other companies, for fiscal years ending on or after December 15, 2020.

Auditors may, however, elect to comply with the new standards prior to the applicable effective date.

Things to watch for.

Continue Reading

Evolution of the General Counsel—A TerraLex Report

TerraLex recently published The General Counsel Excellence Report 2017, which tracks the continuing evolution of the role of corporate general counsel to encompass important nontraditional areas of focus and responsibilities. TerraLex, a referral network of more than 150 law firms (including Parker Poe) in more than 100 countries, sponsored similar surveys in 2013 and 2015.

The 31-page report makes for interesting reading. For example, it notes that even the GC’s title is changing, with 45 percent of respondents describing their role as “General Counsel” (slightly down from 2015) while more than 20 percent use titles like “Head of Legal,” “Group Head of Legal,” “Head of Legal & Regulatory Affairs” or even “General Counsel, Director of M&A, Strategy and Risk.” The report states that “[i]t is clear … that the exact role of the general counsel is becoming an increasingly difficult one to define.”

Also interesting is the general counsel’s perception of his or her role within the company. According to the report:

“General counsel thought it most important that they were a stakeholder in business decisions rather than just managing the legal department – just over 60 percent gave this answer the most important or next most important score compared with 45 percent who voted for managing the legal department. Being the conscience of the business was also a popular answer and this idea of the legal officer as moral guardian of the corporate entity is a theme which runs through the survey and the interviews. “

This leads to the report’s observations regarding the issues that general counsel find most concerning. Not surprisingly, “regulation and compliance” remains the frontrunner and by an increasingly wide margin, rising from 60 percent to 70 percent from 2015 to 2017. This is entirely consistent with, and no doubt the result of, investor and regulator focus on the importance of effective compliance programs and risk management, as well as increasing recognition among boards of directors and senior executives that they bear substantive oversight responsibility for such matters. In other words, it has become widely recognized that compliance and risk management can no longer be relegated to out-of-sight silos within the company controlled solely by midlevel personnel. (See this article in Corporate Compliance Insights.)

Continue Reading

The NYC Comptroller and Pension Funds Boardroom Accountability Project 2.0

Board composition is increasingly at the forefront of governance activists’ focus and initiatives. A recent, high-profile example of this comes from New York City Comptroller Scott M. Stringer and the New York City Pension Funds via their Boardroom Accountability Project 2.0. This initiative builds on their 2014 initiative and, according to their press release, is intended to “ratchet up the pressure on some of the biggest companies in the world to make their boards more diverse, independent, and climate-competent, so that they are in a position to deliver better long-term returns for investors.”

The campaign directly targets the boards of 151 U.S. companies, calling on them to “disclose the race and gender of their directors, along with board members’ skills, in a standardized ‘matrix’ format and to enter into a dialogue regarding their board’s ‘refreshment’ process.” They believe this will push boards to be more diverse and independent. The targeted companies include “139 that enacted proxy access after receiving a proposal from the New York City Pension Funds, and 12 at which the pension funds’ proposal received majority shareowner support in 2017, but have yet to enact the reform.”

Comptroller Stringer and the Funds blame the “persistent lack of diversity on corporate boards” on a nomination and election process “that is effectively controlled by the existing board — and as a result, more akin to a coronation.” They cite PwC’s 2016 Annual Corporate Directors Survey as reporting that 87% of directors rely on board member recommendations to recruit new directors, while only 18% consider investor recommendations.

Fundamentally, they believe that shareowners “need to know the race and gender of a company’s directors” and “need to see how each director’s skills and experience fits into the company’s overall strategy, where there are gaps, and understand how boards are refreshed.” This information would be released every year as a “board matrix,” thereby allowing shareowners “to identify boards that are ill-suited to protect their investments due to a lack of diversity or relevant expertise” and “to engage companies to recommend qualified, diverse, and independent candidates.” Their recommended standardized matrix would name each director and then indicate via checkmark whether he or she meets a laundry list of “Skills & Experience” and “Demographic Background” criteria, including tenure, sexual orientation, gender, age, and race/ethnicity.

Continue Reading

Pay Ratio Disclosures are an Employee-Relations Opportunity … Really

Most companies are now devoting substantial resources and effort to ensuring compliance with the SEC’s new rules requiring disclosure of the ratio of the CEO’s and median employee’s respective annual total compensation. Because the disclosure is required for fiscal years beginning on or after January 1, 2017, calendar-year-end companies must include it in their upcoming proxy statements.

As the number crunching and parsing of new SEC disclosure guidance (see Doug’s Notes here and here) begins to take shape, these companies will soon get a sense of the magnitude of their ratio and, therefore, of any concerns it may raise. Discussions are also taking place regarding the extent to which companies can, or should, provide supplemental proxy disclosure that adds explanatory context to the mandated ratio disclosures.

In the course of all of that analysis, it would be a shame to overlook “silver-lining” opportunities to engaging in proactive, positive dialogue with the company’s various stakeholders. And the most important constituency at most companies is the employees.

Pay ratio disclosures may be disconcerting to employees for a variety of reasons. Most obviously, while the CEO’s total compensation has long been public information, its stark numerical contrast to median employee compensation could be expected to generate negative emotional responses from some members of the workforce. Less obvious, but perhaps as disconcerting, may be the realization by half of your employees that they are compensated below the median. This realization could be further exacerbated by negative comparisons to peer company compensation medians and ratios, which will likewise now be public.

Failure to proactively address these issues could result in a disgruntled subset of employees, which could in turn lead to lost productivity , a general decline in workforce morale or even employee departures to seemingly higher-paying competitors. Therefore, it would be wise to proactively coordinate with the company’s HR department and internal communications personnel to fashion a tailored communication plan designed to at least minimize potential negative consequences.

But why not also turn this into an opportunity to highlight positives about the company? Rather than being defensive or dismissive, focus on communicating the company’s commitment to its stated values, culture of fairness, efforts to incentivize the proper employee conduct and the enterprise-wide benefits of attracting and retaining exceptional senior leadership. If communications are handled correctly, most employees will appreciate the company’s willingness to be transparent and forthcoming about a topic of such sensitivity (even if they don’t agree fully with everything you say).

Communication techniques will vary from company to company, depending on the company’s existing culture, size, industry, locations, complexity and other factors. Here are some tips for analyzing your own situation: Continue Reading

New SEC Pay Ratio Disclosure Guidance

As everyone knows by now, the SEC amended Item 402 of Regulation S-K, as required by the Dodd-Frank Act, to state that all companies required to provide executive compensation disclosure under Item 402(c) of Regulation S-K must also provide new executive compensation disclosure regarding:

  • the median of annual total compensation of all employees,
  • the annual total compensation of the CEO, and
  • the ratio of those two amounts.

Companies must provide the pay ratio disclosure for their first fiscal year beginning on or after January 1, 2017.

There had been a chance, albeit dwindling, that the new rules might somehow be repealed or delayed before the 2018 proxy season. Recent statements by the SEC staff, followed by last week’s barrage of staff guidance on pay ratio disclosure, now make it clear that the rules will go into effect as written.

The new guidance.

A September 21 interpretive release “… reflects the feedback the SEC has received and encourages companies to use the flexibility incorporated in our prior rulemaking to reduce costs of compliance,” according to SEC Chairman Jay Clayton. As summarized in the accompanying press release, the guidance:

  • States the SEC’s views on the use of reasonable estimates, assumptions and methodologies, and statistical sampling permitted by the rule;
  • Clarifies that a company may use appropriate existing internal records, such as tax or payroll records, in determinations about the inclusion of non-U.S. employees and in identifying the median employee; and
  • Provides guidance as to when a company may use widely recognized tests to determine whether its workers are employees for purposes of the rule.

Of particular note is the staff’s articulation of a reassuringly low standard for determining whether a company is in compliance with the new rules:

“… if a registrant uses reasonable estimates, assumptions or methodologies, the pay ratio and related disclosure that results from such use would not provide the basis for Commission enforcement action unless the disclosure was made or reaffirmed without a reasonable basis or was provided other than in good faith.” (emphasis added)

Then, in separate supplemental guidance, the staff addresses various questions and provides illustrative examples regarding how reasonable estimates and statistical methodologies may be used to satisfy the rule’s requirements. Here is a brief summary derived from, or quoting the language of, the guidance itself: Continue Reading

Join Us at the Fall 2017 GRC Forum, featuring NC Attorney General Josh Stein

You recently received an email invitation to our upcoming Governance, Risk & Compliance Forum. The GRC Forum is a half-day, interactive event devoted specifically to the issues faced by risk and compliance personnel at companies in all industries and at all stages of GRC development.

The Fall 2017 session will be held on Thursday, September 28 at the Duke Mansion in Charlotte. We’ll start with coffee and breakfast at 8:15 a.m. The three presentations will run from 9:00 a.m. until noon. There is no charge for attending, and attendees are expected to be approved for compliance certification and continuing legal education credit.

Topics to be covered.

The GRC Forum and related GRC Blog generally address topics related to assessing, enhancing and maintaining an enterprise-wide governance, risk and compliance function. Specific topics to be discussed at this upcoming Fall 2017 session will include:

  • Session I:  Update on the current state of corporate social responsibility, including CSR reporting and corporate America’s response to the Trump administration’s withdrawal from the Paris climate accord.
  • Session II:  A discussion of cybersecurity breach response policies and plans, including background on current data privacy and security laws in the U.S., the EU’s new comprehensive data protection law and the EU Network Infrastructure Security Directive, critical components of a comprehensive plan, and practical tips on how to create, draft, train on and implement a plan.
  • Session III:  Remarks by North Carolina Attorney General Josh Stein on compliance and public protection, followed by Q&A.

Who should attend?

GRC touches a variety of professionals, including:

  • compliance officers
  • risk management officers
  • boards of directors
  • legal departments
  • CFOs, internal auditors and other finance personnel
  • human resource directors
  • investor relations and public communications personnel

Companies of all sizes and in all industries are invited.

If you haven’t already, please click here to sign up. I hope to see you there.