Month: September 2009

SEC’s Office of Compliance Inspections and Examinations Gets a Review

sec-ig

The SEC’s Division of Enforcement was not alone in getting a report from the SEC’s Inspector General: Improvements Needed Within the SEC’s Division of Enforcement. The Office of Compliance Inspections and Examinations also got a review from the Inspector General: Review and Analysis of OCIE Examinations of Bernard L. Madoff Investment Securities, LLC. pdf-icon

For this report, the Office of the Inspector General hired FTI Consulting, Inc. to help with the review. Not to be outdone by the report on the Division of Enforcement, FTI came up with 37 recommendations, topping the other report’s 21 recommendations.

So far that’s a total of three reports and 58 recommendations from the SEC’s Inspector General as a result of the Madoff incident.

References:

Improvements Needed Within the SEC’s Division of Enforcement

sec-ig

The SEC’s Inspector General, H. David Kotz, released his most recent report: Program Improvements Needed Within the SEC’s Division of Enforcement.pdf-icon

The report is sort of a follow-up to the Madoff Report. The Office of the Inspector General conducted a review “to identify systemic issues that would prevent Enforcement from accomplishing its mission to enforce the securities laws and protect investors and determine from discussions with staff and supervisors which programmatic improvements are needed.”

The Inspector General’s 21 recommendations are:

  1. Establish formal guidance for evaluating various types of complaints (e.g., Ponzi schemes) and train appropriate staff on the use of the guidance. The guidance should address the necessary steps and key information required to be collected when conducting preliminary inquiries of various types of complaints, specify what information should be documented, and list whom should be consulted in other offices within the SEC with relevant expertise in various subject matters and other pertinent data.
  2. Ensure the SEC’s tip and complaint handling system provides for data capture of relevant information relating to the vetting process to document why a complaint was or was not acted upon and who made that determination.
  3. Require tips and complaints to be reviewed by at least two individuals experienced in the subject matter prior to deciding not to take further action.
  4. Establish guidance to require that all complaints that appear on the surface to be credible and compelling be probed further by in-depth interviews with the sources to assess the complaints validity and to determine what issues need to be investigated. Such guidance should also require that staff obtain all relevant documentation related to such complaints.
  5. Provide training to staff to ensure they are aware of the guidelines contained in Section 3.2.5 of the Enforcement Manual and Title 17 of the Code of Federal Regulations, Section 202.10 for obtaining information from media sources.
  6. Annually review and test the effectiveness of its policies and procedures with regard to its new tip and complaint handling system. Enforcement should also modify these policies and procedures, where needed, to ensure adherence and adequacy.
  7. Put in place procedures to ensure that investigations are assigned to teams where at least one individual on the team has specific and sufficient knowledge of the subject matter (e.g. Ponzi schemes) and the team has access to at least one additional individual who also has such expertise or knowledge.
  8. Train staff on what resources and information is available from the national specialized units and when and how assistance from these units should be requested.
  9. Make it mandatory that planning memoranda be prepared during an investigation and that the plan includes a section identifying what type of expertise or assistance is needed from others within and outside the Commission. The plan should also be reviewed and approved by senior Enforcement personnel.
  10. Require that after the planning memorandum is drafted, it is circulated to all team members assigned to the investigation, and all team members then should meet to discuss the investigation approach, methodology and any concerns team members wish to raise.
  11. Establish procedures so that junior-level Enforcement attorneys who are having difficulty with obtaining timely assistance from outside offices are able to escalate their concerns to senior-level management within Enforcement.
  12. Conduct periodic internal reviews of any newly implemented policies and procedures related to information sharing with Divisions and Offices outside of Enforcement to ensure they are operating efficiently and effectively and necessary changes are made.
  13. Require that the planning memorandum and associated scope, methodology and timeframes be routinely reviewed by an investigator’s immediate supervisor to ensure investigations remain on track and determine whether adjustments in scope, etc. are necessary.
  14. Ensure that sufficient resources, both supervisory and support, are dedicated to investigations upfront to provide for adequate and thorough supervision of cases and effective handling of the investigations.
  15. Put in place policies and procedures or training mechanisms to ensure staff have an understanding of what types of information should be validated during investigations with independent parties such as the Financial Industry Regulatory Authority, Depository Trust Company, and Chicago Board Options Exchange.
  16. Include in its complaint handling guidance proper procedures for ensuring complaints received even if an investigation is pending closure, are properly vetted.
  17. Conduct periodic internal reviews to ensure that MUIs are opened in accordance with any newly developed Commission guidance and examine ways to streamline the case closing process. Enforcement should also ensure staff have adequate time in which to complete these types of administrative tasks.
  18. Put in place a process to periodically remind staff of their responsibilities regarding impartiality in the performance of official duties and instruct staff where they can find additional information regarding impartiality.
  19. Establish or utilize an existing working group to analyze the OIG survey information regarding staff concerns over communication of program priorities and make recommended improvements to the Director of Enforcement.
  20. Establish or utilize an existing working group to analyze the OIG survey information regarding staff concerns regarding case handling procedures within Enforcement and make recommended improvements to the Director of Enforcement.
  21. Establish or utilize an existing working group to analyze the OIG survey information regarding staff concerns over working relationships within Enforcement and make recommended improvements to the Director of Enforcement.

Robert Khuzami, Director of Enforcement, responded to the Inspector General’s report (The response is in Appendix IV of the report.) and concurred with all 21 recommendations.

References:

Facebook, Twitter, LinkedIn and Compliance: What Are Companies Doing?

SCCE policies

The Society of Corporate Compliance and Ethics and the Health Care Compliance Association conducted a survey among compliance and ethics professionals in late August 2009 to see what employers are doing about the use of these sites by their employees.

They got back almost 800 responses from their members using an online survey tool.

  • 50% of respondents reported that their company does not have a policy for employee online activity outside of the workplace
  • Of those companies that do have a policy, 34% include it in a general policy on online usage
  • Of those companies that do have a policy, just 10% specifically address the use of social network sites

“While the data indicates that many organizations have had to discipline employees for improper activity online, the fears may outweigh the actual risks. A survey asking about discipline regarding improper email usage would likely yield much higher numbers.”

Facebook, Twitter, LinkedIn and Compliance: What Are Companies Doing? pdf-icon

Managing Risk in the Financial Sector

managing-compliance

On Sept. 16, 2009, Compliance Week and Navigant Consulting presented an exclusive editorial roundtable about compliance practices at financial services firms at The Mandarin Oriental Hotel in Boston.

(Apparently not so exclusive, considering I was able to get in. I even made it into one of the article’s pictures. – That’s me eating my fingers in the background.)

Compliance Week Editor-in-Chief Matt Kelly moderated the session, which featured Daniel Bender and John Schneider of Navigant Consulting. The full roster of participants is in the article’s sidebar.

You can read more about what we discussed during the roundtable in an article in Compliance Week: Managing Risk in the Financial Sector. (Subscription Required)

A few of my favorite quotes from the article:

Lou Iglesias, chief compliance officer of PanAgora Asset Management: Part of the role of a compliance and risk officer is “being a student of history” and learning from past industry mistakes. “And you don’t have to look back too far to find them.”

James Bone, founder of GlobalComplianceAdvisors LLC: Because there is no school for compliance, continually developing new staff to keep up with regulations is also a challenge. Even if you have an unlimited budget to hire talent, “finding people who have the right skill-set to do the things that you need to get done” isn’t always easy.

Governing Corporate Compliance and New Governance

Miriam-Baer

Miriam Baer of the Brooklyn Law School published an interesting article on “New Governance”: Governing Corporate Compliance. The professor rejects the notion that adversarial relationships produce good regulation. She looks towards the “theory of regulation characterized by a collaborative tone between regulator and regulated entity, a problem-solving orientation, continuous assessment and revision of both expected outcomes and implementation processes, pooling of information by and among regulated entities and regulators, and inter-agency cooperation.”

She views compliance programs as “instrumentalities of hard law: formal regimes designed to supply internal monitoring and punishment, so that the firm can then assist the government in fulfilling its duties of external monitoring and punishment.” Of course you are not going to get a cooperative method of regulation when the primary response to corporate wrongdoing is the prosecution and punishment of individuals. Executives put compliance programs in place because it is good business. They also implemented them because they don’t want to go to jail. Executives are increasingly being punished for the bad acts of their frontline employees.

The professor advocates a model in which “regulators and regulated entities would treat compliance problems—even large scale violations of criminal law—as a symptom of a continuing problem to be addressed over time, rather than as a cultural failure that could be “cured” by some combination of prosecutorial threat and internal ethics remediation.”

Thanks to Ellen S. Podgor of the White Collar Crime Prof Blog for pointing out the article: .

References:

Workplace Challenges of Influenza (Seasonal and H1N1)

h1n1-virus

Have you gotten your flu shot yet?

I noticed the leaves changing colors in my backyard. That means the annual influenza season is approaching. This year we also get the second round of the Swine Flu. (The pork industry prefers that we use the H1N1 designation instead.) It looks like this second round of H1N1 will be more of a problem than the spring outbreak.

The Centers for Disease Control and Prevention has released its Guidance for Business and Employers to Plan and Respond to the 2009-2010 Flu Season and the Department of Homeland Security has released its Planning for 2009 H1N1 Influenza: A Preparedness Guide for Small Businesses.

You should review your policies designed to protect their healthy employees, guard the privacy of sick employees, and comply with applicable legal requirements. That means you need to be familiar with the Family and Medical Leave Act, the Americans with Disabilities Act, the Fair Labor Standards Act, the Health Insurance Portability and Accountability Act, the Occupational Safety and Health Act, as well as your own internal attendance policies, collective bargaining obligations, employee benefits, and insurance law. Throw some state and local laws into the mix.

The key will be to encourage your sick workers to stay home and not punish them for staying out sick.

References:

Corporate Responsibility Weathering the Economic Storm

State of Corporate Citizenship in the United States

The Boston College Center for Corporate Citizenship released their findings in the 2009 State of Corporate Citizenship in the United States.

Despite the upheaval in the economy, a majority of U.S. companies are not making major changes in their corporate citizenship practices. Of those who made changes: 38% reduced philanthropy/giving, 27% increased layoffs, and 19% reduced R&D for sustainable products.

The State of Corporate Citizenship in the United States 2009 is a joint project of the Boston College Center and The Hitachi Foundation. The report is free, but requires registration.

Social Networking for Legal Administrators

ALA

I am giving two presentations today to the Boston Chapter of the Association of Legal Administrators at their 5th Annual One Day Educational Conference. In the morning, my presentation is Social Networking 101 and the afternoon is Social Networking 201.

Social Networking 101

This session is for those who don’t know about social networking and want to find out what it is and how it is used.

Here is the slidedeck on the basics of how law firms and legal administrators can use these tools:

Social Networking 101

Social Networking 201

The afternoon session is with Henry Chace and Scott Katz of Burns & Levinson LLP. We will focus on the potential benefits, which tools are appropriate, and useful, in a professional environment, and the pitfalls to be aware of as you deal with the social networking tools.

Join Me at Enterprise 2.0

Enterprise 2.0 SF

On November 4, I will be out in San Francisco at the West Coast Enterprise 2.0 Conference on this panel:

Social Media: Policy Formation and Risk Management

Policy formation, risk management, media relations, and governance programs become a critical requirement as organizations assess implications to the enterprise arising from employee participation in social networking sites and use of media. Issues related to security, confidentiality, intellectual property, data loss protection, brand image, compliance, and human resources (i.e., ethics/conduct) are critical to address before problems arise. In this panel session, Principal Analyst Mike Gotta of Burton Group will moderate a discussion with practitioners involved in social media strategies.

I will be on a panel with these folks:

  • Mike Gotta of Burton Group
  • Christopher Burgess, Cisco – Senior Security Advisor
  • Scott Mark, Medtronic – Enterprise Application Architect

Redefining Risk

risk

Maybe we should define risk as what needs to go right, instead of what could go wrong.

Although I would like to claim credit for this view of risk, it came from James Bone of Global Compliance Advisors, LLC. I met James at a Compliance Week round table last week discussing risk management and regulatory developments for the financial services industry.

By changing the definition, you are now looking at risk through the operations of your company and its business plan. You are no longer the doomsayer, worrying about the myriad of things that could go wrong, some of which are likely to highly unlikely. You are now focusing on implementing your company’s business plan.

Compliance and risk professionals need to keep an eye on what may go wrong. But, as James points out, it is just as important to make sure things are going right.

Image is by anarchosyn: RISK AWR WC T7L LosAngeles Graffiti Art
http://www.flickr.com/photos/24293932@N00/ / CC BY-SA 2.0