The job of federal regulators is to, well, regulate. Their responsibility is to keep companies in line and when they step out of line, to punish them. And, according to Matthew Boxer, chair of the Corporate Investigations and Integrity Practice at Lowenstein Sandler LLP, regulators have grown increasingly aggressive with those punishments in recent years, in two different areas.
“The first is increasingly large fines and assessments that agencies are seeking from a civil enforcement perspective,” he explains. “Another example of aggressive regulatory actions is an increased focus on individuals at companies, including the threat of criminal sanctions against individuals.”
Boxer explains that the dollar amounts of fines are larger, which, is consistent with agencies being cash starved. It’s also, he explains, a feather in the cap of regulators that are able to bring in large dollars. In addition to budgetary reasons, the regulators are endeavoring to ensure that companies are held accountable to compliance issues. The fact of the matter is, if a million dollar fine is levied on a company with hundreds of millions of dollars in market capitalization, the media perceives that as not sending a strong enough message, so regulators who want to do the right thing are under pressue to determine an appropriate penalty.
As for the focus on individuals, Boxer says that 10 years ago, a corporate slap on the wrist or modest financial assessment was enough, but nowadays figures are getting larger and individuals are being held accountable when the government deems it appropriate. “Nothing shakes people up like the threat of going to jail,” says Boxer. “Dollars are one thing, but the possibility of being behind bars is another.”
As part of this more aggressive stance, agencies are working together, an example being the partnership between Securities and Exchange Commission (SEC) and the Department of Justice coordinating investigations of Foreign Corrupt Practices Act violations (FCPA). In addition, U.S. regulators are working with overseas regulators, something that was less common a decade ago.
Boxer explains agencies like the SEC have focused on certain subject matter areas, like accounting issues, internal controls and insider trading. And, while being aggressive, these agencies have not been uncooperative, fielding request from the regulated community to clarify what areas of business need improvement. The regulators pass this information along because it is another way to improve conduct of the entities they are regulating.
In response to the increased aggression from regulators, companies have responded with a greater focus on their compliance departments. “The notion is that, before the regulator comes knocking, make sure everything is in order,” Boxer recommends. “The company should not be sheepish or uncomfortable about sharing.” The corporate community has adopted procedures to make sure they can avoid problematic activity and a visit from law enforcement.
This increased focus on compliance means that companies are encouraged to self—report when problems are identified as part of their internal control system. This creates a delicate balance for companies, Boxer, says. They want to be responsible corporate citizens, but don’t want to invite the regulators in, giving them the chance to spot something they might not have cauggt. The threat of those large fines and individual sanctions then loom large.
Boxer explains that there is some good will toward companies that self-report, but companies must consider how far that good will, will go. Regulators tout less onerous settlements they have reached in situations that include self-reporting, but at the same time, the homerun from the company’s point of view is that when there is no sanction.
In terms of advice to compliance professionals, Boxer recommends several things. First, compliance departments should be adequately staffed and have adequate resources, knowledge and experience working with regulators and understanding the perspective of regulators. Also, there needs to be the right tone at the top, so the right message disseminates to all members of the company.
Finally, credibility is key, Boxer says. Any GC that interacts with a regulator or who has someone interacting with regulators on their behalf must establish a dialogue and communication throughout the company that establishes credibility. “Be truthful with the regulators you are dealing with,” he recommends. “If you are told to take action or implement a corrective action plan, make sure you keep your promises. Always be prepared; don’t go into communication or interaction with regulators and not know what they are talking about.”