NEW YORK(Thomson Reuters Regulatory Intelligence) - Regulators in recent years have been encouraging registered firms to self-report violations. In exchange for coming forward, firms are offered leniency in the form of reduced fines and penalties, or in some rare instances, no penalty at all. Although that may sound like a no-brainer at most firms, it might not be.
Some compliance officers question whether self-reporting is a good idea for all firms in every instance. Self-reporting can have serious consequences for firms and individuals which must also be considered. There are a host of considerations and preparations firms must undertake when considering whether and how to go about self-reporting.
This article offers some of the pros and cons and considerations of self-reporting, with insight into the decisions and processes in this relatively new issue in regulatory obligations.
THE EVOLVING REGULATORY EMPHASIS ON SELF-REPORTING
The U.S. Securities and Exchange Commission in 2001 issued a "Report of Investigation and Statement"<here>, now commonly known as the Seaboard report. In detailing its decision against taking enforcement action, the report articulated a framework for evaluating cooperation by companies.
It detailed the various factors the SEC considers in determining whether, and to what extent, it grants leniency for cooperation in investigations involving public companies. The report remains the primary playbook for whether firms may seek cooperation credit from the SEC.
- Self-policing prior to the discovery of the misconduct, including establishing effective compliance procedures and an appropriate tone at the top.
- Self-reporting of misconduct when it is discovered, including conducting a thorough review of the nature, extent, origins and consequences of the misconduct, and promptly, completely and effectively disclosing the misconduct to the public, to regulatory agencies, and to self-regulatory organizations.
- Remediation, including dismissing or appropriately disciplining wrongdoers, modifying and improving internal controls and procedures to prevent recurrence of the misconduct, and appropriately compensating those adversely affected; and
- Cooperation with law enforcement authorities, including providing SEC staff with all information relevant to the underlying violations and the company’s remedial efforts.
In January 2010, the SEC announced<here> a formal cooperation program<here> for individuals. The program echoed the Seaboard report principles. The SEC identified self-policing, self-reporting, remediation and cooperation as the primary factors to be considered in determining appropriate charges and remedies.
Since the announcements of cooperation programs, many firms have jumped at the opportunity. Firms have particularly sought cooperation credit, and non-prosecution or deferred-prosecution agreements related to Foreign Corrupt Practices Act (FCPA) violations, where the penalties can be steep and thus the incentive to self-report and cooperate are even greater.
The SEC also launched a successful initiative related to municipal securities called the Municipalities Continuing Disclosure Cooperation Initiative (MCDC)<here>. Under the MCDC Initiative, issuers and underwriters were encouraged to self-report violations involving inaccurate statements in bond offerings. The initiative was launched in 2014 resulting in 72 actions resulting in fines of up to $500,000. The firms also agreed to adopt strategies intended to enhance underwriters' due diligence procedures related to municipal securities.
After the success of the MCDC initiative, in July 2016, the Office of Compliance Inspections and Examinations (OCIE) within the SEC issued a risk alert<here> on OCIE's plans to focus on mutual-fund share class missteps by advisers.
Once again, the SEC saw an area where violations by firms and their brokers or advisers have been widespread. The SEC encouraged self-reporting in announcing the Share Class Selection Disclosure (SCSD) Initiative<here> in early 2018.
Shortly after the self-reporting initiative was launched, the SEC published a list of Frequently Asked Questions (FAQs)<here> where the regulator clarified that "the severity and scope" of the conduct self-reported would not be taken into account in determining the settlement. In other words, the settlements would be standardized across all firms coming forward.
Steven Peikin, co-head of the SEC’s enforcement division, cited success for the mutual fund share class program, without giving specific details, at a New York conference last October. “Unless we did exams of all the investment advisors, we wouldn’t find this stuff,” Peikin said. “We expect there’s going to be lots of money returned to investors under the program.”
Self-reporting and cooperation with regulators may sound like a panacea, but there are a host of considerations and preparations that should be carefully weighed by firms before self-reporting.
One chief compliance officer (CCO) of a small broker-dealer told Regulatory Intelligence that the firm would not self-report as it would simply “invite the regulator into a never-ending examination in every aspect of the firm.” The CCO, who spoke on condition of anonymity, said the legal costs associated with this type of probe could put a firm out of business. “If I discover a problem, I correct it, document it, and then make sure changes are made so that it doesn’t happen again. Reporting it could be disastrous,” the CCO said.
Taking this approach of detection, remediation, prevention steps, and documentation, and then hoping it might not be uncovered in a future exam could be risky. However, it’s a common approach particularly with smaller firms with limited resources or limited access to experienced legal counsel. Also, firms without prior experience and a comfort level in dealing with exams and investigations, and lacking a good relationship with a regulator, may let this “fear of the unknown” keep them from self-reporting.
Another important consideration is that self-reporting commonly results in a future disclosure obligation on Form ADV or equivalent such as FINRA BrokerCheck. Under the SEC’s proposed Regulation Best Interest and associated rules, such disclosures would be required on the proposed Form CRS as well.
Additionally, with examinations few and far between, particularly at small independent registered investment advisers, some CCO’s see self-reporting as the riskier option than simply resolving the matters in house, and rolling the dice on a future penalty if it is detected in a future exam.
According to Ken Joseph, a former senior official at the SEC, and now the global head of Duff & Phelps’s disputes practice, “advisers should seek the advice of experienced counsel and weigh all of the considerations and facts in relation to their obligations as a registrant when considering self-reporting.”
Joseph told Regulatory Intelligence such considerations include; frequency, magnitude and materiality of the violation, who was involved, timeliness of the self-report, remedial actions, and the level of customer/client or counterparty harm.
Self-reporting and cooperating may not guarantee a positive outcome with the SEC. But Joseph said that in his former role as an enforcement official, he would have at least “taken into account the actions of the reporting party, the candor and completeness of the information provided, and remedial actions taken” as factors in determining what follow-up steps are necessary to fulfill the investor protection goals.
When a firm decides to self-report, it should meticulously prepare, and know how to present the SEC with evidence of a proper and thorough internal investigation, remedial efforts to correct the violations, and improvements to policies and procedures, in order to prevent future violations, according to Joseph.
The SEC has shown in recent cases that firms that fail to self-report violations will face stiffer penalties. The SEC might detect the violation at some point in the future, either through a whistleblower program or a routine exam. This factors into the business decision some firms may have to weigh in determining whether to self-report.
Other risk factors to consider include; business disruption, potential reputational or public relations damage, cost of the investigation, potential personnel or management changes, and potential civil litigation.
In preparing to present the information to the regulator, firms must also be certain to demonstrate they have thoroughly analyzed the cause of the violation, appropriately punished the employees at fault, and be careful to avoid any perception that the matter has been suppressed.
Compliance staff must consult other senior management and boards of directors. Opinions of independent directors should also carry extra weight. Although such decisions are difficult, they should never be made unilaterally. The input of an entire board and outside counsel is critical, and should be weighed accordingly.
The SEC’s self-reporting and cooperation initiatives in exchange for reduced penalties is mutually beneficial for both sides. However, self-reporting is not a “one size fits all” solution for all firms and violations. Careful consideration of all of the various factors must be weighed very carefully.
*To read more by the Thomson Reuters Regulatory Intelligence team click here: bit.ly/TR-RegIntel
(Todd Ehret is a Senior Regulatory Intelligence Expert for Thomson Reuters Regulatory Intelligence based in New York.)
This article was produced by Thomson Reuters Regulatory Intelligence - bit.ly/TR-RegIntel - and initially posted on Jan. 24. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters