Editor: It has been said that creating a proper corporate governance culture is essential to avoiding compliance violations. Where does compliance fit into the priority hierarchy in creating and sustaining that culture?
Veasey: The short answer is that a proper corporate governance culture must begin with the tone at the top and extend to the middle and the bottom of the organization. In my opinion, a proper compliance culture is the most essential component of an excellent corporate governance culture, but it is not the only component. For example, the directors and officers of the company should adopt and implement, in good faith, the best practices in carrying out their fiduciary duties of care and loyalty in oversight and decision making.
Most importantly, the board’s focus has to be on corporate strategy, profit, and risk management. I would add that the general counsel plays an integral part in seeing to it that the culture of integrity and excellence is infused into the organization. I had the honor to write a book with my colleague Christine Di Guglielmo on general counsel. It is called Indispensable Counsel: The Chief Legal Officer in the New Reality. The important thing in that book is that we described the general counsel in various ways, including her role as “persuasive counselor” and “guardian of corporate integrity.”
We had the honor to interview more than 30 leading North American general counsel in writing this book, and some of what they said is particularly pertinent here. For example, Brackett Denniston, the general counsel of General Electric, said, “The general counsel’s job is to be champion of integrity, compliance, and the rule of law. It cannot be done effectively without buy-in from the CEO and the rest of the leadership. One of the things that general counsel can help do is to ensure the CEO understands what is being done and is supportive.”
In connection with tone at the top and the middle and the bottom, I was particularly struck by a quote from Daniel Desjardins, general counsel of the Canadian firm Bombardirer Inc., stating, “our philosophy is that integrity starts on the plant floor. We must have employees, no matter their status, who have high integrity. So it is not only the tone at the top but also it is necessary to have integrity throughout the organization because one has to trust all the employees.”
Finally, Alan Braverman, general counsel of the Walt Disney Company, said, “With regard to unethical practices, we have zero tolerance. There is no regard to rank and it is pretty well known that if you lie on an expense report, you are out. It does not matter if you are janitor or a senior vice president. You’re out! And if you’re in the accounting profession and you make a mistake that is viewed as deliberate, in order to succumb to the pressure of the quarter, you’re out.” I thought these observations by people who are on the ground and seeing to it that a proper corporate culture exists and that compliance is a key component are spot-on.
Editor: Perhaps the corporate event that is most damaging to a corporation’s reputation is a major compliance failure. Would it be important in some or many instances for the nominating/governance committee of a board to consider including a general counsel of another company or an independent outside lawyer on the board?
Veasey: It is certainly true that the corporate event that is often most damaging to a company is a major compliance failure. In order to be certain that the highest level of corporate integrity is established and maintained in compliance and decision making, the senior management and the board must be on the same page, have the key information, and continuously monitor compliance.
I believe that general counsel has to be the engine and the glue to make sure that happens at all levels. Whether it would be helpful to have a general counsel from another company or a nonaffiliated outside lawyer on the board of directors, of course, depends on the company and its situation from time to time. There is no one-size-fits-all. And, its desirability is very fact intensive. In some situations it might be helpful to have another voice on the board singing in unison or close harmony with the general counsel.
Editor: Have there been any recent regulatory or judicial developments that highlight compliance issues?
Veasey: This question may require a definition of “recent.” There has been a sea change in the regulatory environment in the past decade. Not only have the Sarbanes-Oxley Act, the Dodd-Frank Act and JOBS Act been important in driving compliance reform, but the courts have also encouraged best practices. and boards themselves have voluntarily stepped up their vigilance and best practices. The Delaware courts have often been more exacting recently in their scrutiny of board and management behavior in decision making and oversight (Caremark), but the time-honored doctrine of the business judgment rule is alive and well in the decision-making area. In this area and the oversight/compliance area, questions come up only in private litigation in the Delaware courts; there is no regulatory system, and it is very hard for a plaintiff in a derivative or class action to prove a Caremark violation.
But perhaps the most dramatic actors in the most recent dynamics have been the regulators and prosecutors at the federal level. Just take the U.S. Justice Department (witness its recent aggressive pursuit of JPMorgan Chase) and the activities of the Securities and Exchange Commission (SEC), for example. The crackdowns on accounting fraud, foreign corrupt practices, insider trading, and fair disclosure (FD) compliance are subsets of the regulatory thrust. Moreover, there are new and evolving areas of risk, such as cybersecurity (the disclosures of a breach thereof) and healthcare compliance, which the regulators will pursue.
I believe a reference to some of the recent pronouncements by SEC officials is an appropriate proxy for a demonstration of this attitude. On September 26, 2013, in a speech to the Council of Institutional Investors Fall conference, the chair of the SEC, Mary Jo White, said, “A robust enforcement program is critical to fulfilling the SEC’s mission to instill confidence in those who invest in our markets and to make our markets fair and honest. First, we must be aggressive and creative in the way we use the enforcement tools at our disposal. That means we should neither shrink from bringing the tough cases nor fail to bring the smaller ones.
“When we detect wrongdoing we should consider all the legal avenues to pursue it. If we do not have the evidence to bring a case charging intentional wrongdoing, then we bring a negligence case that does not require intent. And when we resolve cases, we need to be certain our settlements have teeth and send a strong message of deterrence. That is why in each case I have encouraged our enforcement team to think hard about whether the remedies they are seeking would sufficiently redress the wrongdoing and cause future would-be offenders to think twice.” And she also said this, “Another core principle of any strong enforcement program is to pursue responsible individuals wherever possible.”
Chair White’s co-director of the Division of Enforcement, Andrew Ceresney, also gave a speech a week earlier than the one I just quoted, in which he was talking about accounting fraud and other current problems that the SEC is cracking down on. In the accounting fraud area, he said, “I have my doubts about whether we have experienced such a drop in actual fraud in financial reporting as may be indicated by the number of investigations in cases we have filed. It may be that we do not have the same large scale accounting frauds like Enron and WorldCom, but I find it hard to believe that we have so radically reduced the instances of accounting fraud simply due to reforms such as governance changes and certifications and the other Sarbanes-Oxley innovations.”
Then he announced the creation of the fraud task force and said, “To fulfill its mandate and find promising investigations, the task force plans to launch various initiatives. These may include closely monitoring high risk companies to identify potential misconduct, analyzing performance trends by industry, reviewing class actions and other filings related to alleged fraudulent financial reporting, tapping into academic work on accounting and auditing fraud and conducting street sweeps in particular industries in accounting areas.”
I think it is important to note that in PriceWaterhouse Cooper’s recent annual corporate directors’ survey, directors are digesting the impact and consequence of new regulations and enforcement initiatives that have been implemented. This survey shows that while directors are generally concerned about the regulatory and enforcement initiatives, they are skeptical about exactly how far that is going to go, and they really want to spend their time on strategy and risk.
Editor: What steps would you recommend that senior management (including the chief compliance officer and the general counsel) adopt to educate employees in recognizing and reporting suspected compliance violations?
Veasey: Even though there is no one-size-fits-all, some of the good methods that have been used should be considered. They include having the legal department play an important role in educating managers within a company to report compliance violations. They also include the use of a booklet or video that helps employees to recognize compliance violations and explains why and how they should be reported. And there should be a telephone number or a hotline by which anonymous reports can be made of failures that may come to the attention of employees. I think it is important that these kinds of steps be front and center and called to the attention of employees frequently. And these are only examples.
Editor: Explain compliance concerns unique to global companies with branches in foreign countries.
Veasey: There are a lot of problems with foreign cultures, including different views of ethics and the like, in certain areas. Frankly, I think it is up to the general counsel to make sure that the lawyers in these areas, who are advising divisions on the ground in foreign countries, are really compliance drivers. They must be infused with ethical concerns about making sure that they keep on an eye on this, that they do not allow foreign corrupt practices to intervene, and that they are always vigilant to spot that. Then I think that general counsel needs to go around to these areas and visit with the lawyers and others and continue to bring the message that these lawyers are “guardians of the corporate integrity.”
Editor: Concern has been expressed that the SEC’s whistleblower bounty program undermines a company’s established internal up-the-ladder reporting systems. How has that been addressed?
Veasey: I think the SEC’s regulation was not as bad as one might have thought would have emerged from Dodd-Frank because the SEC’s regulation does give a nod to a company’s internal compliance mechanism, including the up-the-ladder reporting. But I still think that there has to be more emphasis on using the company’s internal compliance program because it is much better than having the whistleblower, without any reference to the company’s internal compliance procedure, go for the bounty and establish a bridgehead, if you will, in the compliance program for herself. It is important for the whistleblower to understand that the SEC’s rules and regulations offer protection for the whistleblower’s rights to a bounty even if she goes through a company’s internal compliance program.