Global Investigations Review - The law and practice of international investigations

The Guide to Monitorships - Second Edition

4. The Securities and Exchange Commission

Brown Rudnick

In enforcement matters, the US Securities and Exchange Commission (SEC) routinely requires companies, broker dealers, investment advisers and others to engage a monitor when there is a concern that a defendant organisation does not have effective internal compliance programmes or internal control systems to prevent the recurrence of the misconduct identified by the government investigation. A compliance monitor is appointed, therefore, as ‘an independent third party who assesses and monitors a company’s adherence to the compliance requirements of an agreement that was designed to reduce the risk of recurrence of the company’s misconduct’.[2]

Most of the information about how the SEC uses monitors and when it thinks a monitor may be appropriate can be gleaned from the various settlements of its enforcement actions involving corporate entities.[3] In addition, the SEC and the US Department of Justice’s (US DOJ) joint guidance on enforcement of the US Foreign Corrupt Practices Act (FCPA) provides the most explicit general guidance on the SEC’s use of monitors and, in particular, which factors favour the imposition of monitorship.[4] Since, from the SEC’s perspective, the FCPA is a books-and-records violation and – relatedly, to the extent that hidden bribes distort reported results and affect a company’s reported prospects and risks – a predicate of anti-fraud violations, the Resource Guide has wide application to most of the SEC’s enforcement cases.[5]

Generally, the SEC, like the US DOJ, will seek to tailor the scope and duration of a monitorship to the nature of the violation, the quality and reliability of management, the resources of the defendant, and any other factors bearing on the likelihood of recurrence.[6] Although monitorships can be very expensive and intrusive, they offer several benefits, including, when they can be tailored narrowly, allowing a company to reduce the severity of penalties and collateral effects of an enforcement action. They can also provide the impetus, where necessary, for reforming a recalcitrant bureaucracy, and foster a culture and record of compliance that could help to address any future violations of law should compliance programmes fail again.[7]

This chapter focuses on the SEC’s use of monitors, in particular the statutory authority for monitorships, historical use and analysis of prior monitors, and specific guidance issued by the US DOJ regarding monitorships.

Statutory authority for monitors

The SEC has sought the imposition of corporate monitors, or review persons, since at least 1980 in civil enforcement cases in federal courts by invoking the federal courts’ power to order ancillary relief attendant to statutory authorisation for courts to enjoin defendants from violating the federal securities laws in the future.[8] At the time, there was no explicit authorisation for federal courts to order any such ancillary relief, but courts fairly uniformly had held that because Congress granted them the power to impose injunctions, they could rely on their general equitable powers to impose other remedies, such as monitorships, to ensure compliance with their injunction orders.[9]

In 2002, Congress authorised the SEC to seek ‘equitable relief’ for the ‘benefit of investors’, ostensibly removing any need to rely on the courts’ inherent equitable powers to order monitorships.[10] Arguably, explicit Congressional authorisation to order equitable relief for the benefit of investors supplants and narrows courts’ ability to use their equitable powers in aid of injunctions.[11] Equitable relief in the Supreme Court’s jurisprudence has specific, narrowly defined contours: it must be the type of relief that was available to courts of equity at the time of the divided bench.[12] An equitable remedy may not, therefore, and most importantly for present purposes, be punitive.[13] A monitorship, it follows, must be tailored narrowly to facilitate injunctive relief and nothing more. Of course, as noted, most SEC monitorships are imposed by consent.[14] However, understanding the limits of equity jurisdiction may be helpful to counsel to negotiate the narrowest possible monitorship scope on the theory that a broader scope may be ruled to be punitive and unenforceable by a court.

Similarly in administrative proceedings, the SEC is empowered to order a respondent to cease and desist from violating the securities laws.[15] A cease-and-desist order may ‘require future compliance or steps to effect future compliance, either permanently or for such period of time as the Commission may specify’.[16] The SEC interprets this provision as authorising imposition of monitors in administrative proceedings.[17] This provision may be read as giving the SEC the ability to impose broader-scope monitorships than those that district courts may impose. Of course, these monitorships are also usually imposed by consent but, here too, counsel may be able to argue that, as a matter of statutory authorisation, the scope and duration of the monitorship must be tailored narrowly to effect future compliance with the SEC’s order and nothing more.

The SEC’s use of monitors

Case study: the expansive poswer of the monitor at WorldCom

The current use of SEC monitors stems in part from the spectacular corporate failures of Enron and WorldCom. In fact, WorldCom’s experience with monitorship – largely viewed as the first modern era monitorship – influenced the nature of the monitorships that followed. As discussed below, the WorldCom monitor began with a limited role. However, it was expanded incrementally until the monitor ultimately revamped the company’s entire corporate governance structure.[18] That expansive role in WorldCom and in other matters has been the target of much criticism: observers have wondered to what extent a monitor, who is an agent of the court (or the SEC) rather than the shareholders, should be able to effectuate changes in corporate governance or dictate management decisions.[19] An overview of the WorldCom monitorship is thus instructive as background to more recent trends regarding when a monitor will be imposed and the scope of that monitor’s review.

The SEC brought a civil enforcement action against WorldCom in 2002 alleging that the company’s managers fraudulently misstated the company’s income by more than US$9 billion.[20] Among other remedies, the SEC requested that the court enter an order prohibiting document destruction and extraordinary payments to any present or former affiliate, or officer, director or employee of WorldCom.[21] The SEC then asked for the appointment of ‘a corporate monitor to ensure compliance’ with those two prohibitions.[22]

Shortly after the complaint was filed, the SEC and WorldCom entered into a stipulation agreeing to the appointment of a monitor with ‘oversight responsibility with respect to all compensation paid by WorldCom’.[23] Judge Jed S Rakoff of the Southern District of New York granted the requested relief and the parties jointly selected Richard Breeden, a former SEC chairman, as the corporate monitor.[24] Despite the seemingly narrow scope of Mr Breeden’s original appointment, his authority at the company quickly expanded. The potential for an expansion of his authority, in fact, was explicitly recognised by the court as necessary when Mr Breeden was first appointed.[25] Among other things, the court interpreted Mr Breeden’s role to monitor ‘compensation’ as including not only payments to executives but also any payments to advisers and consultants, such as investment bankers and attorneys.[26] Then, after WorldCom filed for bankruptcy, Mr Breeden’s access to information about the company broadened. As a result of the bankruptcy, for example, the court explicitly allowed Mr Breeden to receive ‘complete information about every aspect of the business he deems relevant to his assessments’.[27] Mr Breeden was then permitted by the court to attend all board meetings, to attend board committee meetings and to receive information about essentially anything he personally deemed necessary to his appointment.[28]

The SEC eventually entered into a consent decree, or partial settlement, with WorldCom in November 2002.[29] That decree further expanded Mr Breeden’s role, requiring him to review WorldCom’s future corporate governance.[30] As one indication of his powers over the company, in the settlement, WorldCom stipulated that it would adopt Mr Breeden’s recommendations even before his report was issued.[31]

Mr Breeden eventually prepared a full report based on his investigation, making 78 recommendations for WorldCom to implement.[32] Most of the proposals sought to increase shareholder participation and control of the company, while also limiting executive power and compensation.[33] Among other corporate governance changes, he recommended a new legal and ethics compliance programme to ensure an improved corporate culture.[34]

In summary, Mr Breeden’s activities at WorldCom were all-encompassing: they extended well beyond his initial charge to monitor ‘compensation’. He was making high-level decisions about WorldCom’s business.[35]

Guidance post-WorldCom has restrained and defined corporate monitors

While WorldCom acts as an initial case study of the modern era of corporate monitors, the recent trend and guidance, as discussed below, has been to make the role of monitors more narrow.

Since WorldCom, the SEC has sought the appointment of monitors in a broad spectrum of civil and administrative enforcement proceedings across various aspects of the securities laws. For example, monitors have been imposed to:

  • review and correct an organisation’s ‘policies, procedures, and practices relating to issuance and transfer of securities’ under the Securities Act;[36]
  • monitor various due diligence and compliance requirements under the Investment Advisers Act;[37]
  • review and recommend changes to an organisation’s policies relating to underwriting municipal securities under the Securities Act;[38]
  • review customer identification and anti-money laundering programmes under the Exchange Act;[39]
  • assess the effectiveness of an organisation’s policies and procedures to prevent FCPA violations;[40]
  • review investment adviser fee disclosures under the Investment Advisers Act;[41] and
  • correct procedures to prevent failures to supervise insider trading under the Investment Advisers Act.[42]

As noted, apart from the joint SEC/US DOJ FCPA Resource Guide published in 2012 (and revised in 2015), the SEC has not published any express general guidance setting forth when, as a general matter, it would seek to impose a monitor and what form that monitorship would take. Nonetheless, as explained above, the Resource Guide is instructive for most, if not all, SEC matters.

The Resource Guide explains:

In civil cases, a company may . . . be required to retain an independent compliance consultant [43] or monitor to provide an independent third-party review of the company’s internal controls. The consultant recommends improvements, to the extent necessary, which the company must adopt.[44]

In the Resource Guide, the SEC and the US DOJ enumerated the following factors that they consider in determining whether a monitor is appropriate:

  • Seriousness of the offense
  • Duration of the misconduct
  • Pervasiveness of the misconduct, including whether the conduct cuts across geographic and/or product lines
  • Nature and size of the company
  • Quality of the company’s compliance program at the time of the misconduct
  • Subsequent remediation efforts.[45]

These factors demonstrate, as the SEC and the US DOJ concede, that: ‘Appointment of a monitor is not appropriate in all circumstances, but it may be appropriate, for example, where a company does not already have an effective internal compliance program or needs to establish necessary internal controls’.[46] Put differently, these factors demonstrate that the SEC’s decision regarding whether to impose a monitor will depend on its assessment that the organisation has an effective compliance programme and has otherwise demonstrated a commitment to compliance in its controls, remediation measures and corporate culture.

The Resource Guide is the only SEC guidance setting forth the factors that the SEC considers when deciding to impose a monitor. From our review of the consent decrees and administrative orders implementing monitors, those documents do not elaborate on the SEC’s criteria or analysis regarding when a monitor is appropriate. Rather, from these case-specific documents, one can glean general guidance as to the general terms and scope of monitorships.

It is helpful, therefore, to review briefly the US DOJ’s guidance on monitorships from the time that the joint Resource Guide was issued. As the Resource Guide did not supplant the guidance that was in place at the time, the then current US DOJ guidance aids one’s understanding of the 2012 Resource Guide. In addition, more current US DOJ guidance informs how the SEC would analyse monitorships because the SEC and the US DOJ often work in parallel and impose a single monitor to assure compliance with both the federal securities laws and the criminal code.[47]

Morford Memorandum

In March 2008, the then Acting Deputy Attorney General Craig S Morford issued the US DOJ’s first memorandum relating to the scope and appointment of monitors (the Morford Memorandum).[48] This Memorandum governed the selection and use of monitors in deferred prosecution agreements and non-prosecution agreements with corporations. It established nine ‘principles’ – guidelines and decision-making procedures – for monitorship programmes, including selection of monitors, the scope of monitors’ duties, reporting requirements and duration. In all these areas, the US DOJ stressed that a monitor’s responsibilities and his or her selection should be tailored to the limited scope of addressing the recurrence of the misconduct and nothing further:

A monitor’s primary responsibility is to assess and monitor a corporation’s compliance with the terms of the agreement specifically designed to address and reduce the risk of recurrence of the corporation’s misconduct, and not to further punitive goals.[49]

Along those lines, prosecutors were cautioned to be mindful not just of the ‘potential benefits’ of a monitor, but ‘the cost’ as well.[50] The Morford Memorandum’s treatment of each of these principles is analysed below.

Selection

Under the terms of the Morford Memorandum, the monitor must be selected ‘based on the merits’; however, the government can choose to play a greater or lesser part in the selection depending on the facts and circumstances of the matter.[51] As a result, in some circumstances, the corporation may select a monitor candidate, with the government vetoing the proposed choice if the monitor is ‘unacceptable’ to the government; in others, the government may create a committee to consider candidates, with the Office of the Attorney General approving the monitor and the organisation having little input.[52]

Scope

The Morford Memorandum recommended the scope of a monitor’s duties be limited to the misconduct at issue, stating that the monitor’s ‘primary responsibility’ is to assess and monitor a corporation’s compliance with those terms of the agreement ‘specifically designed to address and reduce the risk of recurrence of the corporation’s misconduct’.[53] The government, in fact, acknowledged that because the ‘monitor is not responsible to the corporation’s shareholders’, the ‘responsibility for designing an ethics and compliance program . . . should remain with the corporation, subject to the monitor’s input, evaluation and recommendations’.[54]

Reporting requirements

The Morford Memorandum encouraged communications between the government, the corporation and the monitor, including as to the monitor’s recommendations.[55] Organisations are not required to accept all of the monitor recommendations, however. Instead, the US DOJ guidance gave the corporation power to decide whether to implement the monitor recommendations, because the corporation and its officers ‘are ultimately responsible for the ethical and legal operations of the corporation’.[56] If the corporation declines to adopt a recommendation by the monitor, the government considers both the monitor’s recommendation and the corporation’s reasons in determining whether the corporation has fulfilled its obligations under the agreement.[57]

Duration

Finally, the Morford Memorandum recommended that the duration of a monitorship agreement be based on the following criteria:

  • nature and seriousness of the offence;
  • pervasiveness and duration of the misconduct;
  • history of similar misconduct;
  • nature of the corporate culture;
  • complexity and scale of the agreed remedial measures; and
  • stage of the remediation and corrective measures.[58]

Benczkowski Memorandum

More recently, on 12 October 2018, Assistant Attorney General Brian A Benczkowski issued a memorandum[59] significantly expanding the US DOJ’s guidance regarding application, need, selection and scope of monitorships. First, although the Morford Memorandum applied only to deferred prosecution agreements and non-prosecution agreements, and specifically excluded plea agreements, the Benczkowski Memorandum clarified that the Criminal Division should apply the same principles to plea agreements that impose a monitor as long as the presiding court approves the agreement.[60]

Second, and more importantly, the Benczkowski Memorandum stressed, more so than the earlier guidance, that monitors were only appropriate in certain cases:

In general, the Criminal Division should favor the imposition of a monitor only where there is a demonstrated need for, and clear benefit to be derived from, a monitorship relative to the projected costs and burdens. Where a corporation’s compliance program and controls are demonstrated to be effective and appropriately resourced at the time of resolution, a monitor will likely not be necessary.[61]

The Benczkowski Memorandum further set forth that:

In evaluating the ‘potential benefits’ of a monitor, Criminal Division attorneys should consider, among other factors: (a) whether the underlying misconduct involved the manipulation of corporate books and records or the exploitation of an inadequate compliance program or internal control systems; (b) whether the misconduct at issue was pervasive across the business organization or approved or facilitated by senior management; (c) whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems; and (d) whether remedial improvements to the compliance program and internal controls have been tested to demonstrate that they would prevent or detect similar misconduct in the future.[62]

And, when weighing the potential costs, the Benczkowski Memorandum requires a Criminal Division attorney to ‘consider not only the projected monetary costs to the business organization, but also whether the proposed scope of a monitor’s role is appropriately tailored to avoid unnecessary burdens to the business’s operations’.[63]

Third, the Benczkowski Memorandum further expands the prior guidance by clearly outlining the process for selection and approval of an independent monitor candidate:

  • nomination of monitor candidates by counsel for the company;
  • initial review of monitor candidates by the Criminal Division attorneys handling the matter;
  • preparation of a monitor selection memorandum by the Criminal Division attorneys handling the matter;
  • review of a monitor candidate by a standing committee of prosecutors;
  • review by the Assistant Attorney General; and
  • approval by the Office of the Deputy Attorney General.[64]

Notably, the Benczkowski Memorandum now allows companies to designate their first-choice candidate to serve as the monitor.[65]

Recent case studies

Although the Benczkowski Memorandum was issued by the US DOJ and not the SEC, these changes will affect monitorships in which both the SEC and the US DOJ are involved. It is also likely to predict how the SEC may approach future monitorships in which it acts alone. For example, the chair of the SEC’s foreign bribery unit, Charles Cain, has already indicated that the SEC is supportive of the US DOJ’s newest approach. In November 2018, after the publication of the Benczkowski Memorandum, Mr Cain said that the era of ‘cookie-cutter’ monitorships is over, and that authorities now tend to tailor a monitor’s appointment narrowly.[66] Indeed, while early monitors such as Mr Breeden enjoyed unfettered access to all areas of WorldCom’s business, more recent administrative orders tie a monitor’s appointment to each specific area of misconduct identified in an order.

This trend is exemplified by the cases discussed below.

In re Stryker Corporation

One example of the more tailored approach to the scope of monitors’ responsibilities is illustrated in the September 2018 settlement reached between the SEC and Stryker Corporation (Stryker) for violations of the FCPA’s internal accounting controls, and books and records provision.[67] The SEC’s investigation found that Stryker’s internal accounting controls failed (and were insufficient) to detect improper payments relating to sales of Stryker’s products in India, China and Kuwait. The sales were made through Stryker’s wholly owned subsidiaries, as well as through third-party deals and distributors. The order also found that Stryker’s Indian subsidiary maintained deficient books and records.[68] This case followed a 2013 consent settlement between Stryker and the SEC in which Stryker had paid a US$3.5 million penalty and more than US$7.5 million in disgorgement to resolve related FCPA concerns.[69]

Issued just a few weeks prior to the Benczkowski Memorandum, the settlement between the SEC and Stryker included a tailored monitorship limited to reviewing and making recommendations to improve Stryker’s internal controls, policies, and procedures relating to the use of, and transactions by, third parties. This narrow scope directly tied the monitor’s responsibility with the underlying charges against Stryker, which involved improper payments made by third parties.[70] The factors enumerated in the Benczkowski Memorandum appear to be fully incorporated into the SEC’s order. For example, the ‘manipulation of corporate books and reports’ and an ‘inadequate compliance program’ (specific indicators of the need for a monitor mentioned in the Benczkowski Memorandum) are explicitly referenced in Stryker as deficiencies that led to the monitor implementation. Further, as Stryker was under a prior settlement with the SEC in 2013 for similar conduct, its lack of significant investment in, and improvements to, ‘its corporate compliance program and internal controls systems’ were clearly a factor in determining whether a monitor was necessary.[71] Finally, consistent with the Benczkowski Memorandum and despite Stryker being a repeat offender, the SEC’s imposition of the monitor was still narrowly tailored to the specific conduct at issue in the investigation.

In re EFP Rotenberg, LLP

EFP Rotenberg, LLP (EFP Rotenberg), a registered public accounting firm, reached a settlement agreement with the SEC in July 2016 for violating Section 10A(a) of the Exchange Act.[72] In connection with EFP Rotenberg’s audit of ContinuityX Solutions, Inc (ContinuityX), EFP Rotenberg failed to implement proper procedures to ‘obtain sufficient appropriate audit evidence that ContinuityX’s revenue was legitimate’, despite being aware of significant risk with ContinuityX’s reported revenues.[73] EFP Rotenberg further failed to identify related party transactions, obtain appropriate evidence to support its audit opinion and resolve inconsistencies in document findings.[74] As a result of this misconduct, ContinuityX’s Form 10-K contained several material misstatements and omissions of material fact.[75]

In addition to censure, cease and desist, and a US$100,000 fine, the SEC required EFP Rotenberg to retain an independent consultant to review and evaluate the company’s audit and interim review policies and procedures for a variety of conduct.[76] Unlike the initial appointment in WorldCom, however, the SEC tailored the scope of the monitor’s appointment to specific conduct relevant to the investigation, including:

  • ‘the exercise of due professional care’ in audits;
  • ‘obtaining sufficient appropriate audit evidence’;
  • checking ‘third-party confirmations’;
  • ‘detecting and reporting misstatements resulting from illegal acts’;
  • identifying and considering ‘the adequacy of the disclosures of related parties and related party transactions’;
  • evaluating and relying on ‘management representations’;
  • supervising ‘individuals working on audits’; and
  • having ‘adequate audit documentation’.[77]

Notably, and consistent with current guidance from the US DOJ memoranda, each of the items the monitor was to inspect was tied to a relevant deficiency in EFP Rotenberg’s controls that was referenced in the SEC’s order. The SEC also prevented EFP Rotenberg from retaining any new clients until the independent consultant certified compliance with the recommended changes.[78]

In re Voya Financial Advisors, Inc

The SEC has recently turned its attention towards enforcement actions involving cyber­security issues. These actions have used monitors as a remedy when the companies that are the subject of security breaches do not have adequate data security policies.

For example, in September 2018, the SEC concluded one such enforcement action in a matter involving Voya Financial Advisors, Inc (VFA). The conduct at issue invoked the Identity Theft Red Flags Rule (Rule 201 of Regulation S-ID).[79] This Rule requires investment firms to create and maintain a policy that safeguards customer information from identity theft and to pay attention to ‘red flag’ warning signs that hackers may be attempting to steal information.[80] In 2016, hackers infiltrated VFA and gained access to personal information about 5,600 VFA customers by calling a support hotline and requesting password resets.[81] Key to the SEC’s allegations was that VFA’s security policy had not been updated for 10 years and it was not administered by the company’s senior management, as required by the Rule.[82]

In settling the SEC’s charges, VFA agreed to pay a US$1 million penalty and was required to undertake a list of remedial actions and engage a monitor.[83] The monitor, termed a ‘compliance consultant’ in the settlement, was tasked with conducting a comprehensive review of VFA’s data security policies and procedures, specific to the violation.[84]

This case demonstrates how the SEC is continuing to find new ways to use monitors to remedy alleged misconduct, while still tailoring the monitorship to the specific misconduct at issue and consistently with guidance.

In re The Options Clearing Corporation

The Options Clearing Corporation (OCC), the United States’ sole registered clearing agency for exchange-listed option contracts and a systemically important financial market utility, reached a settlement with the SEC and the Commodity Futures Trading Commission (CFTC) in September 2019 for failing to comply with the statutes and rules applicable to registered clearing agencies.[85] Because registered clearing agencies are ‘an essential part of the infrastructure of the U.S. securities markets’, one that is not structured and operated appropriately ‘can pose substantial risk to the financial system as a whole’.[86] The SEC found that OCC violated the Exchange Act by failing to establish and enforce policies and procedures involving financial risk management, operational requirements and the security of information systems.[87] OCC also failed to obtain the requisite SEC approval before adopting numerous policies.[88]

Accordingly, as part of the settlement, OCC must engage an independent compliance auditor to assess OCC’s remediation of deficiencies, audit OCC’s compliance with certain provisions of the Exchange Act, and assess the hiring, qualifications and training of the OCC personnel responsible for compliance with those Exchange Act provisions.[89] The OCC must also pay the SEC a civil monetary penalty of US$15 million and the CFTC a penalty of US$5 million.[90] SEC Chairman Jay Clayton stated that the settlement was intended to ensure that OCC has the ‘appropriate policies and procedures in place to meet its obligations to [the US] financial system’.[91] This enforcement marks the SEC’s first charges for violations of the SEC clearing agency standards adopted in 2012 and 2016.[92]

SEC monitors: common elements

Examining administrative and civil federal court enforcement orders appointing monitors reveals certain common themes. While the scope of a monitor’s appointment will be tailored to the relevant misconduct that the SEC seeks to prevent, the terms of monitorships remain fairly consistent. Indeed, almost all monitor appointments will include the following elements:

  • retention of an independent monitor or consultant by the organisation that is acceptable to the SEC. To ensure independence, the SEC often requires that the monitor has not provided any professional services to the organisation within a specified period (including as a former employee or board member);[93]
  • a ban on terminating the monitor without approval from SEC staff and an express waiver against any claim that an attorney–client relationship exists between the company and the compliance monitor.[94] This requirement prevents the company from withholding information on the basis that it communicated with the monitor on a privileged basis;
  • a requirement that the company bear all costs and expenses associated with the monitor;[95]
  • a description of the business areas that the monitor is to review and evaluate;[96]
  • a requirement that the monitor have reasonable access to company records, employees and information as required to properly evaluate and assess the specified areas;[97]
  • a requirement that the monitor issue an initial report and provide a copy to the SEC within a specified period. This report will summarise the review, evaluate the business areas identified and make appropriate recommendations to mitigate risks in the specified areas;[98]
  • in many cases, an organisation is also required to adopt the recommendations contained within the initial report within a specific period.[99] If the company believes that any recommendations are ‘unnecessary, unduly burdensome, or impractical’, it may submit a written alternative proposal to the monitor and the SEC.[100] The monitor and the organisation can then negotiate an alternative proposal within a specified period. If no agreement can be reached, the organisation must either abide by the original proposal or submit its objections to the SEC for consideration.[101] In some instances, the organisation may be able to obtain a third party mediator to resolve the issue;[102]
  • following the recommendations, the organisation must eventually certify, within a specified period, that it has complied with the recommendations and implemented all required changes;[103] and
  • the monitor is required to re-examine the organisation at a later date to ensure it remains in compliance with the recommendations.[104] The monitor will then issue a final report to the SEC and certify compliance.[105]

While no two cases are identical, recent SEC orders requiring monitors generally include some form of the terms referenced here, with modifications based on the scope of the review, the length of the monitor appointment and the severity of the conduct.

Costs and benefits of SEC monitors

Generally, a corporate monitor imposed by the SEC can be beneficial for both the organisation and the SEC.[106] The monitor can recommend, as well as help to implement and guide, necessary changes to an organisation’s internal system controls to prevent future investigations, penalties and fines by the SEC and other regulators. Further, agreeing to a monitor as part of a settlement could end any litigation or investigation sooner than it would otherwise, and could reduce penalties and ameliorate collateral consequences.

However, monitorships are expensive and often intrusive. That cost can be quite high, especially when the monitor has been empowered to oversee significant or large parts of the organisation’s operations or if the monitor’s tenure is for several years. An alternative, therefore, to an independent monitor that may be suggested in a settlement negotiation is the imposition of a self-monitoring arrangement that requires the entity to charge an independent committee of the board of directors to appoint an individual to make periodic reports on progress with undertakings and agree to report any reasonable suspicions of violations of the federal securities laws.[107]

Conclusion

As SEC-imposed monitors have taken their modern form in the wake of WorldCom, the SEC’s use of monitors has become widespread across a variety of industries for a broad range of conduct. While the use of monitors has expanded, recent trends and US DOJ guidance demonstrate that the SEC has shifted from seeking all-encompassing roles for monitors to roles that are more tailored to remediating the problematic behaviour outlined in the charging or settlement papers. Even with this narrower scope, an organisation should still carefully evaluate the benefits and costs of accepting a monitor appointment as part of the resolution of an SEC investigation. Monitor appointments are unlikely to wane in the near future and, if anything, are likely to be used more frequently to aid the SEC’s regulatory function in a variety of contexts to protect the public from perceived recidivist corporate misconduct.


Footnotes

1 Ashley Baynham and Rachel Wolkinson are partners at Brown Rudnick LLP. The authors would like to thank Blair Rinne, an associate at Brown Rudnick, for her assistance in researching and drafting this chapter.

2 US Dep’t of Justice [US DOJ], Criminal Division and US Securities and Exchange Commission [SEC], Enforcement Division, ‘A Resource Guide to the U.S. Foreign Corrupt Practices Act’ (2012) [Resource Guide], at 71, at www.justice.gov/sites/default/files/criminal-fraud/legacy/2015/01/16/guide.pdf.

3 Most often monitors are imposed as part of a settlement agreement. In fact, the majority of SEC enforcement actions not involving delinquent filing settle before litigation is ever filed by the SEC. See, e.g., David Rosenfeld, ‘Admissions in SEC Enforcement Cases: The Revolution That Wasn’t’, 103 Iowa L. Rev. 113, 137 (2017).

4 Resource Guide (footnote 2, above).

5 See 15 U.S.C. Section 78m(b).

6 See Resource Guide (footnote 2, above), at 71 to 72 (outlining the factors that the US DOJ and SEC consider in determining whether a monitor is appropriate).

7 e.g., id.; Acting Deputy Attorney General of the United States, Memorandum re Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations (7 March 2008), at https://www.justice.gov/sites/default/files/dag/legacy/2008/03/20/morford-useofmonitorsmemo-03072008.pdf [Morford Memorandum]; Assistant Attorney General of the United States, Memorandum re Selection of Monitors in Criminal Division Matters (11 October 2018), at https://www.justice.gov/opa/speech/file/1100531/download [Benczkowski Memorandum].

8 See Securities Exchange Act, 15 U.S.C. Section 78u(d)(1) (‘Whenever it shall appear to the Commission that a person is engaged or is about to engage in acts or practices constituting a violation of any provision of this chapter . . . it may in its discretion bring an action . . . to enjoin such acts or practices’); Securities Act, 15 U.S.C. Section 77t(b) (similar); Investment Advisers Act, 15 U.S.C. Section 80b-9(d) (similar); Investment Company Act, 15 U.S.C. Section 80a-41(d) (similar); see also George W Dent, ‘Ancillary Relief in Federal Securities Law: A Study in Federal Remedies’, 67 Minn. L. Rev. 865, 869 to 872 (1983) (‘The most persuasive argument for ancillary relief in federal securities law is that the Supreme Court and many lower courts have approved such relief and that almost no judicial precedent has questioned it.’); see SEC v. Page Airways, Inc, 1980 WL 1390 (WDNY 8 April 1980); SEC News Digest, Issue 80-71 at 3 (10 April 1980), at https://www.sec.gov/news/digest/1980/dig041080.pdf (noting that in SEC v. Page Airways, Inc, the defendant agreed to ‘undertake[] to internally investigate matters alleged in the Commission’s complaint and retain a Review Person to evaluate the methods and procedures followed in this investigation’).

9 e.g., SEC v. G.C. George Securities, Inc, 637 F.2d 685, 687, n.2 (9th Cir. 1981) (quoting SEC v. Wencke, 622 F.2d 1363, 1368 (9th Cir. 1980)) (‘The federal courts have inherent equitable authority to issue a variety of “ancillary relief” measures in actions brought by the SEC to enforce the federal securities laws.’); see also Aulana L Peters, SEC Commissioner, Address to American Bar Association Annual Meeting, ‘Ancillary Relief and Remedies: Does the SEC Need More Clout?’ (13 August 1986), at https://www.sec.gov/news/speech/1986/081386peters.pdf (discussing various forms of ancillary relief, and noting: ‘The Commission has also required the appointment of a special consultant to investigate a registrant’s internal procedures and report his findings to it and the court.’).

10 Sarbanes Oxley Act of 2002, 15 U.S.C. Section 78u(d)(5) (‘In any action or proceeding brought or instituted by the Commission under any provision of the securities laws, the Commission may seek, and any Federal court may grant, any equitable relief that may be appropriate or necessary for the benefit of investors.’).

11 e.g., City of Milwaukee v. Illinois, 451 U.S. 304, 317 (1981) (finding that where Congress ‘has occupied the field through the establishment of a comprehensive regulatory program supervised by an expert administrative agency’, a federal court cannot order more stringent remedies).

12 See Grupo Mexicano de Desarolla SA v. Alliance Bond Fund, Inc, 527 U.S. 308, 318 to 319 (1999) (quoting A Dobie, Handbook of Federal Jurisdiction and Procedure, 660 (1928)) (‘[T]he equity jurisdiction of the federal courts is the jurisdiction in equity exercised by the High Court of Chancery in England at the time of the adoption of the Constitution and the enactment of the original Judiciary Act, 1789 (1 Stat. 73).’); Mertens v. Hewitt Assocs., 508 U.S. 248, 256 (1993) (holding that the phrase ‘other appropriate equitable relief’ in 29 U.S.C. Section 1132(a)(3) refers to ‘those categories of relief that were typically available in equity’) (emphasis in original).

13 See Tull v. United States, 481 U.S. 412, 422 (1987) (‘Remedies intended to punish culpable individuals, as opposed to those intended simply to extract compensation or restore the status quo, were issued by courts of law, not courts of equity.’); id., at 422 n.7 (explaining that a remedy that ‘exacts punishment’ is ‘a kind of remedy available only in courts of law’).

14 See, generally, footnote 3, above.

15 See 15 U.S.C. Section 77h-1(a); id., at Section 78u-3(a); id., at Section 80b-3(k)(1).

16 id., at Section 77h-1(a); see also id., at Section 78u-3(a) (same); id., at Section 80b-3(k)(1) (same).

17 Steven Peikin, Co-Director, SEC Division of Enforcement, ‘Remedies and Relief in SEC Enforcement Action’ (3 October 2018) (‘In practice, two of the most effective forms of equitable relief [available to the SEC in enforcement actions and administrative proceedings] are undertakings . . . and conduct based injunctions . . . With respect to undertakings, many require the settling party to retain a compliance consultant or monitor.’), at https://www.sec.gov/news/speech/speech-peikin-100318.

18 Compare SEC v. WorldCom, Inc, Litigation Release No. 17594 (28 June 2002), at https://www.sec.gov/litigation/litreleases/lr17594.htm (stipulating a monitor for ‘oversight responsibility with respect to all compensation paid by WorldCom’), with Opinion and Order, SEC v. WorldCom, Inc, 273 F. Supp. 2d 431, 432 (SDNY 7 July 2003) (‘Under the Corporate Monitor’s watchful eye, the company has replaced its entire board of directors, hired a new and dynamic chief executive officer and begun recruiting other senior managers from without, fired or accepted the resignation of every employee accused by either the board’s own Special Investigation Committee or the Bankruptcy Examiner or having participated in the fraud, and terminated even those employees who, while not accused of personal misconduct, are alleged to have been insufficiently attentive in preventing the fraud.’).

19 Jennifer O’Hare, ‘The Use of the Corporate Monitor in SEC Enforcement Actions’, 1 Brooklyn J. Corp., Fin. & Com. L. 89, 93 (2006) (‘Commentators have argued that the corporate governance reforms required by the SEC in its consent decrees can interfere with the effective management of a company.’); see also id., at 102 to 108 (outlining ‘potential dangers presented by the use of a corporate monitor’ including ‘de facto expansion of corporate monitor’s power’ and ‘potential interference with management’).

20 First Amended Complaint, SEC v. WorldCom, Inc., No. 02-CV-4963 (SDNY 5 November 2002).

21 See id., at ‘Prayer for Relief’.

22 id.

23 See WorldCom, Litigation Release No. 17594 (footnote 18, above).

24 See Stipulation and Order, SEC v. WorldCom, Inc, No. 02-CV-4963 (SDNY 18 July 2002) (‘The Corporate Monitor, Richard C. Breeden, is an agent of this Court with such oversight responsibilities as set forth in the Court’s Order dated June 28, 2002.’).

25 Memorandum Order, SEC v. WorldCom, Inc, No. 02-CV-4963 (SDNY 2 August 2002) (‘[T]he original Stipulation and Order of June 28, 2002 creating a monitorship provided that the Corporate Monitor, among other powers, was to exercise complete “oversight and responsibility with respect to all compensation”. The order broadly defined “compensation” and provided the Corporate Monitor with total “discretion to determine the type of compensation to review and either approve or disapprove”.’).

26 id. (‘The Court’s further order of July 15, 2002 was intended to make clear, if there were any doubt, that such oversight included, inter alia, approval or disapproval of any future payment or promise of payment to any outside professional or adviser such as an investment banker, a restructuring specialist, and the like’).

27 id.

28 id. (‘The Corporate Monitor can hardly determine what is “necessary to the operation of the business” if he is not provided with complete information about every aspect of the business he deems relevant to his assessments. . . . [T]he Corporate Monitor must be informed of, and invited to, any meetings or discussions between any Covered Party and the company or any of its outside advisers.’).

29 See Judgment of Permanent Injunction, SEC v. WorldCom, Inc, No. 02-CV-4963 (SDNY 26 November 2002) (WorldCom Judgment); see also O’Hare (footnote 19, above), at 98 to 99.

30 WorldCom Judgment (footnote 29, above).

31 WorldCom, 273 F. Supp. 2d at 432 (‘The company has also consented to a permanent injunction authorizing the Corporate Monitor to undertake a complete overhaul of the company’s corporate governance . . . [and] the company has committed in advance to adopt and adhere to all corporate governance and internal control recommendations made by the Corporate Monitor and the independent consultants.’).

32 Richard C Breeden, ‘Restoring Trust, Report to The Hon. Jed S. Rakoff United States District Court for the Southern District of New York on Corporate Governance For The Future Of MCI, Inc.’ (August 2003); see also O’Hare (footnote 19, above), at 99.

33 Breeden (footnote 32, above); see also O’Hare (footnote 19, above), at 99.

34 Breeden (footnote 32, above).

35 See WorldCom, 273 F. Supp. 2d at 432 to 433.

36 e.g., In re American Registrar & Transfer Company, Securities Act Release No. 10082, Exchange Act Release No. 77922 (25 May 2016), at https://www.sec.gov/litigation/admin/2016/33-10082.pdf.

37 e.g., In re Apex Funds Services (US), Inc, Investment Advisers Act Release No. 4429 (16 June 2016), at https://www.sec.gov/litigation/admin/2016/ia-4429.pdf.

38 e.g., In re Barclays Capital Inc, Securities Act Release No. 10016, Exchange Act Release No. 77018 (2 February 2016), at https://www.sec.gov/litigation/admin/2016/33-10016.pdf.

39 e.g., In re E.S. Financial Services, Inc, Exchange Act Release No. 77056 (4 February 2016), at https://www.sec.gov/litigation/admin/2016/34-77056.pdf.

40 e.g., In re Stryker Corporation, Exchange Act Release No. 84308 (28 September 2018), at https://www.sec.gov/litigation/admin/2018/34-84308.pdf; In re LAN Airlines S.A., Exchange Act Release No. 78402 (25 July 2016), at https://www.sec.gov/litigation/admin/2016/34-78402.pdf.

41 e.g., In re Everhart Financial Group, Inc, Exchange Act Release No. 76897, Investment Advisers Act Release No. 4314 (14 January 2016), at https://www.sec.gov/litigation/admin/2016/34-76897.pdf.

42 e.g., In re Steven A. Cohen, Investment Advisers Act Release No. 4307 (8 January 2016), at https://www.sec.gov/litigation/admin/2016/ia-4307.pdf.

43 More recently, the SEC has referred to a monitor as an independent compliance consultant.

44 Resource Guide (footnote 2, above), at 72.

45 id., at 71.

46 id.

47 id., at 72 (‘When both DOJ and SEC require a company to retain a monitor, the two agencies have been able to coordinate their requirements so that the company retain one monitor to fulfill both sets of requirements.’).

48 Morford Memorandum (footnote 7, above). Note that in June 2009, the then Assistant Attorney General Lanny A Breuer expanded on the Morford Memorandum, outlining the terms required in all monitorship agreements and refining the selection process for monitors. Assistant Attorney General of the United States, Memorandum re Selection of Monitors in Criminal Division Matters (24 June 2009), at https://www.justice.gov/sites/default/files/criminal-fraud/legacy/2012/11/14/response3-supp-appx-3.pdf [the Breuer Memorandum]. The Breuer Memorandum, however, was superseded in 2018 by the Benczkowski Memorandum, discussed below. And in May 2010, Gary Grindler, the then Acting Deputy Attorney General, issued a memorandum clarifying the US DOJ’s role in resolving disputes between the monitor and corporation. Acting Deputy Attorney General of the United States, Memorandum re Additional Guidance on the Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations (25 May 2010), at https://www.justice.gov/jm/criminal-resource-manual-166-additional-guidance-use-monitors-dpas-and-npas.

49 Morford Memorandum (footnote 7, above), at 2 (emphasis added).

50 id.

51 id., at 3.

52 id.

53 id., at 5.

54 id.

55 id., at 6.

56 id.

57 id.

58 id., at 7 to 8.

59 Benczkowski Memorandum (footnote 7, above).

60 id., at 1 n.3.

61 id. at 2.

62 id.

63 id.

64 id., at 4 to 8.

65 id. at 5.

66 Clara Hudson, ‘SEC Official: No more “cookie-cutter”’ monitorships’, Global Investigations Review (1 November 2018), at https://globalinvestigationsreview.com/article/jac/1176432/sec-official-no-more-%E2%80%9Ccookie-cutter%E2%80%9D-monitorships.

67 Stryker (footnote 40, above).

68 id.

69 In re Stryker Corporation, Exchange Act Release No. 70751 (24 October 2013), at https://www.sec.gov/litigation/admin/2013/34-70751.pdf.

70 Stryker (footnote 40, above).

71 Benczkowski Memorandum (footnote 7, above), at 2.

72 In re EFP Rotenberg, LLP, Exchange Act Release No. 78393, at 2 to 3 (22 July 2016), at https://www.sec.gov/litigation/admin/2016/34-78393.pdf. Section 10A(a) of the Exchange Act requires registered public accounting firms to comply with generally accepted auditing standards, including ‘(1) procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement accounts; (2) procedures designed to identify related party transactions that are material to the financial statement or otherwise require disclosure therein; and (3) an evaluation of whether this is substantial doubt about the ability of the issuer to continue as a going concern during the ensuing fiscal year.’ 15 U.S.C. Section 78j-1(a).

73 EFP Rotenberg (footnote 72, above), at 5.

74 id., at 6 to 10. The administrative order also noted that EFP Rotenberg LLP improperly relied on management representations, failed to exercise due professional care and that its policies and procedures were deficient. id., at 10 to 11.

75 id., at 4.

76 id., at 13 to 14.

77 id., at 14.

78 id. at 13, 16.

79 Voya Financial Advisors, Inc, Exchange Act Release No. 84288, Investment Advisers Act Release No. 5048 (26 September 2018), at https://www.sec.gov/litigation/admin/2018/34-84288.pdf; see also SEC, Press release, ‘SEC Charges Firm with Deficient Cybersecurity Procedures’ (26 September 2018), at https://www.sec.gov/news/press-release/2018-213 (explaining that this was ‘the first enforcement action’ involving the violation of this rule).

80 id., at 3 to 4.

81 id,. at 7 to 8.

82 id., at 7.

83 id., at 10 to 13.

84 id., at 10 to 12.

85 In re The Options Clearing Corporation, Exchange Act Release No. 86871 (4 September 2019), at https://www.sec.gov/litigation/admin/2019/34-86871.pdf; SEC, Press release, ‘SEC and CFTC Charge Options Clearing Corp. With Failing to Establish and Maintain Adequate Risk Management Policies’ (4 September 2019), at https://www.sec.gov/news/press-release/2019-171.

86 OCC (footnote 85, above), at 2.

87 id., at 2 to 14; SEC Press release (footnote 85, above).

88 OCC (footnote 85, above), at 9 to 11.

89 id., at 15.

90 id., at 22; SEC Press release (footnote 85, above).

91 SEC Press release (footnote 85, above).

92 id.

93 e.g., Barclays Capital (footnote 38, above), at 5; see also In re Mobile TeleSystems PJSC, Exchange Act Release No. 85261, at 9 (6 March 2019), at https://www.sec.gov/litigation/admin/2019/34-85261.pdf (requiring monitor with ‘sufficient independence from Respondent to ensure effective and impartial performance of the Monitor’s duties as described in the Offer’). Moreover, the SEC typically prohibits the company and its affiliates, directors, officers, employees and agents from employing or forming any professional relationship with the monitor during the period of the engagement and for a set time thereafter. e.g., In re Fresenius Medical Care AG & Co. KGaA, Exchange Act Release No. 85468, at 15 (29 March 2019), at https://www.sec.gov/litigation/admin/2019/34-85468.pdf; American Registrar & Transfer Company (footnote 36, above), at 9.

94 e.g., American Registrar & Transfer Company (footnote 36, above), at 9; see Mobile TeleSystems PJSC (footnote 93, above), at 10.

95 e.g., OCC (footnote 85, above), at 18; American Registrar & Transfer Company (footnote 36, above), at 8.

96 e.g., EFP Rotenberg (footnote 72, above), at 14.

97 e.g., Mobile TeleSystems PJSC (footnote 93, above), at 10; American Registrar & Transfer Company (footnote 36, above), at 9.

98 e.g., Fresenius Medical Care AG & Co. KGaA (footnote 93, above), at 23; Apex Fund Services (footnote 37, above), at 7.

99 e.g., id.

100 e.g., id.

101 e.g., id.

102 e.g., EFP Rotenberg (footnote 72, above), at 15.

103 e.g., American Registrar & Transfer Company (footnote 36, above), at 9; see Mobile TeleSystems PJSC (footnote 93, above), at 15.

104 e.g., Consent, SEC v. Telefonaktiebolaget LM Ericsson, No. 19-cv-11214, at 7 to 10 (SDNY 11 December 2019) [Ericsson Consent]; E.S. Financial Services, Inc (footnote 39, above), at 6 to 7.

105 Ericsson Consent (footnote 104, above), at 11; E.S. Financial Services, Inc (footnote 39, above), at 6 to 7.

106 See SEC, ‘Division of Enforcement 2019 Annual Report’, at 18 (6 November 2019), at https://www.sec.gov/enforcement-annual-report-2019.pdf (‘Well-designed undertakings [including retention of a compliance consultant or monitor] provide unique long-term benefits to investors, and are one of the most effective forms of equitable relief in SEC enforcement actions.’).

107 See In re TechnipFMP plc, Exchange Act Release No. 87055, at 11 (23 September 2019), at https://www.sec.gov/litigation/admin/2019/34-87055.pdf; Final Judgment, SEC v. Int’l Bus. Machs. Corp, No. 11-cv-00563, at 3 to 4 (DDC 25 July 2013); Final Judgment, SEC v. Tyco Int’l Ltd, No. 12-cv-01583, at 5 to 6 (DDC 17 June 2013); Final Consent Judgment, SEC v. Armor Holdings, Inc., No. 11-cv-01271, at 10 to 12 (DDC 23 July 2012).

Previous Chapter:3. The Foreign Corrupt Practices Act

Next Chapter:5. When to Appoint a Monitor