The Securities and Exchange Commission

In enforcement matters, the US Securities and Exchange Commission (SEC) routinely requires companies, broker dealers, investment advisers and others to engage a monitor when there is a concern that a defendant organisation does not have effective internal compliance programmes or internal control systems to prevent the recurrence of the misconduct identified by the government investigation. A compliance monitor is appointed, therefore, as ‘an independent third party who assesses and monitors a company’s adherence to the compliance requirements of an agreement that was designed to reduce the risk of recurrence of the company’s misconduct’.[2]

Most of the information about how the SEC uses monitors and when it thinks a monitor may be appropriate can be gleaned from the various settlements of its enforcement actions involving corporate entities.[3] In addition, the SEC’s and the US Department of Justice’s (US DOJ) joint guidance on enforcement of the US Foreign Corrupt Practices Act (FCPA) (the Resource Guide) provides the most explicit general guidance on the SEC’s use of monitors and, in particular, which factors favour the imposition of monitorship.[4] Because, from the SEC’s perspective, a violation of the FCPA is a books-and-records violation and – relatedly, to the extent that hidden bribes distort reported results and affect a company’s reported prospects and risks – a predicate of anti-fraud violations, the Resource Guide has wide application to most of the SEC’s enforcement cases.[5]

Generally, the SEC, like the US DOJ, will seek to tailor the scope and duration of a monitorship to the nature of the violation, the quality and reliability of management, the resources of the defendant, and any other factors bearing on the likelihood of recurrence.[6] Although monitorships can be very expensive and intrusive, they offer several benefits, including, when tailored narrowly, allowing a company to reduce the severity of penalties and collateral effects of an enforcement action. They can also provide the impetus, where necessary, for reforming a recalcitrant bureaucracy, and foster a culture and record of compliance that could help to address any future violations of law should compliance programmes fail again.[7]

This chapter focuses on the SEC’s use of monitors, in particular the statutory authority for monitorships, historical use and analysis of prior monitors, and specific guidance issued by the US DOJ regarding monitorships.

Statutory authority for monitors

The SEC has sought the imposition of corporate monitors, or review persons, since at least 1980 in civil enforcement cases in federal courts by invoking the federal courts’ power to order ancillary relief attendant to statutory authorisation for courts to enjoin defendants from violating the federal securities laws in the future.[8] At the time, there was no explicit authorisation for federal courts to order any such ancillary relief, but courts fairly uniformly had held that because Congress granted them the power to impose injunctions, they could rely on their general equitable powers to impose other remedies, such as monitorships, to ensure compliance with their order of injunction.[9]

In 2002, Congress authorised the SEC to seek ‘equitable relief’ for the ‘benefit of investors’, ostensibly removing any need to rely on the courts’ inherent equitable powers to order monitorships.[10] Arguably, explicit Congressional authorisation to order equitable relief for the benefit of investors supplants and narrows courts’ ability to use their equitable powers in aid of injunctions.[11] Equitable relief in the Supreme Court’s jurisprudence has specific, narrowly defined contours: it must be the type of relief that was available to courts of equity at the time of the divided bench.[12] An equitable remedy may not, therefore – and most importantly for present purposes – be punitive.[13] A monitorship, it follows, must be tailored narrowly to facilitate injunctive relief and nothing more. Of course, as noted, most SEC monitorships are imposed by consent.[14] However, understanding the limits of equity jurisdiction may be helpful to counsel to negotiate the narrowest possible monitorship scope on the theory that a broader scope may be ruled to be punitive and unenforceable by a court.

Similarly in administrative proceedings, the SEC is empowered to order a respondent to cease and desist from violating the securities laws.[15] A cease-and-desist order may ‘require future compliance or steps to affect future compliance, either permanently or for such period of time as the Commission may specify’.[16] The SEC interprets this provision as authorising imposition of monitors in administrative proceedings.[17] This provision may be read as giving the SEC the ability to impose broader-scope monitorships than those that district courts may impose. Of course, these monitorships are also usually imposed by consent but, here too, counsel may be able to argue that, as a matter of statutory authorisation, the scope and duration of the monitorship must be tailored narrowly to affect future compliance with the SEC’s order and nothing more.

The SEC’s use of monitors

Case study: the expansive power of the monitor at WorldCom

The current use of SEC monitors stems in part from the spectacular corporate failures of Enron and WorldCom. In fact, WorldCom’s experience with monitorship – largely viewed as the first modern era monitorship – influenced the nature of the monitorships that followed. As discussed below, the WorldCom monitor began with a limited role. However, it was expanded incrementally until the monitor ultimately revamped the company’s entire corporate governance structure.[18] That expansive role in WorldCom, and in other matters, has been the target of much criticism: observers have wondered to what extent a monitor, who is an agent of the court (or the SEC) rather than the shareholders, should be able to effectuate changes in corporate governance or dictate management decisions.[19] An overview of the WorldCom monitorship is thus instructive as background to more recent trends regarding when a monitor will be imposed and the scope of that monitor’s review.

The SEC brought a civil enforcement action against WorldCom in 2002 alleging that the company’s managers fraudulently misstated the company’s income by more than US$9 billion.[20] Among other remedies, the SEC requested that the court enter an order prohibiting document destruction and extraordinary payments to any present or former affiliate, or officer, director or employee, of WorldCom.[21] The SEC then asked for the appointment of ‘a corporate monitor to ensure compliance’ with those two prohibitions.[22]

Shortly after the complaint was filed, the SEC and WorldCom entered into a stipulation agreeing to the appointment of a monitor with ‘oversight responsibility with respect to all compensation paid by WorldCom’.[23] Judge Jed S Rakoff of the Southern District of New York granted the requested relief and the parties jointly selected Richard Breeden, a former SEC chairman, as the corporate monitor.[24] Despite the seemingly narrow scope of Mr Breeden’s original appointment, his authority at the company quickly expanded. The potential for an expansion of his authority, in fact, was explicitly recognised by the court as necessary when Mr Breeden was first appointed.[25] Among other things, the court interpreted Mr Breeden’s role to monitor ‘compensation’ as including not only payments to executives but also any payments to advisers and consultants, such as investment bankers and attorneys.[26] Then, after WorldCom filed for bankruptcy, Mr Breeden’s access to information about the company broadened. As a result of the bankruptcy, for example, the court explicitly allowed Mr Breeden to receive ‘complete information about every aspect of the business he deems relevant to his assessments’.[27] Mr Breeden was then permitted by the court to attend all board meetings, to attend board committee meetings and to receive information about essentially anything he personally deemed necessary to his appointment.[28]

The SEC eventually entered into a consent decree, or partial settlement, with WorldCom in November 2002.[29] That decree further expanded Mr Breeden’s role, requiring him to review WorldCom’s future corporate governance policies.[30] As one indication of his powers over the company, WorldCom stipulated in the settlement that it would adopt Mr Breeden’s recommendations even before his report was issued.[31]

Mr Breeden eventually prepared a full report based on his investigation, making 78 recommendations for WorldCom to implement.[32] Most of the proposals sought to increase shareholder participation and control of the company, while also limiting executive power and compensation.[33] Among other corporate governance changes, he recommended a new legal and ethics compliance programme to ensure an improved corporate culture.[34]

In summary, Mr Breeden’s activities at WorldCom were all-encompassing: they extended well beyond his initial charge to monitor ‘compensation’. He was making high-level decisions about WorldCom’s business.[35]

Guidance post-WorldCom restrains and defines corporate monitors

While WorldCom acts as an initial case study of the modern era of corporate monitors, the recent trend and guidance, as discussed below, has been to tailor the role of monitors more narrowly.

Since WorldCom, the SEC has sought the appointment of monitors in a broad spectrum of civil and administrative enforcement proceedings across various aspects of the securities laws. For example, monitors have been imposed to:

  • review and correct an organisation’s ‘policies, procedures, and practices relating to issuance and transfer of securities’ under the Securities Act;[36]
  • monitor various due diligence and compliance requirements under the Investment Advisers Act;[37]
  • review and recommend changes to an organisation’s policies relating to underwriting municipal securities under the Securities Act;[38]
  • review customer identification and anti-money laundering programmes under the Exchange Act;[39]
  • assess the effectiveness of an organisation’s policies and procedures to prevent FCPA violations;[40]
  • review investment adviser fee disclosures under the Investment Advisers Act;[41] and
  • correct procedures to prevent failures to supervise insider trading under the Investment Advisers Act.[42]

Apart from the Resource Guide, which the SEC and the US DOJ jointly published in 2012 and updated in 2020, the SEC has not published additional guidance setting forth when, as a general matter, it would seek to impose a monitor and what form that monitorship would take. Nonetheless, as explained above, the Resource Guide is instructive for most, if not all, SEC matters. It explains:

In civil cases, a company may . . . be required to retain an independent compliance consultant [43] or monitor to provide an independent third-party review of the company’s internal controls. The consultant recommends improvements, to the extent necessary, which the company must adopt.[44]

In the Resource Guide, the SEC and the US DOJ enumerated the following factors that they consider in determining whether a monitor is appropriate:

  • Nature and seriousness of the offense
  • Duration of the misconduct
  • Pervasiveness of the misconduct, including whether the conduct cuts across geographic and/or product lines
  • Risk profile of the company, including its nature, size, geographical reach, and business model
  • Quality of the company’s compliance program at the time of the misconduct
  • Subsequent remediation efforts and quality of the company’s compliance program at the time of resolution
  • Whether the company’s current compliance program has been fully implemented and tested [45]

These factors demonstrate, as the SEC and the US DOJ concede, that: ‘Appointment of a monitor is not appropriate in all circumstances . . . but it may be appropriate, for example, where a company does not already have an effective internal compliance program or needs to establish necessary internal controls’.[46] In other words, these factors demonstrate that the SEC’s decision regarding whether to impose a monitor will depend on its assessment that the organisation has an effective compliance programme and has otherwise demonstrated a commitment to compliance in its controls, remediation measures and corporate culture.

The Resource Guide is the only formal SEC guidance setting forth the factors that the SEC considers when deciding to impose a monitor. From the authors’ review of the consent decrees and administrative orders implementing monitors, those documents do not elaborate on the SEC’s criteria or analysis regarding when a monitor is appropriate. Rather, from these case-specific documents, one can glean general guidance as to the general terms and scope of monitorships.

In addition, US DOJ guidance informs how the SEC would analyse monitorships because the SEC and the US DOJ often work in parallel and impose a single monitor to assure compliance with both the federal securities laws and the criminal code.[47] It is helpful, therefore, to review the evolution of the US DOJ’s guidance on monitorships from the first issuance of the Resource Guide in 2012, through the second edition in 2020 and beyond.

Morford Memorandum

In March 2008 (prior to the first edition of the Resource Guide), the then Acting Deputy Attorney General Craig Morford issued the US DOJ’s first memorandum relating to the scope and appointment of monitors.[48] The Morford Memorandum governed the selection and use of monitors in deferred prosecution agreements and non-prosecution agreements with corporations. It established nine ‘principles’ – guidelines and decision-making procedures – for monitorship programmes, including the scope of monitors’ duties, reporting requirements and duration. In all these areas, the US DOJ stressed that a monitor’s responsibilities and his or her selection should be tailored to the limited scope of addressing the recurrence of the misconduct:

A monitor’s primary responsibility is to assess and monitor a corporation’s compliance with the terms of the agreement specifically designed to address and reduce the risk of recurrence of the corporation’s misconduct, and not to further punitive goals.[49]

Along those lines, prosecutors were cautioned to be mindful not just of the ‘potential benefits’ of a monitor but ‘the cost’ as well.[50] The Morford Memorandum’s treatment of each of the above-mentioned principles is analysed below.

Scope

The Morford Memorandum recommended that the scope of a monitor’s duties be limited to the misconduct at issue, stating that the monitor’s ‘primary responsibility’ is to assess and monitor a corporation’s compliance with those terms of the agreement ‘specifically designed to address and reduce the risk of recurrence of the corporation’s misconduct’.[51]

Reporting requirements

The Morford Memorandum encouraged communications between the government, the corporation and the monitor, including as to the monitor’s recommendations.[52] Organisations are not required to accept all the monitor recommendations; instead, the US DOJ guidance gave the corporation power to decide whether to implement the monitor recommendations, because the corporation and its officers ‘are ultimately responsible for the ethical and legal operations of the corporation’.[53] If the corporation declines to adopt a recommendation by the monitor, the government considers both the monitor’s recommendation and the corporation’s reasons in determining whether the corporation has fulfilled its obligations under the agreement.[54]

Duration

Finally, the Morford Memorandum recommended that the duration of a monitorship agreement be based on the following criteria:

  • nature and seriousness of the offence;
  • pervasiveness and duration of the misconduct;
  • history of similar misconduct;
  • nature of the corporate culture;
  • complexity and scale of the agreed remedial measures; and
  • stage of the remediation and corrective measures.[55]

Benczkowski Memorandum

On 12 October 2018, Assistant Attorney General Brian Benczkowski issued a memorandum[56] significantly expanding the US DOJ’s guidance regarding application, need, selection and scope of monitorships. First, although the Morford Memorandum applied only to deferred prosecution agreements and non-prosecution agreements, and specifically excluded plea agreements, the Benczkowski Memorandum clarified that the Criminal Division should apply the same principles to plea agreements that impose a monitor as long as the presiding court approves the agreement.[57] Second, and more importantly, the Benczkowski Memorandum stressed, more so than the earlier guidance, that monitors were only appropriate in certain cases.[58]

Third, the Benczkowski Memorandum further expanded the prior guidance by clearly outlining the process for selection and approval of an independent monitor candidate:

  • nomination of monitor candidates by counsel for the company;
  • initial review of monitor candidates by the Criminal Division attorneys handling the matter;
  • preparation of a monitor selection memorandum by the Criminal Division attorneys handling the matter;
  • review of a monitor candidate by a standing committee of prosecutors;
  • review by the Assistant Attorney General; and
  • approval by the Office of the Deputy Attorney General.[59]

Notably, the Benczkowski Memorandum allows companies to designate their first-choice candidate to serve as the monitor.[60]

Monaco Memorandum

On 28 October 2021, Deputy Attorney General Lisa Monaco issued a memorandum[61] that revised, supplemented and superseded in part the Benczkowski Memorandum’s guidance on the necessity of monitors in corporate criminal matters (Part A).[62] The Monaco Memorandum reiterates the two broad factors from the Benczkowski Memorandum on which prosecutors should rely in determining the need for and propriety of a monitor: ‘(1) the potential benefits that employing a monitor may have for the corporation and the public, and (2) the cost of a monitor and its impact on the operations of a corporation’.[63]

However, the Monaco Memorandum takes a more expansive approach than the Benczkowski Memorandum in discussing when the US DOJ should impose a monitor:

In general, the Department should favor the imposition of a monitor where there is a demonstrated need for, and clear benefit to be derived from, a monitorship. Where a corporation’s compliance program and controls are untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution, Department attorneys should consider imposing a monitorship. This is particularly true if the investigation reveals that a compliance program is deficient or inadequate in numerous or significant respects. Conversely, where a corporation’s compliance program and controls are demonstrated to be tested, effective, adequately resourced, and fully implemented at the time of a resolution, a monitor may not be necessary.[64]

Importantly, in a speech at the ABA’s 36th National Institute on White Collar Crime, Deputy Attorney General Monaco stated: ‘To the extent that prior [US DOJ] guidance suggested that monitorships are disfavored or are the exception, I am rescinding that guidance.’[65] The Monaco Memorandum also notes that the US DOJ is ‘committed to imposing monitors where appropriate in corporate matters’.[66] The Memorandum concludes by echoing prior guidance, that the scope of any monitorship must be ‘appropriately tailored’ to address the concerns that gave rise to the need for the monitor.[67]

Recent case studies

Although the US DOJ, not the SEC, issued these memoranda, they will affect monitorships in which both the SEC and the US DOJ are involved. It is also likely to predict how the SEC may approach future monitorships in which it acts alone. For example, SEC Chair Gary Gensler has stated that the changes outlined in the Monaco Memorandum are ‘broadly consistent’ with his vision for handling corporate offenders.[68] Moreover, in November 2018, after the publication of the Benczkowski Memorandum, the chair of the SEC’s FCPA unit, Charles Cain, said that the era of ‘cookie-cutter’ monitorships is over, and that authorities now tend to tailor a monitor’s appointment narrowly.[69] Indeed, whereas early monitors such as Mr Breeden enjoyed unfettered access to all areas of WorldCom’s business, more recent administrative orders tie a monitor’s appointment to each specific area of misconduct identified in an order.

This trend is exemplified by the cases discussed below.

In re Stryker Corporation

One example of the more tailored approach to the scope of monitors’ responsibilities is illustrated in the September 2018 settlement reached between the SEC and Stryker Corporation (Stryker) for violations of the FCPA’s internal accounting controls, and books and records provision.[70] The SEC’s investigation found that Stryker’s internal accounting controls failed (and were insufficient) to detect improper payments in respect of sales of Stryker’s products in India, China and Kuwait. The sales were made through Stryker’s wholly owned subsidiaries, as well as through third-party deals and distributors. The order also found that Stryker’s Indian subsidiary maintained deficient books and records.[71] This case followed a 2013 consent settlement between Stryker and the SEC, in which Stryker had paid a US$3.5 million penalty and more than US$7.5 million in disgorgement to resolve related FCPA concerns.[72]

Issued just a few weeks prior to the Benczkowski Memorandum, the settlement between the SEC and Stryker included a tailored monitorship limited to reviewing and making recommendations to improve Stryker’s internal controls, policies, and procedures relating to the use of, and transactions by, third parties. This narrow scope directly tied the monitor’s responsibility with the underlying charges against Stryker, which involved improper payments made by third parties.[73] The factors enumerated in the Benczkowski Memorandum appear to be fully incorporated into the SEC’s order. For example, the ‘manipulation of corporate books and reports’ and an ‘inadequate compliance program’ (specific indicators of the need for a monitor mentioned in the Benczkowski Memorandum) are explicitly referenced in Stryker as deficiencies that led to the monitor implementation. Further, as Stryker was under a prior settlement with the SEC in 2013 for similar conduct, its lack of significant investment in, and improvements to, ‘its corporate compliance program and internal controls systems’ were clearly a factor in determining whether a monitor was necessary.[74] Finally, consistent with the Benczkowski Memorandum and despite Stryker being a repeat offender, the SEC’s imposition of the monitor was still narrowly tailored to the specific conduct at issue in the investigation.

In re EFP Rotenberg, LLP

EFP Rotenberg, LLP (EFP Rotenberg), a registered public accounting firm, reached a settlement agreement with the SEC in July 2016 for violating Section 10A(a) of the Exchange Act.[75] In connection with EFP Rotenberg’s audit of ContinuityX Solutions, Inc (ContinuityX), EFP Rotenberg failed to implement proper procedures to ‘obtain sufficient appropriate audit evidence that ContinuityX’s revenue was legitimate’, despite being aware of significant risk with ContinuityX’s reported revenues.[76] EFP Rotenberg further failed to identify related party transactions, obtain appropriate evidence to support its audit opinion and resolve inconsistencies in document findings.[77] As a result of this misconduct, ContinuityX’s Form 10-K contained several material misstatements and omissions of material fact.[78]

In addition to censure, cease and desist and a US$100,000 fine, the SEC required EFP Rotenberg to retain an independent consultant to review and evaluate the company’s audit and interim review policies and procedures for a variety of conduct.[79] Unlike the initial appointment in WorldCom, however, the SEC tailored the scope of the monitor’s appointment to specific conduct relevant to the investigation, including:

  • ‘the exercise of due professional care’ in audits;
  • ‘obtaining sufficient appropriate audit evidence’;
  • checking ‘third-party confirmations’;
  • ‘detecting and reporting misstatements resulting from illegal acts’;
  • identifying and considering ‘the adequacy of the disclosures of related parties and related party transactions’;
  • evaluating and relying on ‘management representations’;
  • supervising ‘individuals working on audits’; and
  • having ‘adequate audit documentation’.[80]

Notably, and consistent with current guidance from the US DOJ memoranda, each of the items the monitor was to inspect was tied to a relevant deficiency in EFP Rotenberg’s controls that was referenced in the SEC’s order. The SEC also prevented EFP Rotenberg from retaining any new clients until the independent consultant certified compliance with the recommended changes.[81]

In re Voya Financial Advisors, Inc

The SEC has turned its attention more recently towards enforcement actions involving cyber­security issues. These actions have used monitors as a remedy when the companies that are the subject of security breaches do not have adequate data security policies.

For example, in September 2018, the SEC concluded one such enforcement action in a matter involving Voya Financial Advisors, Inc (VFA). The conduct at issue invoked the Identity Theft Red Flags Rule (Regulation S-ID, Rule 201).[82] This Rule requires investment firms to create and maintain a policy that safeguards customer information from identity theft and to pay attention to ‘red flag’ warning signs that hackers may be attempting to steal information.[83] In 2016, hackers infiltrated VFA and gained access to personal information about 5,600 VFA customers by calling a support hotline and requesting password resets.[84] Key to the SEC’s allegations was the fact that VFA’s security policy had not been updated for 10 years and it was not administered by the company’s senior management, as required by Rule 201.[85]

In settling the SEC’s charges, VFA agreed to pay a US$1 million penalty and was required to undertake a list of remedial actions and engage a monitor.[86] The monitor, termed a ‘compliance consultant’ in the settlement, was tasked with conducting a comprehensive review of VFA’s data security policies and procedures, specific to the violation.[87]

This case demonstrates how the SEC is continuing to find new ways to use monitors to remedy alleged misconduct, while still tailoring the monitorship to the specific misconduct at issue and consistently with guidance.

In re The Options Clearing Corporation

The Options Clearing Corporation (OCC), the United States’ sole registered clearing agency for exchange-listed option contracts and a systemically important financial market utility, reached a settlement with the SEC and the Commodity Futures Trading Commission (CFTC) in September 2019 for failing to comply with the statutes and rules applicable to registered clearing agencies.[88] Because registered clearing agencies are ‘an essential part of the infrastructure of the U.S. securities markets’, one that is not structured and operated appropriately ‘can pose substantial risk to the financial system as a whole’.[89] The SEC found that OCC violated the Exchange Act by failing to establish and enforce policies and procedures involving financial risk management, operational requirements and the security of information systems.[90] OCC also failed to obtain the requisite SEC approval before adopting numerous policies.[91]

Accordingly, as part of the settlement, OCC had to engage an independent compliance auditor to assess its remediation of deficiencies, audit its compliance with certain provisions of the Exchange Act, and assess the hiring, qualifications and training of the personnel responsible for compliance with those Exchange Act provisions.[92] OCC was also required to pay the SEC a civil monetary penalty of US$15 million and the CFTC a penalty of US$5 million.[93] SEC Chairman Jay Clayton stated that the settlement was intended to ensure that OCC has the ‘appropriate policies and procedures in place to meet its obligations to [the US] financial system’.[94] This enforcement marks the SEC’s first charges for violations of the SEC clearing agency standards adopted in 2012 and 2016.[95]

SEC monitors: common elements

Examining administrative and civil federal court enforcement orders appointing monitors reveals certain common themes. While the scope of a monitor’s appointment will be tailored to the relevant misconduct that the SEC seeks to prevent, the terms of monitorships remain fairly consistent. Indeed, almost all monitor appointments will include the following elements:

  • retention of an independent monitor or consultant by the organisation that is acceptable to the SEC. To ensure independence, the SEC often requires that the monitor has not provided any professional services to the organisation within a specified period (including as a former employee or board member);[96]
  • a ban on dismissing the monitor without approval from SEC staff and an express waiver against any claim that an attorney–client relationship exists between the company and the compliance monitor.[97] This requirement prevents the company from withholding information on the basis that it communicated with the monitor on a privileged basis;
  • a requirement that the company bear all costs and expenses associated with the monitor;[98]
  • a description of the business areas that the monitor is to review and evaluate;[99]
  • a requirement that the monitor be given reasonable access to company records, employees and information as required to properly evaluate and assess the specified areas;[100] and
  • a requirement that the monitor issue an initial report and provide a copy to the SEC within a specified period. This report will summarise the review, evaluate the business areas identified and make appropriate recommendations to mitigate risks in the specified areas.[101]

In many cases, an organisation will also be required to adopt the recommendations contained within the initial report within a specific period.[102] If the company believes that any recommendations are ‘unnecessary, unduly burdensome, impractical or inappropriate’, it may submit a written alternative proposal to the monitor and the SEC.[103] The monitor and the organisation can then negotiate an alternative proposal within a specified period. If no agreement can be reached, the organisation must either abide by the original proposal or submit its objections to the SEC for consideration.[104] In some instances, the organisation may be able to obtain a third party mediator to resolve the issue;[105]

Following the recommendations, the organisation must eventually certify, within a specified period, that it has complied with the recommendations and implemented all required changes,[106] and the monitor is required to re-examine the organisation at a later date to ensure it remains in compliance with the recommendations.[107] The monitor will then issue a final report to the SEC and certify compliance.[108]

While no two cases are identical, the most recent SEC orders requiring monitors generally include some form of the terms referenced here, with modifications based on the scope of the review, the length of the monitor appointment and the severity of the conduct.

Costs and benefits of SEC monitors

Generally, a corporate monitor imposed by the SEC can be beneficial for both the organisation and the SEC.[109] The monitor can recommend, as well as help to implement and guide, necessary changes to an organisation’s internal system controls to prevent future investigations, penalties and fines by the SEC and other regulators. Further, agreeing to a monitor as part of a settlement could end any litigation or investigation sooner than it would otherwise, and could reduce penalties and ameliorate collateral consequences.

However, monitorships are expensive and often intrusive. That cost can be quite high, especially when the monitor has been empowered to oversee significant or large parts of the organisation’s operations or if the monitor’s tenure is for several years. An alternative, therefore, to an independent monitor that may be suggested in a settlement negotiation is the imposition of a self-monitoring arrangement that requires the entity to charge an independent committee of the board of directors to appoint an individual to make periodic reports on progress with undertakings and agree to report any reasonable suspicions of violations of the federal securities laws.[110]

Conclusion

As SEC-imposed monitors have taken their modern form in the wake of WorldCom, the SEC’s use of monitors has become widespread across a variety of industries for a broad range of conduct. Although the use of monitors has expanded, recent trends and US DOJ guidance demonstrate that the SEC has shifted from seeking all-encompassing roles for monitors to roles that are more tailored to remediating the problematic behaviour outlined in the charging or settlement papers. Even with this narrower scope, an organisation should still carefully evaluate the benefits and costs of accepting a monitor appointment as part of the resolution of an SEC investigation. Monitor appointments are unlikely to wane in the near future and, in light of most recent US DOJ guidance, may even be used more frequently to aid the SEC’s regulatory function in a variety of contexts to protect the public from perceived recidivist corporate misconduct.


Footnotes

1 Rachel Wolkinson is a partner and Blair Rinne is a senior associate at Brown Rudnick LLP. The authors wish to acknowledge the contribution of Ashley Baynham (formerly a partner at the firm) to previous editions of this chapter and to thank Tom Reklaitis, an associate at Brown Rudnick, for his assistance in researching and drafting this chapter.

2 US Dep’t of Justice (US DOJ), Criminal Division and US Securities and Exchange Commission (SEC), Enforcement Division, ‘A Resource Guide to the U.S. Foreign Corrupt Practices Act’ (Second Edition, 2020) (Resource Guide), at 71, at https://www.justice.gov/criminal-fraud/file/1292051 (last accessed 11 Mar 2022).

3 Most often monitors are imposed as part of a settlement agreement. In fact, the majority of SEC enforcement actions not involving delinquent filing settle before litigation is ever filed by the SEC. See, e.g., David Rosenfeld, ‘Admissions in SEC Enforcement Cases: The Revolution That Wasn’t’, 103 Iowa L. Rev. 113, 137 (2017).

4 Resource Guide (op. cit., note 2, above).

5 See Securities Exchange Act, 15 U.S.C. Section 78m(b).

6 See Resource Guide (op. cit., note 2, above), at 73–74 (outlining the factors that the US DOJ and SEC consider in determining whether a monitor is appropriate).

7 See, e.g., id.; Acting Deputy Attorney General of the United States, Memorandum re Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations (7 Mar. 2008) (Morford Memorandum), at https://www.justice.gov/sites/default/files/dag/legacy/2008/03/20/morford-useofmonitorsmemo-03072008.pdf; Assistant Attorney General of the United States, Memorandum re Selection of Monitors in Criminal Division Matters (11 Oct. 2018) (Benczkowski Memorandum), at https://www.justice.gov/opa/speech/file/1100531/download; Deputy Attorney General of the United States, Memorandum re Corporate Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies (28 Oct. 2021) (Monaco Memorandum), at https://www.justice.gov/dag/page/file/1445106/download (web pages last accessed 11 Mar. 2022).

8 See 15 U.S.C. Section 78u(d)(1) (‘Whenever it shall appear to the Commission that a person is engaged or is about to engage in acts or practices constituting a violation of any provision of this chapter . . . it may in its discretion bring an action . . . to enjoin such acts or practices’); Securities Act, 15 U.S.C. Section 77t(b) (similar); Investment Advisers Act, 15 U.S.C. Section 80b-9(d) (similar); Investment Company Act, 15 U.S.C. Section 80a-41(d) (similar); see also George W Dent, ‘Ancillary Relief in Federal Securities Law: A Study in Federal Remedies’, 67 Minn. L. Rev. 865, 869 to 872 (1983) (‘The most persuasive argument for ancillary relief in federal securities law is that the Supreme Court and many lower courts have approved such relief and that almost no judicial precedent has questioned it.’); see SEC v. Page Airways, Inc, 1980 WL 1390 (WDNY 8 Apr. 1980); SEC News Digest, Issue 80-71, at 3 (10 Apr. 1980), at https://www.sec.gov/news/digest/1980/dig041080.pdf (last accessed 11 Mar. 2022) (noting that in SEC v. Page Airways, Inc, the defendant agreed to ‘undertake[] to internally investigate matters alleged in the Commission’s complaint and retain a Review Person to evaluate the methods and procedures followed in this investigation’).

9 e.g., SEC v. G.C. George Securities, Inc, 637 F.2d 685, 687, n.2 (9th Cir. 1981) (quoting SEC v. Wencke, 622 F.2d 1363, 1368 (9th Cir. 1980)) (‘The federal courts have inherent equitable authority to issue a variety of “ancillary relief” measures in actions brought by the SEC to enforce the federal securities laws.’); see also Aulana L Peters, SEC Commissioner, Address to American Bar Association Annual Meeting, ‘Ancillary Relief and Remedies: Does the SEC Need More Clout?’ (13 Aug. 1986), at https://www.sec.gov/news/speech/1986/081386peters.pdf (discussing various forms of ancillary relief, and noting: ‘The Commission has also required the appointment of a special consultant to investigate a registrant’s internal procedures and report his findings to it and the court.’).

10 Sarbanes Oxley Act, Pub. L. No. 107-204, 116 Stat. 779 (enacting 15 U.S.C. Section 78u(d)(5)) (‘In any action or proceeding brought or instituted by the Commission under any provision of the securities laws, the Commission may seek, and any Federal court may grant, any equitable relief that may be appropriate or necessary for the benefit of investors.’).

11 e.g., City of Milwaukee v. Illinois & Michigan, 451 U.S. 304, 317 (1981) (finding that where Congress ‘has occupied the field through the establishment of a comprehensive regulatory program supervised by an expert administrative agency’, a federal court cannot order more stringent remedies).

12 See Grupo Mexicano de Desarolla SA v. Alliance Bond Fund, Inc, 527 U.S. 308, 318 to 319 (1999) (quoting A Dobie, Handbook of Federal Jurisdiction and Procedure, 660 (1928)) (‘[T]he equity jurisdiction of the federal courts is the jurisdiction in equity exercised by the High Court of Chancery in England at the time of the adoption of the Constitution and the enactment of the original Judiciary Act, 1789 (1 Stat. 73).’); Mertens v. Hewitt Assocs., 508 U.S. 248, 256 (1993) (holding that the phrase ‘other appropriate equitable relief’ in 29 U.S.C. Section 1132(a)(3) refers to ‘those categories of relief that were typically available in equity’) (emphasis in original).

13 See Tull v. United States, 481 U.S. 412, 422 (1987) (‘Remedies intended to punish culpable individuals, as opposed to those intended simply to extract compensation or restore the status quo, were issued by courts of law, not courts of equity.’); ibid., at 422 n.7 (explaining that a remedy that ‘exacts punishment’ is ‘a kind of remedy available only in courts of law’).

14 See, generally, note 3, above.

15 See 15 U.S.C. Section 77h-1(a); ibid., at Section 78u-3(a); ibid., at Section 80b-3(k)(1).

16 ibid., at Section 77h-1(a); see also ibid., at Section 78u-3(a) (same); ibid., at Section 80b-3(k)(1) (same).

17 Steven Peikin, Co-Director, SEC Division of Enforcement, ‘Remedies and Relief in SEC Enforcement Action’ (3 Oct. 2018) (‘In practice, two of the most effective forms of equitable relief [available to the SEC in enforcement actions and administrative proceedings] are undertakings . . . and conduct based injunctions . . . With respect to undertakings, many require the settling party to retain a compliance consultant or monitor.’), at https://www.sec.gov/news/speech/speech-peikin-100318 (last accessed 11 Mar. 2022).

18 Compare SEC v. WorldCom, Inc, Litigation Release No. 17594 (28 Jun. 2002), at https://www.sec.gov/litigation/litreleases/lr17594.htm (last accessed 11 Mar. 2022) (stipulating a monitor for ‘oversight responsibility with respect to all compensation paid by WorldCom’), with Opinion and Order, SEC v. WorldCom, Inc, 273 F. Supp. 2d 431, 432 (SDNY 7 Jul. 2003) (‘Under the Corporate Monitor’s watchful eye, the company has replaced its entire board of directors, hired a new and dynamic chief executive officer and begun recruiting other senior managers from without, fired or accepted the resignation of every employee accused by either the board’s own Special Investigation Committee or the Bankruptcy Examiner or having participated in the fraud, and terminated even those employees who, while not accused of personal misconduct, are alleged to have been insufficiently attentive in preventing the fraud.’).

19 Jennifer O’Hare, ‘The Use of the Corporate Monitor in SEC Enforcement Actions’, 1 Brooklyn J. Corp., Fin. & Com. L. 89, 93 (2006) (‘Commentators have argued that the corporate governance reforms required by the SEC in its consent decrees can interfere with the effective management of a company.’); see also ibid., at 102–08 (outlining ‘potential dangers presented by the use of a corporate monitor’ including ‘de facto expansion of corporate monitor’s power’ and ‘potential interference with management’).

20 First Amended Complaint, SEC v. WorldCom, Inc., No. 02-CV-4963 (SDNY 5 Nov. 2002).

21 See ibid., at ‘Prayer for Relief’.

22 id.

23 See WorldCom, Litigation Release No. 17594 (op. cit. note 18, above).

24 See Stipulation and Order, SEC v. WorldCom, Inc, No. 02-CV-4963 (SDNY 18 Jul. 2002) (‘The Corporate Monitor, Richard C. Breeden, is an agent of this Court with such oversight responsibilities as set forth in the Court’s Order dated June 28, 2002.’).

25 Memorandum Order, SEC v. WorldCom, Inc, No. 02-CV-4963 (SDNY 2 Aug. 2002) (‘[T]he original Stipulation and Order of June 28, 2002 creating a monitorship provided that the Corporate Monitor, among other powers, was to exercise complete “oversight and responsibility with respect to all compensation”. The order broadly defined “compensation” and provided the Corporate Monitor with total “discretion to determine the type of compensation to review and either approve or disapprove”.’).

26 id. (‘The Court’s further order of July 15, 2002 was intended to make clear, if there were any doubt, that such oversight included, inter alia, approval or disapproval of any future payment or promise of payment to any outside professional or adviser such as an investment banker, a restructuring specialist, and the like.’).

27 id.

28 id. (‘The Corporate Monitor can hardly determine what is “necessary to the operation of the business” if he is not provided with complete information about every aspect of the business he deems relevant to his assessments. . . . [T]he Corporate Monitor must be informed of, and invited to, any meetings or discussions between any Covered Party and the company or any of its outside advisers.’).

29 See Judgment of Permanent Injunction, SEC v. WorldCom, Inc, No. 02-CV-4963 (SDNY 26 Nov. 2002) (WorldCom Judgment); see also O’Hare (op. cit. note 19, above), at 98–99.

30 WorldCom Judgment (op. cit. note 29, above).

31 WorldCom, 273 F. Supp. 2d at 432 (‘The company has also consented to a permanent injunction authorizing the Corporate Monitor to undertake a complete overhaul of the company’s corporate governance . . . [and] the company has committed in advance to adopt and adhere to all corporate governance and internal control recommendations made by the Corporate Monitor and the independent consultants.’).

32 Richard C Breeden, ‘Restoring Trust, Report to The Hon. Jed S. Rakoff United States District Court for the Southern District of New York on Corporate Governance For The Future Of MCI, Inc.’ (Aug. 2003); see also O’Hare (op. cit. note 19, above), at 99.

33 Breeden (op. cit. note 32, above); see also O’Hare (op. cit. note 19, above), at 99.

34 Breeden (op. cit. note 32, above).

35 See WorldCom, 273 F. Supp. 2d at 432–33.

36 e.g., In re American Registrar & Transfer Company, Securities Act Release No. 10082, Exchange Act Release No. 77922 (25 May 2016) (American Registrar & Transfer Company), at https://www.sec.gov/litigation/admin/2016/33-10082.pdf (last accessed 11 Mar. 2022).

37 e.g., In re Apex Funds Services (US), Inc, Investment Advisers Act Release No. 4429 (16 Jun. 2016) (Apex Funds Services), at https://www.sec.gov/litigation/admin/2016/ia-4429.pdf (last accessed 11 Mar. 2022).

38 e.g., In re Barclays Capital Inc, Securities Act Release No. 10016, Exchange Act Release No. 77018 (2 Feb. 2016) (Barclays Capital), at https://www.sec.gov/litigation/admin/2016/33-10016.pdf (last accessed 11 Mar. 2022).

39 e.g., In re E.S. Financial Services, Inc, Exchange Act Release No. 77056 (4 Feb. 2016) (E.S. Financial Services, Inc), at https://www.sec.gov/litigation/admin/2016/34-77056.pdf (last accessed 11 Mar. 2022).

40 e.g., In re Stryker Corporation, Exchange Act Release No. 84308 (28 Sep. 2018) (Stryker), at https://www.sec.gov/litigation/admin/2018/34-84308.pdf; In re LAN Airlines S.A., Exchange Act Release No. 78402 (25 July 2016), at https://www.sec.gov/litigation/admin/2016/34-78402.pdf (web pages last accessed 11 Mar. 2022).

41 e.g., In re Everhart Financial Group, Inc, Exchange Act Release No. 76897, Investment Advisers Act Release No. 4314 (14 Jan. 2016), at https://www.sec.gov/litigation/admin/2016/34-76897.pdf (last accessed 11 Mar. 2022).

42 e.g., In re Steven A. Cohen, Investment Advisers Act Release No. 4307 (8 Jan. 2016), at https://www.sec.gov/litigation/admin/2016/ia-4307.pdf (last accessed 11 Mar. 2022).

43 More recently, the SEC has referred to a monitor as an ‘independent compliance consultant’.

44 Resource Guide (op. cit. note 2, above), at 74.

45 id.

46 id.

47 id. (‘When both DOJ and SEC require a company to retain a monitor, the two agencies have been able to coordinate their requirements so that the company can retain one monitor to fulfill both sets of requirements.’).

48 Morford Memorandum (op. cit. note 7, above). Note that in June 2009, the then Assistant Attorney General Lanny A Breuer expanded on the Morford Memorandum, outlining the terms required in all monitorship agreements and refining the selection process for monitors: see Assistant Attorney General of the United States, Memorandum re Selection of Monitors in Criminal Division Matters (24 Jun. 2009) (Breuer Memorandum), at https://www.justice.gov/sites/default/files/criminal-fraud/legacy/2012/11/14/response3-supp-appx-3.pdf. The Breuer Memorandum, however, was superseded in 2018 by the Benczkowski Memorandum, discussed below. And in May 2010, Gary Grindler, the then Acting Deputy Attorney General, issued a memorandum clarifying the US DOJ’s role in resolving disputes between the monitor and corporation: see Acting Deputy Attorney General of the United States, Memorandum re Additional Guidance on the Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations (25 May 2010), at https://www.justice.gov/jm/criminal-resource-manual-166-additional-guidance-use-monitors-dpas-and-npas (web pages last accessed 11 Mar. 2022).

49 Morford Memorandum (op. cit. note 7, above), at 2 (emphasis added).

50 id.

51 ibid., at 5.

52 ibid., at 6.

53 id.

54 id.

55 ibid., at 7–8.

56 Benczkowski Memorandum (op. cit. note 7, above).

57 ibid., at 1 n.3.

58 ibid., at 2.

59 ibid., at 4–8.

60 ibid., at 5.

61 Monaco Memorandum (op. cit. note 7, above).

62 ibid., at 4 n.3 (specifically stating that the Monaco Memorandum was not altering any sections of the Benczkowski Memorandum aside from Part A).

63 ibid., at 4; Benczkowski Memorandum (op. cit. note 7, above), at 2.

64 Monaco Memorandum (op. cit. note 7, above), at 4–5. Compare to the Benczkowski Memorandum (op. cit. note 7, above) (‘In general, the Criminal Division should favor the imposition of a monitor only where there is a demonstrated need for, and clear benefit to be derived from, a monitorship relative to the projected costs and burdens. Where a corporation’s compliance program and controls are demonstrated to be effective and appropriately resourced at the time of resolution, a monitor will likely not be necessary’.) (emphasis added).

65 Lisa O. Monaco, Deputy Attorney General, ‘Deputy Attorney General Lisa O. Monaco Gives Keynote Address at ABA’s 36th National Institute on White Collar Crime’ (28 Oct. 2021) at https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-gives-keynote-address-abas-36th-national-institute (last accessed 11 Mar. 2022).

66 Monaco Memorandum (op. cit. note 7, above) at 4.

67 ibid., at 5.

68 Gary Gensler, Chair, SEC, ‘Prepared Remarks at the Securities Enforcement Forum’ (4 Nov. 2021) at https://www.sec.gov/news/speech/gensler-securities-enforcement-forum-20211104 (last accessed 11 Mar. 2022).

69 Clara Hudson, ‘SEC Official: No more “cookie-cutter”’ monitorships’, Global Investigations Review (1 Nov. 2018), at https://globalinvestigationsreview.com/article/jac/1176432/sec-official-no-more-%E2%80%9Ccookie-cutter%E2%80%9D-monitorships (last accessed 11 Mar. 2022).

70 Stryker (op. cit. note 40, above).

71 id.

72 In re Stryker Corporation, Exchange Act Release No. 70751 (24 October 2013), at https://www.sec.gov/litigation/admin/2013/34-70751.pdf (last accessed 11 Mar. 2022).

73 Stryker (op. cit. note 40, above).

74 Benczkowski Memorandum (op. cit. note 7, above), at 2.

75 In re EFP Rotenberg, LLP, Exchange Act Release No. 78393, at 2–3 (22 Jul. 2016) (EFP Rotenberg), at https://www.sec.gov/litigation/admin/2016/34-78393.pdf (last accessed 11 Mar. 2022). Section 10A(a) of the Exchange Act requires registered public accounting firms to comply with generally accepted auditing standards, including: ‘(1) procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement accounts; (2) procedures designed to identify related party transactions that are material to the financial statement or otherwise require disclosure therein; and (3) an evaluation of whether this is substantial doubt about the ability of the issuer to continue as a going concern during the ensuing fiscal year.’ 15 U.S.C. Section 78j-1(a).

76 EFP Rotenberg (op. cit. note 75, above), at 5.

77 ibid., at 6–10. The administrative order also noted that EFP Rotenberg LLP improperly relied on management representations, failed to exercise due professional care and that its policies and procedures were deficient. ibid., at 10–11.

78 ibid., at 4.

79 ibid., at 13–14.

80 ibid., at 14.

81 ibid., at 13, 16.

82 Voya Financial Advisors, Inc, Exchange Act Release No. 84288, Investment Advisers Act Release No. 5048 (26 Sep. 2018), at https://www.sec.gov/litigation/admin/2018/34-84288.pdf; see also SEC, Press release, ‘SEC Charges Firm with Deficient Cybersecurity Procedures’ (26 Sep. 2018), at https://www.sec.gov/news/press-release/2018-213 (explaining that this was ‘the first enforcement action’ involving the violation of this rule) (web pages last accessed 11 Mar. 2022).

83 ibid., at 3–4.

84 ibid., at 7–8.

85 ibid., at 7.

86 ibid., at 10–13.

87 ibid., at 10–12.

88 In re The Options Clearing Corporation, Exchange Act Release No. 86871 (4 Sep. 2019) (OCC), at https://www.sec.gov/litigation/admin/2019/34-86871.pdf; SEC, Press release, ‘SEC and CFTC Charge Options Clearing Corp. With Failing to Establish and Maintain Adequate Risk Management Policies’ (4 Sep. 2019), at https://www.sec.gov/news/press-release/2019-171 (web pages last accessed 11 Mar. 2022).

89 OCC (op. cit. note 88, above), at 2.

90 ibid., at 2–14; SEC Press release (op. cit. note 88, above).

91 OCC (op. cit. note 88, above), at 9–11.

92 ibid., at 15.

93 ibid., at 22; SEC Press release (op. cit. note 88, above).

94 SEC Press release (op. cit. note 88, above).

95 id.

96 e.g., Barclays Capital (op. cit. note 38, above), at 5; see also In re Mobile TeleSystems PJSC, Exchange Act Release No. 85261, at 9 (6 Mar. 2019) (Mobile TeleSystems PJSC), at https://www.sec.gov/litigation/admin/2019/34-85261.pdf (requiring monitor with ‘sufficient independence from Respondent to ensure effective and impartial performance of the Monitor’s duties as described in the Offer’). Moreover, the SEC typically prohibits the company and its affiliates, directors, officers, employees and agents from employing or forming any professional relationship with the monitor during the period of the engagement and for a set time thereafter. e.g., In re Fresenius Medical Care AG & Co. KGaA, Exchange Act Release No. 85468, at 15 (29 Mar. 2019) (Fresenius Medical Care AG & Co. KGaA), at https://www.sec.gov/litigation/admin/2019/34-85468.pdf; American Registrar & Transfer Company (op. cit. note 36, above), at 9 (web pages last accessed 11 Mar. 2022).

97 e.g., American Registrar & Transfer Company (op. cit. note 36, above), at 9; see Mobile TeleSystems PJSC (op. cit. note 96, above), at 10.

98 e.g., OCC (op. cit. note 88, above), at 18; American Registrar & Transfer Company (op. cit. note 36, above), at 8.

99 e.g., EFP Rotenberg (op. cit. note 75, above), at 14.

100 e.g., Mobile TeleSystems PJSC (op. cit. note 96, above), at 10; American Registrar & Transfer Company (op. cit. note 36, above), at 9.

101 e.g., Fresenius Medical Care AG & Co. KGaA (op. cit. note 96, above), at 23; Apex Fund Services (op. cit. note 37, above), at 7.

102 e.g., id.

103 e.g., id.

104 e.g., id.

105 e.g., EFP Rotenberg (op. cit. note 75, above), at 15.

106 e.g., American Registrar & Transfer Company (op. cit. note 36, above), at 9; see Mobile TeleSystems PJSC (op. cit. note 96, above), at 15.

107 e.g., Consent, SEC v. Telefonaktiebolaget LM Ericsson, No. 19-cv-11214, at 7 to 10 (SDNY 11 Dec. 2019) (Ericsson Consent); E.S. Financial Services, Inc (op. cit. note 39, above), at 6–7.

108 Ericsson Consent (op. cit. note 107, above), at 11; E.S. Financial Services, Inc (op. cit. note 39, above), at 6–7.

109 See SEC, ‘Division of Enforcement 2019 Annual Report’, at 18 (6 Nov. 2019), at https://www.sec.gov/enforcement-annual-report-2019.pdf (‘Well-designed undertakings [including retention of a compliance consultant or monitor] provide unique long-term benefits to investors, and are one of the most effective forms of equitable relief in SEC enforcement actions.’).

110 See In re TechnipFMP plc, Exchange Act Release No. 87055, at 11 (23 Sep. 2019), at https://www.sec.gov/litigation/admin/2019/34-87055.pdf (last accessed 11 Mar. 2022); Final Judgment, SEC v. Int’l Bus. Machs. Corp, No. 11-cv-00563, at 3 to 4 (DDC 25 Jul. 2013); Final Judgment, SEC v. Tyco Int’l Ltd, No. 12-cv-01583, at 5 to 6 (DDC 17 Jun. 2013); Final Consent Judgment, SEC v. Armor Holdings, Inc., No. 11-cv-01271, at 10 to 12 (DDC 23 Jul. 2012).

Unlock unlimited access to all Global Investigations Review content