Interview: After SAC, corporate monitor says what makes effective compliance programs
By Emmanuel Olaoye, Compliance Complete
WASHINGTON, Nov. 13 (Thomson Reuters Accelus) - Last Monday’s announcement that the hedge fund SAC Capital Advisors will pay $1.8 billion and hire a compliance monitor to settle insider trading charges highlighted the importance of outside compliance monitors in modern financial services enforcement.
SAC pled guilty on Friday to criminal fraud charges as part of a $1.8 billion deal with the Department of Justice to resolve a decade-long investigation into insider trading at the firm.
Under the terms of the plea deal, SAC must hire a compliance consultant to review its insider trading practices. It has also settled civil charges in the case, and investigations into the firm and individuals including founder Steven A. Cohen continue.
Within 45 days, the consultant must report any deficiencies finds in SAC’s compliance procedures to the government. After six months, the consultant will write another report on the progress SAC has made to fix the deficiencies.
SAC must also wind down its investment advisory business and stop taking money from outside investors.
The DoJ has increasingly turned to monitors to ensure that sanctioned firms stick to the terms of settlements.
Compliance Complete sat down with corporate monitor John Hanson to discuss challenges likely to emerge in the relationship between SAC, the monitor, and the Justice Department, and the lessons others might take from the case.
Hanson is the founder of the Washington D.C. based consulting firm Artifice Forensic Financial Services, LLC. In the last few years, he has served on monitorships involving settlement agreements issued by the Department of Justice, the Department of Interior, and the Department of Transportation. Hanson, an accountant and former FBI white collar crime investigator, last year was appointed to an American Bar Association committee responsible for establishing “best practices” and standards for corporate monitors.
Q – With the SAC case, one of the things I noticed is the short time frame (six months) the monitor will be at SAC. What can the monitor accomplish in that short time-frame?
A – In my opinion it takes about three years for a company that had a poor or non-existing compliance program to implement good program.
It takes a while to get a good compliance program in place. This is not a traditional monitorship.
Q – How would you review a firm’s policies to protect against insider trading?
A – It’s actually not hard. The question, is if the policy is designed very well. Is it capturing all the issues it needs to really capture?
Once you understand that the policy exists, you have to make sure it is accessible. These are all factors that I consider if I was considering the effectiveness of training.
As I read the SAC agreement, the compliance consultant’s role was really pretty narrow. With SAC, I would identify a group of people randomly. If one of them is susceptible to insider trading, and he doesn’t realize it, the company has failed.
It means they haven’t done their job of communicating risks to the relevant people. If they do know the risk, the natural follow up question is: “what is your policy on that?”
I want to be able to demonstrate that the company has adequately trained them on the issues that they need to be trained on.
Q – How are you perceived by the management and the employees when you first go into a firm?
A – It depends on the monitor. There are people who come into a monitorship who come in like the autocrat. That is not the right approach. The right approach is to come in and be humble.
I act very much like a guide when I am in an organization. I go in with the attitude that “I’m here to help you through these issues”.
With the culture that you have, the resources that you and the industry that you operate in. Then the business structure that you have …so that when I’m going you have a really good compliance program that makes you feel comfortable that you have done as much you can in detecting and preventing wrongdoing.
I have learned to alleviate the concerns [of the company] when I come in. I use preambles when I interview company employees. I tell them that I am there to help them have a better ethics and compliance program.
That approach makes all the difference in the world.
Q – If a monitor goes into an assignment at a company that has been sanctioned by the DoJ, what will the monitor expect to see in the firm’s compliance program?
A – The scope of the monitor is dictated by the settlement agreement. I can’t go into a company and dictate the things that I think are wrong with the company.
If the settlement agreement focuses on Foreign Corrupt Practices Act issues or anti-trust issues, I go there knowing that I’m missing the forest from the trees.
Usually what I’m trying to do is educate the government enterprise and the company at the same time and get them to focus on what the right issues are.
Sometimes they don’t really understand or don’t care. Sometimes they just want to stick to what the agreement says.
As a monitor I am bound by that charter and I can’t go beyond what the agreement says.
Q – What do you look for in terms of an effective compliance program?
A – Its important to remember there is no one-size fits all in this area. The compliance profession looks to the sentencing guidelines as the foundation for compliance and ethics program.
That may be the measuring stick that I’m using as a monitor. But depending on the company there may be the other issues that come into play.
There is no one measuring stick. There are basic good principles for a corporate compliance and ethics program. How you apply those principles and coordinate the different components of the corporate program to work together as a system…that’s what constitutes a well designed compliance program.
Q – Can you give me the top three or four components that you expect to see in a well-designed compliance program?
A – It’s a grouping of several things that work together in a coordinated fashion.
From a very broad perspective you’ve got to have the board and management bought in completely. They need to understand what compliance and ethics programs are. They need to take ownership and oversight of the program.
Typically you want to see a dedicated compliance officer who is going to report on the compliance program to the board.
They should be doing a good risk assessment … to understand what are the compliance and ethics risks that the organization faces.
They coordinate with HR and the business units in the firm to come up with the main risks to the organization.
Usually I suggest they prioritize those risks and tell the board.
There’s also ethical tone. If you look at the sentencing guidelines, it says an effective compliance and ethics program. They are symbiotic. They go together.
One cannot work effectively without the other. Sometimes there tends to be too much focus on the compliance program to the neglect of what really allows the program to work. That is ethical tone.
In a lot of settlement agreements, the monitor is not being used to help the organization understand ethical tone.
Q – So if the settlement agreement is not designed appropriately, is it fair to say the problems with the compliance program will be unresolved?
A – Absolutely. The agreement really needs to be structured to reform the overall compliance and ethics program in the company. That’s the measuring stick for corporate criminal liability in the sentencing guidelines.
The sentencing guidelines address the fact that you have to address risk. In some companies, FCPA is a risk.
That’s how you identify the subcomponents of the overall compliance program.
A good compliance program will identify the risks … the policies, training, monitoring that addresses those risks so as to deter, prevent the misconduct.
Q – Many public firms have chief compliance officers that report to the board. Do you think private companies that don’t have a CCO reporting to the board are structurally flawed from a compliance standpoint?
A – To be very clear about it, a lot of companies — private or public — have not created an appropriate reporting structure.
This is still a relatively new industry. There’s still a huge debate on whether a chief compliance officer should wear the same hat as in-house counsel.
I was at a recent conference recently and a CCO at a major public company pulled me aside and began expressing discontent about his reporting difficulties.
They’re scared that somebody is going to break bad at some point and that if they don’t have the reporting structure things are going to get bad for the company.
The point of the matter is not all companies have compliance officers. Not all of them have compliance officers who are appropriately empowered to really do what they need to do.
Q – Can a monitor help a firm to achieve a culture of compliance?
A – A good monitor can affect a cultural change…ethical tone change. It is difficult and time consuming effort but if you educate senior management and the board about how they can lead with ethics, it does begin to affect how they behave.
It is not something that is done overnight. It takes a lot of time and a lot of effort. A monitor needs to be a good teacher.
(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)