Size Matters … and Other Compliance Myths

The recently released Society of Corporate Compliance and Ethics 2017 Compliance and Ethics Officer and Staff Salary Survey contains a host of interesting CCO and other compliance personnel compensation information. Also interesting is the survey’s profile data regarding compliance professionals and their companies. The SCCE is a nonprofit association of more than 5,800 members, including CCOs and their staffs, employed in a wide range of industries. The 2017 survey’s data was derived from 1,376 email responses, which were then distilled down to 444 individuals employed by non-health care providers and responsible for at least 26 percent of their organization’s legal and regulatory risk (i.e., actual compliance personnel rather than personnel with isolated compliance duties). A review of the survey’s data exposed five common compliance myths. Myth No. 1: Only public companies have compliance departments. In fact, the survey indicates that only 24 percent of responding CCOs work at publicly traded companies, while fully 39 percent were employed by private companies. The remaining CCOs work for governmental agencies, academic institutions and nonprofits. Myth No 2: Only mega-companies have compliance departments. The reality is that 41 percent of responding CCOs work at organizations with fewer than 1,000 employees. The numbers rise to 57 percent for companies under 3,000 employees and 72 percent for those under 7,500 employees. Similarly, 52 percent of responding CCOs work at organizations with annual revenues of less than $500 million, 35 percent at organizations with less than $100 million and 27 percent at those with less than $50 million. Myth No. 3: Most compliance professionals are involved in only a small slice of the company’s legal and...

The DOJ’s Latest Compliance Program Warning

U.S Deputy Attorney General Rod Rosenstein recently announced the Department of Justice’s revised FCPA Corporate Enforcement Policy. The revised Policy is based on the DOJ’s FCPA Pilot Program (in place since April 2016), which provided mitigation credit for voluntary reporting of wrongdoing and specified levels of cooperation and remediation in connection with the resulting investigation. Much has been made about the new Policy provisions that create the presumption of a DOJ enforcement declination and specify percentage reductions from the U.S. Federal Sentencing Guidelines in the event that a company self-discloses, cooperates and/or remediates in accordance with specified Policy requirements. Certainly, these provisions significantly further the shift toward encouraging company cooperation, as well as continue the focus on holding individuals accountable, and deserve careful attention. It was, however, Deputy Attorney General Rosenstein’s third “policy enhancement” that most caught my eye. That provision provides detail about how the DOJ evaluates compliance programs, specifying what he calls “hallmarks of an effective compliance program.” The Policy first states that the criteria for an effective compliance and ethics program may vary based on the size and resources of the organization, which seems fair enough. It then provides a list of criteria (quoted below), which it says will be periodically updated: The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated; The resources the company has dedicated to compliance; The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; The authority and independence of the compliance...

Join Us at the Fall 2017 GRC Forum, featuring NC Attorney General Josh Stein

You recently received an email invitation to our upcoming Governance, Risk & Compliance Forum. The GRC Forum is a half-day, interactive event devoted specifically to the issues faced by risk and compliance personnel at companies in all industries and at all stages of GRC development. The Fall 2017 session will be held on Thursday, September 28 at the Duke Mansion in Charlotte. We’ll start with coffee and breakfast at 8:15 a.m. The three presentations will run from 9:00 a.m. until noon. There is no charge for attending, and attendees are expected to be approved for compliance certification and continuing legal education credit. Topics to be covered. The GRC Forum and related GRC Blog generally address topics related to assessing, enhancing and maintaining an enterprise-wide governance, risk and compliance function. Specific topics to be discussed at this upcoming Fall 2017 session will include: Session I:  Update on the current state of corporate social responsibility, including CSR reporting and corporate America’s response to the Trump administration’s withdrawal from the Paris climate accord. Session II:  A discussion of cybersecurity breach response policies and plans, including background on current data privacy and security laws in the U.S., the EU’s new comprehensive data protection law and the EU Network Infrastructure Security Directive, critical components of a comprehensive plan, and practical tips on how to create, draft, train on and implement a plan. Session III:  Remarks by North Carolina Attorney General Josh Stein on compliance and public protection, followed by Q&A. Who should attend? GRC touches a variety of professionals, including: compliance officers risk management officers boards of directors legal departments CFOs, internal auditors and...

Revisiting Rule 10b5-1 Trading Plans

I am sometimes surprised by the number of insiders who trade in their company’s stock outside of Rule 10b5-1 trading plans. It is often said, with some accuracy, that executive officers, directors and other insiders always possess material nonpublic information (MNPI) due to the very nature of their jobs. And in fact, many insiders are able to actually create MNPI merely by deciding to initiate a strategic change or direct a financial decision. If that is true, or at least arguable under the glare of 20/20 hindsight, then trading outside of a trading plan is a dangerous proposition. The question, then, is, “Why take the chance?” A trading plan provides an easily implemented affirmative defense against insider trading claims, and courts have consistently deferred to valid trading plans, even under questionable circumstances. Furthermore, it is well-known that the SEC is vigorously pursuing insider trading violations of all shapes and sizes. (See this Doug’s Note.) For that matter, why doesn’t every company require that its insiders trade only under a trading plan? The elements of a trading plan. An enforceable trading plan must satisfy the following requirements: The insider was not aware of any MNPI at the time it was adopted. It specifies a non-discretionary trading method. The insider may not exercise any subsequent influence over how, when or whether to make purchases or sales. The insider must enter into the plan in good faith and not as part of a plan or scheme to evade the insider trading prohibitions. That sounds easy, so what’s the problem? Honestly, I’m not sure. Some companies may feel that prohibiting trades outside of...

Introducing a Fresh Perspective on Governance, Risk and Compliance

With the fifth anniversary of Doug’s Note fast approaching (and more than 250 posts and 250,000 reads in the rearview mirror), it seemed like a good time to consider where to go from here. Where, as it turns out, was to create a companion blog devoted to governance, risk and compliance, which are among the hottest issues in corporate America these days. Parker Poe’s GRC Blog reflects the joint contributions of our GRC team, co-led by Jane Lewis-Raymond, former chief compliance officer and general counsel of a large public company, and by me. Together, we provide more than 50 years of experience counseling public and private companies of all shapes and sizes on compliance program design, risk assessment, enterprise risk management, crisis management, remediation and training. Essential to the blog’s success are the contributions of our larger GRC team, which consists of attorneys whose practices focus on such key areas of corporate compliance as: Anti-Bribery & Anti-Corruption Antitrust & Consumer Protection Criminal & Regulatory White Collar Compliance Crisis Management Cybersecurity & Data Privacy Employment Environmental Government Contracting & False Claims Act Compliance Immigration SEC Reporting & Compliance Tax Trade Compliance Our GRC Blog includes insights on such matters as creating a compliance culture, ensuring compliance with the Federal Sentencing Guidelines and the DOJ’s program evaluation guidance, the interplay of compliance professionals, executive management and boards of directors, balancing GRC goals against the realities of budget and personnel constraints, and a whole lot more. Recent posts include, for example: Take-aways from the recent global ransomware attack (click here), The board of directors’ role in compliance programs (click here) , Where...

Thwarting Shareholder Activism Through Engagement

As the 2017 proxy season draws to a close for most companies, it is obvious that shareholder activism remains alive and well, though the actual number of public activist campaigns appears to have tapered off slightly as compared to recent years. Activism takes many forms, ranging from takeover proxy battles to proxy access proposals to single-issue social welfare proposals. Particularly noteworthy is an apparent trend among institutional investors to target small and mid-size companies, perhaps believing (perhaps correctly) that these companies are ill-prepared to resist their forays. Companies have a wide array of defensive techniques at their disposal, depending on the nature of the activist’s approach, one of which is effective shareholder engagement. The good news is that more and more institutions are welcoming, and even encouraging, engagement with their portfolio companies. And while small and mid-size companies still sometimes struggle to get the attention of major institutions, this has become less problematic now that shareholder engagement is standard practice in corporate America. Although many of the governance benefits of shareholder engagement are widely known, often overlooked is its ability to thwart shareholder activism. Better communication between the company and its major shareholders reduces misunderstandings about management’s strategy or the reasons behind its latest moves. Misunderstandings, in turn, may lead to activism, or a willingness to side with activists. Strong relationships with traditionally non-activist institutional shareholders (by far the larger percentage) have the ability to actually deter activist behavior before it even happens, or to nip it before it gains too much momentum. For example, many activist shareholders own a relatively small percentage of the target company, particularly as compared...