Audit, Compliance and Risk Blog
The Securities and Exchange Commission (SEC) has just published Interpretive Guidance to “assist” public companies with evaluation and reporting of their cybersecurity risks. This Guidance expands similar SEC guidance issued in 2011, reflecting the growing importance of the issue and highly-publicized cybersecurity breaches during the intervening years. The following discussion summarizes the new Guidance, and provides context.Read More
Earlier this year, the US Department of Justice (DOJ) Fraud Section issued additional enforcement guidelines to US Attorneys, entitled “Evaluation of Corporate Compliance Programs.” DOJ’s US Attorneys perform these evaluations to weigh whether and how severely an organization might be charged for illegal conduct by directors, officers, or other employees. But individuals may be committing crimes to further the organization’s goals (remember Volkswagen’s recent use of fraudulent means to defeat emission requirements), or for their own purposes despite organizational efforts. For readers in organizations that aren’t encouraging criminal behavior, these guidelines provide important guidance to the design (and implementation) of effective compliance programs.Read More
In Re Hornby Residences Ltd. (2017 BCSECCOM 17), the British Columbia Securities Commission had to determine whether a real estate development corporation and its principal had violated the BC Securities Act s. 57(b) prohibition against fraud in connection with the issuance of a security when the funds invested were used to pay the principal and other corporations controlled by the same principal, Brendan James Schouw. Schouw was a real estate developer and the sole director of Hornby, and of Grace Residences Ltd. and Homer Residences Ltd. Schouw was also connected with Drake Residences Ltd., although the Commission was not provided with information about its directors and officers.Read More
The Ontario Superior Court of Justice issued an initial order in an insolvency proceeding under the Companies’ Creditors Arrangement Act (CCAA) providing a $3.1 million director’s charge even though the directors were covered by an existing D&O liability insurance policy and indemnities from the company (Re P.T. Holdco Inc., 2016 ONSC 495). The CCAA proceedings involved various corporate entities involved in the Primus telecommunications service business in Canada and the United States. Primus’ business was failing and it had arranged to sell its business to another company and wished to use the CCAA to finalize the sale and distribute the sale assets while its creditors were stayed from enforcing their claims.Read More
In Kent v. Postmedia Network Inc. (2015 ABQB 461), the Alberta Court of Queen’s Bench granted a summary judgment application by Paul Godfrey and Gordon Fisher, two directors of Postmedia Network Inc., and dismissed the defamation claims against them by the plaintiff, Arthur Kent. Kent claimed he had been defamed in a 2008 article written by Don Martin and published in the Calgary Herald and National Post and continuing to be available on various websites maintained by Postmedia. The article at issue was published while Kent was a candidate in the Alberta provincial election and he claimed it contained false and defamatory statements that were intended to have readers infer that Kent’s career as an international correspondent was insubstantial, he was unworthy of public trust and confidence, his election campaign was incompetent and he lacked support from both his campaign team and political party. In the course of the litigation leading up to the motion for summary judgment, Kent had both Fisher and Godfrey served with a Notice of Intention to bring an Action setting out the basis for his claim of defamation and seeking removal of the article from websites. Neither Fisher nor Godfrey sought the removal of the article from those websites.Read More
When an organization breaks the law, the actual actions must be taken by individuals associated with the organization–whether it’s a rogue individual or a vast internal conspiracy. So who’s culpable and for what? Laws often provide civil liability for most violations and criminal liability for the most severe, and many include parallel provisions addressed both to organizations and individuals. Most enforcement agencies produce enforcement and prosecutorial guidelines for agency personnel to provide criteria that channel their “prosecutorial discretion.” Variations in such guidelines may tend to keep organizations and their personnel aligned – as when they’re all going to be prosecuted together anyway–or may encourage fissures between them – as when one can reduce its own liability by incriminating another.
The U.S. Department of Justice (DOJ) conducts most criminal prosecutions brought against violators of U.S. federal laws. DOJ’s U.S. Attorneys also provide legal support to many federal agencies in civil cases brought by the agencies for regulatory violations. To regularize these wide-ranging responsibilities, DOJ promulgates enforcement policies and priorities, which are compiled in the “U.S. Attorneys’ Manual.”
How Has DOJ Approached Individual Prosecutions For Organizational Wrongdoing?
DOJ has repeatedly adjusted its policies for prosecuting individuals in organizational wrongdoing cases. In 2003, DOJ issued an enforcement policy seeking to separate organizations from their agents – telling organizational defendants that indemnification of their officers (i.e., paying their defense costs under employment contracts and bylaws) would be interpreted as support for the individuals’ malfeasance, precluding DOJ from applying lenience to the organization for having “cooperate[d] in the investigation of its agents” (the “Thompson memorandum”). This policy was intended to prevent organizations from shielding their personnel, and so to encourage more individual prosecutions. However, this policy was rescinded after a 2006 court decision excoriated DOJ, holding that the policy violated individual defendants’ Constitutional rights by exerting undue pressure on organizations (U.S. v. Stein).
In 2006, DOJ softened the offending policy by reemphasizing that many criteria may apply to charging and prosecutorial decisions, and stating explicitly that an organization’s decision to follow state laws and establish indemnification provisions would not be considered a failure to cooperate sometime later with federal prosecutors (“the McNulty memorandum”; later enshrine in the U.S. Attorneys’ Manual section 9.28). Thus, DOJ policy for nearly a decade has not explicitly attempted to pit organizational defendants against their individual human agents – but also has not provided clear guidance to prosecutors in determining whether to proceed against organizational defendants, individual defendants, or both. During these years, the trend has been toward fewer prosecutions of individuals, even where it seems likely that top managers were integral participants in financial or regulatory violations. This lack of headline-grabbing prosecutions has produced a political backlash and pressure to re-balance prosecutorial policies.
How Does DOJ’s Newest Policy Favor Individual Prosecutions?
In September, Deputy Attorney General Yates issued DOJ’s latest enforcement policy memorandum, addressing “Individual Accountability for Corporate Wrongdoing.” DOJ will apply this latest revision to all criminal prosecutions, and to civil enforcement as appropriate. The memo sets forth 6 basic criteria for U.S. Attorneys to apply and follow:
- “To be eligible for anv cooperation credit, corporations must provide [DOJ] all relevant facts about the individuals involved in corporate misconduct.
- Both criminal and civil corporate investigations should focus on individuals from the inception of the investigation.
- Criminal and civil attorneys handling corporate investigations should be in routine communication with one another.
- Absent extraordinary circumstances, no corporate resolution will provide protection from criminal or civil liability for any individuals.
- Corporate cases should not be resolved without a clear plan to resolve related individual cases before the statute of limitations expires and declinations as to individuals in such cases must be memorialized.
- Civil attorneys should consistently focus on individuals as well as the company and evaluate whether to bring suit against an individual based on considerations beyond that individual's ability to pay.”
If organizations respond to these incentives by providing incriminating facts about individuals, the new policy will tend to create wedges between organizations and their personnel, which DOJ is now pledging to prosecute more vigorously. It remains to be seen how these incentives will actually be applied by prosecutors, followed by defendants, and reviewed by courts.
- Has the organization established compliance and/or ethics programs to prevent and detect violations of applicable laws?
- Do formal organizational policies define standards and procedures for agents and employees?
- Are specific high-level personnel assigned responsibility and authority to ensure these standards and procedures are followed?
- Does the organization provide training and/or other means to communicate standards and procedures effectively to its agents and employees?
- Is there an effective program for enforcing these standards (e.g., monitoring and audits)?
- Are there internal reporting mechanisms (including protections against possible retaliation)?
- Does the program include clear and effective disciplinary mechanisms?
- Does the program provide for immediate and appropriate steps to correct the condition giving rise to any detected offense or violation (e.g., program changes and individual disciplinary actions)?
- Does the program include provisions for self-reporting to appropriate authorities?
Federal laws prohibit employers from basing employment decisions on a variety of factors, including “sex.” This term is not defined, leaving its interpretation to change and expand with social changes and court decisions. The central entity creating and applying these interpretations is the Equal Employment Opportunity Commission (EEOC), which administers and enforces Title VII of the Civil Rights Act of 1964 and a variety of subsequent laws. On July 15, EEOC reaffirmed its present interpretation, in an enforcement decision in which the plaintiff claimed he was denied access to a promotion because he’s gay (Baldwin v. Foxx). The EEOC’s order includes a clear summary of the agency’s approach to sex discrimination cases:
Federal laws protect individuals against job discrimination based on a variety of “protected classes” of characteristics. Most represent physical characteristics, such as race, sex, and disability. In addition, however, Title VII of the Civil Rights Act of 1964 prohibits a prospective employer from refusing to hire an applicant in order to avoid accommodating a religious practice that it could accommodate without undue hardship.