Keeping your CEO and CFO out of trouble

Regulatory compliance is not a topic that grabs a lot of mainstream headlines, and I'm quite sure I've never seen it "trending" on Google. And yet my inbox is the recipient of a growing number of pitches from companies in the business of keeping firms--particularly financial firms--in regulators' good graces. (One example from a couple days ago.) The number of pitches of this nature seems to correspond with the U.S. Securities and Exchange Commission's running tally of enforcement actions taken in the wake of the 2008 Wall Street meltdown.

CIOs at financial firms have avoided being directly implicated in this crackdown by the SEC, but CEOs, CFOs and other senior corporate officers have been charged by the dozens. So far, more than 100 entities and individuals have been charged with fraud or other misconduct that led to or arose from the financial crisis, and the SEC has issued more than $1.2 billion in penalties. This includes $550 million in penalties paid by Goldman Sachs, $150 million paid by Bank of America and $118 million paid by Charles Schwab businesses.

Caught up so far in the SEC's effort were chief executives from American Home Mortgage, BankAtlantic, Countrywide, Brooke Corp., Brookstreet and more. At Countrywide, former CEO Angelo Mozilo agreed to pay $22.5 million to settle the charges of misleading investors about credit risks, and he was barred permanently from serving as a director or officer. The chief operating officer and chief financial officer at Countrywide were also charged.

Compliance officers are a widening target for the SEC, which recently ramped up efforts to identify deficiencies in the hope of seeing them repaired them before they can lead to fraud. The starting place of much of the misconduct leading to the financial crisis can be traced to compliance failures, the SEC's enforcement division director, Robert Khuzami, pointed out not long ago. The division's relatively new asset management unit has taken action against firms for insufficient compliance in an effort to prevent damage to investors before it can occur.

This year, the SEC's Office of Compliance Inspections and Examinations is focusing on whether corporate compliance programs and risk management programs have what it takes to identify potential weaknesses (.pdf). SEC examiners--who sometimes notify companies in advance of their arrival and sometimes do not--take a look at a company's internal controls and compliance systems to decide which areas will get their attention.

The financial sector continues to be in the spotlight as the Dodd-Frank Wall Street Reform and Consumer Protection Act is implemented and enforced, but it isn't the only industry with rising concerns about compliance enforcement. Even if your company doesn't deal in risky mortgages or other tricky financial products, it almost certainly faces regulatory requirements or industry-established standards on data handling and record-keeping. Even though non-compliance does not necessarily lead to fraud, it creates an environment in which it can occur more easily. - Caron