Posted on

Securities and Exchange Commission’s voting record on legal actions

Since tomorrow is election day in America I thought it would be appropriate to talk about the Securities and Exchange Commission’s voting record with respect to legal actions.

As a background, there are five Commissioners who are appointed by the President with the advice and consent of the Senate.  Terms of these Commissioners last five years and are staggered so that one Commissioner’s term ends on June 5 of each year.  The Chair and Commissioners may continue to serve approximately 18 months after terms expire if they are not replaced before then.  What’s interesting is that to ensure the Commission remains non-partisan, no more than three Commissioners may belong to the same political party.  The President also designates one of the Commissioners as Chair.  As of the time of this blog post there are three Commissioners, Mary Jo White, Chair, Kara M. Stein, and Michael S. Piwowar.  Two vacancies currently exist on the Commission.

The Division of Enforcement, whose activities are overseen by the Commission, has had a milestone year in terms of both enforcement actions and whistleblower awards.  Before the SEC staff brings enforcement actions the Commission must vote and approve the staff to take action.  To provide insight into this process the SEC posts voting results of the Commission on its website.

In analyzing these voting results following are some interesting trends:

  • Since January 2016, the Commission voted on 804 proceedings
  • Between January 1, 2016 and the date of today’s post, the Commissioners have nearly a 98% “Approved” voting record on these proceedings
  • In only 20 of the 804 proceedings did any Commissioner vote “Not Approved”
  • In every proceeding when a “Not Approved” vote was cast, a majority of the Commission voted “Approved”
  • In only 20 of the 804 proceedings did a Commissioner vote “Approved with Exception” (reasons for the exception included the amount of corporate penalty or the bar sanctions, for example)
  • When a Commissioner voted “Not Approved,” it was generally Commissioner Piwowar

With this in mind, there are multiple ways of thinking about potential explanations for the high rate of conformity in voting, such as large caseload juxtaposed against a lack of sufficient time to truly vet cases to bring or political pressure to increase actions.  Although interested parties may make different conclusions about these findings, they are, nonetheless, important to take note of.

Photo credit

Posted on

Payout trends in the SEC’s whistleblower program

In July 2010, the U.S. Congress enacted and President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act.   In connection with reform on investment protection, the Dodd-Frank Act provided for the establishment of a new whistleblower program.  The program provides for financial incentives for individuals to report potential federal securities laws violations to the SEC and provides for protection from employment retaliation.

Adoption of whistleblower rules

On May 25, 2011, the SEC adopted the new whistleblower rules, codified as Section 21F of the Securities Exchange Act of 1934, entitled “Securities Whistleblower Incentives and Protection.”  Pursuant to these rules, the SEC has ability to provide monetary awards to eligible individuals who come forward with high-quality original information that leads to an SEC enforcement action in which over $1 million in sanctions is ordered.  The range for awards is between 10% and 30% of the money collected.

The rules clarify that “original information” must be:

(i) Derived from your independent knowledge or independent analysis;

(ii) Not already known to the Commission from any other source, unless you are the original source of the information;

(iii) Not exclusively derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or investigation, or from the news media, unless you are a source of the information; and

(iv) Provided to the Commission for the first time after July 21, 2010 (the date of enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act).  See Rule 21F-4(b)(1)

Furthermore, the rules state that information submitted to the SEC is provided “voluntarily” if:

…you provide your submission before a request, inquiry, or demand that relates to the subject matter of your submission is directed to you or anyone representing you (such as an attorney):

(i) By the Commission;

(ii) In connection with an investigation, inspection, or examination by the Public Company Accounting Oversight Board, or any self-regulatory organization; or

(iii) In connection with an investigation by the Congress, any other authority of the federal government, or a state Attorney General or securities regulatory authority.  See Rule 21F-4(a).

Discretionary payouts

As mentioned previously, the range of awards that the SEC will pay out is between 10% and 30% of the money collected, not of the monetary sanctions ordered.  With this in mind, the SEC considers the following factors to determine the size of the award:

  1. The significance of the information
  2. The assistance provided by the whistleblower
  3. Law enforcement interest that might be advanced by a higher award
  4. Whistleblower’s participation in internal compliance systems

In addition, the SEC considers the following factors to decrease the payout percentage of the award:

  1. Culpability
  2. An unreasonable reporting delay by the whistleblower
  3. Interference with internal compliance and reporting systems

SEC’s payout trends

From its inception through July 2016, the SEC’s whistleblower program has issued 24 final award orders and 51 final denial orders.  Of these 24 final award orders, the largest award amount disclosed was over $30 million (announced September 22, 2014) and the smallest award amount disclosed was $125 thousand (announced August 30, 2013).

Of the 19 disclosed award amounts, the median payout is approximately $700 thousand.

Furthermore, of the nine awards disclosing the payout as a percentage of the monetary sanctions collected, the SEC has ordered payouts of 30% on five occasions, a payout of 28% once, payouts of 20% twice, and one payout of 15%.  It should be noted that these figures represent the total payout percentages for each matter (regardless of the number of claimants).

Seven of the 24 final award orders mentioned more than one claimant for payout, with three of these awards naming two claimants and four naming three claimants.  The distribution of the payout to each of these claimants varied from equal proportion of the award among the claimants (33% or 50% to each claimant in final award orders naming three and two claimants, respectively) to as dispersed as 50% of the award to one claimant, 33% to another, and 17% to the third claimant within the same final award order.

Another interesting observation is that, of the 24 final award orders, the SEC disclosed the whistleblower profiles for 11 of them.  Of these 11 awards, two were in the compliance function, one was an officer, seven were non-descriptive insiders/employees, and one was an outsider.  There does not appear to be any correlation between the whistleblower profile and the payout percentage or amount of the award.

I have prepared a schedule that summarizes key information for each final award order.  This schedule includes all final orders through July 2016.

Photo credit

Posted on

What an in-house fraud investigation looks like

Because in-house fraud investigations can vary in terms of structure, resources, and performance, sometimes we wonder what does an in-house fraud investigation typically look like.  Well, thanks to the Association of Certified Fraud Examiners (ACFE), we can answer this question.

Last year the ACFE released a report entitled Benchmarking Your In-House Fraud Investigation Team, which analyzed various engagement metrics from over 800 survey responses.  I think you’ll find the results quite interesting.

To frame today’s post, I’ll cover the report’s findings for each of the following critical components of a fraud investigation:

  • Oversight of fraud investigations
  • Outsourced vs. in-house investigation team
  • Time to resolution
  • Disciplinary actions against or prosecution of perpetrators, and
  • Recovery of fraud losses

Oversight of fraud investigations

As for structure, approximately half of survey respondents indicated that the investigation team reports either to internal audit leadership (28.3%) or senior management (22.1%).  Interestingly, only 6.4% reported to in-house legal counsel.  The below chart demonstrates that there is diversity in oversight of fraud investigations, perhaps dependent on the nature of the fraud (financial statement fraud, compliance fraud, asset misappropriation, etc).

SNAG-2

Outsourced vs. in-house investigation team

When it comes to in-house fraud investigations, overwhelmingly the survey respondents (68.2%) indicated they are always performed in-house as opposed to being outsourced.  Furthermore, approximately 23% of organizations outsource their investigations up to 25% of the time.  One reason for organizations infrequently outsourcing fraud investigations could be due to the fact that over 73% of survey respondents indicated their organizations had over 1,000 employees.   Perhaps larger organizations (those with over 1,000 employees) generally have sufficient personnel capacity to perform the investigations.

SNAG-3

Time to resolution

As practitioners understand, resolving investigations in a timely fashion is paramount to (1) effective detective internal controls and (2) setting an appropriate tone within an organization.  According to the report, nearly six in 10 fraud investigations (59.8%) were closed within 30 days.  Conversely, just over 10% of fraud investigations took more than one quarter to close.  Of course, the duration and extent of a fraud investigation is heavily based on the degree of complexity of the alleged fraud.

SNAG-4

Disciplinary actions against or prosecution of perpetrators

Although organizations prefer to prevent fraud from occurring, the reality is that fraud is impossible to completely eliminate from all organizations.  Therefore, when it comes to effective internal controls, management should strive to set a “zero tolerance” policy for fraud.  In essence, how management reacts to known or suspected fraud, therefore, is critical to setting an appropriate tone within the organization.

The following chart shows the percentage of investigations that resulted in disciplinary action.  Less than a third (31%) resulted in disciplinary action between 76% and 100% of the time.  On the other hand, approximately the same amount of investigations (31.6%) resulted in disciplinary action between 0% and 25% of the time.

SNAG-5

The next chart shows an interesting trend in prosecution referrals.  The majority of investigation teams (59%) decided to refer their case for prosecution between 1% and 25% of the time.  Conversely, 9.8% of investigation teams referred their case for prosecution between 76% and 100% of the time.  As one may expect, there are a number of factors involved with the decision to prosecute.  These may include sufficiency of evidence to prosecute, reputational risk, and cost vs. benefit analysis.  Hence, the decision to prosecute must be weighed carefully by an organization.

SNAG-8

Recovery of fraud losses

In the end, just because investigation teams substantiate allegations of fraud does not mean the losses are automatically recovered.  In light of this, I believe the following chart is one of the most relevant statistics in this report.  According to the survey results, the majority of investigation teams surveyed (54.6%) indicated that less than a quarter of the fraud losses were recovered.  In contrast, 13.0% and 13.9% of investigation teams indicated that 51% to 75% and 76% to 100% of fraud losses were recovered, respectively.

SNAG-6

Final observations

These results are interesting, to say the least.  With a focus on continuous improvement, fraud investigation teams should think about how these findings could affect their existing structure, resources, and performance.

In the end, fraud investigation teams will vary in their look and feel, depending on the nature and complexity of the fraud being investigated.  Having adequate staffing of in-house investigations with the right level of experience and bandwidth will put teams in the best position to be efficient as well as thorough in their efforts.

Photo credit

Posted on

Fraud auditing, a new trend

We all know that fraud is alive and well in today’s society.  On a daily basis, it seems, we hear unpleasant fraud statistics and read eye-catching news headlines about new fraud schemes or deceptions.  Indeed, businesses today are no less vulnerable to fraud than before.

Because of its ever-presence in today’s business world, a new trend of fraud auditing is becoming more and more popular.  So, what is it?  In essence, fraud auditing is a two-phase exercise.  First, one designs a fraud risk assessment to identify areas where a company may be susceptible to fraud.  Second, in response to findings of this assessment a monitoring and reporting program is put in place as a tool for management oversight.

Preventive vs reactive measures

When I was a former Big 4 auditor I incessantly heard complaints from my clients about audit fees being too high.  Indeed, financial statement audits can be expensive because they are designed to cover all aspects of the financial statements.  In contrast, fraud auditing doesn’t have to be expensive.

Moreover, as a preventive measure, one of the benefits of fraud auditing is that the cost of such an assessment can in large part be determined by the company’s management.  Conversely, as it relates to reactive measures, the cost will depend greatly on the motivation by the company for having the fraud audit conducted in the first place.  Examples of motivations imposed on a business may include: response to fraud already identified within the company, restatement of financial statements, or a decision to bolster internal controls because of restrictions imposed by a regulator, to name a few.

We can probably agree that human nature tends to be more reactive than proactive at different phases of life, such as wellness and personal finance.  In a similar vein, too often companies wait to respond to fraud risks until they manifest themselves through fraud or abuse.  Said another way, companies often do not perceive sufficient value in conducting a meaningful fraud risk assessment and, therefore, they wait until the stakes are much higher.  Oh, how relevant today is Benjamin Franklin‘s famous adage that “an ounce of prevention is worth a pound of cure!”

Consideration examples

Next, I wish to give some definition to the look and feel of a fraud risk assessment.  Depending on the nature and extent of a fraud audit, following are some examples for consideration to begin to understand risks and exposure:

  1. Domination of management by a single person or small group.  This gets at the heart of the tone within an organization.  Regardless of the extent of internal controls (even at the transactional level), if there is management domination by one or a few individuals, this can have a pervasive effect on the organization as a whole.
  2. A practice by management of committing to analysts, creditors, or other third parties to achieve aggressive or unrealistic forecasts.  One can see that being overly aggressive can be an area of risk and exposure.  Conversely, for businesses not beholden to outsiders (such as creditors or investors) this, of course, is irrelevant.
  3. Ineffective communication, implementation, support, or enforcement of the entity’s ethical standards by management or the communication of inappropriate ethical standards.  This really goes without saying. If management doesn’t enforce its own rules, then why have them in the first place?
  4. Recurring negative cash flows from operations while reporting earnings and earnings growth.  Financial pressures placed on management to generate favorable results should be considered when assessing the adequacy and effectiveness of business performance reviews.
  5. Rapid growth or unusual profitability, especially compared to that of other companies in the same industry.
  6. Significant, unusual, or highly complex transactions, especially those close to the period end.
  7. Significant related-party transactions not in the ordinary course of business.  A review of an entity’s financial statements or records can reveal the nature and extent of transactions with related parties.
  8. Recurring attempts by management to justify marginal or inappropriate accounting based on materiality.  Although this one may be difficult to assess, an effective fraud audit should incorporate inquiries of multiple company personnel at varying levels within an organization.
  9. Restrictions on the limitation of access to people, information, or communication by the board of directors or those charged with governance.  

I adapted the above points from the PCAOB’s AU 316, Consideration of Fraud in a Financial Statement Audit.  Although the above list is not exhaustive, it can be a good start to identify areas of heightened risk exposure for a company.  Equally important is that AU 316 was specifically designed to apply to external auditors in connection with the performance of financial statement audits.  Despite this, I believe the principles and guidance within this AU can apply to a variety of circumstances and not just financial statement audits.

Checklisting

It seems that in more recent years auditors have gravitated more toward a “checklist” mentality to discharging of their professional duties.  I believe this is heavily influenced by feedback from regulators.  Of course, checklisting has its place within a professional service engagement to mitigate legal and regulatory exposure.  However, as one can gather from my post above, it is important to exercise professional judgment by inserting a healthy degree of flexibility between checklisting activities and allowing free thinking and creativity.  After all, thinking through the “what ifs” of a situation is always an effective way to identify areas of risk and exposure.  To add to this thought, because risk factors can vary greatly depending on the industry and company-specific factors, it is imperative to tailor the nature and extent of a fraud audit to the needs of an organization.

Less rigorous is still better than nothing

In ideal circumstances companies want to get to the right answer from the beginning.  While this sounds good, the reality is that, as I touched upon earlier, many businesses do not place fraud auditing as an area of focus until they are forced to.

One way to assist companies in overcoming the resistance to a full blown fraud audit is to perform a less rigorous fraud risk assessment.  As a valuable resource the Association of Certified Fraud Examiners (ACFE) offers a Fraud Prevention Check-up.  While I recommend any such assessment be performed with the assistance of experienced professionals familiar with the issues, this check-up exercise could, in theory, be performed by the business itself.  In any case management should take the assessment seriously, standing ready to take action should there be cause for concern.  Additionally, I strongly recommend that, if possible, general counsel be aware of and participate in this process for legal protection to the company.

Altogether, companies that take seriously their obligations to protect company assets and stakeholder value should equally take seriously their oversight and monitoring of financial fraud risks.  Fraud audits provide an excellent means of fulfilling these obligations.

Photo credit