The following piece ran in Law 360 on December 7, 2022
by Stephen Hall and Houston Shaner
On Nov. 15, the U.S. Securities and Exchange Commission’s Division of Enforcement released its summary of the enforcement actions it brought in fiscal year 2022. It offers good news and bad news.
The good news first: The case total climbed nearly 10% from the prior fiscal year. The dollar figures are even more impressive — the SEC imposed $6.4 billion in monetary recovery through enforcement.
That is a significant increase from fiscal year 2021, when the SEC imposed less than $4 billion. Of that amount, civil penalties — those specifically intended to deter future misconduct — jumped from $1.4 billion to $4 billion.
These gains undoubtedly reflect the vigor and hard work of the enforcement staff and that staff’s commitment to protecting investors and market integrity. The agency has certainly trumpeted these numbers.
On the same day that the SEC released its 2022 results, the director of the SEC’s Division of Enforcement, Gurbir Grewal, gave the keynote address to the Securities Enforcement Forum. He emphasized the growth in penalties, noting that the SEC imposed the highest amount for a single fiscal year, and he highlighted many of the positive aspects from the largest individual fines.
But the bad news is that raw numbers tell only part of the story. The quality of the enforcement cases is often as important as the quantity, especially when that quantity is judged only by aggregate dollars.
A quality case is one that not only requires disgorgement of ill-gotten gains but also imposes fines large enough to actually punish violators and deter future misconduct. It must also hold the individuals involved in the misconduct accountable, including those at the top of the corporate ladder.
And, when settled, it must include nonmonetary sanctions such as admissions of liability and conduct remedies that require companies to change their practices and improve their compliance cultures.
Below, we review these critical principles of effective enforcement and how well some particular SEC cases have met the challenge. The bottom line is that the SEC must do more on all three fronts: higher penalties, more individual accountability, and greater use of remedial sanctions and disqualifications.
How much does it matter? It is tremendously important: The SEC is the first and most important line of defense against securities fraud, unregistered offerings, insider trading, market manipulation, foreign corruption and other misconduct in the capital markets.
If the SEC’s enforcement program falls short, more investors suffer losses, fraudsters are emboldened and confidence in the integrity of our capital markets wanes, along with investor willingness to participate in those markets.
Beyond disgorgement, monetary penalties must exceed a mere cost of doing business.
Disgorgement is a baseline for effective enforcement, as it deprives wrongdoers of the fruits of their crimes while often enabling the SEC to return money to victims and mitigate their losses.
But this remedy alone cannot be an effective deterrent because it creates no risk of loss. The lawbreaker wagers that it simply won’t get caught — and can keep the proceeds — or that, if it does get caught, it will be no worse off after returning its profits.
Civil penalties are thus an essential complement to disgorgement, and the amount of the penalty is key. As Grewal noted in his address, the SEC has made strong progress here: This is the first time in at least several years that civil penalties have overtaken disgorgement in terms of total dollars.
To be sure, the SEC often levies seemingly large penalties, and fiscal year 2022 saw a spate of high-dollar enforcement actions. An Allianz subsidiary, The Boeing Co., Nikola Corp., Ernst & Young LLP and a murderers’ row of Wall Street banks all received fines of at least $100 million last year.
These mega-penalty cases go a long way toward accounting for the leap in the SEC’s aggregate annual monetary sanctions.
Yet even some of the splashier penalties are simply not large enough. Grewal certainly understands the key principle. In a 2021 speech, he said the SEC “must design penalties that actually deter and reduce violations, and are not seen as an acceptable cost of doing business.”
Still, it’s far from obvious that this goal is being met. For example, in one of the highest profile enforcement actions last year, the SEC imposed a collective $1.1 billion penalty against a host of Wall Street banks and other financial institutions for widespread, systematic record-keeping violations. The largest of these banks paid $125 million apiece in civil penalties.
Was that amount above the acceptable cost of doing business? Doubtful.
For starters, the penalties were announced — and presumably agreed upon — near the end of the fiscal year. That timing suggests that the SEC might have felt pressure to cut a more generous deal in part to boost its own enforcement numbers for fiscal year 2022.
In any event, these banks count their net revenues in tens of billions of dollars and their assets in trillions of dollars. The penalties that headline the SEC’s work, then, are close to rounding errors for the big banks.
The lack of deterrence seems especially clear since many of the same banks have paid out large fines or judgments in prior years, or even this year, with little indication of real contrition or meaningful changes in behavior.
Grewal again articulated the issue well: “[D]espite all of the strong enforcement actions … the types of behavior described in the headlines … persist, and as a result, a significant part of the public continues to feel that our markets are essentially a game that is rigged against them.”
In some cases, the SEC has chosen to forego a fine altogether. Over the last year, for instance, the agency took the unusual step of settling fraud claims with technology company HeadSpin Inc. without levying a penalty.
HeadSpin raised over $80 million in equity thanks to fraudulent claims by its then-CEO Manish Lachwani but, after an internal investigation, forced out the CEO and other senior officers, revised its valuations and remitted roughly 70% of the amount raised, with an offer to remit the remainder as promissory notes.
HeadSpin, in other words, disgorged most if its ill-gotten gains on its own initiative. That, along with consequences for management, might be sufficient deterrence to future misconduct by HeadSpin. But what does it signal to other regulated entities?
In short, for entities the size of the biggest banks, the SEC’s statutory authority — and its resolve — to levy fines simply don’t appear to be sufficient for real deterrence.
What’s necessary, in addition to monetary sanctions — even in eye-catching amounts — is deterrence against individuals within those entities, the next topic.
Individuals must be held accountable.
Every time a company violates the law, a human being has been responsible for the misconduct. As we have said, banks don’t violate the law, but bankers do.
Especially for super-sized corporate defendants, the SEC should presume that enforcement against responsible individuals is necessary for effective deterrence. The SEC made some commendable progress here during the prior fiscal year.
Executives or senior management at Nikola, Boeing and Allianz all stood alongside their companies as defendants. And in the case of one smaller investment entity Hamilton Investment Counsel LLC, the SEC sought relief specifically against an officer responsible for implementing compliance controls, undoubtedly a strong signal to other compliance professionals.
According to Grewal, most of the SEC’s stand-alone cases last year included at least one individual defendant.
But these actions stand out because they are exceptions, not the norm. More typically, when the SEC brings enforcement against individuals, they are more junior employees or one of a few principals behind a small corporate shell.
Recall the large banks described above that were collectively fined over $1 billion. Not one individual is mentioned, much less charged, in the announcement for those cases.
And that is despite SEC allegations of “widespread and longstanding failure of … employees throughout the firm, including at senior levels, to adhere to certain … essential requirements and the firm’s own policies” — failures that, in the SEC’s own view, “likely impacted the Commission’s ability to carry out its regulatory functions and investigate violations of the federal securities laws across these investigations.”
Worse still, perhaps, is the example of Ernst & Young, another member of fiscal year 2022’s $100-million-penalty club. As described in Ernst & Young’s settlement with the SEC:
Over multiple years, a significant number of EY audit professionals cheated on the ethics component of the Certified Public Accountant (CPA) exam, as well as on a variety of other examinations required to maintain their CPA licenses. As this was ongoing, EY withheld this misconduct from SEC staff conducting an investigation of potential cheating at the firm.
This conduct was certainly systemic within the company, and that was precisely because numerous individuals within the company had systematically decided to engage in misconduct. It even reflected recidivism, as Grewal noted.
But where is the accountability for those individuals, including those impeding the SEC’s investigation? Sanctions for this misconduct aimed solely at the company are wholly inadequate.
The individuals responsible for knowingly and intentionally violating the law must be held accountable if such egregious lawbreaking is to be punished and deterred.
A range of nonmonetary sanctions must also be applied alongside fines and disgorgement orders.
Because monetary penalties, and particularly corporate penalties, are rarely sufficient deterrents, the SEC must also include nonmonetary measures as well.
Admitting fault should be a starting point for every case. Far too often the agency allows a settling defendant to neither admit nor deny the alleged misconduct. This result, in fact, seems to be the default practice.
But the agency undoubtedly has a strong case for liability in many of these same instances, and an admission is an important measure for communicating responsibility to the public and to other market actors.
On this front, the SEC did have some notable achievements last fiscal year. Ernst & Young admitted misconduct and liability in its settlement, for instance. And the SEC even managed to make the big banks do the same with respect to their violations.
The agency achieved real wins for market integrity in both cases, and it will hopefully continue to make further progress on admissions throughout the current fiscal year.
Furthermore, “prophylactic relief—such as officer and director bars, associational bars, suspensions, conduct-based injunctions, and undertakings—is an important part of robust remedies,” Grewal said.
Here, too, the SEC has genuinely advanced the public interest in some of its highest-profile cases from fiscal year 2022. Once again, the Ernst & Young and bank settlements include meaningful commitments to retain independent compliance monitors or consultants — measures that the agency might not have achieved under past administrations. But even these exemplars have some apparent weaknesses.
For example, Ernst & Young can object to the compliance monitor’s recommendations as “unnecessary, unjust, … unduly burdensome, or impractical.” And the banks can object on similar grounds.
These provisions raise real questions about the ultimate effectiveness of these commitments.
Finally, as an adjunct to enforcement, the SEC must adopt a more robust and transparent approach to disqualifications.
The law presumes that when a company violates the law, it cannot be trusted to engage in certain types of securities market activities, ranging from the use of streamlined procedures for raising capital to serving as a trusted investment adviser.
The SEC has routinely waived these disqualifications, sometimes even for egregious violators.
For example, Credit Suisse Group AG and one of its subsidiaries pleaded guilty to defrauding investors in a foreign tuna fishing project involving hundreds of millions of dollars. Yet the SEC exempted Credit Suisse almost immediately thereafter.
And the SEC has issued these waivers largely in the shadows, with a little-noticed letter quietly transmitted to the violator.
In a positive step, the SEC has rescinded its earlier policy of considering waivers in conjunction with settlements of enforcement actions, appropriately choosing instead to evaluate a settlement proposal on its own merits and later deciding on whether a waiver request should be granted under applicable standards.
Yet the process is still opaque, waivers remain common and few seem to be paying attention. That must change.
The SEC’s enforcement work is vital. It is also challenging, as the myriad forms of financial fraud and abuse are often complex and difficult to prove.
And the SEC must bring its enforcement authority to bear on a multitrillion-dollar marketplace involving a huge collection of market participants, including brokers, investment advisers, exchanges and others.
Discharging this responsibility means having adequate resources at its disposal and, while that’s a topic for another day, it bears directly on the effectiveness of the SEC’s enforcement program.
The results announced on Nov. 15 paint a mixed picture.
As much cause for commendation as they bring, the SEC’s victories must not distract from the more fundamental truth: Enforcement of the securities laws against firms and individuals must be stronger. Protecting the public and preserving the integrity of the securities markets demand more.
Stephen Hall is legal director and securities specialist, and Houston Shaner is senior counsel at Better Markets Inc.
Read more at: https://www.law360.com/capitalmarkets/articles/1555348/sec-must-improve-enforcement-quality-with-3-key-factors?copied=1?copied=1