In this episode, Matt Kelly and I take a deep dive into the weeds of the soon-to-be-released the House Financial Services Committee, the Financial Choice 2.0 Act. We consider some of the ideas in the legislation which Matt thinks are bad including:

1. Repeal of the Chevron deference repealed.

2. Attempts to clip the SEC rule making authority.

3. Exempting more companies which desire to go public from SOX 404(b) requirements and reporting.

4. (Matt’s most particular bad idea) The exemption of more filers exempted from XBRL reporting.

We also discuss some of the potential benefits from the legislation and where it may all go in the Senate.

For more see Matt’s blog post House GOP Regulatory Reform Axe, on his site Radical Compliance.

In this episode Matt Kelly and myself take a deep dive into SOX 404(b), what it requires and how companies comply with the reporting requirements set out in this statute. We consider the recent announcements from Congressman Jeb Hensarling to amend this section to exempt companies under the $500MM who wish to go public from its reporting requirements. We consider the corporate and audit response currently in place for 404(b) and how this response is now well embedded in not only corporate controls but also in reporting. We discuss the importance of internal controls over the time frame since the enactment of SOX and how any change may not be well received by institutional investors and private equity funders.

For a more detailed discussion, see Matt’s blog post entitled, “Tale of Sound & Fury: The 404(b) Debate”.

2016 was more than simply the most robust year in Foreign Corrupt Practices Act (FCPA) enforcement. It was also a record year in Securities and Exchange Commission (SEC) whistleblower awards and additionally the year the SEC literally crashed through the $100 million mark for whistleblower awards under Dodd-Frank. It would therefore seem like a very propitious time for a well-rounded conference focusing solely on this issue. Fortunately for us in the compliance space, Financial Research Associates and Compliance Week have answered the call with the Whistleblowers & Compliance conference to be held in NYC on February 27, 2016. Recently I was able to visit with Conference Chair, Gregory Keating, on the event.

Greg is the Chair of Choate Hall & Stewart LLP’s Labor Employment & Benefits and Whistleblower Defense Groups. In his practice has he three general areas. The first is compliance related and is everything from conducting training for organizations to auditing their existing practices, policies and procedures to assist employers to make sure that everything is setup correctly to insure a transparent environment. Second is in the area of investigations; including those focusing on  alleged wide-spread retaliation or wrongful conduct which whistleblowers bring to light. Third is litigation in the arena of whistleblower retaliation suits that are brought under a growing array of statutes, predominately Sarbanes–Oxley (SOX), Dodd-Frank, the False Claims Act, and others which prohibit against retaliation.

Keating is very excited about the conference. He noted there will be a marquee group of speakers who come from a number of different arenas. There will be government officials from some of the most prominent agencies who have agreed to speak. A group with an in-house perspective from some very prominent multi-national organizations who are wrestling with and analyzing how best to respond to this changing climate, who are going to weigh in and give their perspective. There will be some of the most prominent members of the defense bar, nationally and internationally, in this space. Last, but not least, there will be a number of extremely high profile plaintiff lawyers who practice either in Dodd-Frank or the plaintiff side of retaliation against whistleblowers.

The conference will kick-off with a deep dive into the whistleblower landscape, discussing its importance and why there is such deep water right now. It will canvas the expansion of whistleblower rights and remedies, focusing on recent court decisions that have come out and new legislation that continues to evolve. It will also look at what companies are doing specifically in response in this area.

I asked Keating if he might provide an example and he related that there has been a real proven attack on corporate agreements and policies which have the purpose or effect of muzzling whistleblowers. There have been, in the last year at least, almost half a dozen six figure civil money penalties imposed by  the SEC. The conference will provide some concrete guidance and advise from both the in-house and defense bar perspective on how to avoid that mine field. Additionally, there will be some concrete advice flowing from some very, very recent Department of Labor (DOL) recommended best practices around how to have an effective compliance program, where they focus on the importance in this day and age of training.

A hot topic to be discussed is the current whistleblower retaliation trial of former Bio-Rad General Counsel (GC) Sanford Wadley. The conference will use this trial to consider the rising tide of in-house counsel and compliance professionals as the whistleblower. Keating said that other hot topics that will likely be addressed include whether whistleblowers can take confidential information in direct violation of a confidentiality agreement and, nonetheless, proceed as a whistleblower and whether would-be whistleblowers could engage in other opposition which arguably is unreasonable and whether those whistleblower rights will trump otherwise legitimate company policies. Keating ended by stating “there is a lot in this space that is really sizzling now” and the conference agenda will reflect these very current topics.

The conference will feature government representatives from the SEC, the US Commodity Future Trading and the DOL. This is whistleblowing across the government spectrum and will allow the attendees to identify some of the issues which corporations across America are grappling with and provide some unique insights into how best to protect oneself in this rapidly changing climate.

No doubt to warm my heart as the nuts and bolts guy, there will be several panels dedicated to subjects such as how do you do compliance, including training; drafting and creating effective employment separation, settlement and confidentiality agreements, and in-house audits. Of course there will also be coverage of hotline triage and response, together with presentations on how set up a robust investigation protocol.

In short, if there is only one whistleblower conference you can attend, you should strongly consider this event. It will showcase regulators, the whistleblower defense bar, top corporate in-house compliance practitioner and GC types, and the plaintiff’s bar for whistleblower and retaliation cases. For any compliance practitioner, GC or lawyer, I think this will be a fabulous conference. I hope you will be able to attend.

Best of all readers of this blog will receive a discount to the event. You can receive a 15% discount off the regular price by entering the Code CMP 161. For more information on the event, check out the website by clicking here.

leonard-cohenNow I’ve heard there was a secret chord; That David played, and it pleased the Lord

But you don’t really care for music, do you?; It goes like this

The fourth, the fifth’; The minor fall, the major lift

The baffled king composing Hallelujah

Hallelujah; Hallelujah; Hallelujah;Hallelujah

You might say we need him now more than ever. Unfortunately, we lost him last week as Leonard Cohen passed away at age 82. He was truly one of the greatest song writers during my lifetime. Yesterday I presented my views on why I believe that Foreign Corrupt Practices Act (FCPA) enforcement will continue under the new administration. Today, I want to begin a multi-part series (sorry I don’t know how long it will go) about why compliance will not change under a Trump administration. To do so, and to honor Leonard Cohen, I will begin this series through the lens of Cohen’s most famous work Hallelujah. To say it took some time for the song to become the staple and classic that it is today is an understatement.

In an interview on the New Yorker Radio Hour, Cohen said the song had literally over 200 drafts. At one point it had 80 different verses. As noted in the Life of A Song column in the Financial Times (FT) by David Cheal, the song was “an epic, hymnal composition with biblical allusions (David, Bathsheba and Samson are referenced).” He went on to say that “Cohen later said the song took him two years to write.” Yet when it was released in 1984, it was not a hit. It took John Cale to popularize the song when he included it “in a 1991 Cohen tribute album, I’m Your Fan. Shorn of the clunky accoutrements of Cohen’s version, the song was allowed to shine.”

Yet this is not the version that most people are familiar with today as the explosion of the song’s popularity came from a cover by Jeff Buckley in 1994 “whose exquisitely pure tenor voice, recorded with a churchy echo, seemed ideally suited to the song’s religious themes. Since then, “Hallelujah” has become one of the most covered songs ever, up there with Yesterday and My Way.” However, and at this moment of my life and the life of this country, I find the most exceptional version of Hallelujah to have been the version performed by Kate McKinnon in place of the usual opening monologue on the November 12, 2016 episode of Saturday Night Live (SNL), which you can view by clicking here. It certainly lifted me up, which is what I needed about now.

All of the above speaks to what we in the compliance community need to understand now. It is not the end of the world or even the end of compliance. While I am fairly certain that FCPA enforcement will continue I have no doubt that the compliance profession will continue to grow but flourish. The reason is that good compliance is good business and any process which helps businesses to be more efficient and do business more profitably it is not going to diminish in size or importance.

Just as the song went through multiple reviews, versions and was recorded by several artists before it attained its now iconic status, the compliance profession has evolved as well. John MacKessy, writing in the Finance Professionals’ Post, in a piece entitled “Knowledge of Good and Evil: A Brief History of Compliance, noted that the FCPA and Environmental Protection Act (EPA) “prompted companies to develop internal resources that would actively monitor compliance with the laws, rules, and regulations of their industries.” The next step in the evolution of the compliance profession was the defense procurement scandals from the 1980s, where the industries sales of “$400 hammers and $600 toilet seats” to the US government led to the Defense Industry Initiative (DII). This industry led initiative created “a set of principles endorsing ethical business practices and conduct” within the defense industry for its dealings with the US government.

The next step in the evolution of the compliance profession was the 1992 US Sentencing Guidelines which, for the first time, set out what the government would consider for credit in sentencing of organizations. Many tribute these 1992 Sentencing Guidelines for the creation of the modern compliance profession. These guidelines included credit for “the specific elements of an effective compliance and ethics program. Companies that embarked on such programs would be eligible for more lenient sentences. To qualify as “effective,” a company’s compliance program would not only have to establish standards and procedures to prevent and detect criminal conduct, but would have to actively promote a culture encouraging ethical conduct and compliance with the law. The emendation of those guidelines in 2004 reflected the need for corporate boards to demonstrate knowledge of compliance programs and fulfillment of oversight responsibilities as part of monitoring the effectiveness of companies’ compliance and ethics programs.”

The next major step was the financial accounting frauds and scandals of the late 1990s and early 2000s including Enron, WorldCom and Tyco. These scandals were so wide-ranging, with senior executive participation, if not directing of the corporate fraud that a new legislative response was required and this response was the passage of the Sarbanes-Oxley Act of 2001 (SOX). Aaron Einhorn, writing in the Denver Journal of International Law & Policy, in an article entitled “The Evolution and Endpoint of Responsibility: The FCPA, SOX, Socialist-Oriented Governments, Gratuitous Promises, and a Novel CSR Code”, said, “sections 302 and 404 of SOX together require corporate executives to state their responsibility for designing internal controls, to create such controls, to assess and evaluate these controls, and to draw conclusions about their effectiveness…” SOX specifically charges executive officers with internal controls duties.” Einhorn ends this section by noting, “internal controls have been transformed from a recitation of general duties lodged upon the corporation as a whole to a statement of specific duties imposed on corporate executives in particular.” This strengthened the compliance professional who was called upon to design these internal controls.

The next major legislation which enhanced the compliance function was the Dodd-Frank Act of 2010, passed in response to the 2008 financial crisis. MacKessy pointed to the downfalls of Bear Stearns and Lehman Brothers as drivers of more compliance because they both “demonstrated the degree to which external risk events can create a loss of confidence resulting in permanent reputational damage and impaired shareholder value.” The legal and legislative response has been that companies should design effective compliance programs which use risk based programs as a basis to design, create and implement effective compliance programs. Joe Howell, Executive Vice President (EVP) for Workiva Inc., has gone further, drawing a straight line from the FCPA to SOX to Dodd-Frank in the development of the compliance function.

All of this means compliance is not going away, no matter what the law enforcement priorities of the new administration. Companies understand that compliance and business ethics have a role in not only driving business strategies and initiatives but that more compliant companies are better run companies and at the end of the day more profitable because they have better controls. MacKessy ends his piece by stating the compliance programs “can provide multiple rewards – from risk mitigation, to reputational enhancement, to business strategy development.”

The compliance profession is where the magic happens in a corporation. Whether it be specific tasks of making sales, vetting relationships or the spade work of creating policies and procedures, it is compliance that drives the discussion of how we should do business. The corporate compliance profession fulfills the business obligation in doing things the right way for, at the end, it will be the compliance profession which implements the requirements of compliance whether those requirements are anti-corruption laws such as the FCPA, the UK Bribery Act, Anti-Money Laundering (AML), export control, anti-trust regulations, or any other regulation that you can name. Equally importantly, the compliance profession is teaching corporations how to evaluate risks and the compliance profession leads that discussion. It is the compliance profession that is the most innovative in not only protecting corporations, but actually helping corporations do business, do business more efficiently, and do business more profitably.

All of this shows compliance has developed over many years and for many reasons. None of this is going away. Tomorrow I will begin to consider the business applications and implication of compliance in more depth (and a couple of numbers from Leon).

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016

In this episode, Matt Kelly and I discuss the differences between SOX 404 reporting controls and 302 disclosure controls. We then pivot to a discussion of the potential merging of the COSO 2013 Framework for controls with the COSO ERM Framework currently in the public comment period.

Check out Matt’s blogs posts on these topics:

  1. Of Sox Controls and Earnings Reports, click here.
  2. ERM Framework: Govt. Sector Calls for Unity, click here.