Recently Gurbir Grewal (the SEC’s Director of the Division of Enforcement) delivered this speech titled “The Five Principles of Effective Cooperation in SEC Investigations” at a securities law conference.

This post summarizes the speech and provides factual information and rebuttal points relevant to certain topics.

Grewal began as follows:

“This event … offers regulators like me a unique opportunity to speak directly to leaders of the securities bar about issues of mutual concern. That’s what I’d like to do … – speak to you all directly about a topic that has been widely discussed at events like this one, including by me, and that is cooperation. While there’s been a great deal of guidance on this topic over the years, among the most frequent questions I get remain: what are the benefits of cooperating with the SEC and how does the Enforcement Staff assess cooperation?

[…] I’d like to answer those questions by first making clear the very real benefits of cooperating with Commission investigations, and then sharing with you five principles of effective cooperation — principles that you can use to not only guide conversations with clients making the decision to cooperate, but also as a roadmap in making the case for cooperation credit when advocating to Enforcement staff.

As to the “Benefits of Cooperation,” Grewal stated:

“As numerous recent enforcement matters have shown, there are real benefits to parties that cooperate with Commission investigations. These benefits can affect both the charges and the remedies the Division may recommend, and that the Commission may ultimately impose.

On the charging side, we may recommend bringing reduced charges or we may decline to recommend charges altogether. On the remedies side, we may recommend reduced or even zero civil penalties. And where there’s been real remediation that addresses the misconduct, that may impact whether we recommend undertakings and, if we do, their scope.

Orders in a number of recent settled actions also highlight another benefit: a finding by the Commission that a party provided meaningful cooperation. This lets parties publicly demonstrate their positive conduct in what may otherwise be an unfavorable context.

A key reason we recommend that the Commission reward cooperation is because it helps us move investigations more efficiently. That benefits all parties to an enforcement investigation. For one, timely investigations and resolutions address misconduct, protect investors, and promote accountability. As I’ve spoken about before, all of that helps to enhance public trust and confidence in our markets. And timely investigations that don’t result in enforcement recommendations also mean that the cloud of investigation doesn’t hang over an entity or an individual for longer than necessary.”

Grewal’s suggestion that cooperation helps the SEC “move investigations more efficiently” is contradicted by facts in several FCPA enforcement actions.

Most SEC FCPA enforcement actions against issuers contain SEC language about the issuer’s cooperation – yet SEC FCPA enforcement actions (from the point of origin until resolution) still take approximately four years. (See prior posts here, here, here and here for specifics over the past four years).

Grewal continued:

“Now, this doesn’t mean that if you do all of the things highlighted in recent orders discussing cooperation or what I discuss today, you’ll always get to a no penalty resolution or a declination. That’s because, as you know, all of this is highly fact dependent and there’ll always be situations where some charges and remedies are necessary no matter the level of cooperation. But the bottom line is this: you’re likely to experience better outcomes with cooperation than without it.

I’m sure there are those lawyers and clients, perhaps not in this room, that say, “hey, we’ll just take our chances that the SEC doesn’t learn of a violation or, if they do, we’ll cooperate then.” While you may have run the probabilities in your heads, I think that’s a very risky gamble, with the odds increasing in our favor every day. That’s because, given the success of the Commission’s whistleblower program, our improved use of data analytics, and our increased use of risk-based initiatives, it’s really no longer a question of if we’ll find out about a violation, but often when.”

Grewal next discussed the “Five Principles of Effective Cooperation” and stated that “the behaviors that can earn cooperation credit from the Commission are no secret.”

As to “Principle One: The Best Cooperation Starts Early and Well Before the SEC Gets Involved, With Self-Policing,” Grewal stated:

“By self-policing, you’re more likely to learn of issues earlier, which allows for earlier self-reporting. Effective self-policing begins with the tone at the top, even before a violation occurs or is discovered. Here, these are some of the questions I’d ask: Are the leaders in an organization supporting a culture of compliance? Are they emphasizing both the need to stay within the lines and the importance of doing so? In other words, are they walking the walk? And importantly, are they supporting the compliance function through their words, actions, and with resources?

Another important aspect of self-policing is staying up-to-date on developments and risks. If new rules impact your operations or if recent enforcement actions highlight risk areas relevant to your business, it means evaluating whether you need to update your policies, procedures, and systems to stay apace and remain compliant.

Likewise, you need to ensure that your compliance policies keep pace with technological advances that affect your business. Here, the current conversation around AI risks offers a timely example.

In the end, showing that you had appropriate safeguards in place can also be important in establishing that any misconduct was not the result of an institutional failure or a lax tone at the top.”

Grewal next discussed “Principle Two: Once You Discover a Possible Violation, Self-Report Without Delay” and stated:

“It’s okay to come in before you know all the facts. And you can even self-report when you think there is a possible securities law violation. You don’t have to be certain that there is one.

While decisions around any internal investigations are yours to make, you also don’t need to conduct a complete internal investigation before coming in and speaking with us.

The key here is to be upfront about what you’re still looking at and let us know if your understanding of the facts later change.

When we get that call from an entity indicating to us that they think they may have a problem, are starting to look into it, and will report back, it signals a number of things. It signals, for one, effective self-policing. It also signals a culture of proactive compliance. And it helps build credibility with the staff for when issues may arise in the future.

On the other hand, when market participants don’t self-report, not only are they likely to lose out on very significant benefits, but it may also raise questions about their supervisory systems and compliance function.”

The notion that an issuer – before knowing all of the facts and before even knowing if there is a legal violation – would alert their primary government regulator about a possible legal violation is absurd.

Business leaders and counsel would be wise not to bite at the SEC’s bait.

Grewal next discussed “Principle Three: Don’t Stop With the Self-Report. Remediate” and stated:

Effective remediation can further underscore a firm’s commitment to compliance and help them build a case for cooperation credit.

Depending on the circumstances of the conduct at issue, remediation can take many forms. But there are certain remedial measures that are applicable to any number of situations. They include disciplining or dismissing the actors responsible for the violations; strengthening relevant internal controls and policies and procedures; conducting training – or re-training – on the conduct at issue; hiring personnel with relevant expertise; clawing back or recovering certain executive compensation; and repaying harmed investors.

The bottom line here is that the remediation has to be proactive and not undertaken solely because it’s been ordered as part of an enforcement action. It also has to be timely. The longer it takes to remediate, the more likely it is that the misconduct will reoccur. And it has to be meaningful enough to both address the misconduct and prevent it from happening again.

Let me pause here to answer a question that sometimes comes up at this point in the conversation, and that is: can a party still earn credit if it didn’t self-report? As recent Commission orders make clear, all is not lost if you fail to self-police or self-report. You should still do what you can to remediate the violations and work with us.

For example, even if you didn’t self-report, you can still conduct a comprehensive, internal investigation, remediate the violations, repay harmed investors, and improve your compliance function. In the process, you may identify additional violations which you do self-report and remediate. That type of response has resulted in meaningful cooperation credit.”

Grewal next stated:

“All of this leads to the question: beyond self-policing, self-reporting, and remediating, what exactly do we mean when we talk about “cooperation”? The answer lies in principle four: the type of cooperation that earns credit requires going above and beyond what’s legally required — more than simply complying with subpoenas without undue delay or gamesmanship. In fact, there is a lot that you can do beyond just fulfilling your clients’ legal obligations that can help us move investigations forward. For example, you have a better sense than we do of how your client maintains documents, what its internal processes are, and who may have relevant evidence. After you receive a request, you can connect with the Enforcement team to discuss what kinds of documents may contain responsive material, how responsive items are maintained, and how voluminous the records are.

If our requests, as drafted, don’t capture relevant materials, you can also flag that for us. If you are aware of other relevant evidence that is wholly beyond our requests, you can tell us and we can discuss whether you should gather and produce those materials.

In short, you can help focus our requests, preventing overly broad document requests on our end and document dumps on your end, thereby ensuring that our requests get us the information we need to complete our investigation.

When producing documents, there’s also more that parties can do to potentially earn cooperation credit. For example, you can flag and offer to explain hot documents and how they fit into the larger picture. If responsive documents are in a language other than English, you can offer to translate them.

And when it comes to witnesses, as with documents, you likely have quicker access to relevant witnesses than we do, especially if they’re overseas or hard to reach, and you will likely have a better sense of who really knows what. You can help us identify who to speak with to get the information we need. Once we identify what interviews or testimony we need, you can then help facilitate those interviews or testimony.

Odds are, doing this will help us target the witnesses and testimony we need and avoid what we don’t. That not only makes our investigation more efficient, but, as with targeted document productions, it also reduces disruptions to your client’s operations

There are other examples of effective cooperation. If your client conducted an internal investigation, you can offer to present its findings. If your client conducted interviews as part of that internal investigation, you could also summarize those interviews for us. We will, of course, work with you to do all of this in a way that does not invade the attorney-client privilege.

In the end, we’re always going to conduct our own analyses and draw our own conclusions. We are not asking you to do our work for us and none of what I’ve described is required. But these are the very types of behaviors that have resulted in meaningful cooperation credit in recent Commission orders.”

While Grewal pointed out that none of the above “is required,” several of Grewal’s suggestions obliterate the salient fact that the SEC is an adversary to an issuer under legal scrutiny.

The notion that if an SEC information request / subpoena doesn’t “capture relevant materials” or if evidence is “wholly beyond the SEC’s requests,” that an issuer is supposed to alert the SEC to these issues is just absurd.

Grewal next discussed “Principle Five: Collaborate with Enforcement Staff Early, Often, and Substantively,” and stated:

As should be clear by now, the best way to collaborate with us is by communicating with us.

Starting from your first contact with the SEC, whether that follows a self-report or the SEC reaching out to you, establishing good communication is crucial. Among other things, this allows you and the Enforcement team to quickly discuss any issues that arise as I’ve already highlighted.

The frequency and format of these communications will, of course, depend on the needs of the case and what you and the Enforcement team think is helpful. And it may change over the lifespan of an investigation.

The quality of the communications is also important. As should also be apparent from the examples I’ve shared, communications that provide relevant, fact-based context about an investigation can help simplify issues and move things forward. So can communications that provide transparency into things like a party’s document environment, what’s been done in the search and collection process, and even what tools may be available to increase efficiency in the production.

Conversations like these not only give Enforcement staff a meaningful opportunity to assess the reasonableness of a party’s response, but they also give parties an opportunity to establish credibility with the staff. Because, keep in mind, during the course of an investigation, we are typically receiving information from multiple other sources and individuals with knowledge.”

Grewal concluded as follows:

“Cooperation doesn’t mean that parties have to agree with our ultimate conclusions. There’s always an opportunity for good faith conversation and for zealous advocacy and argument about the ultimate merits of a case. But what it does mean is that the end goal of all enforcement investigations – to determine whether or not violations have occurred and, if they have, to punish violative conduct and improve compliance – must be a shared one. That means that the investigative process should be a collaborative one, not one based on gamesmanship and dilatory tactics on either side.

While this speech is directed at the members of the Bar, these are principles of cooperation and collaboration that we have made and will continue to make clear to Enforcement staff, as well, because they are mutually beneficial.

In the end, a cooperative and collaborative approach, guided by the principles I’ve outlined today, can help put you and your clients in the best position to get cooperation credit.

So, while an enforcement investigation has the potential to feel like an adversarial process, it doesn’t have to be.”

The post SEC Director Of Enforcement Grewal On Cooperation appeared first on FCPA Professor.