Corporate America has been buzzing about Goldman Sachs’ recent settlement of fraud charges with the Securities and Exchange Commission for all sorts of reasons. One provision in particular, however, should make compliance executives take notice: the SEC’s insistence that Goldman’s top compliance officer certify the Wall Street bank’s good behavior.
That detail is stated three-quarters through the eight-page settlement, filed by Goldman and the SEC on July 15. The agreement ends fraud charges the SEC filed earlier this year, alleging that Goldman Sachs misled investors of a collateralized debt obligation offering that was essentially designed to fail. Goldman also agreed to pay $550 million in disgorgement and penalties—the largest SEC fine ever against a Wall Street bank, although it’s still a drop in the well compared to Goldman’s multi-billion dollar quarterly profits.
The settlement also requires Goldman to reform its business practices (one reform announced last week: no more profanity in inter-office e-mail) and to acknowledge that its marketing materials for the synthetic CDO contained incomplete information.
And, lastly, Goldman’s general counsel or global head of compliance must certify annually, for the next three years, that Goldman is in compliance with the settlement.
Exactly who will make that certification is unclear. Goldman’s general counsel, Gregory Palm, signed the agreement with the SEC, but Alan Cohen serves as the firm’s global head of compliance. Goldman did not respond to numerous requests for comment, and SEC spokesmen declined to comment beyond the papers filed in court.
The certification itself will be submitted to the chief of the SEC’s Structured and New Products Unit, Kenneth Lench; a copy will also go to the chief counsel of the SEC’s Enforcement Division. The Commission staff can also “make reasonable requests for further evidence of compliance,” according to the settlement. And as with any certification, the agreement exposes Goldman’s compliance representative (whoever the signatory actually is) to some legal liability, as any corporate officer would face for, say, knowingly providing false information to the government.
The idea of a CCO certification is drawing mixed reviews from the corporate governance community; some dislike it, saying only the board or named executive officers should be held to such a strict standard. Everyone, however, views it as a nod to the importance of the compliance officer and corporate compliance programs.
“It isn’t something that I can remember seeing before this settlement,” says Pat Gnazzo, who served as chief compliance officer at CA several years ago, after it emerged from an accounting scandal that sent its then-CEO to prison. (Gnazzo is now general manager of CA’s public-sector business.) The SEC “seems to be attempting to elevate importance of the chief compliance officer role,” Gnazzo says. “I’m not sure they’ve accomplished that by this certification.”
The SEC ‘seems to be attempting to elevate importance of the chief compliance officer role. I’m not sure they’ve accomplished that by this certification.’
—Pat Gnazzo,
General Manager,
CA
Another corporate compliance chief (who asked to remain anonymous) sees the move as evidence that compliance officers “are becoming true C-suite level executives.”
“This shows the importance the government is placing on compliance officers and compliance programs,” he says.
Without question, the government is putting a higher value on strong corporate compliance programs. Earlier this year the U.S. Sentencing Commission amended the U.S. Sentencing Guidelines to say that compliance officers should report directly to a company’s top leadership, such as the CEO or the audit committee. The Organization for Economic Cooperation & Development also published “Good Practice Guidance” calling for businesses in the OECD countries to establish ethics and compliance programs and implement strict internal controls to combat corruption.
Monitors by Another Name?
Goldman’s certification requirement is reminiscent of the Sarbanes-Oxley Act, which requires the CEO and CFO of public companies to certify the accuracy of their company’s financial statements. But most companies that run afoul of regulators today end up with an outside compliance monitor to ensure any settlement is enforced. Goldman’s settlement has no such monitor. In essence, certification from the compliance officer is serving as a substitute.
McConnell
Ryan McConnell, a former federal prosecutor now with the law firm Haynes & Boone, says the CCO certification is “an interesting alternative” to a government-appointed monitor. The SEC has always focused on “gatekeepers” in the financial markets, such as auditors, accountants, or investment bankers in the financial markets, he says. If you view the CCO as a gatekeeper for corporate compliance, “this makes perfect sense.”
Relying on the CCO, who runs the compliance program and knows the company better than an outside monitor, also blunts criticisms that monitors can have a conflict of interest in the companies they oversee and run up unnecessarily high bills, McConnell says.
Others say it would be better to put Goldman’s board or senior management on the hook for effective compliance. Gnazzo notes that certifications are usually made by line officers with profit-and-loss responsibilities; the compliance role is a staff job, where the CCO recommends to the board and CEO what steps they should take. A truly effective compliance program doesn’t hinge on the CCO, but rather on management and the board, he says. As such, they should be the ones held accountable for compliance.
Gnazzo
“If I was the chief compliance officer, I would require that my CEO and the board concur in my certification,” Gnazzo says.
Donna Boehme, the former chief compliance officer at BP and now a principal with Compliance Strategists, says the arrangement might not be practical. Some of the certification requirements clearly are within the scope of a compliance department’s responsibility, she says, such as review of training materials or recordkeeping. But other elements—say, expanding the role of Goldman’s capital committee to vet mortgage-backed securities, or annual reviews by the internal auditing department—are not.
CERT OF COMPLIANCE
The following excerpt from SEC v. Goldman Sachs & Co. reveals the details of the Certification of Compliance by Goldman Sachs:
The General Counselor the Global Head of Compliance of Defendant shall certify
annually (one year, two years, and three years, respectively, after the date of entry of this Final
Judgment), in writing, compliance in all material respects with the undertakings set forth above.
The Commission staff may make reasonable requests for further evidence of compliance, and
Defendant agrees to provide such evidence. The certification and any such additional materials
shall be submitted to Kenneth R. Lench, Chief of the Structured and New Products Unit, with a
copy to the Office of Chief Counsel of the Enforcement Division.
In addition, Defendant acknowledges that it is presently conducting a comprehensive,
firmwide review of its business standards. This review includes, among other things, an
evaluation of Defendant’s conflict management, disclosure and transparency of firmwide
activities, structured products and suitability, education, training and business ethics, and client
relationships and responsibilities. The Commission has taken this review into account in
connection with the settlement of this matter.
Source
Goldman Sachs Settlement Agreement (July 14, 2010).
“Clearly the SEC is attempting to enforce individual accountability by holding the GC or CCO personally liable,” Boehme says. “But what are they going to do if something falls through the cracks? Prosecute the CCO?”
Boehme
Boehme praised an alternative approach used in settlements with Pfizer and Tenet Healthcare. In those cases, the boards had to certify quarterly reviews of their compliance programs. She says the SEC should have “put the laser focus directly on the Goldman board, which tends to get the directors’ attention.”
It’s the board that can empower the CCO, giving him the proper resources and seniority to be sure serious issues are escalated, Boehme says, and Goldman’s directors are the ones who should be ensuring that the company fulfills the obligations of its settlement with the SEC.
“I don’t think it was the SEC’s intention, but this certification requirement seems to delegate the responsibility for the undertakings to the CCO, rather than elevate the focus to the top,” Boehme says. “As we always say in the field, it’s not the job of compliance to do the compliance for the organization.”
Turteltaub
Adam Turteltaub, vice president at the Society of Corporate Compliance & Ethics, shares a similar view.
“It’s a positive thing for the government to focus on the role of compliance, but my personal view is that having the compliance officer certify makes compliance the responsibility of the CCO, and not of the business,” he says. “I think it would’ve been better to see more emphasis on making the business accountable for compliance.”
No comments yet