Skip to main content
Nov 01, 2023

SEC enforcement leader urges ‘proactive compliance’ by in-house counsel

Gurbir Grewal gives advice on creating an effective culture

Gurbir Grewal, director of the SEC’s division of enforcement, has called for legal and compliance officials at US companies to pursue what he describes as ‘proactive compliance’ and has explained how to potentially ward off tougher penalties when problems arise.

In comments delivered at a recent New York City Bar Association Compliance Institute event, Grewal noted that public trust in many institutions such as Congress is weak and that research shows few Americans have strong faith in major companies.

‘Regardless of whether you are a regulator, financial professional or an attorney who counsels large entities, you should all be concerned,’ he said. ‘This decline in trust is bad for everyone. It undermines the investor confidence needed for the fair, efficient and orderly operation of our markets and for capital formation.’

Regulators cannot reverse such trends, Grewal added: ‘In many ways, it’s each of you – the compliance professionals, consultants, attorneys, accountants and others in this space – who serve as the first lines of defense against misconduct. You are the ones who can work with firms to implement effective policies and procedures to ensure that those firms comply with their legal obligations on the front end, so that, instead of reading about compliance failures, the public understands that organizations like yours are proactively doing what they can to be compliant.’

Education, engagement and execution

Grewal advised that creating a culture of proactive compliance requires professionals to undertake education, engagement and execution efforts. In terms of education, attorneys and others need to stay up to date with the law and other outside developments relevant to their company’s business, particularly emerging and growing risks. Similarly, they should keep an eye on enforcement action filings and examination priorities where they are relevant to the company, he added.

Proactive compliance, Grewal said, also requires in-house counsel and compliance officials to engage with members of their company’s business units and learn about their work, strategies, risks, financial incentives, counterparties and avenues of revenue and profits. ‘You may come across aspects of your firm’s business that you do not completely understand. That’s not an excuse to punt. Take whatever steps are necessary to learn and understand the issues,’ he said.

Proactive internal engagement helps professionals to fulfill their duties better and is key to designing and adopting meaningful policies and procedures, Grewal noted, adding that this must be a continuing effort to stay in touch with changes in the business, operations and risks alongside new SEC enforcement priorities and rules. Effective implementation is as important as adopting meaningful policies and procedures, he said.

Grewal reminded professionals that self-reporting violations and working with the SEC can lead to smaller or no penalties. Types of behavior that have led to reduced or zero penalties have included:

· Pre-emptively remediating and stopping the violative behavior

· Proactively compensating victims

· Providing detailed financial analyses, explanations and summaries of factual issues to agency officials

· Proactively identifying important documents and witnesses

· Helping arrange interviews of former employees.

CCO liability

Compliance officers have for several years been concerned and uncertain about their potential personal liabilities if their firm breaks the law. ‘The short answer is that we do not second-guess good-faith judgments of compliance personnel made after reasonable inquiry and analysis. That is why such actions are rare,’ Grewal said.

He explained that the types of situations where the commission typically brings enforcement actions against compliance officers are:

· If a compliance official ‘affirmatively participated in misconduct unrelated to the compliance function’

· If he or she misled regulators

· If there was a ‘wholesale failure by [him or her] to carry out compliance responsibilities.’

Members of compliance functions do not have a ‘get-out-of-jail’ card – they are held responsible if they violate the securities laws in ways unrelated to carrying out their compliance responsibilities, Grewal said: ‘As I have said, we have no interest in pursuing enforcement actions against compliance personnel who undertake their responsibilities in good faith and based on reasonable inquiry and analysis.’

Ben Maiden

Ben Maiden is the editor-at-large of Governance Intelligence, an IR Media publication, having joined the company in December 2016. He is based in New York. Ben was previously managing editor of Compliance Reporter, covering regulatory and compliance...