Position created by Sarbanes-Oxley raises a number of questions
In the post-Sarbanes-Oxley world, an increased focus on transparency and responsibility should guide the actions of company officers and regulators alike, said speakers at the Compliance & Regulatory Affairs Conference of the National Association for Variable Annuities.
Under the mandate of the Sarbanes-Oxley law, investment companies must establish written policies and procedures reasonably designed to prevent violations of federal securities laws, panelists advised.
In addition, those policies and procedures are required to be reviewed annually, and companies also are required to name a compliance officer to monitor, update and report on them.
Newly empowered compliance officers should focus on ensuring transparency and clearly defining their roles within the company, a panel of experts suggested.
There are, however, several aspects of the chief compliance officer position that remain unresolved either by Sarbanes-Oxley or the subsequent regulations and guidance established by the Securities and Exchange Commission. These include the exact role of the CCO within a company, and whether the CCO, if he is a lawyer, has an attorney-client privilege with company executives.
Lee Augsburger, CCO for Prudential, said he believes the CCO should function as an overseer of the policies established by a company, rather than an enforcer of those policies.
“It’s about internal control,” he said. “I’m not taking accountability [to mean] day-to-day control of the processes, but [to mean] I have the accountability for monitoring those processes,” to ensure they operate as designed.
That position, he acknowledged, works well because he is with a larger company that committed to the idea he would remain fairly independent. Other organizations might not have that luxury, and thus a CCO also could be in a position of managing part of a company’s operations.
“In terms of ‘have we seen CCOs running operations?’ Yeah, we’ve seen that,” said John Walsh, Associate Director and Chief Counsel for the SEC’s Office of Compliance, Inspections and Examinations. However, he added, “if you’re a CCO and an operating manager, you’re going to have some questions to worry about.”
Essentially, he said, it becomes a question of authority vs. independence. A largely independent CCO may not be burdened with the problems of actually having to resolve compliance issues, but may also find himself not being able to accomplish change in company practices. An authoritative CCO may be able to stop incompliant corporate practices, but could face greater problems if problems are found by regulators.
“It’s really up to you,” Walsh said. “Whatever the decision made on the role of a CCO, make it thoughtful and make it transparent. If you wait until there’s a problem and you’re carrying the weight of ‘Am I a supervisor?’ and also this giant mess, that’s not a good situation to be in.”
There are other areas, the panel concluded, that seem to have similar jurisdiction to the CCO, such as corporate legal counsel, risk management or a company’s internal auditor. Walsh said each of those areas are “neighbors to compliance,” but do not cover its full scope and that a CCO should typically be working with all three.
“Is it any one of those things?” he asked. “No. Does it do business with all of them? Yes. In a well-run shop they will be integrated.”
On the legal issue, Augsburger noted that “it’s a challenge for businesses to understand where the fence is” between the law and compliance. “The question of privilege is the dividing line.”
The rules for CCOs make no distinction either for or against the use of an attorney as the CCO and the question of privilege. Augsburger is an attorney but indicated that he did not view himself as acting in that role for Prudential.
“The rule says what it says,” Walsh explained, noting that while it leaves open the option for claiming attorney-client privilege, doing so could raise significant questions.
So far, according to Judith Hasenauer, a principal with Blazzard, Grodd & Hasenauer, P.C., the state bars have not yet weighed in on the issue, and she noted that it “may be an emerging concept,” as the corporate world continues to adjust to the Sarbanes-Oxley law.
Regulators also must tread with care as they try to craft rules to ensure company transparency.
In his keynote speech at the conference SEC Commissioner Paul Atkins expressed concern with the approach as the commission attempts to draft disclosures for variable annuities at the point of sale.
Much of the feedback the commission has received on proposed VA disclosures, which were released in February, has criticized the proposal as duplicative and potentially adding to consumer confusion.
“The last thing we want to do is mandate a form that will only add to investor confusion in an area already challenging for them to navigate,” he said.
The SEC is seeking to draft disclosures for variable annuities after having voted in favor of establishing point of sale disclosures for other financial products such as mutual funds last year. Atkins suggested those other disclosures also may need to be reworked as, in the process of crafting them, the focus appears to have shifted from listing potential conflicts of interest and some costs to a more complete cost listing. Although it is important for potential investors to be aware of the costs, he said, “the point of sale might not be the place to do it.”
While the SEC is considering new disclosure rules, Atkins cautioned the commission to operate in the mindset it seeks to impart on the markets.
The goal of establishing new rules and regulations, Atkins noted, is to create a sense of discipline within companies under the SEC’s regulatory control. However, he noted, “We, too, must be disciplined in bringing enforcement actions.” Companies operating to the best of their ability within the rules “should not live in fear” of an SEC examination or enforcement action, he said, and the commission “should avoid rulemaking through enforcement.” When, in the course of an enforcement action, the commission finds that a rule is not effective, or can be improved, it should make those changes through the normal process outside of the enforcement action. The “failure to provide clear standards,” Atkins said, will only hamper the ability of companies to operate in compliance with SEC rules.
What happens if the CCO also manages a part of the company’s operations?