The asset management industry has increasingly felt the bite of SEC regulators this year amidst a string of enforcement actions. Given that the SEC today vigorously prosecutes all violations as potential enforcement cases, no matter how they come to the agency’s attention, should managers self-report misconduct or violations of the federal securities laws to the SEC?
As a threshold matter, firms must immediately get their hands around any misconduct or possible violations they discover: the scope, materiality, responsible employees, if any, and client or investor harm. If the conduct is ongoing, end it. If clients or investors were harmed or disadvantaged, inform them and remediate. If there is a board, alert the board. If personnel actions are necessary, take them. If there is a whistleblower, do everything possible to ensure that his or her concerns are vetted and resolved as appropriate.
The next question – self-reporting – is complex and involves a weighing of uncertain benefits with real and significant risks. In a bygone era, self-reporting was frequently an easier decision: a firm would inform the Division of Investment Management and that would often be the end of the matter.
Now, however, with a Division of Enforcement staff, and Asset Management Unit staff in particular, that is highly sophisticated and aggressive, firms must assume a self-report will result in an enforcement action.
It is perfectly rational for the SEC, as a law enforcement agency, to aggressively pursue all potential violations, no matter how they come to its attention. After all, it is not running a “catch-and-release,” or even “self-report-and-release,” program.
The consequence, however, is that self-reporting carries with it a nearly 100 percent chance of the firm being investigated and made the subject of an enforcement action based on its own self-report. Given that reality, the reward-risk calculation that informs whether an asset manager should self-report is now entirely skewed in one direction.
In terms of reward, the SEC urges firms to self-report by touting the benefits, including reduced penalties or, less tangibly, a more benign recitation of the misconduct in an order, or a sentence noting the firm’s cooperation, or an “administrative summary” instead of a press release. From the SEC’s perspective, these benefits are real, and demonstrate that it rewards self-reporting.
But there is a fundamental disconnect: credit in the form of a reduced penalty is simply not meaningful and is entirely unmeasurable. Private fund managers care about one thing: avoiding an enforcement action. Because a self-report almost guarantees an enforcement action (and certainly guarantees an investigation), rational firms struggle mightily over the self-reporting question when doing so means subjecting their business to what may be an intrusive, years-long, expensive investigation and then enforcement action.
A penalty reduction, or more input on a settlement order, or an administrative summary when the press will report on the action regardless, is an insufficient carrot to encourage self-reporting when considering the real stick of reputational damage that would be inflicted by an enforcement action.
On the risk side of the ledger, there are no aggravating factors for failing to self-report, because self-reporting is generally not required. Rather, managers act in good faith by investigating what occurred, making any necessary adjustments to avoid recurrence, assessing whether remedial steps are prudent, creating a record of the efforts in this regard, and then simply moving forward.
If the issue later comes to light, the manager will be prepared to demonstrate that it resolved the issue in good faith, and for the benefit of investors, which, after all, is the SEC’s primary interest. If the issue never comes to light, the firm will have responsibly spared its funds and investors an investigation and a reputation-damaging enforcement action (and other collateral consequences).
It should be noted that firms in certain circumstances may need to think differently about the self-reporting calculus (for example, potential FCPA violations, or if the firm has other regulatory obligations).
It is to the agency’s, and the entire industry’s, detriment that there is no meaningful carrot that encourages advisers to self-report. Each time a firm decides not to self-report, the SEC is deprived of critical information concerning an issue that might be widespread. The result is a serious information gap – solving it would enable the SEC to better protect investors.
Today, however, the SEC vigorously prosecutes all violations as potential enforcement cases, no matter how they come to the agency’s attention. This is a rational approach to enforcement, and is consistent with the agency’s investor protection mandate.
As a consequence, however, counsel are forced to advise their asset manager clients on a difficult – and uncomfortable – handicapping: namely, what is the likelihood that an issue will be found by the examination staff or a whistleblower? Often that calculation must lead rational asset managers to choose not to self-report. Although this might not be an ideal outcome from a regulatory policy perspective, it is, unfortunately, the reality of a system that affords little measurable credit for self-reporting but guarantees a negative outcome in the form of an enforcement proceeding.
As a result, defense lawyers vigorously representing their clients need to think long and hard before counseling them to self-report.
Julie M. Riewe is a partner at Debevoise & Plimpton LLP
Photo of Julie Riewe courtesy of Debevoise & Plimpton