Renewed Focus on SOX 304 Compliance Stresses Need for Culture of Compliance, Executive Accountability

The Department of Justice and the Securities and Exchange Commission have signaled in recent months that they have reinvigorated their focus on executive compensation claw backs, urging companies to adopt compensation structures that complement a strong culture of compliance.

Section 304 of the Sarbanes-Oxley Act (SOX 304) empowers the SEC to claw back bonuses or other incentive-based compensation of chief executive officers (CEOs) and chief financial officers (CFOs) when an issuer is required to restate its financial statements due to misconduct. While Section 304 has been in place since 2002, only recently have enforcement authorities made pronouncements that have put an exclamation point on claw back policies and procedures.

“[B]y requiring these executives to reimburse the company for certain types of compensation and profits from stock sales, these SOX 304 orders further incentivize senior executives to prevent and detect misconduct at their firms,” SEC Deputy Enforcement Director Sanjay Wadhwa said in remarks at SEC Speaks in September.

Claw backs further align with the overall purpose of SOX 304, “which is to incentivize CEOs and CFOs to put in place robust internal controls over financial reporting and to establish and maintain an appropriate tone at the top,” Sam Waldon, chief counsel of the SEC’s Division of Enforcement, said on a panel at SEC Speaks.

Waldon added that SOX 304 applies to “culpable and non-culpable CEOs and CFOs alike,” meaning that they may be found liable whether or not they engaged in the underlying securities law violation itself. He cited as recent examples the SEC’s settlements with Granite Construction and Synchronoss Technologies, in which the CEOs of each company agreed to reimburse their respective companies more than $1 million each in bonuses and stock sale profits due to financial reporting fraud, even though they themselves were not charged with misconduct.

Waldon further forewarned that the SEC will seek the full amount of the reimbursement required by the statute, as opposed to only the inflated amount of the executive’s compensation resulting from the misconduct. Lastly, he noted directors and officers (D&O) liability insurance “greatly diminishes” the incentives created by SOX 304 and that the SEC in its settlements and SOX report cases “will seek to prevent indemnification from D&O insurance policies.”

SEC clawback rule

Wadhwa’s and Waldon’s remarks coincide with the SEC’s reopening of a comment period in June concerning its proposed claw back rule, which it initially proposed in 2015 to implement Section 954 of the Dodd-Frank Act.

On October 26, the SEC in a divided 3-2 vote, approved final rules that require U.S. securities exchanges to adopt listing standards that require U.S. issuers to develop and implement a policy providing for the recovery of incentive-based compensation received by current or former executive officers that was “erroneously awarded during the three years preceding the date such a restatement was required,” according to an SEC Fact Sheet. The SEC clarified in the Fact Sheet, “the recoverable amount is the amount of incentive-based compensation received in excess of the amount that otherwise would have been received had it been determined based on the restated financial measure.”

Given that the final rules, which take effect 60 days after publication in the Federal Register, apply to both current and former executive officers, many companies are not prepared from a compliance standpoint. According to studies cited in the SEC’s final clawback rules, “the majority of issuers disclose having recovery policies that require compensation recovery from a narrower range of individuals than a recovery policy that would comply with the final rule requirements.”

The final rules would be triggered “regardless of issuer or executive misconduct or the role of the executive officer in preparing the financial statements.” The final rules further extend beyond the requirements of the 2015 proposed rule, which would have triggered a claw back only in the event a material noncompliance resulted from an error that was “material to previously issued financial statements.”

Under the final rule, however, a claw back requirement would be triggered where the “material noncompliance results from an error that is material to the current period financial statements if left uncorrected or if the correction were recorded only in the current period,” significantly broadening the scope of accounting errors that must now be reported.

The final rule further requires companies to disclose their compensation recovery policies, including providing the information in tagged data format. Companies that fail to develop and implement claw back policies in line with the SEC’s requirements could be delisted, the SEC said in the Fact Sheet.

DOJ clawback focus

In a similar vein, the Justice Department recently announced several important updates to its criminal enforcement policies, including a heightened focus on individual accountability. One offshoot of this new enforcement initiative will be heightened scrutiny by prosecutors of executive compensation structures in evaluating the robustness of compliance programs.

Prosecutors will evaluate not only whether compensation structures incentivize compliance-promoting practices, but also whether companies “impose financial sanctions on employees, executives, or directors whose direct or supervisory actions or omission contributed to the criminal conduct,” U.S. Deputy Attorney General (DAG) Lisa Monaco said in a September 15 speech at New York University Law School.

“Compensation systems that clearly and effectively impose financial penalties for misconduct can deter risky behavior and foster a culture of compliance,” Monaco said.

Additionally, prosecutors will “evaluate what companies say and what they do, including whether, after learning of misconduct, a company actually claws back compensation or otherwise imposes financial penalties,” Monaco said.

Principal Associate Deputy Attorney General Marshall Miller, in a September 20 keynote address at Global Investigations Review, provided further color around this point, stressing that companies are expected to proactively implement a claw back policy. “All too often we see companies scramble to dust off and implement dormant policies once they are in the crosshairs of an investigation,” he said.

“Compensation claw back policies matter, and those policies should be deployed regularly,” Miller added. “A paper policy not acted upon will not move the needle – it is really no better than having no policy at all.”  

Reiterating Monaco’s remarks, Miller said prosecutors will be evaluating whether companies adopt compensation systems that “reward employees who promote an ethical corporate culture and mitigate compliance risk.” In that vein, companies are expected “to find innovative, effective, and targeted ways to use compensation to incentivize good corporate behavior and deter misconduct, using their own mix of carrots and sticks,” he said.

All told, the SEC and Justice Department’s intensified focus on compensation claw back programs should further incentivize chief compliance officers to adopt compensation practices that proactively foster and promote a culture of ethical behavior.

Moreover, the SEC has indicated it will pursue claw backs not just of the CEO and CFO, but all relevant gatekeepers – such as the controller, as demonstrated in the SEC’s action against Synchronoss. To that end, chief compliance officers should work with the business to carefully scrutinize compensation practices as a whole, rather than in a piecemeal fashion, following any restatement.

For more information about how NAVEX can help your organization build a culture of compliance

Learn about the NAVEX One platform

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

NAVEX R&C Benchmark Finding: Programs Still Have Opportunities to Better Utilize Data

NAVEX publishes the Definitive Risk and Compliance Benchmark Report each year, surveying over 1,100 industry professionals. This post explores one of the report’s key findings: E&C programs still have opportunities to better utilize program data.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

NAVEX R&C Benchmark Finding: Risk & Compliance Responsibilities Reside in Multiple Functions

Responsibilities in risk and compliance break down into three main areas: ethical, practical and regulatory. In most companies, these aren’t covered by a single function. So which roles cover which?

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.