Saturday, October 19, 2013

COMPANIES SETTLE DEFECTIVE HEART DEVICES ACQUSATIONS AND WILL PAY $30 MILLION

FROM:  U.S. JUSTICE DEPARTMENT 
Thursday, October 17, 2013
Boston Scientific and Subsidiaries to Pay $30 Million for Guidant’s Sale of Defective Heart Devices for Use in Medicare Patients

Boston Scientific Corp. and its subsidiaries, Guidant LLC, Guidant Sales LLC and Cardiac Pacemakers Inc. (Guidant), have agreed to pay $30 million to settle allegations that, between 2002 and 2005, Guidant knowingly sold defective heart devices to health care facilities that in turn implanted the devices into Medicare patients, the Justice Department announced today.  Boston Scientific acquired Guidant, a medical device manufacturer, in 2006.

“Medicare patients who depend on cardiac defibrillators should not have to worry about whether their devices will work when they are needed,” said Stuart F. Delery, Assistant Attorney General for the Justice Department’s Civil Division.  “This settlement, along with the prior criminal prosecution of Guidant, demonstrates that there will be significant consequences when companies engage in conduct that threatens health and safety and violates the law.”

The Guidant devices at issue are implantable defibrillators, used in patients at risk of cardiac arrest due to an irregular heartbeat.  The devices are surgically implanted into patients’ chests, and when the devices detect an irregular heartbeat, they send an electrical pulse to the heart to “shock” it back to its normal rhythm.  The government’s complaint alleged that two lines of implantable cardiac devices manufactured and sold by Guidant, known as the Prizm 2 and the Renewal 1 and 2, contained a defect that resulted in “arcing.”  Arcing occurs when the device detects the irregular heartbeat and delivers a shock, but instead of the current traveling to the heart, the current “arcs” back to the device itself.  This causes the device to short circuit, rendering the device ineffective.

The government alleged that Guidant learned as early as April 2002 that the Prizm was defective, and as early as November 2003 that the Renewal 1 and 2 were similarly defective.  Nevertheless, although Guidant took corrective action to fix the defects, the company continued to sell its remaining stock of the old, defective versions of the devices.  The government alleged further that, as Guidant learned about the cause of the defect, it took steps to hide the problem from patients, doctors and the Food and Drug Administration (FDA).  Instead of disclosing the problem, Guidant issued a misleading communication to doctors regarding the nature of the defect and did not fully disclose the problem with the devices to doctors and the FDA until May 2005, after first being contacted by a New York Times reporter.  Subsequently, the company recalled the devices after a front-page article about the defects appeared in The New York Times.

“The United States is fortunate that innovative health care companies regularly develop and market remarkable medical devices that improve patients’ lives,” said John R. Marti, Acting U.S. Attorney for the District of Minnesota.  “But in this case, Guidant valued profits more than patient safety by selling defective cardiac defibrillators.  This office, along with several other components within the U.S. Department of Justice, will continue to vigorously investigate and take appropriate action against health care companies that place public safety at risk.”

In February 2010, Guidant pleaded guilty to criminal charges of misleading the FDA and failing to submit a labeling change to the FDA relating to the defective devices.  In 2011, the government joined a lawsuit filed under the qui tam, or whistleblower, provisions of the False Claims Act by James Allen, who had received one of the defective devices.  Under the Act, a private citizen, known as a “relator,” can sue on behalf of the government and share in any recovery.  As part of the resolution, Allen will receive $2.25 million.

This settlement illustrates the government’s emphasis on combating health care fraud and marks another achievement for the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative, which was announced in May 2009 by Attorney General Eric Holder and Health and Human Services Secretary Kathleen Sebelius.  The partnership between the two departments has focused efforts to reduce and prevent Medicare and Medicaid financial fraud through enhanced cooperation.  One of the most powerful tools in this effort is the False Claims Act.  Since January 2009, the Justice Department has recovered a total of more than $16.7 billion through False Claims Act cases, with more than $11.9 billion of that amount recovered in cases involving fraud against federal health care programs.

This matter was handled by the Justice Department’s Civil Division, Commercial Litigation Branch and the U.S. Attorney’s Office for the District of Minnesota, with assistance from the Department of Health and Human Services’ Office of Inspector General and Office of General Counsel and the FDA’s Office of Criminal Investigations and Office of Chief Counsel.

Friday, October 18, 2013

COMPANY ORDERED TO PAY NEARLY $2 MILLION TO FORMER CFO AND WHISTLEBLOWER

FROM:  U.S. DEPARTMENT OF LABOR 

US Labor Department's OSHA orders Clean Diesel Technologies Inc. to pay over $1.9 million to former CFO fired for reporting conflict of interest

Company violates Sarbanes-Oxley Act whistleblower protection provisions
BOSTON — The U.S. Department of Labor's Occupational Safety and Health Administration has ordered Clean Diesel Technologies Inc. to pay $1.9 million to its former chief financial officer who was fired for reporting conduct the former CFO believed was detrimental to the company's shareholders. OSHA's investigation found that the company violated the whistleblower provisions of the Sarbanes-Oxley Act when it wrongfully terminated the former CFO for warning the board of directors about ethical and financial concerns raised by a proposed merger.

“OSHA plays a key role in protecting the integrity of the financial markets and the economy,” said Assistant Secretary of Labor for Occupational Safety and Health Dr. David Michaels. “We protect those who are courageous enough to speak out, even internally, about violations of securities rules and regulations.”
In late March 2010, the former CFO provided information to the company’s board of directors based on a reasonable belief there was a conflict of interest involving the chair of CDTI’s board of directors. The former CFO believed that a proposed merger was: detrimental to the company, critical financial information had been withheld from board members, and the conflict of interest violated internal company controls mandated by the Securities and Exchange Commission as well as the company’s own corporate code of ethics. After being terminated from employment in April 2010, the former CFO filed a whistleblower complaint with OSHA one week later. OSHA’s investigation found merit to the complaint.
“This order should send a clear message to publicly traded companies that silencing those who try to do the right thing is unacceptable,” Dr. Michaels added.
As a result, OSHA has ordered CDTI a manufacturer and distributor of emission control systems based in Ventura, Calif., formerly headquartered in Stamford, Conn.,  to pay the complainant more than $486,000 in lost wages, bonuses, stock options and severance pay. In addition, the company must also pay the complainant over $1.4 million in compensatory damages for pain and suffering, damage to career and professional reputation and lost 401(k) employer matches and expenses.

The order also directs the company to post OSHA’s findings in an 8-K submission to the SEC since previous filings about the complainant’s termination and whistleblower activity had also been posted to the SEC.

The company must also expunge all files and computerized data systems of disciplinary actions related to the complainant’s termination, pay reasonable attorney’s fees and post the order and a notice to workers at all company locations and on its internal website. In addition, OSHA will inform the SEC of its findings so that it can pursue any other appropriate action. CDTI and the complainant each have 30 days from receipt of the findings to file an appeal with the department's Office of Administrative Law Judges.

OSHA enforces the whistleblower provisions of Sarbanes-Oxley and 21 other statutes protecting employees who report violations of various securities laws, trucking, airline, nuclear power, pipeline, environmental, rail, public transportation, workplace safety and health, and con4sumer protection laws.
Employers are prohibited from retaliating against employees who raise various protected concerns or provide protected information to the employer or the government. Employees who believe that they have been retaliated against for engaging in protected conduct may file a complaint with the secretary of labor for an investigation by OSHA's Whistleblower Protection Program.


Thursday, October 17, 2013

SEC'S FIRST ENFORCEMENT ACTION UNDER MARKET ACCESS RULE

FROM:  U.S. SECURITIES AND EXCHANGE COMMISSION 

The Securities and Exchange Commission today announced that Knight Capital Americas LLC has agreed to pay $12 million to settle charges that it violated the agency’s market access rule in connection with the firm’s Aug. 1, 2012 trading incident that disrupted the markets.

An SEC investigation found that Knight Capital did not have adequate safeguards in place to limit the risks posed by its access to the markets, and failed as a result to prevent the entry of millions of erroneous orders.  Knight Capital also failed to conduct adequate reviews of the effectiveness of its controls.

This is the SEC’s first enforcement action under the market access rule, which was adopted in 2010 as Rule 15c3-5.

“The market access rule is essential for protecting the markets, and Knight Capital’s violations put both the firm and the markets at risk,” said Andrew Ceresney, co-director of the SEC’s Division of Enforcement.  “Given the rapid pace of trading in today’s markets and the potential massive impact of control breakdowns, broker-dealers must be held to the high standards of compliance necessary for the safe and orderly operation of the markets.”

Daniel M. Hawke, chief of the SEC Enforcement Division’s Market Abuse Unit, added, “Brokers and dealers must look at each component in each of their systems and ask themselves what would happen if the component malfunctions and what safety nets are in place to limit the harm it could cause.  Knight Capital’s failure to ask these questions had catastrophic consequences.”

According to the SEC’s order, Knight Capital made two critical technology missteps that led to the trading incident on Aug. 1, 2012.  Knight Capital moved a section of computer code in 2005 to an earlier point in the code sequence in an automated equity router, rendering a function of the router defective.  Although this function was not meant to be used, Knight left it in the router.  In late July 2012 when preparing for participation in the NYSE’s new Retail Liquidity Program, Knight Capital incorrectly deployed new code in the same router.  As a result, certain orders eligible for the NYSE’s program triggered the defective function in Knight Capital’s router, which was then unable to recognize when orders had been filled.  During the first 45 minutes after the market opened on August 1, Knight Capital’s router rapidly sent more than 4 million orders into the market when attempting to fill just 212 customer orders.  Knight Capital traded more than 397 million shares, acquired several billion dollars in unwanted positions, and eventually suffered a loss of more than $460 million.

The SEC’s order also finds that an internal Knight Capital system generated 97 automated emails that went to a group of personnel.  The emails referenced the router and identified an error before the markets opened on August 1.  These messages were caused by the code deployment failure, but Knight Capital did not act upon them on August 1.  Although Knight Capital did not design these messages to be system alerts, they provided an opportunity to identify and fix the problem before the markets opened.

The SEC’s order charges Knight Capital with violating the market access rule in the following ways:

Did not have adequate controls at a point immediately prior to its submission of orders to the market, such as a control to compare orders leaving the router with those entered.

Relied on financial risk controls that were not capable of preventing the entry of orders that exceeded pre-set capital thresholds for the firm in the aggregate.
Did not link the account that received the executions on August 1 to automated controls concerning the firm’s overall financial exposure.

Did not have adequate controls and procedures for code deployment and testing for its equity order router.

Did not have sufficient controls and written procedures to guide employees’ responses to significant technological and compliance incidents.
Did not adequately review its business activity in connection with its market access to assure the overall effectiveness of its risk management controls and supervisory procedures.  Its assessment largely focused on compiling an inventory of existing controls and ensuring they functioned as intended, instead of focusing on such risks as possible malfunctions in its automated order router.  The firm also reacted to prior events too narrowly and did not adequately consider the root causes of previous incidents.

Did not have an adequate written description of its risk management controls.
Did not certify in its 2012 annual CEO certification that Knight Capital’s risk management controls and supervisory procedures complied with the market access rule.

The SEC’s order also charges Knight Capital with violations of Rules 200(g) and 203(b) of Regulation SHO, which require the proper marking of short sale orders and locating of shares to borrow for short sales.  The SEC’s order requires Knight Capital to pay a $12 million penalty and retain an independent consultant to conduct a comprehensive review of the firm’s controls and procedures to ensure compliance with the market access rule.  Without admitting or denying the findings, Knight Capital consented to the SEC’s order, which censures the firm and requires it to cease and desist from committing or causing these violations.

The SEC’s investigation was conducted by staff in the Market Abuse Unit including Jason Burt, Carolyn Welshhans, William Max Hathaway, and Ainsley Kerr.  The case was supervised by Mr. Hawke and the unit’s co-deputy chief Robert Cohen.  The SEC’s National Exam Program and the Division of Trading and Markets provided substantial assistance.


Tuesday, October 15, 2013

TWO INDICTED IN PENNY STOCK SECURITIES FRAUD INVOLVING COMPANY THEY CONTROLLED

FROM:  SECURITIES AND EXCHANGE COMMISSION 
Two Penny Stock Promoters Indicted for Securities Fraud Following the SEC's Investigation of ConnectAJet.Com, Inc.

On September 11, 2013, the United States Attorney for the Northern District of Texas obtained a Grand Jury indictment against Jason Wynn and Martin Cantu for their role in a conspiracy to defraud prospective investors in a penny stock company that they controlled, ConnectAJet.com, Inc. (“ConnectAJet”).  The indictment was unsealed on September 19.  According to ConnectAJet’s press releases, ConnectAJet was developing a first-of-its-kind online booking system for private jet charters.  The indictment alleges that – to artificially boost demand for ConnectAJet stock – Wynn and Cantu issued several false public statements and advertisements that misled potential investors about (1) the progress and status of the company’s real-time booking system, (2) ConnectAJet’s relationships with other companies in the private jet industry, and (3) ConnectAJet’s customer base.  Based on that conduct, the indictment charges Wynn and Cantu with Conspiracy to Commit Securities Fraud in violation of Sections 10(b) and 32 of the Securities Exchange Act of 1934 (the “Exchange Act”) and Aiding and Abetting Securities Fraud under those two provisions.

The allegations in the criminal indictment stem from the same misconduct underlying the Securities and Exchange Commission’s (the “Commission’s”) prior investigation of ConnectAJet and the Commission’s prior civil enforcement actions against Wynn and Cantu.  On March 13, 2008, the Commission sued Jason Wynn and others for their role in a series of illegal, unregistered stock offerings in several penny stock companies, including ConnectAJet.  SEC v. Reynolds, et al., Case No. 3:08-cv-00438-B (N.D. Tex.).  In its Complaint, the Commission alleged that Wynn repeatedly engaged in a “pump and dump” of ConnectAJet and other companies.  The Complaint alleged that for each company, Wynn and his fellow penny stock promoters (a) organized a reverse merger of the company into a public shell, (b) purchased large blocks of the company’s stock at pennies per share in a bogus unregistered private offering, (c) created initial trading volume for the stock by selling some shares to a tightly controlled group of friends and family members, (d) touted the stock through spam e-mail, sham internet sites, and millions of direct mail advertisements, and then (e) dumped their shares on the investing public without the protection of registration at prices grossly inflated by their promotional activity.  On October 13, 2011, the Court entered partial judgment against Jason Wynn based on his consent and ordered that Wynn be permanently enjoined from further violations of the antifraud and registration provisions of federal securities law and be permanently barred from participating in any offerings of penny stock.  On July 11, 2013, the Court further ordered that Wynn and his corporate proxies pay $8,778,887 in disgorgement and prejudgment interest and $1,300,000 in civil penalties.

On September 2009, the Commission separately sued Martin T. Cantu and others in SEC v. ConnectAJet.com, Inc. et al., Case No. 3:09-cv-01742-B (N.D. Tex.).  The Commission alleged that Cantu participated in the scheme to “pump and dump” ConnectAJet stock and issued several false press releases and advertisements to further the scheme.  On July 23, 2010, the Commission obtained a judgment against Cantu that (a) enjoined him from further violations of the antifraud and registration provisions of federal securities law, (b) permanently barred him from serving as an officer and director of a public company, (c) permanently barred him from participating in a penny stock offering, (d) required him to pay $632,327 in disgorgement and prejudgment interest, and (e) required him to pay a civil penalty of $260,000.

Sunday, October 13, 2013

SEC OFFICIALS REMARK'S TO SCCE'S ANNUAL COMPLIANCE AND ETHICS INSTITUTE

FROM:  U.S. SECURITIES AND EXCHANGE COMMISSION 


Remarks at SCCE's Annual Compliance & Ethics Institute 

Stephen L. Cohen

Associate Director of Enforcement

SCCE Annual Conference, Washington D.C.
Oct. 7, 2013
[1]Good morning, and thank you for that kind introduction. 
I appreciate the opportunity to offer you some insights in support of the profoundly important work you all do to strengthen compliance and ethics in companies and firms.
Although I hope you’ll find my remarks today encouraging, they are nonetheless only my views and do not necessarily reflect the views of the Commission or of my colleagues on the staff of the Commission.
  1. Introduction
My grandmother always said that the best way to warm up an audience is through flattery.  So, I’d like to start with that. 
You are one of my favorite audiences to speak to.  Why is that?  Because I view your profession in so many ways as a kindred spirit of mine. We are all seeking to prevent unlawful or improper conduct before it happens.  We each use our respective tools to cultivate effective company cultures that promote integrity, respect for the law and the highest levels of professionalism.
Even so, I must confess that I find it a bit daunting to talk to you all about what makes a good compliance program.  Much of what I have learned in this area comes from you and your colleagues – the professionals who practice this trade every day.  But, I am frequently told that the regulator and law enforcement community does not speak enough about the importance of the compliance profession, and I want to help change that.  I hope that my observations today will help you carry out your vital responsibilities in some fashion.
In that spirit, I thought you might like to hear a law enforcement perspective on three related topics: 
(1) why I believe robust compliance programs are so critical;
(2) the SEC’s broad role in supporting compliance programs; and
(3) some hallmarks I see of good and bad compliance programs.
  1. Importance of Robust Compliance and Ethics
There can be little question in a post-financial crisis,
post-Dodd-Frank world that rigorous compliance must be at the forefront of every company’s attention.  
After all, “risk” is the buzzword of the day – not just in corporate America and on Wall Street but in government as well.  You all sit at the epicenter of the daily business decisions that could pose significant risks to your companies – significance that is only magnified when the SEC or DOJ files a case where issues were not discovered, not escalated, or where management ignored push-back from compliance staff.
But among the most concerning risk I see is companies that do not take compliance seriously until misconduct comes to light; where internal controls are insufficient for the size of a company’s risk; or when management simply leaves the impression that these issues are not important.
Last month JPMorgan Chase agreed to pay $920 million in total penalties in a global settlement with regulators.  The bank also acknowledged that it violated the federal securities laws while admitting to facts underlying the SEC’s charges.  Somehow, JPMorgan, a highly regulated institution, failed to keep watch over its traders as they overvalued a very complex portfolio to hide massive losses.  It was bad enough that JPMorgan experienced a breakdown in its internal controls.  But when its senior management discovered these issues, it deprived the Board of critical information needed to fully assess the company’s problems and determine whether accurate and reliable information was being disclosed to investors and regulators.  That does not inspire confidence that management takes ethics and compliance issues seriously.
The SEC investigates and prosecutes misconduct to protect investors and preserve the integrity of our markets.  Make no mistake.  We will vigilantly seek to hold companies and firms responsible – including through substantial financial penalties and admissions of wrongdoing in some instances – when profits or personal gain are advanced over truthful disclosure and adherence to the law.
That is why companies are well served by having professionals like you at the table where key decisions are made. They benefit when they consider you as trusted advisors and give you the necessary authority and independence to help lead your organization.
  1. The SEC’s role in supporting compliance programs
As I discuss the many ways that the SEC’s efforts support compliance and ethics programs, I fully appreciate that you all are on the front lines in the battle to persuade companies to invest in your profession.  You need to be armed with the knowledge of how law enforcement and regulatory agencies value the genuine efforts undertaken by companies to generate a culture of integrity and respect for the law.  We care and we give credit for those efforts. 
Our support takes the form of informal and formal efforts as well as initiatives.  I’ll talk about these different types of support, starting with the informal.
Informal
Every day, our enforcement staff makes judgments about the inferences that are properly drawn from the evidence under investigation.  It is common sense that a company that demonstrates an effective compliance program and a genuine commitment to ethical principles can only benefit when those inferences are drawn. We also consider these programs when we decide how to credit an internal investigation. 
I cannot emphasize enough the level of trust that you can inspire by demonstrating a genuine commitment to these principles, and the level of distrust that ignoring or merely paying lip service to these principles can yield. 
I am surprised how infrequently companies try to persuade us at the front end of an investigation that they have a robust compliance culture and record of ethical conduct.  Invariably, the discussion about a company’s compliance program takes place during settlement negotiations in the context of the substantial remediationthat the company has undertaken since violations occurred. 
Although we give credit for these important efforts, I often wonder why it so often takes an enforcement action to change corporate behavior.  Where are the compliance culture studies during normal times?  Why not use them to support deference to your internal investigation?  Why are companies creating or elevating CECO roles after we notify them of impending charges rather than before?
JPMorgan Chase recently announced it was spending billions of dollars and hiring or focusing 5,000 people to compliance and control functions in the wake of its recent regulatory struggles.  These efforts should be applauded.  But,  imagine how much it could have saved in money and reputation by making that investment years earlier.
So, as you go back to your companies to advocate for more resources and stature, tell your management that they will get much more credit from regulators by demonstrating that misconduct is an outlier in a highly ethical and compliance-driven culture rather than a remedial step after investors have suffered losses.
Formal Guidance
But I suspect it is the more formal guidance that your companies may notice.
When evaluating a company’s misconduct, we typically give credit when a company can demonstrate a strong compliance culture. 
You are all familiar with the U.S. Sentencing Guidelines.  In similar fashion, the Commission issued guidance in the so-called Seaboard Release in 2001, which laid out a framework for considering cooperation by companies.  Under that guidance, we have rewarded the role that compliance programs play in recognizing whether and to what extent self-policing helped ferret out misconduct.
Formal guidance related to the SEC’s cooperation tools – including declinations to prosecute, non-prosecution agreements and deferred prosecution agreements – makes clear that they are reserved for those organizations that display an exemplary commitment to compliance, cooperation and remediation. 
Finally, the recent FCPA Resource Guide – put out in November 2012 – is a testament to the SEC’s partnership with the Department of Justice in trying to promote more publicly the role of effective compliance programs in fostering an organizational culture centered on ethical conduct. 
The information in the FCPA Resource Guide regarding compliance programs is applicable to detecting and preventing securities law violations generally. The guide describes our approach as “non-formulaic, common-sense and pragmatic,” focusing on whether the program is well designed, whether it is applied in good faith, and whether it works. I commend the guide to folks looking for a detailed discussion of hallmarks of an effective compliance program.
But, what is crystal clear in the Guide is that we will consider a company’s compliance program as a factor in several aspects of our charging decisions.  For example, the better the compliance program, the less likely we may charge the parent company for acts of a subsidiary.  Of course, strong compliance makes it more likely the problem will be caught early.  And, when problems are caught early, a company is more likely to get self-policing and possibly self-reporting credit. 
The compliance program may also factor into our consideration of what is an appropriate penalty in a resolution. 
And, here is the part companies care about most.  Isolated conduct combined with good compliance and internal controls make it less likely that we will bring an action at all. 
The SEC and DOJ demonstrated this last year when each decided not to bring charges against Morgan Stanley after a criminal bribery conviction of one of its employees.  There, the government made clear that the decision was based, in part, on the firm’s demonstration that it has internal controls that provided assurance that other employees were not bribing government officials. Let me emphasize that it is deeds and not words that count most.
Another great example for compliance professionals is the recent non-prosecution agreement with Ralph Lauren.  There, we highlighted substantially the role that the company’s compliance efforts had in our decision to forego prosecution.  We specifically noted, among other things, the company’s comprehensive new compliance program, training, and risk assessment of major operations worldwide to identify any other compliance problems.  I think we can do better at highlighting the impact on our decisions of specific actions by companies pertaining to compliance and ethics programs.
Enforcement Actions
        Nevertheless, enforcement actions rather than declinations and cooperation agreements can also be helpful tools to highlight the importance of compliance and internal controls.
        In August, the SEC banned a Colorado portfolio manager from the securities industry for five years.  Do you know what his offense was?  Misleading and obstructing a chief compliance officer.  This case should send a clear message to the securities industry that professionals have an obligation to adhere to compliance policies, and that the Commission will not tolerate interference with CCOs who enforce those policies.
        It is also vital that Boards fulfill their important roles.  Earlier this year, we settled charges against eight mutual fund directors who failed to satisfy their responsibilities for determining the fair value of assets held by the funds.  There was no compliance framework around these critical functions, and the funds were not even following clear procedures requiring certain information to be provided to the Board to fulfill their role.  The SEC had already brought a case against the funds’ managers, who agreed to pay $200 million to settle charges that the funds fraudulently overstated the value of their securities – some of which were backed by subprime mortgages – as the housing market was on the brink of financial crisis in 2007.
        There are many other lessons arising out of our enforcement actions that demonstrate our commitment to accountability for insufficient compliance, oversight and controls.  But, they are too numerous to mention here.
       Initiatives. 
We also demonstrate the importance of compliance through other initiatives.  The best example I can point to is a successful initiative with a very clever name.  We call it:  “Compliance Initiative.” 
Working closely with our National Exam Program and colleagues in our Investment Management Division, Enforcement’s Asset Management Unit is coordinating efforts to identify and bring cases against registered investment advisers who lack effective compliance programs and procedures.  Effective compliance programs and personnel are instrumental to protecting the investing public from investment adviser fraud.  To date, the Commission has brought six actions arising out of this initiative, which is particularly timely because hundreds of private fund advisers have recently registered with the Commission under Dodd Frank.  And there are more in the pipeline.
More broadly, in the firms the SEC regulates, our National Examination Program staff meets with senior leaders, boards and compliance personnel, to assess the culture of compliance and ethics in the organization.  These assessments can factor into the level of risk the staff ascribes to a firm, which can affect how frequently they are examined.  And, they do not hesitate to emphasize the importance of supporting these functions through enforcement if necessary. 
 Lastly, I continue to believe that the SEC’s focus on Whistleblowers exemplifies in many ways the importance we place on compliance programs. 
The agency’s Whistleblower Program – created under the Dodd-Frank Act – is open for business.  In fact, just last week we awarded over $14 million to a single whistleblower – our largest award to date.  And I assure you, there are more to come.
As part of the team that helped with the legislation and wrote the agency’s rules, I can tell you first hand that the purpose of the whistleblower program is to bolster,not supplant, the compliance framework in the private sector. 
That is why our program provides unprecedented incentives for whistleblowers to utilize internal compliance programs when appropriate to do so.  Participation in or interference with internal reporting will be considered in determining the amount of an award. 
In fact, if a whistleblower reports internally and the company subsequently provides fruits of an investigation arising out of that report, the whistleblower can receive an award based on all of the information shared by the company.  So far, I am seeing a significant majority of whistleblower claims from people who have reported internallyfirst.  They don’t appear to be running to the SEC and away from corporate compliance programs.
The SEC’s rules also largely exclude legal and compliance professionals from our program to avoid the use of these important positions to reap rewards.  There are limited exceptions, however, where legal and compliance staff can come forward after they have fulfilled their responsibilities.  The exception essentially is for the compliance manager faced both with fraud and senior managers who are complicit or unwilling to remedy that fraud.
The bottom line is that the whistleblower program is alive and vibrant. Faced with this reality, companies need to understand that employees are more likely to report complaints internally when they truly believe that they are working in an ethical environment where their complaints will be taken seriously and where retaliation is not tolerated – in other words, where compliance professionals and management are trusted. You should continue to urge management to demonstrate that they value employees who raise their hand to identify problems that need to be addressed.
  1. HALLMARKS OF COMPLIANCE PROGRAMS
My last segment will offer some personal observations regarding problematic and successful compliance programs. 
  1. Warning Signs
Where we find fraud, there are often early warning signs that may have suggested a corporate compliance culture that is not meeting appropriate standards.
Pushing the envelope. 
Risk-taking in the area of legal and ethical obligations invariably leads to bad outcomes.  Any company or person prepared to come close to the line when it comes to legal and ethical standards is already on dangerous ground. 
Tolerating close-to-the-line behavior sends a terrible message throughout an organization that pushing the envelope is acceptable. 
Technical Compliance. 
Be on the lookout for people who are overly technical in their approach to issues of ethics and professional responsibility. Pay particular attention to those who may disparage or diminish the importance of respect for the law and protecting the organization from reputational harm. 
Be Skeptical. 
Be skeptical of explanations that don’t add up regardless of who provides them.  If someone explains something to you in a way that you don’t understand, don’t accept it. 
In many ways, one of the important lessons of the financial crisis is that highly sophisticated models that can explain away risk but defy common sense shouldn’t be trusted.  We often see people come in and testify that they failed to follow up on their hunches until after it was too late. 
Lack of Empowerment. 
Another warning sign is an organization that limits the access of legal and compliance personnel to senior leadership of the company.
These leaders need to hear candidly and regularly from those on the front lines of compliance efforts.  Compliance professionals are not hallway monitors.  Companies that empower these professionals to act as trusted advisors are more likely to stay out of harm’s way. 
B. Effective Programs
Although I urge you to consult the FCPA Guide for a terrific discussion on hallmarks of good compliance programs.  I thought you might like to hear some brief perspectives on things I often look out for.
Governance
A strong compliance and ethics program must start with proper governance, including a tone at the top built on actions rather than words.  Proper governance involves the board of directors and senior management providing compliance and ethics programs and their CECO with the necessary resources, independence, standing, and authority to be effective. 
Of course, it is a fair question to ask whether the CECO IS Senior Management, which certainly helps set the right tone.  Other fair questions include:  to whom does the CECO report?  What access do they have to the Board or Audit Committee?  Does management support their disciplinary recommendations?  Do they have a clear, unambiguous mandate that empowers the CECO to carry out her duties?  Does the compliance department have access to all the information needed to carry out their duties?
There seems to be a positive trend toward adding compliance expertise to Audit Committees, especially in highly regulated industries.  For sure, it would be relevant to me when a company is extolling the virtues of its compliance culture that it had leadership of this nature on the board, taking an active role in overseeing compliance efforts. It not only shows commitment to compliance, but provides evidence that the company has the necessary expertise when compliance issues arise.
Culture and values
A strong ethical culture flows from good governance and requires leaders to promote integrity and ethical values in decision-making across the organization. 
This entails asking not just “can we do this, but “should we do this?”  A culture of compliance and ethics can and should be measured from interaction with leadership across the organization as well as from front line employees who are often a revealing barometer of what the culture and expectations really are. 
Incentives and rewards.
One of the best ways to integrate integrity and ethical values into a firm’s culture is through performance management systems and compensation so the right behaviors are encouraged and rewarded.  Of course, the same system must ensure that inappropriate behaviors are firmly addressed.  Does the company just pay lip service to these values, or are there measurable ways that companies reward ethical conduct?
Escalation, investigation and discipline.
No culture of compliance can thrive unless employees firmly believe that they can raise concerns confidentially and anonymously, without fear of retaliation, and that matters are effectively investigated and resolved with fair and consistent discipline.  I believe this is often overlooked or misunderstood.  Those whistleblowers who don’t report internally repeatedly tell us that they believe they will be retaliated against if they raise significant issues to management.  Surveys show that vast majorities of employees feel that way.  Companies must take active steps to address this perception. 
And, if your company does not have a clear record of consistent discipline, it may look an awful lot like retaliation when the first time you discipline a supposedly bad employee is after they blow the whistle. This issue has been a hot topic since the SEC gained authority under Dodd-Frank to bring enforcement actions against companies who retaliate against whistleblowers. 
Continual self-evaluation and improvement.
Finally, your organization must proactively keep pace with developments and leading practices as part of a commitment to a culture of ongoing improvement.  Business models, rules, ethical standards and compliance tools are continually evolving.  Yet, recent studies show that compliance officers may not be focusing on emerging risk areas such as social media and privacy issues.  Leading organizations ensure that they stay in front of these changes through a process of ongoing improvement that leverages new technology and best practices. 

Conclusion
I’d like to close with two thoughts.
First, there is no doubt in my mind that a strong compliance and ethics program not only provides direct economic benefits to your company but will also allow you to reap significant credit should you ever deal with us or our law enforcement colleagues.  The alternative may be squaring off against our vigorous enforcement program.
And, second, remember that we are in this together. We are partners in ensuring that integrity and professionalism are woven into the very fabric of corporate culture. I am encouraged to see that, through programs like this conference, you all will continue your efforts to strengthen the compliance and ethics function at your companies.
Your responsibility is crucial.  Know that you have a willing partner at the SEC to pursue strong ethics and compliance cultures. 
Thank you.