In the wake of the recent cases related to internal controls of financial firms, both financial authorities and the industry appear to agree on the need for regulatory improvement. An effective compliance program is certainly one of the essential elements to internal controls of financial firms. This article takes a brief look at the case of the US, a country that boasts its advanced compliance program for securities firms. The compliance program of US securities firms evolved thanks to sanctions based on sentencing guidelines (the USSG), and supervisory duty set forth under the Securities Exchange Act, instead of regulatory mandates. Among others, this could be largely attributable to an effective incentive mechanism that offers tough sanctions combined with a penalty mitigation policy, and supervisory duty backed by safe harbor provisions. It is worth closely studying the case of the US that lays stress on those firms’ action such as self-reporting and cooperation with investigation, instead of fully focusing on formulating a perfect compliance program. Admittedly, Korea and the US are starkly different in terms of the legal framework and internal controls of securities firms. Still, however, the US case could serve as an important reference in discussions about improving Korea’s internal controls going forward.
Recently, the issue of financial firms’ internal controls came into the limelight after several media had reported the problems related to the sales of private equity firms. At the center of the issue is the legal interpretation about internal control violations and sanctions on financial firm CEOs. Although Korea’s Act on Corporate Governance of Financial Companies requires financial firms to establish their own internal control standards, it lacks clarity on the concrete scope and criteria of the standards. Such unclarity is somewhat understandable because it is a daunting task to formulate a law that would effectively regulate internal controls of each financial firm. However, the obscurity in the standards clearly gave rise to the recent controversy. After the recent fiasco, financial authorities and the industry now appear to agree on the need for improvement in the current regulatory framework on internal controls.
Under the Act on Corporate Governance of Financial Companies, internal controls refer to the standards and procedures that financial firm executives and employees should observe so that they abide by law, operate business soundly, and protect shareholders and stakeholders. Although financial authorities are in charge of implementing numerous regulations on financial firms’ business activities and preventing a financial accident in advance, it is barely impossible for them to oversee every detail on the activities of financial firm staff. This is why internal controls of financial firms are required from the perspective of financial supervision. One of the essential elements in this area is a compliance program that comprises monitoring, advising, and reporting procedures in place to help financial firm staff to comply with relevant rules and regulations. The case of the US with a highly advanced compliance program for securities firms can be a useful benchmark for Korea’s ongoing discussions for improved internal controls. In particular, this article explores two elements—sentencing guidelines and broker-dealers’ supervisory duty.
US sentencing guidelines for corporations and their law-and-economics implications
Until the early 1980s in the US, fines imposed on corporations often were dwarfed by losses incurred in misconduct. Also, corporations were subject to the principle of strict liability for any misconduct committed by their staff regardless of their prevention effort. This gave corporations an incentive to hide misconduct instead of reporting it to the authority. As a result, the sanction regimes imposed on corporations at that time were insufficient to stop the rapid increase in white-collar crime. Under the context, the US Sentencing Commission announced significantly toughened sentencing, and also sought to underscore fairness of penalties as well as prevention of misconduct in corporations in United States Sentencing Guidelines (USSG).
The USSG present a policy that mitigates sanctions depending on corporate efforts to prevent wrongdoings. The criteria for sentence mitigation include whether a corporation has a proper compliance program or not, and whether it detected misconduct, self-reported it to the authority, and cooperated with federal investigation. It is noteworthy that the guidelines allow a sentence mitigation for not only a compliance program, but also self-reporting and cooperation with the authority. This is because its cooperation is key to accessing, monitoring, and tracking down information related to misconduct, and follow-up measures of the corporation is also important to prevent misconduct going forward.
Fines imposed to corporations could be incredibly large as the amount is based on social damage caused by the misconduct. However, it is possible that the fines could be reduced significantly under the aforementioned conditions. For example, a corporation establishing a compliance program could face significantly reduced fines. Such a fine reduction serves the interest of shareholders. This creates an incentive for not only CEOs but also board members to formulate a compliance program for the interest of shareholders who will be also positive about the costs incurred. In fact, it is well known that many corporations have adopted a compliance program in the wake of the USSG.
When there is an alleged violation of the securities laws, the US Securities and Exchange Commission in most cases pursues a settlement based on fines and certain conditions, instead of turning to an administrative or civil procedure. Although the USSG are directly applied to only a limited number of cases related to a misconduct of broker-dealer staff, a broker-dealer, if it pursues a litigated resolution after failing to reach a settlement with the SEC, may have to bear not only fines under the USSG, but also reputation costs as a result of court decisions. This is why the SEC could call for broker-dealers to accept tough conditions such as fines and administrative orders during the settlement process. However, a broker-dealer with an appropriate compliance program could use the USSG as a leverage for negotiating lower fines.
Broker-dealers’ supervisory duty and compliance program
In Section 15(b)(4)(E) and 15(b)(6) of the 1964 Securities Act Amendments, the US Congress explicitly granted broker-dealers and their staff supervisory duty. Supervisory duty means assigning broker-dealers and CEOs, branch heads, and other high-level staff supervisory duty to oversee wrongdoings of their staff or establish proper compliance policies, as prescribed in the safe harbor provisions (Section 15(b)(4)(E)). A broker-dealer receive immunity from liability in the circumstances including: (i) there have been established procedures, and a system for applying such procedures, which would reasonably be expected to prevent and detect, insofar as participate, any such violation by such other person, and (ii) such person has reasonably discharged the duties and obligations incumbent upon him by reason of such procedures and system without reasonable cause to believe that such procedures and system were not being complied with.
The safe harbor provisions mean that any supervisor or broker-dealer will be subject to no or mitigated administrative sanctions for any employee misconduct as long as it discharges its supervisory duties set forth above. This surely creates an incentive for broker-dealers and supervisors to fulfill its supervisory duties by formulating a proper compliance program. In particular, broker-dealers or CEOs have a high incentive to seek for a reasonable compliance program that pursues substance over form.
By nature, what makes an effective compliance program should be its sensitivity in responding to changes in regulations, IT development, business plans and market environment. Hence, compliance programs would be more effective if governed by self-discipline rather than forced laws and regulations.
Meanwhile, FINRA set forth the criteria for supervisory duty, which complements the Securities Exchange Act. In more detail, FINRA’s Rule 3110 calls for documentation of written supervisory procedures (WSPs) and designation of a supervisor. On top of that, Rule 3120 and Rule 3130 further require a supervisor who has a supervisory control system in place, monitor it, revise the WSPs, and report to the management. Also required by the rules are the designation of Chief Compliance Officer (CCO), CEO approval for documentation and modification of WSPs, and a supervisory procedure between CCO and CEO at least once a year. The FINRA rules offer more concrete guidance to internal controls such as a compliance program and a supervisory system. It surely appears that self-regulation completes the supervisory duty in the Securities Exchange Act that otherwise lacks clarity.
The compliance program adopted by US broker-dealers evolved thanks to the way it is disciplined by the USSG and supervisory duty set forth in the Securities Exchange Act, not by regulatory mandates. This could be largely because of the effective incentive mechanism including tough sanctions combined with a penalty mitigation policy, and supervisory duty backed by safe harbor protections. It appears that such mechanism might have thrived behind the belief that a compliance program designed by broker-dealers for their own sake would be not only substantive but also effective. It is neither realistic nor possible to expect corporations to build a flawless compliance program under the rapid changes taking place in financial regulations and IT environment. In this regard, it is worth closely studying the case of the US that lays stress on self-reporting or cooperation with investigation, instead of fully focusing on formulating a compliance program. Admittedly, Korea and the US are starkly different in terms of the legal framework and internal controls on securities firms. Still, however, the US case could serve as an important reference in discussions about improving Korea’s internal controls going forward.