Regulation as Opportunity

A Review of The New Era of Regulatory Enforcement

Gavel & Laboratory Equipment
-Oxford-/E+/Getty Images

In a year when headlines blare about Volkswagen’s enormous settlement regarding a bit of vehicle emissions tampering and when tourists and a vast group of the ever-so-curious wonder exactly how Disney decided to manage its alligator problem before a heartbreaking tragedy occurred at one of its resorts, two KPMG leaders have written a book on navigating one’s way through the regulatory universe. In The New Era of Regulatory Enforcement: A Comprehensive Guide for Raising the Bar to Manage Risk (McGraw-Hill Education, 2016), Richard H.

 Girgenti and Timothy P. Hedley chronicle, with the help of a number of well-informed contributors, a good many of the regulatory hazards that are actually out there as well as the government’s approach to dealing with violators.

Let’s be real: It’s probably just about impossible for any entity, no matter how high-minded and flush, to be fully compliant with every regulatory requirement that’s applicable. It’s easy to overlook one. It’s easy to misinterpret one. Given the vastness of regulatory requirements and the frequency with which they are issued, revised, and enforced, running afoul of the law can be accomplished fairly easily despite corporate management’s very best intentions. What is particularly helpful about this work is that the reader is informed very specifically about common corporate missteps, about how the government is likely to pursue, and about how to prevent, detect, and mitigate regulatory wrongs.

Why should we care how vast the regulatory web that might ensnare us is? The authors cover the history of the early aughts, from 9/11, which led to the Patriot Act, to misleading corporate earnings reports that paved the way for the Sarbanes-Oxley Act, to the Great Recession and the Bernie Madoff Ponzi scheme and the failure of Lehman Brothers and the collapse of other institutions, and the creation of the Office of the Special Inspector General for the Troubled Asset Relief Program (TARP) and so on.

The authors launch into more recent examples from the second decade of the new millennium so readers are clear on how we got to where we are, which is to say, the land of the highly regulated. Add to this storehouse of regulatory detail a government enforcement approach akin to the ‘broken windows strategy’ — as in municipal law enforcement’s efforts to address minor infractions as an attempt to thwart even larger ones — and anyone who works for or with corporations should pay attention.

Doubt that more regulation is headed your way? Just look at the Frank R. Lautenberg Chemical Safety for the 21st Century Act signed into law by President Obama on June 22, 2016. The statute strengthens the Toxic Substances Control Act, which governs the manufacture, use, and disposal of certain chemicals. Or consider how easily regulation can move beyond mere corporate wrongdoing and enter what one might consider a more personal sphere. Just consider former New York State Governor Eliot Spitzer, whose financial maneuverings led to the discovery of his penchant for prostitutes and ended in his resignation from the governorship in 2008. More recently, former Speaker of the House of Representative Dennis Hastert’s withdrawal of significant sums of money from his own accounts received law enforcement’s attention and led to the eventual disclosure that Hastert had been paying hush money to someone for prior misconduct, which was later revealed to be sexual abuse of minors.

In April 2016, Hastert was sentenced to 15 months in prison for illegally structuring those financial transactions.

All of which makes this a particularly pertinent book. The regulatory regime is vast. The government’s investigation and enforcement power against corporations and individuals is vast. Ignore current regulatory constraints at your peril.

In this enforcement environment, CEOs aren’t the only ones who will take a fall should regulatory misconduct occur. Rather, the authors note, government enforcers also focus on ‘gatekeepers’ (e.g., compliance officers) and have even been known to pursue consultants. Moreover, the government has gotten smarter at its own work and can now use big data effectively to, say, flag questionable financial transactions that might have been easily overlooked in a more analog era.

Sweating yet?

Truth be told, we can all likely point to bad actors, or, more probably, less-than-competent actors, in our own fields, whether that’s the automotive industry, big pharma, higher education, manufacturing, mining, law, energy, whatnot. Where this book can be especially useful is when used as a tool for persuading possibly budget-conscious foot-draggers seeking to make other outcomes, like immediate profits, their near- and long-term priorities. The authors make a very persuasive case that the risk of being caught running afoul of the law — and of being penalized for doing so — is a real and substantial one. Moreover, today, corporations might not just get to pay a fine and continue on; they may get to experience the joy of an independent monitor assessing their ongoing compliance.

How, exactly, can corporations and the bright-eyed people who work for them violate the law? Well, there’s bribery, corruption, money laundering, insider trading, tax evasion, financial reporting fraud, abusive consumer finance practices, and the violation of trade sanctions, to catalog a few. To that laundry list of potential bad acts, add the pressure that a supervisor, or his supervisor above him, might put on an employee by directing that employee to do something blatantly illegal. What should that employee do? What if that employee was just asked to operate in a more legally ambiguous area of the law? It helps to have an internal hotline that employees are aware of and feel comfortable using. It also helps if employees believe there will be no negative repercussions for them if they do report a violation to higher ups. Those employee hotlines become even more important as the authors reveal that much corporate fraud is uncovered thanks to employee tips.

Moreover, where there are regulations and government intervention, there are opportunities.

On the bright side of any enforcement action, the government may look to the strength of a corporation’s compliance program as a mitigating factor. Of course, that compliance program must be one that is not mere window dressing. The problem largely is how to structure a good one. The authors provide plenty of suggestions.

The importance of internal audits is discussed as are the development of codes of conduct not just applicable to employees but also to vendors. Different types of insider trading are identified as are best practices for preventing and ferreting it out. There is a very pertinent section acknowledging our current gig economy: corporations using what the authors refer to as ‘temporary insiders’ need to make sure those temps are aware of proscriptions against insider trading.

The New Era of Regulatory Enforcement is clearly written by authors who know what they’re talking about. A reader can see the expertise in the details of, for instance, the discussion of typical motivations for committing financial reporting fraud, ways that such fraud has been undertaken, how the government proceeds in such matters, how to prevent it, uncover it, and mitigate it. Girgenti, who has a J.D., is KPMG LLP’s National and Americas Leader for Forensic Advisory Services. His background includes stints in the New York County District Attorney’s Office and the New York State Division of Criminal Justice Services. Hedley, who has a Ph.D. in Public Management and an M.S. in Accounting, is KPMG’s Global Lead for Fraud Risk Management Services. The two previously co-authored Managing the Risk of Fraud and Misconduct: Meeting the Challenges of a Global, Regulated, and Digital Environment (McGraw-Hill, 2011).

Probably every professional has read her share of business books that are either a snooze or blatantly self-promotional on the part of the author or both. This is neither. The authors have managed to turn a prospectively dull topic, no matter how vital it is for the regulated community, and make it an engaging read that proceeds quickly even as plenty of informative detail is provided. Yes, of course, the authors and their contributing colleagues do, of course, showcase their expertise, but they do so not so much in an advertorial way but in a knowledgeable one as they explain well the reasons for our current regulatory system and identify ways to navigate successfully within it. Truthfully, if I were in a little bit of regulatory hot water, I’d probably call this bunch.

The minor quibbles I have with the book mostly concern the Endnotes. I’m that reader who actually uses them. Far too many, in my opinion, are merely URLs. No author, no title, no date is listed. So, for instance, the citation to a quotation (found on page 243) about a pharmaceutical company’s kickbacks to a physician that included tickets to a Madonna concert is just listed as a URL with no headline, no author, and no date. Try typing this URL into your computer accurately:

http://www.wsj.com/articles/SB10001424052702304299704577502642401041730

While such an approach might work for the digital version of the book if the links are live, it’s not so helpful in print. It would be much more informative to have a citation like this:

Jeanne Whalen, Devlin Barrett & Peter Loftus, Glaxo in $3 Billion Settlement, Wall Street Journal (July 3, 2012 12:01 a.m. ET), http://www.wsj.com/articles/SB10001424052702304299704577502642401041730.

Earlier on (p. 18), the authors mention a significant memorandum issued by a deputy attorney general that emphasizes the Justice Department’s focus on individual malfeasance rather than on mere corporate wrongdoing. Yet they provide an endnote that cites to an address the memo’s author gave rather than to the memo itself (endnote 55, p. 257).

The lawyer in me would have liked specific statutory sections to have been cited in a chart comparing anti-bribery and corruption laws in different countries (pp. 98–100).

On occasion, the reader is swimming in a bit of acronym soup with sentences like this: “In 2015, the DOJ and SEC entered into 100 DPAs and NPAs” (p. 20).

Of course, writing out all of those abbreviations and adding more detailed citations would make this work more clunky. Accessibility and accuracy are a difficult territory to navigate. All in all, these criticisms are cavils about a vastly informative — and surprisingly interesting — work.