How an in-house attorney can protect himself from SEC enforcement actions and criminal prosecutions
See the first article in this series on protecting financial institutions from enforcement actions.
Financial institutions are at significant risk from enforcement actions by regulators as well as consumer, investor, or public protection agencies such as the Consumer Financial Protection Bureau (CFPB), the Securities and Exchange Commission (SEC), and the Department of Justice (DOJ). I recently published an article on what steps an in-house attorney can take to mitigate these risks for the clients of their financial institutions. This article takes a different perspective. Instead of focusing on threats to the institution, it focuses on threats to internal consultants in their personal capacity. To begin with, it’s important to realize that enforcement actions against in-house attorneys are extremely rare. However, they are not absent.
This article builds in part on an unpublished analysis prepared by one of my partners at Williams & Connolly that examines the SEC’s actions on non-insider trading and the DOJ’s criminal prosecution against in-house corporate advisors over the past two decades. The analysis focuses on threats to internal government attorneys personally and what lessons can be learned from previous enforcement actions and criminal prosecutions against individuals. While not all lessons are drawn from activities that involve an in-house advisor specifically at financial institutions, the lessons apply equally to them.
Common factors in actions involving an in-house attorney
Factor 1 – The top attorney is almost always the goal, either on his own or to undermine the defense of a “counselor” for other top executives
When the SEC or the DOJ take action against in-house attorneys, they almost always focus on the general counsel or the chief legal officer. There are two main reasons for this. First, the chief attorney undeniably had the authority and mandate to address problems and, rightly or wrongly, the failure is often laid at the feet of the general counsel or the chief legal officer. Another reason general counsel or chief legal officers might be in the crosshairs, especially when it comes to criminal activity, could be to undermine lawyer defense advice to other executives. When the government threatens civil or criminal claims against internal lawyers, instincts for self-preservation can emerge. It is not uncommon for lawyers to disapprove or distance themselves from certain positions held by other investigative targets in order to protect themselves.
Factor 2 – Large losses for the institution lead to an undesired audit of the internal legal aid
Another common factor in SEC enforcement actions and criminal prosecutions against in-house attorneys is that the facility itself suffers significant losses. The greater the failure of the facility, the greater the risk of putting the in-house attorney at risk. When the institution is handed a grand verdict or a damned indictment, there is tremendous pressure from consumers, politicians and the media to hold someone accountable, and actions can be questioned with hindsight. The in-house attorney often becomes a scapegoat.
Factor 3 – Internal attorneys can isolate themselves by consulting an external attorney
In-house attorneys who rely on outside attorneys are rarely, if ever, the target of enforcement actions or criminal prosecutions by the SEC. Lawyers defense advice is a real deterrent against law enforcement or enforcement. However, in order to build a viable defense, the consultation with an outside attorney must be meaningful and ideally documented. The outside attorney needs to be informed of the essential facts and his advice should be remembered at the same time. In a broader sense, the internal attorney should act in a manner consistent with the advice of the external attorney in order to clearly demonstrate confidence in the advice.
Factor 4 – Complex or controversial issues are rarely a basis for individual enforcement or law enforcement, whereas perjury or obstruction are much simpler cases
Enforcement attorneys and prosecutors prefer to pursue cases where there is a clear violation of the law. SEC law enforcement agents and prosecutors will vigorously pursue perjury or obstruction claims against in-house attorneys, as these actions are usually straightforward and easy to prove. SEC enforcement proceedings against in-house attorneys most often stem from disclosures, particularly omissions in disclosures. Self-trading or other measures to fill your pockets are not required for the SEC to initiate enforcement action. On the other hand, if the breach itself is unclear or complicated, there is less risk to internal legal counsel, even if the SEC or the DOJ decide to bring a lawsuit against the institution. It’s much easier to blame someone when the violation is clear. A consequence of this is that mere knowledge of the conduct that is later deemed criminal is usually insufficient to warrant prosecution against an in-house attorney, unless the conduct was so egregious as to be clearly inappropriate.
Factor 5 – Generalist lawyers cannot isolate themselves from liability by pleading ignorance
Don’t go over your head. In-house attorneys are expected to have the knowledge and experience necessary to perform the duties of their role. It is not uncommon for in-house lawyers in smaller institutions to wear multiple hats, e.g. B. also in a compliance function (or at least in the monitoring of the compliance function). Regardless of how many hats they wear, the in-house attorney will be held responsible for defects, especially if those defects materially affect the consumer or the establishment. Neither the SEC nor the DOJ are moved by arguments that the person in charge of these roles lacked the sophistication to carry out these responsibilities.
Practical tips for internal advice at financial institutions
These observations lead to some practical tips for in-house consultants to minimize the enforcement profile of their organization, and therefore of themselves.
- Make sure that your institution’s risk management function is well equipped and adequately staffed. Enforcement is almost always far more costly (for both reputation and punishment) than maintaining a well-functioning compliance team. These investments in staff and resources can pay off in terms of smooth regulatory relationships and the early detection and resolution of problems.
- Establish and maintain close cooperation with the Chief Risk Officer. Most institutions have three lines of defense (business line, compliance, and audit) and the chief risk officer should have a clear view of each line of defense. Ideally, the Chief Risk Officer should not only be a peer, but also a partner for internal advice.
- Make sure your institution is taking proactive steps to identify and resolve issues as they arise. Problems that fester or recur are more likely to attract regulators’ attention to the internal attorney’s actions (or perceived inaction). If you are proactive, you can find that the in-house attorney (and the institution as a whole) is using reasonable business judgment.
- Be on the highest alert if your institution’s CAMELS ratings begin to decline as it may indicate deeper issues with institutional controls or management. This also signals greater government scrutiny, especially if a bank or credit union is operating under a consent form or memorandum of understanding, and an increased likelihood of duplicate estimates.
- For particularly sensitive issues: (1) consult an outside lawyer; (2) ensure that their advice is adequately recorded; and then (3) act on that advice. While the involvement of outside legal counsel invariably comes with marginal costs, the long-term benefits are almost always worthwhile.