United States: A Primer On SEC Investigations And Enforcement Actions Related To Financial Reporting And Accounting Cases


"One of our goals is to see that the SEC's enforcement program is — and is perceived to be — everywhere, pursuing all types of violations of our federal securities laws, big and small."

− Mary Jo White, Chair of the SEC, October 9, 2013

"In the end, our view is that we will not know whether there has been an overall reduction in accounting fraud until we devote the resources to find out, which is what we are doing."

− Andrew Ceresney, Co-Director of the SEC Division of Enforcement, September 19, 2013

"The SEC is 'Bringin' Sexy Back' to Accounting Investigations"

New York Times, June 3, 2013

Much has changed since the collapse of Enron in 2001 and the ensuing avalanche of financial fraud cases brought by the SEC. For example, Sarbanes-Oxley raised auditing standards, imposed certification requirements on public company officers and required enhanced internal controls for public companies. The Public Company Accounting Oversight Board (PCAOB) was formed "to oversee the audits of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, accurate and independent audit reports."1 In pursuit of that goal, the PCAOB has conducted hundreds of audit firm inspections, adopted numerous auditing standards and brought dozens of enforcement actions against auditors for violating PCAOB rules and auditing standards.

While the PCAOB has become more active during recent years in overseeing the auditing of public companies and their financial statements, the SEC has become less active in its role as chief regulator of financial reporting and public company disclosure. Due in large part to the financial crisis in 2008, some high-profile missteps by the SEC in failing to respond to allegations of multimillion-dollar Ponzi schemes, and the investigation and prosecution of significant insider trading cases, the SEC shifted its enforcement priorities away from financial reporting and toward other areas of concern. Between 2006 and 2012, the number of opened investigations related to financial reporting or disclosure dropped from 304 to 124, while the number of filed cases dropped nearly 70%, from 219 in 2007 to 68 in 2013. Indeed, when the SEC articulated its "five priority areas" for its enforcement program in 2010, creating specialized units to focus on those areas, no unit was formed to investigate public company financial reporting or disclosure. Rather, the areas selected for "enhanced enforcement scrutiny" primarily involved insider trading, complex financial products, hedge funds, FCPA and municipal securities/public pensions.2

It appears that the tide may be about to turn once again. On September 19, 2013, Andrew Ceresney publicly expressed his "doubts" that the level of financial fraud and improper corporate disclosure has dropped in parallel with the decline in SEC enforcement actions. While acknowledging that SOX reforms may have created some obstacles to "large-scale accounting frauds like Enron and Worldcom,"3 Ceresney lamented that both the incentives and the means still exist for public companies to manipulate financial statements. Moreover, he noted that nearly 1 in 5 whistleblower tips received by the SEC in 2012 related to corporate financial reporting and disclosures.

As a result of these concerns, the Division of Enforcement created the Financial Reporting and Audit Task Force, or the "FRAud Task Force." This task force, which was deemed "overdue" by one commissioner,4 is "devoted to developing state-of-the-art methodologies that better uncover accounting fraud and incubating cases that will then be handled by other groups within the Enforcement Division."5 These methodologies, which include industry sweeps, reviewing private class actions, analyzing company performance trends and employing sophisticated analytical tools under the Division's new Center for Risk and Quantitative Analytics, will be used to ferret out potential enforcement investigations related to, among other things, revenue recognition, reserve accounting, accounting for foreign operations and the gatekeeper role of companies' audit committees.

As a result of the inevitable increased scrutiny of companies' internal controls and public reporting, following is a high-level view of how a company can best position itself in case the SEC comes calling, how the SEC conducts investigations and what to do when contacted by the Division of Enforcement.


No public company is immune from an SEC investigation. Even the best-run company can be subject to negative press, a disgruntled employee with an ax to grind, disingenuous claims by class action lawyers or unexplained swings in the market price of its stock. Any of those events, and many others, can cause the SEC to begin an investigation. Below are a few areas to review so that a company can establish itself as a "good corporate citizen" if the SEC comes calling.

A. Codes of Conduct and Compliance Policies

Companies should review and update as appropriate their Codes of Conduct as well as their compliance policies and procedures, to ensure that these are well-designed, tailored to each company's specific operations and risk areas, and applied in good faith. Whistleblower policies should be reviewed, understood and approved by management as well as the board and/or audit committee. FCPA policies, including those related to gifts, entertainment, travel, and charitable and political donations, should be customized to reflect the individual needs of the companies, as well as their subsidiaries, joint venture partners, agents and employees. There are many good resources available to help in preparing and conducting training for relevant employees and managers concerning a company's various policies and procedures. And companies should make sure that appropriate certifications of compliance with their policies and procedures are made by relevant employees. Finally, companies should review their insider trading policies and encourage executives to enter into Rule 10b5-1 plans.

B. Accounting Policies and Documentation

Any investigation conducted by the SEC will, necessarily, involve the staff viewing facts and circumstances in hindsight. As a result, it is important for companies to make sure that their accounting policies are clear and well-reasoned, and that the company's practice complies with those stated policies. If an apparent deviation from accounting policies occurs, the company should make sure that sufficient documentation exists to explain the deviation, setting forth the reasons for the decisions made, any communication with outside auditors and appropriate analysis supporting the exercise of management's judgment. In addition, deviations from company policies may signal a need to update those policies to conform to changes in the company's business, or interpretation or guidance concerning the application of GAAP.

C. Tone at the Top

As trite as it sometimes sounds, the SEC takes very seriously any indication that the tone at the top of a public company signals that strict compliance with the law or the company's policies is less than fundamental to the company's culture. Company executives and the board of directors should regularly communicate the importance of compliance with all company policies and should encourage employees to report any breach of those policies. Employee orientation programs, as well as ongoing training sessions, provide an excellent opportunity for management to communicate these messages.

D. Documentation and Information Technology

Document preservation and destruction policies should be reviewed to make sure they reflect the needs of the company. In addition, policies concerning employee use of personal hardware, social media, email addresses and storage devices should be implemented. The policies should be written and, equally important, enforced. Companies with international operations may face complicated privacy issues, and policies in those instances must be crafted to reflect local requirements. Management and the legal department must have an understanding of what the company's documentation and IT policies are and must be in the position to immediately override or halt any document destruction policies in the event of an SEC investigation. A company will find itself in an extremely uncomfortable position if it discovers that potentially relevant documents or data have been destroyed during an investigation because of poor communication or a failure to implement document preservation safeguards.

E. Insurance and Indemnification

Insurance policies for a company, as well as its officers and directors, can vary widely. Some policies provide expansive coverage for a government investigation, some provide much more limited coverage, and some provide no coverage at all. Likewise, indemnification of officers and directors can vary based on the state in which the company is incorporated and the specific provisions of the company's bylaws. Given the real possibility that any public company could be subject to an SEC investigation, a review of current insurance policies and indemnification obligations is important to ensure that the company and its officers and directors have an understanding of the potential exposure they may face responding to a potentially lengthy, and expensive, investigation.

F. Develop a Playbook

The SEC's Division of Enforcement has gone to great lengths in attempting to make its investigations more streamlined and efficient. Delegating subpoena authority to the SEC's regional offices, flattening the management ranks and hiring subject matter experts have allowed the Division to act more quickly than in years past. However, the new-found efficiency in some of the SEC's processes has caused the Division to expect speedier and more efficient responses from those from whom it requests information. As a result, it is important to be prepared for an SEC request for information, whether informal or via subpoena, before that request comes in the door. Developing a "playbook" in anticipation of an SEC request is an excellent way to ensure that a company has anticipated the steps it will need to take in response to an SEC inquiry. The playbook should identify those who may need to be notified when an SEC investigation has commenced (e.g., the board and/or audit committee, independent auditors, outside counsel, investor relations, insurance carrier), provide information concerning the company's IT systems and documentation policies, include a template for document preservation notices, and identify issues to consider in conducting an internal review of the facts and circumstances that are the subject of the SEC's request. Even an informal playbook can save a company critical days in responding to an SEC investigation.


The SEC's Division of Enforcement conducts the agency's investigations, which are generally nonpublic. The Division is staffed primarily with attorneys and accountants. Although headquartered in Washington, D.C., the Division has enforcement staff in each of the SEC's 11 regional offices. While each regional office theoretically handles investigations within its geographic jurisdiction, those boundaries are often ignored. Thus, for example, a company located in Georgia could as readily be investigated by staff in Washington, D.C. or Los Angeles as by staff in the Atlanta Regional Office. There is often no rhyme or reason, at least visible to the public, for one regional office conducting an investigation rather than another.

A. Triggering Events

The SEC staff is required to have nothing more than "official curiosity" to begin an investigation. While there are myriad sources of information that can arouse that official curiosity, following are some of the more common:

  • Newspaper stories
  • Periodic filings by the company
  • Whistleblower tips
  • Referrals from other agencies or self-regulatory organizations such as FINRA
  • Competitors
  • Class action lawyers
  • Investor complaints
  • Foreign governments
  • Market surveillance technology
  • Auditors
  • Industry sweeps

B. Informal Inquiries

The first step in the enforcement process is often for the staff to open an informal inquiry. In such a case, the staff usually begins its inquiry by requesting that the company voluntarily provide relevant information and/or documents to the staff. A company may be contacted via a telephone call from the SEC staff to the legal department, or the company may get a letter notifying it of the inquiry and requesting information. Very often, the staff's request will be accompanied by a notice that the company must discontinue its automated document destruction policies and take steps to preserve all information that could be relevant to the staff's inquiry. Complying with such a request is critical as failure to do so could be grounds for a later claim of obstruction of justice.

In addition to a request for documents, the staff may ask to meet with, interview or even take the voluntary testimony of informed individuals at the company. Although the matter at this point is informal, and the company has the right to decide not to voluntarily produce the information requested by the staff, public companies rarely find it advantageous to refuse to cooperate with reasonable staff requests for information. By cooperating with reasonable staff requests, the company will put itself in a more favorable light in the staff's considerations as the investigation proceeds, potentially allowing the company to have greater input into the direction and nature of the investigation. Refusing to cooperate with an informal inquiry, on the other hand, will most often result in the company receiving a subpoena compelling the production of documents and testimony.

Under certain circumstances, the staff may request that a company voluntarily conduct an inquiry of its own and report back concerning any relevant facts found or conclusions reached. Depending on the facts, a company may decide to conduct such a review even absent a staff request,. Volunteering to do so often makes sense when the company believes that it is likely that the staff's concerns are unfounded and a well-reasoned report will alleviate those concerns. Similarly, when a company believes that it may be vulnerable due to a financial reporting problem, conducting its own internal investigation with the promise of providing a report to the staff may put the company in position to influence the staff's investigation, and claim "cooperation credit" down the line.

C. Formal Investigations

While informal inquiries are a standard first step in the enforcement process, those inquiries are often converted to formal investigations. This can be a quick process, often done without notice to the company. While an informal inquiry may become a formal investigation merely due to the passage of time, often the conversion results from the staff's belief that, due to a difficulty in gathering information voluntarily or a perceived lack of cooperation, the staff needs to compel by subpoena the production of documents or testimony. In addition, certain records, such as those held by banks and telephone companies, can often be obtained by the staff only through a subpoena.

Whatever the reason, if the staff determines that it is going to conduct a formal investigation and issue subpoenas, it must obtain a "Formal Order of Investigation." The decision to issue a Formal Order can be made by the Commission itself or by one of its designated delegates. Those delegates include certain senior officers in the Division of Enforcement, including individuals within each of the regional offices. To obtain a Formal Order, the staff must articulate, usually in writing, the relevant facts it has discovered to date, the potential violations of the federal securities laws to be investigated and the specific staff members who will be conducting the investigation. A Formal Order will then be issued, which authorizes the designated staff to conduct the investigation, issue subpoenas, administer oaths in connection with sworn testimony and compel the production of documents and information relevant to the investigation. The issuance of a Formal Order does not indicate that any violation of law has occurred, but only that the staff is empowered to investigate a possible violation.

Once a Formal Order is issued, the enforcement staff typically relies on its subpoena power to obtain evidence, rather than continuing to ask for the voluntary production of information, even from individuals or entities that would have continued to voluntarily cooperate with the agency. Subpoenas issued by the enforcement staff can be very broad and can cover a lengthy time frame. However, it is often possible to negotiate the specifics of a subpoena with the staff. The subpoenas are not self-enforcing. Rather, the SEC must seek an order from federal court enforcing the requirements of the subpoena against anyone who fails to comply. Few such actions are brought by the SEC, since the agency's subpoenas are rarely flouted without good reason.

Typically, the staff will seek to have many, if not most, of the relevant documents in hand early in its investigation. Those documents are often obtained from the company as well as its employees, officers and directors. In addition, documents may be obtained from third parties, such as customers, vendors or business partners of the company, as well as auditors and banks. The documents collected by the staff can run into the millions of pages. By obtaining and reviewing them early in the investigation, the staff will be able to refine the parameters of the investigation, make preliminary determinations about the likelihood of a potential violation, discover sources of additional relevant information and begin to identify those individuals that the staff believes should testify.

Once the documents are in hand, the staff will likely call witnesses to testify regarding the matter. The company will at this point need to make decisions regarding representation of the employee-witnesses. Potential conflicts of interest, company resources, indemnification obligations, and strategic considerations are all important in determining how company witnesses are represented during the course of the SEC investigation. Testimony is almost always taken at an SEC office, is conducted under penalty of perjury, and is transcribed by a court reporter. Unlike a deposition, the testimony session is controlled exclusively by the staff, with few limits on the staff's ability to ask questions. While the company will often have information about whether its employees and directors are called to testify, there is no requirement for the staff to notify the company about third parties that are subpoenaed. Moreover, only the witness's attorney is allowed into testimony; company counsel is not.

The Division's relatively recent cooperation initiative has introduced new wrinkles into the investigative process. For example, in many cases, the staff is now conducting "off-the-record" interviews of witnesses rather than taking formal testimony, or conducting proffer sessions with witnesses or their attorneys. As a result, no transcripts of the witness statements are available. In addition, the staff has begun entering into cooperation agreements with individuals, frequently knowledgeable company employees, in an attempt to garner information from those individuals that could be detrimental to the company. As a result, the staff is taking a harder look at circumstances in which counsel is representing multiple witnesses during an investigation. Even when the witnesses are employees of the same company, the staff has expressed concerns that counsel for multiple employees may not be adequately informing individual clients about the possibility of entering into a cooperation agreement with the SEC.

An SEC investigation, particularly concerning financial reporting, accounting controls or disclosures, can take many months — often years — to complete. As Andrew Ceresney stated, "accounting fraud cases take lots of resources and effort. They often require a lot of financial analysis, mounds of documents, and lots of testimony. But we are prepared to devote the resources."6

D. Wells Notices

At the end of its fact-finding investigation, the staff will confer and come to a decision about whether it believes that a violation of the federal securities laws has occurred and, if so, whether it will seek to have the company or any individual charged with the violation. If the staff believes that charges are appropriate, it nearly always provides a "Wells Notice" to the company or individuals against whom it believes enforcement action should be taken. The Wells Notice provides the recipient with some limited information about the basis for the staff's conclusions, the specific laws that the staff believes were violated, the forum in which the staff believes a case should be brought and the relief that the staff would seek in an enforcement case.

A recipient of the Wells Notice will have an opportunity to provide a written submission to the staff that outlines why the staff should not pursue the enforcement action. Wells submissions often address the facts as discovered in the investigation, the law concerning the matter and policy issues related to the staff's allegations. In some cases, recipients of Wells Notices may review some or all of the nonprivileged files compiled by the staff during the course of its investigation. The staff's files can include, among other things, transcripts and exhibits from the testimony of witnesses in the case, emails and other documents obtained from the company, and workpapers in connection with an audit. By taking advantage of reviewing the investigative files, a Wells recipient can more fully understand the case and provide a better informed, and more persuasive, submission.

Wells Notices are not indications that the SEC itself has determined that there was a violation of law or that the recipients of a Wells Notice are responsible for any such violation. Rather, they are only notification that the staff anticipates recommending to the Commission that, based on the facts as the staff understands them, the staff believes that a violation has occurred, that the Wells Notice recipients are responsible for the violation and that the Commission should authorize an enforcement action consistent with the staff's recommendation. If a recipient of a Wells Notice submits a response, that response is also provided to the Commission for its consideration at the same time as the staff's recommendation. A recent analysis conducted by Dow Jones found that the SEC did not pursue charges against approximately 20% of individual recipients of a Wells Notice.7

The staff is very often willing to discuss settlement of its case during the Wells process. Often, the staff will agree to meet with counsel to discuss the case and may allow counsel to review the investigative record so that informed and productive settlement discussions can take place. The staff does not have the authority to commit the SEC to any settlement at this point in the process. Rather, in any agreement reached between the staff and a party, the staff is committed only to recommending to the Commission that the terms of settlement negotiated by the staff be accepted by the SEC. While the majority of settlements recommended by the staff are accepted by the SEC, it is not unusual for the Commission to reject proposed settlement terms and provide direction to the staff about settlement terms that would be more acceptable to the SEC.

E. Enforcement Actions

All enforcement actions brought by the SEC are civil in nature, as the agency has no authority to bring criminal cases. In cases in which criminal activity has occurred, the SEC will often work in parallel with the Department of Justice or, less frequently, state criminal authorities. The SEC has two forums in which to bring its enforcement actions: federal district court and administrative proceedings.

The primary relief sought by the SEC in actions brought in federal court is injunctive relief. The court can issue an injunction in those cases in which the SEC has shown a violation of the law and a reasonable likelihood of future violations by the defendant. That likelihood is often based on the nature and egregiousness of the conduct, the level of intent involved, the opportunities for future violations and the degree to which the defendant has recognized the wrongful nature of the conduct. Ancillary to the injunction, the SEC will often seek myriad other remedies to "right" the defendant's wrong. For example, the SEC will most often seek disgorgement of any ill-gotten gains obtained as a result of the violation, as well as a civil monetary penalty against the perpetrators of the violation. The SEC can, in many cases, create a "fair fund" where disgorgement and civil penalties are held in anticipation of returning the funds to any identifiable "victims" of the violation. In addition, the SEC can, in certain cases, seek to prevent individuals from acting as an officer or director of any public company, or can seek to claw back performance-based compensation.

In administrative proceedings, the Division of Enforcement brings its case to an administrative law judge who is an employee of the SEC. There is little discovery in the administrative hearing process. As a result, the time between the filing of the action and "trial" is usually a matter of months, rather than the years that can be typical in federal court. Hearings in administrative proceedings are similar to federal court trials, with the Division and each respondent introducing evidence through witnesses and exhibits. The relief sought by the Division is similar to that sought in a federal court case, with some exceptions. For example, rather than seeking an injunction, the Division can seek a cease-and-desist order. In addition to the officer and director bar available in federal court, the Division in an administrative proceeding can seek to have professionals (usually lawyers and accountants) barred from appearing or practicing before the SEC.


Whether the SEC is conducting an informal inquiry or a formal investigation, it is imperative that the matter be taken seriously. Often, particularly early on, the manner in which a company responds to the SEC is just as important as the substance of the response. The SEC staff will quickly conclude for itself whether the company is acting in a manner that the staff believes is responsible, and can be trusted in working through the issues involved in the investigation. That first impression can remain with the staff for the remainder of the matter. The staff often believes that it has the obligation, and the unfettered ability, to subpoena documents and take testimony of employees, officers, directors and third parties, regardless of the disruption or cost to the company. As a result, it is extremely important to react to any request by the SEC in a way that will put the company in the best position possible for what could potentially be an uncomfortable and expensive multiyear process.

A. Retain Experienced Counsel

Although companies often want to minimize costs or not seem defensive when the SEC calls, and therefore often want inside counsel to be responsible for responding to the SEC, in cases involving financial reporting or disclosure it is almost always a better strategy to retain counsel with experience in defending companies subject to an SEC investigation. Even the most seemingly benign issue raised by the staff during an initial call could be the tip of the iceberg, with more serious issues to follow. Counsel familiar with SEC investigations can immediately begin to work with the staff to narrow the issues, discuss timing of responses and obtain critical information from the staff that can be used to frame both short- and long-term responses to the investigation. Experienced counsel can also anticipate probable future requests by the SEC and can work with the company to secure documents and information, protect privilege, and make determinations concerning whether to disclose the existence of the investigation, and to whom.

B. Communicate with the SEC Staff

Very frequently, the SEC's initial request for information is broad-based and onerous. It will often require the expenditure of a significant amount of resources and can be very disruptive to the company. Moreover, the time frames for responding to the staff can range from somewhat limited to unreasonably short. It is vital to contact the staff soon after receiving the request with a reasonable plan to propose concerning the company's response. It is often during that initial conversation that requests for information, and the timing of the company's response, can be reasonably negotiated with the staff. In addition, the scope of the SEC's issues can sometimes be discerned and discussed. Finally, the company will have its first chance to attempt to "set the tone" of the investigation by working with the staff to allow it to quickly and efficiently obtain the information it reasonably needs, while establishing the good faith efforts of the company.

C. Review Insurance Issues

Insurance policies should be reviewed to determine whether any notification needs to be made to the company's carrier. Also, many insurance policies provide coverage for certain types of SEC investigations. Insurance policies may also kick in to cover the legal expenses for employees, officers or directors if they are called to provide information or testimony to the SEC.

D. Alert Senior Management and the Board, and Consider the Auditors

Given the current environment at the SEC, and its stated priority of tracking down financial reporting and disclosure violations, it is difficult to imagine a request for information coming from the Enforcement Division that would not rise to the level of notifying senior management and, likely, the board of directors or audit committee. In addition, if the investigation potentially concerns the company's financial statements or public filings, serious consideration must be given to notifying the company's auditors, as such notification is often more a question of "when" rather than "if."

E. Preserve Documents and Information

The company's automated document destruction policies must immediately be suspended, at least with regard to any documents that could potentially be relevant to the SEC investigation. Employees who may have relevant documents or information must also be instructed to preserve the evidence. The scope of an SEC investigation is often difficult to discern, particularly early in the investigation. As a result, it is much better to err on the side of caution by preserving any documents that could remotely reflect on the SEC's issues. Sometimes a call to the SEC to discuss the scope of document preservation can provide some comfort and guidance concerning the breadth of preservation.

F. Preserve the Attorney-Client Privilege

A company under investigation still needs to conduct its business. Moreover, management, senior executives and often the board need to determine how to respond to the SEC's investigation and will have innumerable strategic decisions to make concerning the investigation. It is extremely important that all individuals involved in the company's response to the investigation understand the issues surrounding privileged communications within the company. Those individuals should be cautioned that discussions concerning the investigation, or the historical facts giving rise to the investigation, that occur outside of the presence of an attorney may be discoverable and will likely be the topic of SEC testimony at a later date.

G. Investigate the Issues

Few things are more unsettling for a company than to have the SEC know more about a potential problem than the company itself does. As a result, it's important for the company and its counsel to immediately gather all relevant information concerning the issues raised by the SEC. Often, this may involve interviewing employees, searching files, gathering emails and analyzing transactions. Choosing who oversees the investigation — inside counsel, outside counsel or independent counsel — is an important consideration that could have significant meaning for the SEC down the road. While not always possible, the company should try to avoid sending any information to the SEC that is not reviewed, verified as accurate and understood. A company that provides information to the SEC that is inaccurate, even if solely by mistake, will suffer for that error throughout the investigation.

H. Consider the Company's Disclosure Obligation

Based upon the investigation that the company conducts, as well as the issues being investigated by the SEC, it is possible that the company should disclose the fact of the investigation to the market. While there are divergent opinions concerning whether and when to disclose the existence of an investigation, it is a decision that should be made after establishing as many facts as reasonably possible, and after consultation with experienced disclosure counsel.

I. Additional Considerations as the Investigation Progresses

The facts and circumstances known to the company, and to the SEC, are certain to evolve over the course of an SEC investigation. As the facts evolve, a company's response to the investigation may need to evolve as well. Issues that can typically arise during the course of an investigation include:

  • An expansion of the potential scope of concern. What started as a relatively minor problem involving low-level employees can suddenly raise questions of a larger magnitude involving more senior management or even executives. A company needs to maintain flexibility in determining how it proceeds in responding to an SEC investigation or conducting an investigation of its own.
  • Representation of employees during an investigation. While counsel can often represent multiple individuals when there is no conflict, the determination of whether a potential conflict exists as an investigation evolves needs to be constantly reviewed. Furthermore, the SEC has made recent statements that it believes that counsel is not always recognizing when multiple representations raise a conflict, particularly given the incentives offered by the SEC in attempting to reward individuals for proactively cooperating with the staff. As a result, continuous monitoring of the facts surrounding the SEC's investigation, and how those facts affect questions concerning potential conflicts, is a must.
  • Remedial steps. If a company recognizes issues or shortcomings in its policies, procedures or disclosures, it may be in the company's best interest to implement remedial steps to resolve those concerns even though the investigation has not yet been completed. Appropriate remedial steps, which often include employee discipline, changes to processes and procedures, and enhanced disclosure, can help a company not only by immediately preventing any further problems but also by showing the SEC that the company takes its responsibilities seriously.
  • Outside experts. In addition to leading a company to engage outside counsel, the facts discovered during an investigation could prompt a company to bring in outside experts concerning various issues. For example, outside experts such as forensic accountants, public relations professionals, corporate governance advisers and information technology specialists can often be useful during and after an SEC investigation.


1 http://www.pcaobus.org.

2 See Speech 1/13/10 at http://www.sec.gov/news/speech/2010/spch011310rsk.htm .

3 See Speech 9/19/13 at http://www.sec.gov/News/Speech/Detail/Speech/1370539845772 .

4 See Speech 10/25/13 at http://www.sec.gov/News/Speech/Detail/Speech/1370540071677 .

5 See Speech 9/19/13 at http://www.sec.gov/News/Speech/Detail/Speech/1370539845772 .

6 See Speech 9/19/13 at http://www.sec.gov/News/Speech/Detail/Speech/1370539845772 .

7 http://online.wsj.com/news/articles/SB10001424052702304500404579125633137423664

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

*** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.