Speech by SEC Commissioner:
"Combating Securities Fraud at Home and Abroad"
Commissioner Luis A. Aguilar
U.S. Securities and Exchange Commission
Third Annual Fraud and Forensic Accounting Education Conference
May 28, 2009
Thank you for that generous introduction. I am pleased that I am able to join you today at Georgia Southern University's Third Annual Fraud and Forensic Accounting Education Conference. Clearly, this is a timely conference, as it takes place at a time of economic hardship when fraudulent schemes continue to be revealed at a record pace. At the SEC, our phones are ringing off the hook with tips alleging fraudulent activities.
As is customary, let me say that the views I express today are my own, and do not necessarily reflect the views of the Securities and Exchange Commission, my fellow Commissioners, or members of the staff.
Now more than ever the accounting industry's role as gatekeeper in terms of auditing, and otherwise servicing, public companies is critical to promoting transparency of financial reporting in our market. In addition to the tireless work of the SEC staff in rooting out financial fraud, accountants in the private sector are also an important component to pursuing violations of the securities laws. This is particularly true of forensic accountants. The expertise to undertake corporate internal investigations of accounting fraud and to analyze economic issues related to existing or pending litigation, as well as analyze potential books and records violations, is a necessary skill in today's world of complicated financial transactions.
Most of you know the SEC as an agency with a strong law enforcement tradition. And, it's true, each year the SEC brings hundreds of civil enforcement actions. Moreover, you can expect that the SEC will be even more aggressive going forward. Since the beginning of the year, we have dismantled the failed corporate penalty pilot program, which required SEC enforcement staff to seek prior Commission approval before negotiating penalties with corporations; we've begun to streamline and expedite the approval of formal investigations; and we're addressing the Commission's infrastructure to better handle tips and complaints.
Clearly, the handcuffs are being taken off and our enforcement and examination staffs are being re-energized. Those who are contemplating fraudulent action need to think twice. And those companies looking to impose policies and procedures to make it harder for fraud to be committed, or to more quickly catch on-going fraud, need to act now. An ounce of prevention will be worth a pound of cure.
As forensic accountants, your role in preventing and detecting financial frauds, and the misappropriation of assets, is crucial. While the SEC's cases charging violations of the securities laws involving insider trading and offering fraud often garner the big headlines, the largest percentage of cases brought by the agency in the last few years have been those relating to financial disclosure. Because it is often difficult to detect, financial fraud is particularly damaging to our capital markets and to investor confidence — and requires our most serious attention.
Today, I will focus most of my remarks on deterring fraud, and some of the tools that help to deter fraud.
Specifically, I will speak about:
the positive effects that implementation of the Section 404 internal controls requirements has had on the quality of financial reporting; and
Ponzi schemes and, in particular, efforts to prevent affinity fraud.
And, I will close these remarks with some thoughts on positive developments in international enforcement cooperation and how these developments have impacted global investigations.
I noticed that one of your sessions this morning is entitled "Does a downtick in the economy mean an uptick in fraud?" One of the lessons learned from prior recessions is that, as economic conditions sour, executives will face even more pressure to meet revenue and earnings targets that are harder to achieve. The temptations will be great to succumb to this pressure and commit fraud by "cooking the books" to show better financial results. Fortunately, there are new tools that may restrain this temptation.
As forensic accountants, you have the opportunity to provide expert advice in the planning stages for public company audits, particularly with regard to assessing risks of weaknesses in internal controls over financial reporting and in developing data-mining tools and other analytics to assess the effectiveness of these controls. These are important contributions to the financial reporting processes for public companies in the U.S., particularly in light of the requirements of Section 404 of the Sarbanes-Oxley Act of 2002.
As you know, Section 404 has two provisions: Section 404(a) requires company management to assess the effectiveness of the company's internal controls over financial reporting, while Section 404(b) requires an auditor attestation on management's assessment. Both of these provisions have been in effect since 2004 for the larger companies that comprise more than 95% of the market capitalization in the U.S. equity securities markets (representing in excess of 3,900 companies, or 35% of public companies).
As we find ourselves deep in an economic downturn, we are fortunate to have this additional safeguard in place — a safeguard that was not there the last time we faced these conditions. Section 404 has led to many improvements in internal controls that make it harder to commit fraud — and as forensic accountants are well aware — improve the chances that the fraud will be detected. In addition, Section 404, along with the entire Sarbanes-Oxley Act, has created a larger sense of accountability for top corporate executives and internal audit groups. The willingness of corporate management to call upon forensic accountants for assistance in the early stages of suspecting fraudulent reporting, or the potential misappropriation of assets, has substantially increased. With the implementation of Section 404, forensic accountants and fraud investigators have a more defined and necessary role today in assisting organizations in the continuous prevention, detection, and investigation of fraudulent financial transactions.
The necessity of internal controls is nothing new. Section 13(b)(2)(B) of the Securities Exchange Act of 1934 has long required that companies devise and maintain a system of internal accounting controls. Nevertheless, the focus on implementation of improved controls, due to Section 404, has led to an increased number of internal investigations commenced upon the discovery of possible improper accounting, many times resulting in self-reporting to the SEC.
Moreover, studies seem to indicate that Section 404 of the Sarbanes-Oxley Act has enhanced the quality of disclosure available to the investing public. A 2008 study on the predictability of earnings found that firms reporting weak internal controls over financial reporting have poorer earnings relative to those with effective controls, and that the predictability of earnings improves once firms remediate their internal control weaknesses.1 Another recent study found that companies that report material weaknesses in internal controls over financial reporting are more likely to report restatements in the future.2
This is not to say that 404 does not have costs. However, indications are that costs do fall once implementation is complete, processes are established and personnel are trained. The increasing appreciation for 404's benefits and the decreasing focus on 404's costs is, in part, due to the regulatory work of the SEC and the PCAOB — through the publication of guidance and through the adoption of Audit Standard No. 5. In addition, it is important to differentiate between the costs of 404 and the costs to improve internal controls so that management can credibly rely on them. Many of the costs attributed to 404 might be more properly characterized as necessary costs even before Sarbanes Oxley so that management could have confidence in the company's internal controls. Internal controls have always been required, and management should have a basis for relying on them.
I do believe that Sarbanes-Oxley — and Section 404 in particular — has been successful in focusing the attention of management and boards of public companies on the effectiveness of a company's internal controls over financial reporting. As a result, it is time to ask: Has the time come for the 404(b) auditor attestation requirement to apply to the approximately 7,300 public companies that are smaller public companies (comprising roughly 65% of public companies)?
As you know, due to concerns about the cost of implementation, there have been multiple extensions of the compliance date as to the 404(b) auditor attestation requirement for smaller public companies in the past few years. The current extension is scheduled to expire later this year. Each delay of the legal requirement to comply with 404(b) requires higher scrutiny. And, since the last extension, the PCAOB staff has issued guidance on the 404(b) attestation as it applies to smaller companies. This guidance adds to other guidance published by the SEC and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) that aims to be flexible and scalable. The available guidance, and accumulated experience with the 404(b) requirement, should reduce the costs of compliance for smaller companies.
It should also be noted that investors in smaller public companies may get particular benefits from having 404(b) apply. As noted in the COSO guidance for smaller public companies, these companies face particular challenges with respect to internal control over financial reporting.3 As the COSO guidance indicates, these challenges can include management's ability to dominate and override the controls that do exist, as well as limitations on resources to maintain appropriate technical controls and sufficient skilled personnel. Thus, having 404(b) apply to smaller companies should increase investor confidence in their financial reporting.
Your financial auditing and forensic accounting skills will be needed to ensure corporate reporting systems can be relied upon by management and by investors. The attestation of management's assessment of a company's internal controls is an important safeguard that investors rely on to protect their interests. Recent financial scandals have also highlighted the need for accountants to be on the lookout for fraud and financial discrepancies.
Ponzi Schemes and Affinity Fraud
Unfortunately, the need to detect and prevent fraud is a growth industry. And a particular type of fraud that has received a great deal of media and public attention is the fraudulent pyramid scheme, like that run by Bernie Madoff. To that end, I am pleased that one of your presentations this morning concerns "Ponzi schemes." With the economic downturn making it difficult for these schemes to continue by finding new money, we are seeing more of these types of frauds come to light. Since the beginning of this year, the SEC has filed more than 20 cases involving Ponzi schemes.
In addition, we've noticed many Ponzi schemes have been affinity frauds — scams in which members of identifiable groups, such as ethnic or religious communities, prey upon other members of the group. In these affinity fraud scams, the ringleaders are frequently members of the affected group, who often enlist unwitting community leaders from within the group to spread the word about the scheme.
These affinity frauds can be difficult to detect because victims often try to work things out within the group before notifying authorities or pursuing legal remedies. They are particularly insidious because the fraudsters prey on the trust between members of the community. Recently, I sent a letter to minority community organizations enclosing a pamphlet, available on our website, which the SEC has developed to help investors avoid these scams. These tips include:
Not relying solely on the recommendation of a member of the community and instead thoroughly investigating every investment opportunity;
Avoiding investments that seem too good to be true or that claim to be "risk-free;"
Refusing to be rushed into an investment decision; and
Being wary when told to keep the investment confidential.
International Enforcement Cooperation
As I near the end of my remarks, I want to also discuss some positive trends in cooperation in prosecuting cases involving multiple jurisdictions. As the recent financial crisis has demonstrated, misconduct can have a global effect. As a result, international cooperation in combating fraud is more crucial than ever before. Foreign assistance is increasingly critical to the SEC's ability to bring enforcement actions, as well as to the ability of our counterparts around the world to bring enforcement actions in their own jurisdictions.
I'd like to use the settlement reached with Siemens AG in December 2008 as an illustration of tangible results of continued multilateral action to increase international enforcement cooperation. The Siemens enforcement action concerned a bribery scheme involving more than $1.4 billion in bribes to public officials in Asia, Africa, Europe, the Middle East, and the Americas. The SEC, along with the US Department of Justice and the Office of the Prosecutor General in Munich, Germany, reached a coordinated settlement providing an aggregate of approximately $1.6 billion in monetary relief, in addition to other remedies. The SEC's part of the settlement included injunctive relief and $350 million in disgorgement for Siemens's violations of the Foreign Corrupt Practices Act, and the books and records and internal controls provisions of the securities laws. This is the largest FCPA settlement in SEC history.
The Siemens global settlement would not have been possible just a decade ago. At that time, not only did Germany not have legislation prohibiting foreign bribery, but bribes to foreign public officials were tax-deductible by German corporations as business expenses. Subsequent to the conclusion of the OECD Anti-Bribery Convention,4 Germany, a party to the Convention, enacted implementing domestic legislation prohibiting foreign bribery (and disallowing the tax deduction). This paved the way for the Siemens investigation by German authorities in the fall of 2006.
The SEC investigation, pursued on the jurisdictional basis of Siemens' listing on the New York Stock Exchange, was able to leverage the work done by Siemens in an internal investigation. In fact, forensic accounting played a key role. The internal investigation, led by Siemens' outside counsel, involved the participation of a team of over 100 forensic accountants, who examined Siemens' books, looking for unusual invoices and payments, and identifying suspicious bank accounts. The SEC was able to obtain bank records relating to these accounts from foreign securities regulators through the IOSCO Multilateral Memorandum of Understanding, known as the MMOU.5 Also critical to building the SEC's case was the ability to leverage the investigation conducted independently by the German prosecutor, and further joint investigation.
As evidenced by the landmark Siemens settlement, the multilateral approach to international enforcement cooperation can be successful. Although there is more work to be done, the multilateral approach shows promise because it can largely be characterized as a "race to the top," albeit with more tortoise-like contestants than hare-like ones. In contrast to some international regulatory standard-setting efforts, where at times the "international standard" appears to coalesce at a level of protection for investors that is not as optimal as in the U.S. market, over the years international enforcement has been marked by increasing numbers of jurisdictions providing assistance to one another. Over 50 jurisdictions around the world have joined the IOSCO MMOU since its creation in 2002. This greatly expands the SEC's ability to bring cases because it is now able to obtain bank records and other information from counterpart regulators in foreign jurisdictions where it could not previously obtain assistance. In addition, in part due to the required pre-approval review, aspiring MMOU members have undertaken significant legislative changes that not only improve the ability of local authorities to cooperate internationally but also to combat securities fraud in their local markets. The message here is that — as fraud goes global, regulators will be there to enforce the law.
Thank you for allowing me today to provide some big picture thoughts on combating financial fraud. The role that you carry out in the accounting profession is vital to uncovering the truth when financial fraud has occurred, and in helping companies to develop policies and procedures to prevent fraud from occurring in the first place. These are critical functions that benefit us all — particularly investors.
Thank you for what you do to catch and prevent fraud.