Companies face tougher enforcement of laws targeting corporate wrongdoingReprints
Companies face more stringent enforcement of laws that target corporate wrongdoing, ranging from the Dodd-Frank Wall Street Reform and Consumer Protection Act to the Foreign Corrupt Practices Act, as well as new regulatory tools — including one dubbed RoboCop.
While regulatory risk is perennial, a relatively new source of regulatory scrutiny is the U.S. Securities and Exchange Commission scaling up its Financial Reporting and Audit Task Force dedicated to detecting fraudulent or improper financial reporting.
The task force last year introduced a computer program known as the accounting quality model, which the media dubbed RoboCop for its automated examination of financial filings.
“There is a concern because there is now heightened scrutiny over financial filings,” said Brenda Shelly, New York-based U.S. directors and officers liability product at Marsh L.L.C.
One of greatest uncertainties regarding the task force is its reliance on the accounting program, she said.
“Things that are anomalies in accounting practices are now pulled out by the system, reviewed by an attorney and sent to a regulator as appropriate,” Ms. Shelly said, adding uncertainty remains about the parameters the accounting program will rely on to identify wrongdoing. “Does everybody's data get pulled? What constitutes a red flag? We don't know yet.”
A similar sense of regulatory urgency surrounds the U.S. Department of Justice's enforcement of the FCPA, said Kevin LaCroix, an attorney and executive vice president at RT ProExec, a division of R-T Specialty L.L.C., in Beachwood, Ohio.
“A trend that we saw in 2014 that I think we are going to see a lot more of in 2015 is FCPA investigations,” Mr. LaCroix said.
Indeed, companies including Avon Products Inc. and Alcoa World Alumina L.L.C., a unit of Alcoa Inc., pleaded guilty to charges of bribing foreign officials in 2014.
What's more, Mr. LaCroix said regulators in other countries also are taking a close look at the issue of bribery by multinational corporations, citing the recent $500 million fine and suspended prison sentences of executives of U.K. drug giant GlaxoSmithKline P.L.C. by Chinese officials.
“It's not just U.S regulators — you'll see Brazilians, Chinese and Canadian and U.K. regulators looking at this closely,” he said. “So companies need to know that their biggest regulatory risk can come from outside the country.”
“The trend of global harmonization of regulations does create implications for boards in terms of how they manage their companies' activities and protocols overseas,” Ms. Shelly said.
Closer to home, regulators are taking a closer look at how companies handle customer data and their own cyber exposures, said Zakia Phillips, executive vice president of the financial institutions group and North American practice co-leader at Willis North America Inc.
“I think it's cyber regulation that's really going to make a difference in 2015,” Ms. Phillips said, noting that state governments have taken the lead in imposing data security laws in the absence of a federal law.
For example, she said, “New York has come out with some really tough standards. Before, you would do some due diligence before you hired an outside technology vendor, but now New York is saying that you have to own that process.”
One federal agency looking to play a bigger role in regulating how companies protect consumers' personal data is the Federal Trade Commission.
Reed Rubinstein, Washington-based partner at Dinsmore & Shohl L.L.P., said the FTC is very interested in how companies safeguard consumer data, especially health care data.
“The FTC is going to aggressively wield its authority,” he said. “Data security for health care has historically been regulated by U.S. Department of Health and Human Services under the Health Insurance Portability and Accountability Act, but the FTC has decided that it can do what it wants regardless of what HIPAA mandates.”
Mr. LaCroix said companies need to be wary of regulatory investigations because “the dollars involved can be huge. Defense fees for civil litigation are often a couple hundred thousand dollars, but defense fees for a regulatory investigation can be millions of dollars.”
Many costs incurred due to regulatory investigations are not covered by traditional D&O insurance, Ms. Shelly said.
“We have seen many insurers come out with endorsements dealing with investigation defense costs, and several of those require additional premiums,” she said. “We have also seen three stand-alone products for corporate investigations for the corporation itself, but we haven't seen much uptake for those due to the construct and the cost.”
Mr. LaCroix said the terms and conditions common to stand-alone products — such as coinsurance, high retentions, significant premiums, restricted limits and vigorous underwriting — likely are limiting uptake. “Entity investigative costs is the readily identifiable type of coverage that a lot of companies assume they have but that carriers don't want to pick up,” he said. “It's an issue that the insurance industry has never really found a comfortable solution for.”