When financial fraud allegations arise at a public company, the firm that audits the financial statements of that company will often draw the attention of one or more of three very formidable entities: the Department of Justice (DOJ), the Securities and Exchange Commission (SEC), and the Public Company Accounting Oversight Board (PCAOB).
All three entities are powerful in their own right, but there generally is a pecking order relating to which agency takes the lead. The investigations that the DOJ leads often involve the most egregious allegations of financial fraud.
In those cases, generally, the SEC defers to the DOJ and the PCAOB defers to the SEC. But companies and auditors should expect that, unless otherwise barred by law, all three coordinate and share information.
DOJ leads the pack
The DOJ may begin an investigation in a variety of ways, including receipt of complaints from whistleblowers or other citizens. Many U.S. Attorneys’ Offices now maintain specialized units focused on identifying and prosecuting securities and accounting fraud.
Once the DOJ commences a criminal investigation, it has the very powerful tool of the grand jury, which can compel production of testimony or documents. The mere threat of a grand jury investigation is often sufficient to persuade individuals to speak with the prosecution team.
The grand jury process is secret pursuant to the federal rules and, unless or until there is an indictment, much of the DOJ’s investigation may remain secret.
For auditors, the grand jury investigation can mean a variety of things. The worst case scenario is that the DOJ considers the auditor to be a complicit participant in the financial fraud — which in DOJ speak would be called a “target.” The DOJ alternatively could view the auditor to be an additional victim of the financial crime.
Most often, however, an auditor is considered a witness to the fraud. Where the auditor is a victim or witness, the DOJ must convince the grand jurors that the company’s management was able to deceive the auditors.
The dynamic of the DOJ needing to prove that the auditors were deceived can inform the way that the SEC and the PCAOB decide to proceed against the auditor.
Like a grand jury investigation, any number of factors can trigger an investigation by the SEC’s Division of Enforcement (DOE) — including whistleblower tips, investor complaints, restatements, and referrals by the PCAOB.
Two federal initiatives
Moreover, there are two SEC initiatives aimed at detecting and prosecuting financial fraud: the Financial Reporting and Audit Task Force and Operation Broken Gate.
The Task Force supplements the fraud detection efforts undertaken by the DOE, and its primary goal is to detect fraud and prosecute violations involving false or misleading financial statements and disclosures.
Operation Broken Gate provides more stringent oversight of individuals the SEC considers to be the “gatekeepers” of public company financial information, including auditors, lawyers, and other professionals tasked with identifying and preventing financial misconduct. Operation Broken Gate also takes a closer look at internal audit committees, CEOs, CFOs, and other senior managers within public companies.
Unlike a grand jury investigation, any investigation by the SEC is either civil or administrative in nature. The first step in an SEC investigation is an informal inquiry during which staff members of the DOE expect voluntary compliance with requests for relevant information.
An informal inquiry is often converted to a formal investigation—the second step in an SEC investigatory process. At this stage, the SEC relies upon its subpoena powers to gather the information it needs.
At the conclusion of its investigation, staff members determine whether they believe a violation of federal securities laws has occurred, and by whom, and whether to recommend that the Commission bring an enforcement action. Up until this point, the SEC will not generally identify the target of its investigation.
At this point, however, the staff will provide the individuals or company notice of its intent to recommend that the Commission bring an enforcement action by way of a letter called a “Wells notice.” This provides the individual or company an opportunity to respond and try to convince the SEC that an enforcement action is not appropriate.
If the SEC determines that an enforcement action is appropriate nonetheless, the SEC will move forward with either a civil or administrative proceeding that seeks injunctive relief, disgorgement of illegal profits, or the assessment of monetary penalties. SEC investigations generally are nonpublic and remain confidential unless and until the SEC files an enforcement action.
PCAOB investigations originate from several sources, including the PCAOB’s own investigations, information disclosed in SEC or other agency investigations, or other public sources. The PCAOB has authority to investigate accounting firms and associated persons primarily to ensure compliance with professional responsibilities.
Like the SEC investigation, the first step in the PCAOB’s investigatory process is an informal inquiry during which PCAOB staff determines whether a violation of any laws or professional standards relating to auditors or accountants has occurred. If it appears that a violation has occurred, the PCAOB will commence a formal investigation.
During this stage, the target of the investigation may be required to provide testimony and produce audit workpapers of audit clients and the books and records of the audit firm by way of an SEC subpoena. Like the SEC, the PCAOB is authorized to impose significant monetary penalties in the event it finds that an audit firm violated a law, regulation, or professional standard.
In addition, the PCAOB has the authority to revoke an audit firm’s registration. PCAOB investigations and enforcement actions generally are confidential and nonpublic, unless and until PCAOB-imposed sanction takes effect.
Because investigations of auditing firms most often stem from undetected fraud, public companies can attempt to limit or avoid such scrutiny of the auditors and the company by strengthening internal controls. Of course, no company is immune from individuals committing wrongful acts, but strong internal controls may thwart that wrongdoing or make the company a less attractive target for fraudsters.
Compliance program is key
A strong compliance program will also be a factor considered by the government in determining what actions to take and what sanctions to impose. CFOs must be leaders in making sure that internal controls are reviewed and strengthened regularly. Although implementation of internal controls can be costly, the benefits outweigh the costs.
Strong internal controls allow companies to identify points of weakness, enabling companies to run more efficiently. Strong internal controls will also enable auditors to do their jobs more effectively and efficiently.
And, ultimately, strong internal controls can help to avoid protracted and costly investigations that result from unreliable financial reporting.
By Courtney Saleski, Kathy Keneally and Erin Keltz at law firm DLA Piper. Courtney is a partner at DLA Piper and previously served as an Assistant United States Attorney. Keneally serves as the Chair of Civil and Criminal Tax Litigation in the firm’s global tax group and previously served as the Assistant Attorney General for the Tax Division of the US Department of Justice. Keltz is an associate at DLA Piper who focuses her practice on internal investigations and complex civil and commercial disputes involving auditor liability, products liability, intellectual property and class action matters.