SEC Commissioner Elad Roisman recently spoke about his approach to SEC enforcement matters, describing his concerns about "regulating by enforcement" actions and imposing penalties on companies that are unfairly borne by shareholders. In addition, he explained his views about how a firm's culture intersects with the SEC's efforts to ensure compliance with the securities laws, particularly when he is assessing a proposed enforcement action. He quite reasonably views each firm as responsible for deciding how and what is sufficient from a governance perspective to underscore compliance in its operations, noting that the SEC is not in a position to define, for example, how much training is needed, what topics must be highlighted, and what constitutes sufficient employee engagement or incentives.
In making the point that the SEC should not be in the business of dictating a firm's culture, he has emphasized how important it is for each firm to figure this out. As he noted, when he and his colleagues on the Commission are assessing proposed enforcement steps, they no doubt (just like most enforcement agencies) will be asking whether the conduct is limited or widespread, which generally leads to scrutiny of compliance and risk controls, procedures, practices and supervision.
Rather than waiting for enforcement to come knocking on your firm's door, take this opportunity to make sure your firm has considered its culture, compliance systems and related governance.