Santa Clara University

The Role, Responsibilities, and Challenges of Corporate Gatekeepers

by Miriam Schulman

Webinar from the panel “Barbarians at the Gate”

A CFO and audit committee chair, a general counsel, an outside counsel, an audit partner from a public accounting firm, and an SEC associate regional director were the panelists for “Barbarians at the Gate,” a September 27 event co-sponsored by the Markkula Center for Applied Ethics and Morrison & Foerster that addressed the role of various corporate gatekeepers.

Center Executive Director Kirk O. Hanson moderated the panel and opened with a definition of gatekeepers from an ethical perspective, describing them as people within and outside of the organization whose roles include making sure that the company meets its legal responsibilities and/or financial reporting requirements.  He suggested that people become corporate gatekeepers by virtue of

  1. statutes and regulatory requirements that give them that responsibility
  2. governance rules within the firm that give them that responsibility
  3. specialized knowledge (such as in law, HR, or auditing), which they are obligated to make available and determinant
  4. positions where they “stand at the gate,” i.e., give legal or financial reporting advice

Marc Fagel, Associate Regional Director, SEC, San Francisco Regional Office
Fagel talked about the changing business climate in the wake of the Enron and WorldCom scandals and how that has affected SEC attitudes towards corporate gatekeepers.  “We know we’ll always have people committing fraud,” he said.  “We’re on the job; we’ll deal with that.”  But, after Enron, Fagel said, the commission found itself asking, “Where were the people who could have prevented the fraud—the auditors, the general counsel, etc.?”

According to Fagel that question has influenced the commission to look beyond prosecuting individuals who commit fraud to investigate broader failures within the companies that might have allowed or fostered the fraud.  In the case of auditors, he pointed to several actions brought against firms where there was a clear conflict of interest or that involved inadequate training, staffing, or supervision.

SEC cases against inside and outside counsel have been increasing, from 21 in 2003 to 37 in 2007 through August.  A lot of these, he indicated, involved stock options backdating, but Fagel said these prosecutions had been “a wake up call for lawyers.”  Fewer actions focused on outside counsel, but the office had proceeded in cases of insider trading and “pump and dump” schemes for inflating the price of stocks, where outside counsel was involved.

Generally, Fagel said, the SEC tries to distinguish between malpractice and misconduct on the part of attorneys, proceeding only against the latter.  The commission, he said, “is not there to sue lawyers who do a bad job.  There’s a difference between messing up and being a participant in the fraud.”

Directors, he said, are rarely participants in fraud, but the SEC does ask board members hard questions about how they missed problems.  And in deciding whether to assess penalties against the company, the commission looks at the board’s willingness to cooperate, the thoroughness of any investigation, and its efforts at remediation. 

Fagel said his general impression is that there has been a decrease in reports of financial reporting fraud (setting aside the stock options backdating issue).  He suggested the improvement may be due to Sarbanes-Oxley, it may stem from the decline in IPOs, or it may be that prosecutions have deterred some from committing fraud.  Or, he concluded, “it could be that the gatekeepers are doing their jobs.”

Rick Fezell, partner, technology industry leader, Ernst & Young LLP
Fezell began his presentation by quoting Columbia University Securities Professor John Coffee on the role of the gatekeeper:

A gatekeeper is a party (institutional or individual) in the securities markets that puts its own credibility on the line on behalf of a company. The gatekeeper has less to gain, and more to lose, than a manager who wants to mislead the markets.

Auditors, Fezell said, have always been the gatekeepers for investors in certifying the truth of a company’s financial representations.  Auditors put their reputations—their most important asset—on the line.

Fezell focused on challenges presented to auditors by other gatekeepers within and outside the organization.  In his experience, internal gatekeepers sometimes refuse to share information with auditors and fail to understand that “half-truths are untruths.”  The challenge, then, is how to “audit around” those people.  With external gatekeepers, particularly outside counsel, the auditor may run into privilege claims, where the client chooses privilege protection over disclosure to the auditor.  Again, the challenge, according to Fezell, is to “audit around” the privileged information.

At Ernst & Young, auditors are presented with a set of ethical questions that help them to fulfill their gatekeeping role.  As Fezell listed them:

  • Are my actions legal and in compliance with the standards of our profession?
  • Am I compromising my integrity or the integrity of Ernst & Young or our client?
  • Is my choice of action the most ethical among the possible alternatives?  Do I feel good about my choice?
  • Would my family be proud of me?

Bruce Wright, CFO, Ultratech; Audit Committee chair, Credence Systems
Wright, who holds two distinctly different gatekeeper positions, talked about the role of chief financial officers and audit committee members.  Both responsibilities, he said, are dominated by Sarbanes-Oxley.  In fact, he joked that SOX has become a “major tool in the CFO’s war chest” because the legislation is so complicated that “nobody knows what’s in it,” and CFOs can simply tell their organizations, “No, we can’t do that because of Sarbanes-Oxley.” On a more serious note, Wright argued that SOX shouldn’t have had much effect on governance at well-run companies because they already had sound processes in place.

The CFO, he said, has always had a dual role as “corporate conscience and company cop.”   That means the CFO must articulate what Wright called the “thou shalts and the thou shalt nots,” but he or she must also enforce them.  He recalled some painful experiences when he had to terminate employees who had inflated sales numbers or engaged in other malfeasance.  A lot of CFO gatekeeping, Wright concluded, was in communications.  He has regular meetings with his CEO, controller, audit committee chair, audit partner, and tax partner.

Wright also counseled regular communications between the Audit Committee chair and the CEO and CFO.  He noted that a major effect of SOX on Audit Committees has been more regular meetings, increasing from four half hour-long meetings after the regularly scheduled Board meetings to six separate four- to five-hour sessions annually, with detailed minutes of the proceedings.  Previously, committee meetings were “rather perfunctory,” he said.  Members always looked at the financials carefully, but now, Wright observed, the committee has to be proactive.

In general, he argued that most issues facing Audit Committees can be “pretty easily answered using good business practices and common sense.”  If there are black, white, and gray areas, Wright said the Audit Committee and the CFO should “do it white.”

Martin J. Collins, senior vice president and general counsel, Novellus Systems
Collins did not agree with Wright’s assessment that most of the issues facing gatekeepers were easily answered.  In fact, he subtitled his presentation, “A Hobson’s Choice?” to suggest that in-house counsel often faced a choice without a “win-win” alternative when they needed to perform their gatekeeping role. 

Collins began by outlining the responsibilities of in-house counsel (e.g. drafting contracts, participating in cross-functional processes, and answering C-level questions) and noted in each case where innocent, ordinary course activity (e.g. updating a document retention policy) could, in hindsight, be viewed as violating existing legal ethics policies, as well as state and federal law (e.g., by being viewed as advocating document destruction).

He also noted that attempting to saddle in-house counsel with gatekeeper responsibilities could have the perverse effect of causing attorneys to be excluded from the very meetings and processes where they were most needed, to the extent that internal clients felt that the attorneys were potential informants.  As a result of these tensions, he suggested that in-house counsel who did not feel they could act as the law required within their organizations consider one of two alternatives: 1) keeping their heads down and hoping nothing bad happened or 2) getting a new job elsewhere.

Darryl P. Rains, co-chair, Securities Litigation Group, Morrison Foerster
Rains, who has represented companies from Oracle to Alcatel, gave the perspective of the outside counsel.  He also addressed how recent corporate scandals and the ensuing new regulations have affected the gatekeeping role.  In the old view, Rains said, the outside counsel’s role was zealous advocacy for the client.  The attorney’s loyalty was to the client, not to investors, and he or she had no independent certification role, unlike auditors.

Post Sarbanes-Oxley, outside counsel has the duty to monitor the client, to report wrongdoing to senior management and corporate boards, and to withdraw if the client refuses to comply with the law.  Citing SOX, Rains explained that lawyers have “up the ladder” reporting obligations when they “become aware” of “evidence” they “reasonably believe” shows a “material violation” of securities laws or breach of fiduciary duties by a company or its officers, directors, or employees.

Even when a particular transaction is perfectly legitimate—Rains gave the example of the Enron barge transactions—it can still be considered fraud if its primary purpose or effect is to mislead investors.  These strictures, Rains said, mean the lawyer is “not a scrivener, but someone who is obligated to ask the bigger questions.”

Those bigger questions, he assured the audience, will be asked by the SEC if the company runs afoul of the law.  “Why didn’t you stop your client from doing X?” he said, cannot be answered by simply saying, “I didn’t know.”

He had this advice for outside counsel:

  1. Independently assess the company’s interests.  Don’t blindly execute management’s instructions.
  2. Independently confirm the accuracy of the company’s representations.  Don’t blindly accept management’s statements.
  3. Guide the company towards the best legal course of action.  Don’t just provide legal advice.
  4. Be willing to withdraw.

The audience of more than 150 finance, legal, human resources, and operations management and executives from almost 100 companies in the Bay Area listened to the panel present, discuss, and interact on issues that have grown critical from both an ethical and legal standpoint.  An attendee observed, “No one looks good doing the ‘perp walk’ in an orange jump suit.  It is important to think about doing the right thing and then do it.”

Miriam Schulman is the director of communications for the Markkula Center for Applied Ethics.

October 2007