You may have heard the news that PricewaterhouseCoopers LLP (“PWC”) has been sanctioned with the ‘largest fine to date’ levied by the UK Accounting Regulator, the Financial Reporting Counsel (the “FRC”) (c.$6.6M) in relation to historic malfeasance concerning the audit of RSM Tenon Group Plc.
At first glance, one could initially consider that, in the greater order of the financial universe that large regulated multinationals and/or listed companies and global financial institutions inhabit, such a quantum, whilst unpalatable, may also seem inconsequential and certainly unlikely to ‘break the bank’.
One could also imagine a stance being adopted by both the ‘concerned industry observer’ and the penalised entity itself, amounting to: “So what? A drop in the ocean and a ‘parking ticket’ by comparison to historic penalties uttered further to the investigations and prosecutions at the hands of the US Department of Justice or New York Department of Financial Services”.
To adopt such a stance could be a costly misreading of this situation and amount to a ‘head in the sand approach’ to similar investigations and penalties that will unquestionably increase in both frequency and severity.
The trend of such backward looking investigations and resulting sanctions should, more than ever, heighten the awareness of members of the regulated industries of the considerable risks, challenges and costs they may face.
The compliance landscape is in a state of continual flux and, just as the FRC and other regulators may be observed as taking revenue boosting financial advantage of conducting both backward and forward-looking investigations, it is increasingly obvious and accepted that such regulators not only have an unchallengeable ‘moral high-ground’, duty and interest, but also the support of an increasingly cautious and sceptical investment population and disillusioned shareholders.
The implications of non-compliance and regulator-driven investigations into historic malfeasance are far more ‘costly’ and further reaching than immediately obvious. The damage a regulated company will suffer should, among many other factors, be measured against:
- The costs (in terms of both time and money) of implementing an internal risk analysis or review of similar circumstances and transactions that gave rise to the Regulators’ investigations and sanctions (particularly onerous in an audit engagement context);
- The costs of the Regulators’ investigations and prosecutions themselves;
- The costs associated with the defence of any third-party claims that may be brought on the back of identified malfeasance;
- The damage to internal corporate stability caused by Senior Management being held increasingly personally and publicly accountable for their failures to maintain the required watchfulness and/or to disseminate the most robust culture of compliance and ‘Tone from the Top’;
- The possible imposition of Monitorship and the associated corporate embarrassment, and effort and costs of internal investigations, implementing recommendations and the testing of the compliance and control frameworks and their revision; and
- Last, but by no means least, the immeasurable costs born of the reputational damage such investigations and sanctions necessarily cause; it will take considerable time, effort and money for any company to recover from such ‘wounds’ (however ‘superficial’ they may at first appear) in terms of the managerial structure/solidity, share-holder confidence and loss of new business/existing clients.
In short, no matter how ‘big you are’, no regulated company can afford to ‘shrug-off’ such investigations and penalties lightly; the implications and damage far exceeds the quantum of any fine. Considering these recent decisions and trends, the members of the financial services industries may reasonably anticipate the floodgates of further regulator pursuits and prosecutions opening, and fast.
To be forewarned is to be forearmed, and the sooner legislative requirements of Regulatory Compliance are warmly embraced by companies within the regulated industries, the sooner the costs of implementing a robust compliance framework will be seen as a most profitable investment that can:
- Mitigate and mend reputational harm and risk,
- Protect the business, shareholders and corporate good will; and
- Protect senior management from personal exposure in the future.
This one regulatory instance happens to include PwC, but the situation could just as easily apply to any other regulated company in any other sector. With the increasing demand on regulators to be aggressive, companies must become more proactive in building a proper regulatory framework to protect against the damage that regulatory action can inflict.