The S& P saga rumbles on. Having been hammered by the US Securities and Exchange Commission (SEC) in January , S&P has received a knock-out blow, and a $1.375 billion fine, from the US Department of Justice and 20 State governments . And in what might the first of many private actions, S&P also reached a separate $125 million settlement with the huge pension fund California Public Employees’ Retirement System (CALPERS) .
What has received little publicity, however, are the implications of the S&P settlement with regard to Corporate Governance, in general, and Codes of Conduct in particular.
In justifying the huge fine, the Justice Department said that “as part of the resolution, S&P admitted facts demonstrating that it misrepresented itself to investors and the public, allowing the pursuit of profits to bias its ratings”. In the many fines against banks, following the Global Financial Crisis, such wording has become pretty standard.
What is different, however, about this case is the logic that the DOJ used to prosecute S&P. In essence, in fining S&P, the Justice Department has stated that certain individuals committed acts that were contrary to the firm’s corporate Code of Conduct, thereforethe firm was responsible.
In the Statement of Facts for the settlement, agreed by S&P, the Justice Department leads with a detailed discussion of the corporation’s Code of Conduct. It details the creation of the Code in 2004, doubtless following the provisions of the Sarbanes Oxley Act of 2002, which requires firms to disclose annually whether the firm has adopted a ‘code of ethics’ for the its officers.
In the Introduction to its code of ethics/conduct , S&P states that it has “established and implemented internal controls and policies and procedures to further the transparent, credible, independent and objective nature of its rating and surveillance processes.” Since credit rating and surveillance are the key business processes for S&P, the Board and management are here stating that they have recognized this and put a control environment around these key processes.
The DOJ then goes on to detail specific provisions of the Code and subsequent updates in 2005 and 2007, and document separate policies, such as a Firewall/Chinese Wall policy on interference in the ratings process. They also document a 2006 internal report on the implantation of the Code of Conduct which was, not unexpectedly, pretty self-congratulatory. In doing this, the DOJ are building a case that the Code was actually maintained and not left to gather dust on the shelf.
The DOJ then goes on to document instances were ratings were influenced by commercial decisions. Such allegations have been well covered since the GFC, not least as ‘case studies’ in the US Senate’s inquiry into ‘Wall Street and the Financial Crisis’ which was scathing about rating agencies’ practices .
The argument by the DOJ is that S&P misrepresented itself to investors by publishing a Code of Conduct that it did not live up to!
(1) “S&P promised investors at all relevant times that its ratings must be independent and objective and must not be affected by any existing or potential business relationship; AND
(2) S&P executives have admitted, despite its representations, that decisions about the testing and rollout of updates to S&P’s model for rating CDOs were made, at least in part, based on the effect that any update would have on S&P’s business relationship with issuers”.
The ’promise’ that S&P made was embedded in the firm’s published Code of Conduct.
Hold on a minute! Codes of Conduct are not meant to be legally binding documents are they? They are not a promise, but only ‘best efforts’ attempts, aren’t they?
If the S&P agreement is now the precedent for corporate governance, then firms have to be very worried indeed and in particular what goes into, and equally important, what is left out of corporate Codes of Conduct. If firms are going to be held to account for ‘living’ their Codes of Conduct, then a rethink is going to be needed into what are Codes actually for, how are they to be implemented and monitored and how employees are to be educated in and tested on their ‘compliance’ with the Code.
The Open Compliance and Ethics Group (OCEG), a not-for-profit group that aims to improve corporate governance standards, identifies what it calls the ‘Code of Conduct Conundrum’ in which firms spend considerable time and effort crafting codes of conduct but do not understand or measure what value such codes actually have . OCEG believes however that, beyond senior management, there is no real traction of typical codes throughout firms and answer the question ‘what value do codes of conduct have?’ with ‘Not much if the only reason we have one is to satisfy a legal requirement to do so’. The OECG then goes on to make suggestions as to how traction may be improved.
What are the implications of the S&P settlement?
The Justice lawyers are smart. When the law couldn’t get Al Capone for murder and theft, the Feds eventually nailed him for tax evasion. With the S&P settlement, lawyers no longer have to prove that a firm was guilty of illegal activities (and even more difficult immoral activities). Instead all they need to show is that somebody, somewhere in a firm did something that was contrary to the firm’s Code of Conduct and the firm did nothing.
And the beauty is that changing the Code now doesn’t help, it is what was in effect at the time the misconduct happened that counts. One would love to be a fly on the wall, when HSBC management next meet Justice Officials over Tax evasion matters and argue as they have this week that they are sorry and they have changed and will do better in future . ‘That’s good, but what did your Code of Conduct promise in 2010?’ would an easy retort.
The US government has established that a Code of Conduct is not merely a well-meaning feel-good document that is designed to encourage people to be ‘good’, but is a ‘promise’ to shareholders and presumably regulators.
Going forward, this may change everything for Human Resources, Corporate Governance and Risk Management departments as regards Codes of Conduct.
People Risk Management
The risk that an employee or group make bad decisions is a People Risk as it can lead to significant losses even the bankruptcy of the firm. In this case a decision not to ensure that the firm’s Code of Conduct was adhered to, resulted in a $1.35 billion fine and considerable reputation damage to S&P. This blog is one of a planned series that will discuss facets of People Risk in general and Decision-Making in particular. It is obvious that managers and assurance functions, such as Risk Management, Audit, Compliance and Human Resources, must understand the concept of People Risk, particularly the influence of individual and group biases on decision-making, because badly-made decisions may result in significant damage to the firm.
 See “SEC Announces Charges against Standard & Poor’s for Fraudulent Ratings Misconduct” http://www.sec.gov/news/pressrelease/2015-10.html#.VMBp0i4Ylb2
 See “Justice Department and State Partners Secure $1.375 Billion Settlement with S&P for Defrauding Investors in the Lead Up to the Financial Crisis” http://www.justice.gov/opa/pr/justice-department-and-state-partners-secure-1375-billion-settlement-sp-defrauding-investors
 See” S&P, Calpers settle suit over mortgage deals for $125 million: WSJ” http://www.reuters.com/article/2015/02/03/us-calpers-s-p-settlement-idUSKBN0L706920150203
 The terms ‘code of ethics’ and code of conduct’ appear to be interchangeable in practice.
 See Permanent Subcommittee on Investigations of the US Senate ‘Wall Street and the Financial Crisis’ http://www.hsgac.senate.gov/…/Financial_Crisis/FinancialCrisisReport.pdf
 See ‘The Code of Conduct Conundrum’ at http://www.oceg.org/quick-thoughts/code-conduct-conundrum/
 See HSBC’s letter of apology at http://www.bbc.com/news/uk-31476552