1. Cyber Insurance is cheap and important to protect against risks not covered by E&O. Work with a knowledgeable broker and insurer and buy the coverage because the risk is real and growing.
2. Make sure your engagement letter includes:
• a specific description of the work you will do;
• limitation of damages provision where not precluded by standards;
• indemnification where not prohibited by standards;
• disclaimers where appropriate ( i.e. AUP’s);
• jurisdiction, venue and choice of law provisions; and
• a provision for the client to pay for time and expense you incur for subpoena compliance.
Watch out for client changes including cyber representations and indemnifications of any kind.
3. Evaluate the risk to your firm before responding to subpoenas or document requests. Consultation with your insurer or outside counsel may be time well spent. The risk runs from minimal to existential and different risks require different responses.
4. You save money by not engaging with bad clients. Red flags include:
• financially stressed or unprofitable clients;
• clients whose work you are not really equipped to handle;
• clients whose interests conflict with other clients; and
• clients who lack management integrity.
These all should be evaluated for disengagement. Consider firing your bottom 5 or 10% and investing those resources into developing better opportunities.
5. All of us have clients who present some special risk. Do what you can to mitigate that risk with:
• thorough client acceptance procedures;
• engagement letters;
• robust conflict analysis; and
• continuous reevaluation.
Employ detailed financial management including precise billing entries, timely billing and early AR follow-up in order to spot problems quickly.
On May 31, 2017, Former SEC Chair, Mary Jo White and former SEC Director of Enforcement, Andrew Ceresney presented a retrospective on recent enforcement trends and their insights on where the SEC might be heading. Here are a few takeaways:
1. SEC enforcement actions are on the rise. From 2013 through 2016, 2,850 enforcement actions were filed. Judgments and orders over this period totaled more than $13.8 Billion. The use of big data contributed to the enforcement division’s increase in activity.
2. The number of enforcement actions involving accounting firms and auditors is also seeing an upward trend. From 2013 through 2014, the SEC brought 37 Rule 102(e) proceedings against accountants for improper professional conduct. That number rose to 76 proceedings from 2015 to 2016. The alleged improper conduct in these proceedings arose from claims of audit failure or independence violations. The SEC sees auditors as gatekeepers and partners in protecting investors and the integrity of the markets.
3. The SEC’s numbers show a steady increase in financial reporting cases since 2013. From 2013-2014, 53 financial reporting cases were filed and 128 parties were charged. From 2015-2016, those numbers increased to 114 financial reporting cases and 191 parties charged. Despite the increase in cases, the SEC hasn’t uncovered any massive fraud cases on the level of Enron and WorldCom. Ms. White and Mr. Ceresney attribute this to improved financial reporting and internal controls promoted by Sarbanes Oxley. The SEC would likely reconcile the touted effectiveness of Sarbanes Oxley with the increase in enforcement actions by arguing that regulations have deterred major crimes, allowing the Commission to focus on enforcing other violations.
4. We can expect to see some changes with the new leadership. The new chair, Jay Clayton, appears focused on capital formation. Consistent with the overall focus on reducing regulation, Chair Clayton has expressed a desire to reduce barriers to going public. This may lead to an increase in enforcement activity around initial public offerings.