Compliance Alert: Sometimes companies have to break the law
You may have noticed a risk factor in annual reports and SEC registration statements regarding “conflicting laws and regulations.” Once rare, whistleblowing has become commonplace, thanks to globalized operations and the proliferation of regulators. For compliance officers, it’s a growing minefield.
What do “conflicting laws and regulations” warnings look like?
Here is an excerpt from the Frequency Therapeutics annual report filed with the SEC on March 29:
Doing business internationally involves several risks, including, but not limited to, multiple, conflicting and changing laws and regulations, such as data privacy and security laws and regulations, tax laws, export and import restrictions, economic sanctions laws and regulations, employment laws, regulatory requirements and other government approvals, permits and licenses.
From Goldman Sachs:
Legal, regulatory and reputational risks may also exist in the context of activities and transactions involving new products or markets where there is regulatory uncertainty or when there are different or contradictory regulations depending on the regulator or jurisdiction concerned, especially when transactions on such products may involve more than one jurisdiction.
And from Tesla:
[R]regulations continue to evolve rapidly, which increases the likelihood of a patchwork of complex or conflicting regulations, or may delay products or restrict the functionality and availability of autonomous driving, which could adversely affect our business.
There is a real risk of running into conflicting laws and regulations.
What problems does this cause?
Problem # 1: Is your code of conduct still accurate? Most businesses publicly state that they aspire to obey all laws applicable to them. Value Line’s code of business conduct and ethics is typical: “The Company requires all employees and directors to comply with all laws, rules and regulations applicable to the Company wherever it does business. “
Likewise, Ionis Pharmaceuticals’ Code of Ethics and Business Conduct states: “When doing business for Ionis, we endeavor to follow the spirit of the law and we will not take any action that we know or reasonably should. know that she is breaking any law. , a regulation or a judicial decree.
But when businesses are faced with conflicting laws and must choose which ones to break, are these codes accurate?
Question another way: Should a business that has warned of potentially conflicting laws issue an unqualified statement that it intends to comply with all applicable laws and regulations?
Problem # 2: Breaking promises made to lenders or others. All large companies borrow money through syndicated loans or exchange traded securities. And all borrowers promise at some point that they “will comply with all laws, rules, regulations and requirements of any government authority applicable to the borrower.”
A borrower who violates conflicting laws is likely in technical violation of their covenants. The consequences of such breaches can range from simply annoying reporting obligations to catastrophic defaults.
Problem # 3: Who decides which conflicting laws and regulations to break? Should directors make or approve all decisions that violate applicable law? Or the CEO alone, or a management team? Is this a question for government affairs, HR or public relations? What role does the legal and compliance department play? And anyway, who wants to publicly state in favor of violating any law or regulation anywhere?
Problem # 4: What about methodology and disclosure? Should we memorize internal deliberations? Should a company disclose to investors any decision to violate conflicting laws and regulations? Would the disclosure be a confession for interest – a signed confession of criminality? What is the risk that confidential internal files relating to the decision will become public or be discovered in legal or regulatory proceedings?
Problem # 5: Does violating conflicting laws and regulations lead to certification issues? Compliance programs and external auditors require officers and others to say if they know of illegal conduct. CEOs and CFOs are also required to certify under Sarbanes-Oxley the accuracy of an issuer’s books and records and the strength of its internal controls. Can anyone do “clean” certifications if they are aware of decisions to violate conflicting laws and regulations?
As conflicts of laws become more frequent, are they likely to become obstacles? Probably not.
Business is good for solving problems. Perhaps standardized “exception sheets” will help. Or lawyers will write effective disclaimers when companies have to choose which conflicting laws to violate. Perhaps insurers will offer D&O endorsements specifically for conflicting law decisions. Or the SEC will provide relevant safe harbor advice.
The possibilities are endless, and so far, for the most part untested.
So for now, we all need to walk carefully through this minefield of compliance.