The SEC closed a potential loop hole in the auditor independence rules in two related administrative proceedings involving Ernst & Young and a consultant retained by the firm. In The Matter of Ernst & Young LLP, Adm. Proc. File No. 3-13114 (Aug. 5, 2008); and In The Matter Mark C. Thompson, Adm. Proc. File No. 3-13115 (Aug. 5, 2008). The Ernst & Young proceeding named as Respondents the audit firm, John Ferraro, the Vice-Chairman of E&Y, and Michael Lutze, an audit partner. The Thompson proceeding named Mark C. Thompson, who facilitates and coaches others to facilitate interviews and discussions with business, political and entertainment leaders, as the Respondent.

Mr. Thompson, according to the facts in the two Orders, entered into a business relationship with E&Y in mid-October 2002 which continued for nineteen months. That relationship entailed the creation of a series of audio CD’s of interview of corporate CEOs in particular industries or sector. Mr. Thompson appeared as a moderator on each CD, along with various E&Y partners who conducted the interview. The CDs, bearing the logos of E&Y and Mr. Thompson, were used for marketing purposes. The revenue from this project represented a significant amount of Mr. Thompson’s income.

During the entire nineteen-month period of the E&Y-Thompson relationship, Mr. Thompson was a director of Company A. For portions of that period, he was also a member of the audit committee of Company A and a member of the board of directors of Company B and Company C. At the end of each fiscal year, E&Y confirmed in writing to each company that it was independent and thus able to serve as each client’s external auditor. Each firm made filings with the SEC which contained reports from E&Y claiming they were independent. The firm did not disclose its business relationship with Mr. Thompson until after that relationship terminated in May 2004.

By April 2004, shortly before the relationship ended, E&Y’s policies required that matters potentially relating to independence be reviewed by its independence office and disclosed by the relevant coordinating audit partner to the audit client. After reviewing the relationship between Mr. Thompson and the firm, E&Y concluded that the relationship did not impair its independence because it fit within the “consumer in the ordinary course of business” exception to the independence rules general prohibitions.

The Commission rejected E&Y’s claim that its relationship came within an exception to the rule, finding that, in fact, the firm’s independence had been compromised and that Mr. Thompson was a cause. According to the Ernst & Young Order, “[b]usiness relationships with persons associated with the audit client in a decision-making capacity, such as audit client directors, officers and substantial stockholders” are prohibited by the independence rules. This conclusion is based on Rule 2-01(c)(3) which provides that “[a]n accountant is not independent if, at any point during the audit and professional engagement period, the accounting firm … has any direct or material indirect business relationship with the audit client, or with persons associated with the audit client in a decision making capacity, such as an audit client’s officers, directors or substantial stockholders.”

Here, Mr. Thompson was a member of the boards of three E&Y audit clients and on the audit committee of one. Mr. Thompson was well aware that E&Y was the auditor of the three firms since he signed filings for each and, as a member of Company A’s audit committee, participated in the retention of the audit firm.

The exception relied on by E&Y does not apply, here according to the Commission. Under Rule 2-01(c)(3) an independence compromising relationship “does not include a relationship in which the accounting firm or covered person in the firm provides professional services to an audit client or is a consumer in the ordinary course of business.” This exception however, only applies where both prongs of the test are met. Thus, the Commission concluded that “the relationship must be ‘in the normal course of business’ for both parties, and at least one of the parties must be ‘acting in the capacity of a consumer.'” (quoting the rule, emphasis original). Here, both prongs of the test were not met. This resulted in each report filed by the three companies with an E&Y report being false.

To resolve the case, E&Y and its two partners consented to the entry of an order censuring them. In addition, E&Y agreed to disgorge over $2.3 million along with prejudgment interest, while Mr. Ferraro consented to the entry of a cease and desist order. Likewise, Mr. Thompson consented to the entry of a cease and desist order.

An analysis of the question of self-reporting begins with the legal obligation to take this step. In some instances, there is a clear legal obligation. In others, there may, in practical terms, be an obligation to report. And, in still others, a complex of legal obligations and the ramifications of a potential charging decision virtually compels self-reporting, in the view of some commentators.

In some instances, a business organization may have an obligation to self-report. Section 10A(3) of the Securities Exchange Act of 1934 for example, requires that after receiving a report from its auditors under Section 10A(2) of illegal acts, the issuer “shall inform the Commission by notice not later than 1 business day after the receipt of such report …”

In other instances, there may be a practical obligation which effectively compels self-reporting. If, for example, an issuer discovers a material error in its financial statements, a restatement may be required under SFAS 154, Accounting Changes and Error Corrections. That, in turn, will require the issuer to file amendments to its periodic filings made with the SEC. Under these circumstances, self-reporting is virtually required.

In other instances, the broad liability faced by a business organization coupled with the obligations imposed by the Sarbanes-Oxley Act and the severe consequences of a charging decision virtually compel self-reporting:

• Corporate liability principles have created virtually open-ended liability for business organizations since the Supreme Court’s decision in New York Central and H.R.R. v. U.S., 212 U.S. 481 (1909), which gives prosecutors almost unfettered charging discretion;

• SOX requires corporate mangers to monitor and certify organizational systems and information in Sections such as 302 (CEO, CFO certifications), 906 (certifications), 404 (internal controls), 301 (audit committee authority and obligations) and 307 (counsel), thereby imposing a duty of detection and knowledge; and

• Being named as a defendant in a DOJ criminal or SEC civil enforcement action can have debilitating, if not draconian consequences, for a business organization.

Collectively, these principles and obligations have led some commentators to conclude that there is a fiduciary duty to self-report. As one commentator noted: “Under current federal law and Department of Justice Policy, it would be irresponsible for management to attempt to defend the corporation or its employees.” John Hasnas, Department of Coercion, Wall Street Journal, March 11, 2006. At a minimum, there is significant compulsion to take the step. In this context, the choice is not whether to self-report, but when, and not if to cooperate, but what steps to take to try and earn cooperation credit.

Next: Ill-defined prosecution and cooperation standards