SEC Will Only Target Directors in Egregious Cases

By Stephen Joyce

Feb. 10 — Securities and Exchange Commission enforcement cases alleging violative behavior by corporate directors are rare and will only be initiated in clear cases of misconduct or when obvious signs of violative behavior are ignored, Lara Shalov Mehraban, associate director in the agency's New York Regional Office, said.

Mehraban attempted to allay concerns voiced by corporations and their lawyers about the SEC enforcement cases against corporate directors and other gatekeepers, such as compliance officers, who may try to fix compliance problems and find themselves entangled in an agency investigation.

“Enforcement isn't second guessing good-faith decisions by the board, but rather bringing cases where directors have either taken affirmative steps to participate in fraud or enabled fraudulent conduct by unreasonably turning a blind eye to obvious red flags,” Mehraban said Feb. 10 at a Practising Law Institute conference in New York.

While recent SEC enforcement cases have involved directors, Mehraban said such cases aren't common and shouldn't concern corporate directors and officers faithfully carrying out their mandates.

Bottom Line

“The bottom line here is that cases against directors are rare. In my opinion, it's because directors in most cases are embracing their responsibilities and carrying them out with appropriate rigor,” Mehraban said.

“In general, the cases that enforcement brings are against directors where there is a significant departure from normal corporate governance and appropriate conduct,” Mehraban said.

“Outside directors serve as key gatekeepers. It's critical that when a director learns information suggesting that company filings are materially inaccurate they take concrete steps to learn all of the relevant facts and ensure that the company cease filing annual and quarterly reports until they are satisified with the accuracy of the filings,” Mehraban said.

In a November speech in New York, Deputy Enforcement Director Stephanie Avakian said gatekeepers—including compliance officers—who perform their responsibilities diligently, in good faith and in compliance with the law need not fear enforcement actions .


Mehraban also said the SEC is closely monitoring corporate governance developments involving internal accounting controls and cybersecurity for possible violations of securities laws.

“Clearly companies can be victims of cyber attacks,” she said. Where companies might find themselves in trouble with the SEC enforcement unit is if they “fail to take reasonable steps to protect their customers information from cyber attacks or where their cyber-related disclosures are materially false or misleading," Mehraban said.

Conference panelists agreed corporate boards are ramping up their diligence on cyber issues. “In my experience virtually every large company and some not-so-large companies are including cybersecurity risk disclosure as part of their director education program,” Sidley Austin LLP partner and corporate governance specialist Thomas Cole said. “I do think directors are paying a great deal more attention to this,” he said.

Former SEC chairman and conference participant Harvey Pitt said it would be “a great idea” for companies to conduct a periodic audit of their internal cybersecurity efforts.

To contact the reporter on this story: Stephen Joyce in New York at

To contact the editor responsible for this story: Phyllis Diamond at