In re Polycom and the SEC’s Continued Focus on Internal Controls

People at a Table

Over the past year, the SEC and other regulatory agencies have initiated an increasing number of investigations into companies based on allegations of inadequate internal controls and/or a system for reporting those controls. For more on internal controls and a discussion of recent regulatory activity in this area, see Jason M. Halper & Jonathan E. Lopez, et al., Assessing the Increased Regulatory Focus on Public Company Internal Control and Reporting, Bloomberg BNA: Securities Regulation & Law Report, Oct. 6, 2014.

“Internal controls” are the procedures and practices instituted by a company to manage risk, conduct business, protect assets, and ensure that its practices comply with the law and company policy.  After making public comments identifying internal controls as an “important issue” and an “ongoing area of focus” in mid-2014, the SEC entered into a number of settlements with companies in connection with allegedly insufficient internal controls.  The latest of these settlements is with Polycom, Inc., a California-based communications technology company (“Polycom” or the “Company”).

By way of background, on March 31, 2015, the SEC brought charges against Polycom’s former CEO, Andrew Miller, alleging that Miller used $190,000 in Company funds over three years to pay for personal expenses such as:

  • clothing and accessories;
  • tickets to professional sporting events;
  • plants and an in-home plant-watering service; and
  • travel expenses, including flights to Indonesia and South Africa for Miller and his girlfriend, luxury accommodations, food, entertainment and spa treatments.

For each of these expenses, Miller provided false business descriptions that were recorded as support for the charges.  Irregularities in Miller’s expense reports were uncovered by Polycom’s audit committee in July 2013, after which Miller resigned his position with the Company.

On the same day it brought charges against Miller, the SEC issued a cease and desist order outlining a settlement agreement with Polycom.  The SEC found that Polycom violated Section 14(a) of the Securities Exchange Act of 1934 by failing to disclose in the executive compensation portion of its annual proxy materials the nature of the personal expenses that Miller had received.  Additionally, the SEC found that Polycom had violated Section 13 of the Exchange Act by failing to maintain adequate internal controls.  Section 13 requires reporting companies to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances” that a company’s transactions are executed in accordance with management’s authorization and properly recorded to maintain accountability for assets.  Specifically, as to the internal controls failures, the SEC noted that there was insufficient oversight over Polycom’s corporate “purchasing cards” and air travel booking.

Polycom agreed to “cooperate fully” with the SEC’s investigation, including producing relevant documents and making its directors, officers and employees available for SEC interviews.  Polycom also agreed to pay a $750,000 penalty and “cease and desist” from future violations of the securities laws.  The case against Andrew Miller continues in federal court.  See SEC v. Miller, 3:15-cv-01461 (N.D. Cal.).

Given the increased regulatory focus in this area, companies and their counsel should ensure that procedures are in place to evaluate on an ongoing basis the sufficiency and effectiveness of internal controls.  In particular, companies are advised to: (i) administer a full assessment of the existing internal controls and reporting systems and determine improvements or enhancements if necessary, (ii) publicize to employees on a regular basis their internal control-related obligations (as well as a method for reporting violations and deficiencies), (iii) institute procedures for handling reports from employees, and (iv) make sure that senior personnel are kept informed and are actively involved in internal control compliance.