Francis Pileggi at the Delaware Litigation blog reports that Deloitte has won a partial summary judgment against Thomas Flanagan, the Chicago-based, ex-Vice Chairman of the firm accused of multiple counts of insider trading. My original post, describing how I broke the story first on Twitter based on a confidential tip, is here.
I spoke to Francis Pileggi who said, “All that’s left is for the court to decide how much this former partner will be paying his firm. It may take a while to ascertain this but from the looks of it, it may be a very big number.”
But Deloitte should be careful what they wish for. This litigation has forced them to reveal their woefully inadequate policies and procedures regarding independence compliance. While trying to placate their clients who were dragged through the mud on this and exact revenge against their own leadership-level partner – a pillar of the Chicago social and philanthropic community – they’ve admitted to allowing Flanagan to breach their standards more than 300 times and to get away with it. If it weren’t for the otherwise widely maligned SEC’s targeted action on the case, Deloitte would have remained oblivious.
Deloitte has sustained more than a bloody nose and a few cuts in this fight, even though they seem to be winning. It’s not over until the opponent is on the mat, down for the count. Better yet, knocked out cold, unable to inflict any more damage to the firm. Given the long tail of matters before the SEC, PCAOB, DOJ, and of private litigation, it may be a while before all the referees’ final decisions.
There’s been virtual radio silence in the Chicago media on this case. Crain’s Chicago Business hasn’t written anything since November of 2008, despite my encouragement. I was quoted in the Chicago Tribune later that week in November 2008 after several others, including Ryan Blitstein and Bruce Carton also reported the story.
“U.S. accounting firm Deloitte & Touche LLP has won a lawsuit against a former top executive it accused of improperly trading in stocks and options of the firm’s clients, including Motorola Inc and Best Buy Co Inc….A Delaware court sided with Deloitte in the case in an opinion dated December 29, saying the former executive, Thomas Flanagan, had “obviously” been in violation of his employers’ independence policies in making certain trades….the 30-year partner who had risen to vice chairman of the firm had secretly hidden trades in shares of Deloitte’s audit clients and lied about it to the firm.
“Because an auditor sells, at base, its independence and integrity, the firm relies heavily on the purported honesty and independence of its professionals,” Vice Chancellor John Noble, of the Delaware Court of Chancery, wrote in his opinion…Flanagan had made more than 300 trades in shares of Deloitte’s audit clients, including several clients for which he was Deloitte’s advisory partner….Dozens of times, Flanagan entered his holdings in Deloitte’s system, then quickly “corrected” entries to indicate he had disposed of restricted securities, but in fact continued to hold them… Deloitte was unaware of the trades until the U.S. Securities and Exchange Commission contacted the company [re] the audit for Walgreen Co in 2007…He was also accused of trading in securities of Deloitte clients Best Buy, Allstate Corp, Motorola, and other firms, often while working directly on the companies audits.
Flanagan resigned from Deloitte in 2008 about two months before the lawsuit was filed, … SEC has not announced any charges against Flanagan…exercised his Fifth Amendment right against self incrimination…”
Here’s what I said back in November of 2008:
“I think [Deloitte was] aware of this guy’s rule-breaking. In my experience, when someone like this 30-year “elder statesman” is flouting the rules so egregiously, they usually can’t help blustering about it. He may have complained to others, at all levels, about the “SOB, dumbass, rule-jockey, non-client service, idiot, loser, dweebs” who were bugging him to respond to their inquiries about his annual certifications…
I am also surprised that Deloitte doesn’t appear to have a process in place that most other firms I’m aware of, including PwC, have. PwC, for example, has a whole team of auditors in their Jersey City office whose only job is to request tax returns, brokerage, bank and other investment statements from folks that either come up for review based on a “random sample” or are high risk like Mr. Flanagan. They have this process because their colleagues at Coopers and Lybrand screwed up on this stuff so badly before PriceWaterhouse bought them and they were forced to put it in place….
Or maybe Mr. Flanagan did get audited. Maybe they asked for this info and he blew them off. Or maybe they were given documents that didn’t match up or were incomplete. Or maybe he kept putting them off. Or maybe he had been called on flouting of the rules many times but no one in the partnership was willing to call him into the Principal’s office and whack his knuckles with a big ruler once and for all.”
How long will it be until the SEC finishes its investigation of the case, with regard to Flanagan and/or Deloitte? Six years like Bally’s?
Will the firm or Flanagan ever get sanctioned by the PCAOB? I’m assuming Flanagan is “retired”, but will the SEC forbid him to act as a CPA?
If the PCAOB issues a disciplinary sanction against Deloitte as a firm, it will be only the second time it has done so against a Big 4 firm, both times against Deloitte. How many strikes does a firm get? If it’s as many as EY seems to be getting, then we are stuck with seeing outrageous violations of independence indefinitely due to the profession’s and the regulator’s “too few to fail” policy.
The SEC must look carefully at the Deloitte internal compliance function. It failed, and failed miserably. There are so many things wrong with this picture from an internal risk and quality management perspective, regardless of the individual partner’s lapses. What good is a profession, and a partnership of professionals, if they do not police their own according to their standards and practices? Suing Flanagan puts money back in the Deloitte partners’ pockets – and perhaps assuages their clients who received calls from the SEC because of Flanagan – but does nothing for the clients’ cost of their investigations or for those shareholders’ confidence in their vendor, Deloitte their auditor.
Deloitte has abdicated its public duty.
From the summary judgment document:
- Deloitte was not aware of Flanagan’s violations until alerted by the SEC investigation.
- Deloitte seemingly does not have a requirement for high risk employees and partners to submit physical account statements that can be audited against system reporting. It seems to be depending totally on self-reporting and the honor system, even for the highest risk partners and restricted entities.
- Deloitte seems to have a glitch in its independence tracking system and early warning exception reporting system for compliance if their system allows the appearance of reporting even though entries are immediately backed out. I guess Flanagan’s secretary knew how to do that too?
- Deloitte seems to have a lack of will to enforce its policies for tenured, powerful members of its partnership or to kick them out of the firm when they’ve been found guilty of sins against the profession and their clients, the shareholders.
- Deloitte must encourage a culture of blame and delegation of responsibility for even the most important partner responsibilities, ones that are critical to its reputation and integrity. Talk about an embarrassing and completely jerk-face cop out of leadership responsibility…
“Flanagan suggests that there is no evidence that he, himself, used the Tracking & Trading System, and that any failure to correctly input his trades was likely an error by his secretary.”
The SEC and PCAOB must complete a thorough review of Deloitte’s Independence Compliance process and systems and implement sanctions, recommend immediate remediation, and install a monitor to correct failings. Some areas to look at:
- How they pick their samples of who to audit and how thoroughly and frequently those samples are manually audited for independence compliance;
- Whether Deloitte selects employees and partners randomly and who are high risk for physical documentation on a necessary periodic basis;
- How does Deloitte populate and maintain its Restricted Entity List? (This is a sore issue with all the firms.)
- Whether very senior partners are involved in enforcing the rules, in insuring follow-up on missing documentation, and in hauling in partners for disciplinary action who blow off the internal compliance team. Are senior partners “independent” enough of their colleagues to enforce the rules against the incorrigible and potentially malevolent?
- What type of follow-up and discipline process does Deloitte employ for employees, partners and especially its most senior partners in high risk engagements?
Inside Image Source
Main Page Image Source