Tag: compliance

Categories
31 Days to More Effective Compliance Programs

Day 2 – Continuous Monitoring and Continuous Improvement

Continuous monitoring and improvement are two of the most important phrases for any compliance program. These twin concepts were perhaps the biggest modifications in the 2020 Update to the Evaluation of Corporate Compliance Programs. In 2021 and 2022, all companies’ risks changed as we moved from Working From Home to Return To Office and now a hybrid work model. Of course the great resignation has also played a part.These changes in our basic work location drove home perhaps the most prescient comment I heard during the pandemic, which was by Jed Gardner, who said, “We have moved from disaster recovery to business continuity to business as usual.” This means that risks will change in ways you may not see at speeds you do not anticipate. Your compliance program must be ready to respond to whatever those risks might be going forward.

In the 2020 Update, the DOJ began to address this from the compliance program perspective with several questions. “Is the risk assessment current and subject to periodic review? Is the periodic review limited to a “snapshot” in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures, and controls? Do these updates account for risks discovered through misconduct or other problems with the compliance program?”

The next area for continuous monitoring and improvement was an area of compliance that is not normally associated with those concepts, Policies, and Procedures. Here questions included “When was the last time your policies and procedures were updated? Perhaps more importantly, under the 2020 Update, what was your process for doing so? Was there any rigor around your process? Did that rigor include incorporating information and data collected through continuous monitoring, real-time monitoring, or continuous access to operational data and information across functions?”

The final area in the 2020 Update for consideration is called Continuous Improvement, Periodic Testing, and Review. The question included the following, “How often has the company updated its risk assessments and reviewed its compliance policies, procedures, and practices? Has the company undertaken a gap analysis to determine if particular risk areas are not sufficiently addressed in its policies, controls, or training? What steps has the company taken to determine whether policies/procedures/practices make sense for particular business segments/subsidiaries? Does the company review and adapt its compliance program based on lessons learned from its misconduct and/or other companies facing similar risks?”

Three key takeaways:

1. How has your company’s risks changed over the past year?
2. What is your process for continuous monitoring and improvement?
3. What sources of information do you use that come from outside your organization?

Categories
Blog

What 2022 Brought to Compliance

2022 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, there were three enforcement actions were significant with multiple lessons for the compliance professional. In ABB, we learned about the costs of a corrupt culture and recidivism, in Glencore, we saw happens to a company which engages in worldwide, systemic bribery and corruption. Finally, in Stericycle, the company had a culture of corruption burned into the DNA of the LATAM business unit which was so thorough that it was documented via bribery spreadsheets and analysis of revenue based on payments of bribes in LATAM. Yet even with this corrupt culture, the Stericycle enforcement action demonstrated how a company can take advantage of the discounts available under the FCPA Corporate Enforcement Policy by extensive cooperation and remediation during the pendency of the FCPA investigation, as the company obtained a 25% reduction off the bottom of the applicable US Sentencing Guidelines fine range.

September saw the announcement of a significant refinement of Department of Justice (DOJ) enforcement policies on the around Foreign Corrupt Practices Act (FCPA) enforcement and corporate compliance programs. It was encapsulated in the Monaco Memo and a speech by Deputy Attorney General Lisa Monaco announcing the Monaco Doctrine. There was also additional commentary by Principal Associate Deputy Attorney General Marshall Miller, in a speech and a speech by Assistant Attorney General Kenneth A. Polite. Every compliance professional should all of them in detail as they significantly turn the heat up on corporate compliance programs.

The Monaco Memo is broken down into four main sections: I. Guidance on Individual Accountability; II. Guidance on Corporate Accountability; III. Independent Compliance Monitorships; and IV. Commitment to Transparency in Corporate Criminal Enforcement. The Monaco Memo is both further clarification and further guidance for line prosecutors when they are considering whether to put a monitor in place. While we have seen these factors in a disparate manner, in disparate places, here they are in writing. Perhaps the greatest significance is that the Memo sets down all these matters in writing which leads to a blueprint for DOJ thinking and a roadmap for anyone who finds themselves in an FCPA investigation or enforcement action.

I see the Monaco Memo and the Miller and Polite Speeches as complimentary releases of information which drive home several key changes in DOJ enforcement. Perhaps changes are too strong, but they these announcements make clear the DOJ is dedicated to individual accountability and prosecution. Corporations will have to reorient their approach to investigations and sharing of information with the DOJ to this new mandate. Next the DOJ is strongly shifting the burden in the investigatory and negotiation phases to make clear the company must come forward with evidence to support lower fines and penalties and greater discounts, particularly in individual financial penalties and incentives, i.e., clawbacks. The Monaco Memo laid out not simply how to avoid a monitor but a program of proactive monitoring which can lead to the prevention of a crime before the FCPA is violation. Finally, the Monaco Memo cemented the new DOJ requirement for CCO certification of compliance programs at the end of a resolution.

The final key event for compliance in 2022 was very much under the radar. It was the DOJ hiring of Matt Galvan to help develop a data analytics expertise and capability for the FCPA Unit and the Fraud Section. Galvan was most recently the CCO at AB InBev and perhaps the top compliance profession in the use of data analytics for a corporate compliance program. It will be most interesting to see where Galvan and the DOJ take this initiative, but it does portend the increasing use of data analytics in FCPA enforcement and compliance.

Categories
Great Women in Compliance

Karina Vollmer – Making Friends and Influencing People

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

One of the most critical aspects of the role of a Compliance Officer is establishing the reputation of the function as being one which is approachable and reliable.  One of the colleagues Mary has admired the most in being successful in this respect, is Karina Vollmer.  The two worked together at Tata Communications in Singapore and take a walk down memory lane to share some thoughts from the past that allow introverts like Mary to learn from extroverts like Karina.

 Karina is originally from Indonesia and takes the opportunity to share with the GWIC audience some of the unique cultural aspects of the country that may impact the role of global compliance officers in multi-national corporations.

As a mother of two and a Chief Compliance Officer, Karina has a lot going on.  Her discussion builds on an earlier podcast episode with Sue Scott (Great Women in Compliance episode #173) where she addresses the common issue of mum/mom guilt.

 The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Compliance Into the Weeds

The Danske Bank AML Enforcement Action

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, we consider the Danske Bank AML enforcement action, and the bank recently pled guilty to money-laundering violations through its Estonia subsidiaries.

Some of the highlights included:

  • The background facts.
  • What did the home bank know and when?
  • Did a tech failure set this all in motion?
  • The Bank’s attempts to hide the violations from US authorities.
  • Why is the US and not Denmark bringing an enforcement action against a Danish bank?
  • What about CCO certification?
  • The role of the Danish monitor.

 Resources

Tom in the FCPA Compliance and Ethics Blog

Matt Kelly in Radical Compliance

Categories
Blog

Danske Bank: Part 3 – Compliance Failures

We are exploring the Danske Bank A/S (Danske Bank), AML enforcement action in which Danske Bank pled guilty this week and agreed to forfeit $2 billion to resolve the US investigation into its fraud on US banks. According to the Department of Justice (DOJ) Press Release, “Danske Bank defrauded U.S. banks regarding Danske Bank Estonia’s customers and anti-money laundering controls to facilitate access to the U.S. financial system for Danske Bank Estonia’s high-risk customers, who resided outside of Estonia – including in Russia.” Danske Bank also settled with the Securities and Exchange Commission (SEC) who said, in their Press Release, the Bank misled investors about its anti-money laundering (AML) compliance program in its Estonian branch and failed to disclose the risks posed by the program’s significant deficiencies.

How did it start to go wrong?

Interestingly, and most significantly for compliance professionals, the trouble for Danske Bank started with an acquisition. According to the Plea Agreement, “Danske Bank acquired Finland-based Sampo Bank in 2007, including Sampo Bank’s large operation in Estonia. A significant part of Sampo Bank’s Estonia business was providing banking services to non-resident customers, that is, companies and individuals residing outside Estonia, including in Russia. DANSKE BANK knew this was a large part of Sampo Bank’s Estonian business model and continued this business after acquiring Sampo Bank. The non-resident portfolio (“NRP”) was, by far, Danske Bank Estonia’s most lucrative business line, generating, over the life of the branch, over 50% of Danske Bank Estonia’s profits. DANSKE BANK knew that many NRP customers conducted transactions in U.S. dollars, which required Danske Bank Estonia to use U.S. banks and bank accounts to process those transactions. By December 2013, DANSKE BANK knew that the NRP was high-risk because, among other reasons, its customers resided in high-risk jurisdictions, frequently used shell companies to shield the identity of their ultimate beneficial owner or the sender or recipient of transactions, and engaged in suspicious transactions through U.S. banks.”

In addition to a failure of due diligence in the pre-acquisition phase, Danske Bank did nothing post acquisition to make sure the new Estonian branch complied with basic AML. Danske Bank Estonia had an inadequate and ineffective compliance program that applied to all customers. As noted in the Plea Agreement, “Danske Bank Estonia, through its International Banking Group (“IBG”), attracted NRP customers by ensuring that they could transfer large amounts of money through Danske Bank Estonia with very little, if any, oversight or scrutiny. IBG employees conspired with their customers to shield the true nature of their transactions, including by assisting customers to conceal beneficial owners by establishing accounts for known shell companies and sometimes creating shell companies for customers in exchange for a “consulting fee.””

Actual Knowledge of Compliance Failures

To read the settlement documents it is clear that Danske Bank was making so much money laundering its Russian clients that it did everything it could do so to avoid making any changes which would kill the golden goose. As early as 2007, Danske Bank was aware a substantial portion of Danske Estonian branch’s customers were non-residents of Estonia, the NRP accounts, and that many of the NRP customers were from Russia and other former Soviet-bloc countries. These NRP customers’ practices included well-known red flags for potential money laundering, for example, frequent use of offshore LLPs and nominee directors to obscure or conceal beneficial ownership information, use of unregulated intermediaries to carry out transactions on behalf of unknown clients, and ties to jurisdictions with enhanced money laundering risks. Yet both Danske Bank Estonia and the parent Danske Bank maintained that “all is well” (yes cue the Animal House riot scene about now).

It was not as if Danske Bank was unaware of its Estonia branch shortcomings and failures. According to the SEC Complaint, “in 2007, the Danish Financial Supervisory Authority (“Danish FSA”) contacted Danske with concerns it had received from the Bank of Russia about NRP customers allegedly engaged in illicit transactions through Danske Estonia, including money laundering which was discussed by Danske’s Board of Directors in August 2007.” In light of the Danish FSA’s warnings, Danske conducted an internal audit of Danske Estonia’s transactions in 2007. That audit did not assess whether Danske Estonia complied with AML and Know-Your-Customer (KYC) procedures required under applicable laws and regulations, but the audit report provided to Danske management noted that Danske Estonia’s procedures in this area were “thin.” The 2007 audit recommended to Danske management that Danske undertake further investigation of Danske Estonia’s practices to ensure compliance with applicable law. Further, in March and April of the same year, the Estonian FSA had carried out an inspection at Danske Estonia and issued an inspection report on August 16, 2007, which found that the Estonian branch was not compliant with its legal obligations.

These compliance shortcomings were in four general areas. Danske Bank Estonia used foreign consultants and intermediaries to recruit customers and outsourced its legal obligations to conduct due diligence and obtain KYC information to third parties. Second, Danske Bank management knew that Danske Estonia was offering certain high-risk services and products associated with suspicious activity which Danske did not permit other branches to offer. Third, Danske Bank knew that its IT platform was incompatible with Danske’s IT platform. Danske knew or was reckless in not knowing that Danske Estonia could not conduct automated AML or KYC controls, such as automated customer screening and automated transaction monitoring. Fourth, Danske Bank Estonia’s AML and compliance control framework did not adequately mitigate the risks of the NRP portfolio and Danske failed to provide effective supervisory oversight. Danske Estonia’s compliance and AML departments were structured differently than at other Danske branch and reported directly to Danske Estonia’s branch manager with dotted line reporting to Danske’s compliance and AML departments. As a result, Danske Estonia’s compliance and AML functions were not effectively monitored or effectively supervised by Danske.

Tomorrow, the Danske Bank response.

Categories
Great Women in Compliance

Jacki Cheslow – Bringing Life to a Compliance Program

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

One of the best things about the longevity of the GWIC podcast is that Mary and Lisa get to build some of their own ideas and traditions.  Some are things like “bonus episodes” – a great idea by Mary, the #GWICies, and one of Lisa’s, which is to do her last podcast interview of the year with someone who is not only a leader in the E&C community due to her expertise, but also someone who is always a mentor and support to so many people (including Lisa).

This year, Lisa is speaking with Jacki Cheslow, who was on the podcast a few years back and since then has moved from a large corporate organization, Avis/Budget, to the Institute of Electrical and Electronic Engineers – the IEEE, which is the world’s largest non-profit technical organization.

Jackie talks about her experience with IEEE as a mission-driven organization, which is to develop technology to benefit humanity, and how that influences her role.  She also talks about starting out at IEEE and needed to learn a whole new area, sanctions, which then became even more important than she would have anticipated.

Jacki also shares how she had a bit of imposter syndrome when she started at IEEE,  She provides  valuable insight in how to change one’s mindset from a fixed mindset to a growth mindset and how that can also change one’s view that they are given the opportunity to learn new things as recognition of one’s potential and being open to learning.

The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  If you have a moment to leave a review at the same time, Mary and Lisa would be so grateful.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

If you enjoyed the book, the GWIC team would be very grateful if you would consider rating it on Goodreads and Amazon and leaving a short review.  Don’t forget to send the elevator back down by passing on your copy to someone who you think might enjoy reading it when you’re done, or if you can’t bear parting with your copy, consider it as a holiday or appreciation gift for someone in Compliance who deserves a treat.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Principled Podcast

Season 8 – Episode 12 – Part 2: Geopolitics and the Interconnectedness of Compliance Risks

What you’ll learn on this podcast episode

In this episode of the Principled Podcast, host Susan Divers continues her conversation from Episode 11 with Tom Fox, the founder of the Compliance Podcast Network, on the changing geopolitical landscape and its impact on E&C. Listen in as the two discuss how anti-corruption is a key component of ESG, the consequences of compliance in cybersecurity, and the growing interconnectedness of risks. You can listen to Episode 11 here. 

To learn more, download a copy of Tom Fox’s white paper Never the Same: Five Key Areas in Which Business Will Never Be the Same After the Russian Invasion. 

Guest: Tom Fox

Tom_Fox_grayscale

Tom Fox is literally the guy who wrote the book on compliance with the international compliance best-seller The Compliance Handbook, 3rd edition, which was released by LexisNexis in May 2022. Tom has authored 23 other books on business leadership, compliance and ethics, and corporate governance, including the international best-sellers Lessons Learned on Compliance and Ethics and Best Practices Under the FCPA and Bribery Act, as well as his award-winning series “Fox on Compliance.”

Tom leads the social media discussion on compliance with his award-winning blog, and is the Voice of Compliance, having founded the award-winning Compliance Podcast Network and hosting or producing multiple award-winning podcasts. He is an executive leader at the C-Suite Network, the world’s most trusted network of C-Suite leaders. He can be reached at tfox@tfoxlaw.com.

Host: Susan Divers

Susan_Divers_Principled_Podcast

Susan Divers is the director of thought leadership and best practices with LRN Corporation. She brings 30+ years’ accomplishments and experience in the ethics and compliance arena to LRN clients and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance, and sharing substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, which recognized her work in advancing the company’s ethics and compliance program.

Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Prior to that, she was a partner with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with the law firms of Theodore Goddard & Co. and Herbert Smith & Co. She also served as an attorney in the Office of the Legal Advisor at the Department of State and was a member of the U.S. delegation to the UN working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C. and of the National Law Center of George Washington University. In 2011, 2012, 2013 and 2014 Ethisphere Magazine listed her as one the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008. She resides in Northern Virginia and is a frequent speaker, writer and commentator on ethics and compliance topics.

 

Categories
Principled Podcast

Season 8 – Episode 11 – Part 1: Geopolitics are Impacting Workplace Ethics and Compliance Programs

What you’ll learn on this podcast episode

As the world emerges from a pandemic mindset, we confront new geopolitical realities with Putin’s war in Ukraine and increasingly fraught relations between the US and China. How is this geopolitical landscape changing the compliance landscape? In this episode of the Principled Podcast, host Susan Divers is joined by Tom Fox, the founder of the Compliance Podcast Network and aptly accredited “Voice of Compliance.” Listen in as the two discuss the impact of geopolitics on ethics and compliance and what issues should be top-of-mind for E&C leaders in the near future.

To learn more, download a copy of Tom Fox’s white paper Never the Same: Five Key Areas in Which Business Will Never Be the Same After the Russian Invasion.

Guest: Tom Fox

Tom_Fox_grayscale

Tom Fox is literally the guy who wrote the book on compliance with the international compliance best-seller The Compliance Handbook, 3rd edition, which LexisNexis released in May 2022. Tom has authored 23 other books on business leadership, compliance, ethics, and corporate governance, including the international best-sellers Lessons Learned on Compliance and Ethics and Best Practices Under the FCPA and Bribery Act, as well as his award-winning series “Fox on Compliance.”

Tom leads the social media discussion on compliance with his award-winning blog and is the Voice of Compliance, having founded the Compliance Podcast Network and hosting or producing multiple award-winning podcasts. He is an executive leader at the C-Suite Network, the world’s most trusted network of C-Suite leaders. He can be reached at tfox@tfoxlaw.com.

Host: Susan Divers

Susan_Divers_Principled_Podcast

Susan Divers is the director of thought leadership and best practices with LRN Corporation. She brings 30+ years of accomplishments and experience in the ethics and compliance arena to LRN clients and colleagues. This expertise includes building state-of-the-art compliance programs infused with values, designing user-friendly means of engaging and informing employees, fostering an embedded culture of compliance, and sharing substantial subject matter expertise in anti-corruption, export controls, sanctions, and other key areas of compliance.

Prior to joining LRN, Mrs. Divers served as AECOM’s Assistant General for Global Ethics & Compliance and Chief Ethics & Compliance Officer. Under her leadership, AECOM’s ethics and compliance program garnered six external awards in recognition of its effectiveness and Mrs. Divers’ thought leadership in the ethics field. In 2011, Mrs. Divers received the AECOM CEO Award of Excellence, recognizing her work advancing the company’s ethics and compliance program.

Before joining AECOM, she worked at SAIC and Lockheed Martin in the international compliance area. Before that, she partnered with the DC office of Sonnenschein, Nath & Rosenthal. She also spent four years in London and is qualified as a Solicitor to the High Court of England and Wales, practicing in the international arena with Theodore Goddard & Co. and Herbert Smith & Co law firms. She also served as an attorney in the Office of the Legal Advisor at the Department of State. She was a member of the U.S. delegation to the UN, working on the first anti-corruption multilateral treaty initiative.

Mrs. Divers is a member of the DC Bar and a graduate of Trinity College, Washington D.C., and of the National Law Center of George Washington University. In 2011, 2012, 2013, and 2014 Ethisphere Magazine listed her as one of the “Attorneys Who Matter” in the ethics & compliance area. She is a member of the Advisory Boards of the Rutgers University Center for Ethical Behavior and served as a member of the Board of Directors for the Institute for Practical Training from 2005-2008. She resides in Northern Virginia and is a frequent speaker, writer, and commentator on ethics and compliance topics.

Categories
Creativity and Compliance

Training Jams – Using Music to Communicate E&C

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings and Entertainment, utilizes people’s entertainment devices to consume information in their everyday, non-work lives and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible.

In this episode, Tom and Ronnie discuss a great new series of offerings by L&E, entitled ‘E&C Training Jams.’ E&C Training Jams are an offering by L&E using music as a non-traditional way to communicate with your employees and to build an overall culture of compliance in your organization. In Training Jams, a soulful singer banters about ethics & compliance, explaining policies, sharing examples, and debunking excuses. Ronnie goes so far as to say about E&C Training Jams, “quite frankly, the coolest thing that I’ve ever made because the music gets stuck in your head, and they leave you with a smile.”

Resources:

Check out  Ronnie Feldman on LinkedIn

Check out Learnings & Entertainments on LinkedIn

Follow Ronnie Feldman on Twitter

Learnings & Entertainments 

 L&E Offerings-E&C Training Jams

E&C Jams Sizzle Reel

E&C Jams Promo Reel Landing page

E&C Jams Web Page

Categories
Blog

ABB FCPA Resolution: Part 5 – A Win for Compliance

We conclude our exploration of the latest resolution of a Foreign Corruption Practices Act (FCPA) violation involving the Swiss construction giant, ABB Ltd. There have been several reference documents used this week and they include the Securities and Exchange Commission Complaint (SEC Order); the Department of Justice (DOJ) Press Release. Plea Agreement (ABB Plea Agreement) and Deferred Prosecution Agreement(DPA), the ABB South Africa Plea Agreement and Criminal Information, the ABB Management Services Plea Agreement and Criminal Information.

Over this blog post series, we have been exploring these key questions: How did ABB obtain such a superior resolution? And, as a three-time FCPA violator, how did the company avoid a monitor? Today, we celebrate how this most unusual FCPA enforcement action is a huge victory for compliance.

How did ABB obtain such a superior resolution?

There appears to be three components to ABB’s avoidance of a monitor. It all began with ABB’s attempt to self-disclose. Please note this attempt was not successful as the South African press broke the story of ABB’s bribery and corruption between the time ABB called to set up meeting and actually sat down with the DOJ. Yet the DOJ was impressed enough with ABB’s intent or at least desire to self-disclose that it spent a considerable amount of ink in the resolution documents detailing how ABB got close but missed timely self-disclosing.

Yet this putative failure at self-disclosure laid the groundwork for everything that followed, eventually leading to the stunning result. As the DOJ stated in the DPA, “in evaluating the appropriate disposition of this matter-including the appropriate form of the resolution-considered evidence that, within a very short time of leaning of the misconduct, the Company contacted the Fraud Section and scheduled a meeting to discuss matters under investigation by the Fraud Section and the Company. The Company did not specifically identify the South Africa misconduct in that meeting request, but it disclosed the South Africa misconduct during the scheduled meeting, subsequently presented evidence to the Offices that it intended to disclose the misconduct related to South Africa during the scheduled meeting and did not know of any imminent media reports when the meeting was scheduled.”

The second component is the above-noted discussion about ABB’s near self-disclosure. While it could have amounted to an own goal, given the lengthy DOJ discussion in the settlement documents, it appears the DOJ received ABB’s near miss more favorably. The second point is something every Chief Compliance Officer (CCO) and outside counsel need to understand; that being truly extraordinary.

Matt Kelly identified the one piece of information which took what is now this standard recitation of extraordinary cooperation to a truly high level of ‘extraordinary’. In a blog post, Kelly pointed out that in the SEC Order, it stated, “ABB’s cooperation included real-time sharing of facts learned during its own internal investigation.” This meant “ABB was sharing information with regulators as quickly as it found those facts, without necessarily knowing how such admissions might affect its overall case and settlement chances.” He then opined, “When you don’t know the full extent of your sins and the punishment to follow, but you cooperate with regulators anyway — that’s an impressive commitment to the culture of compliance that the Justice Department wants to see.”

Next were the actions by ABB in their remediation. The Plea Agreement reported that ABB “engaged in extensive remedial measures, including hiring experienced compliance personnel and, following a root-cause analysis of the conduct described in the Statement of Facts, investing significant additional resources in compliance testing and monitoring throughout the organization; implementing targeted training programs, as well as on-site supplementary case-study sessions; conducting continuing monitoring and testing to assess engagement with new training measures; restructuring of reporting by internal project teams to ensure compliance oversight; and promptly disciplining employees involved in the misconduct.” This final point was expanded on in the SEC Order which reported that all employees involved in the misconduct were terminated.

As a three-time FCPA violator, how did the company avoid a monitor?

ABB essentially created its own monitorship around testing its compliance program and reporting to the DOJ. In a section entitled “Written Work Plans, Reviews and Reports”, ABB agreed to conduct a first review and prepare a first report, followed by at least two follow-up reviews and reports. But more than simply reporting, ABB agreed to create and submit for review a workplan for this ongoing testing of its compliance program, as the program was detailed in the DPA. The DPA specified, “No later than one (I) year from the date this Agreement is executed, the Company shall submit to the Offices a written report setting forth:

  • a complete description of its remediation efforts to date;
  • a complete description of the testing conducted to evaluate the effectiveness of the compliance program and the results of that testing; and
  • its proposals to ensure that its compliance program is reasonably designed, implemented, and enforced so that the program is effective in deterring and detecting violations of the FCPA and other applicable anti-corruption laws.”

ABB also agreed to meet with the DOJ quarterly to submit and discuss the results of its ongoing testing. While I am sure many other companies have made a similar proposal to the DOJ, through its actions during the pendency of the investigation, ABB convinced the DOJ it could be trusted to follow through with its commitment.

How does all of this work into the DOJ decision not to require a monitor? There is now a 10-factor test that was laid out in the Monaco Memo. Factor 1 is whether the company self-disclosed the incident at issue. Factors 4-6 all relate to conduct and actions when the illegal activity occurred, not after discovery and self-disclosure. Factor 4 relates to the length or pervasiveness of the conduct and whether senior management was involved. Factor 5 reviews “the exploitation of an inadequate compliance program or system of internal controls.” Factor 6 asks if compliance personnel were involved or were basically negligent in failing to “appropriately escalate or respond to red flags.” Factors 7-10 considered ABB’s actions post-reporting, how the company became aware of the matter, its root cause analysis, its remedial actions and overall reduction in the company’s risk profile. While there was no substantive discussion of these factors in the any of the resolution documents, it appears the DOJ criteria for a monitor was not met.

The ABB FCPA resolution represents one of the biggest wins for corporate compliance that we have seen in recent memory. A now thrice-recidivist received a discount on its overall fine and penalty and avoided a monitor through truly exception work after the bribery and corruption was uncovered. Every compliance officer should thoroughly study this matter to see the specific steps ABB engaged in, starting with their first phone call to the DOJ. During your investigation, embrace the DOJ’s need for speed in communicating new and salient facts as they are uncovered, perform a root cause analysis and then remediate, remediate, and remediate. ABB is to be commended and indeed celebrated for its success in this matter.