Perhaps the most prescient comment I heard during the height of the pandemic came from Jed Gardner, Group Director of Transformation at Linedata, which was that we have moved from disaster recovery to business continuity to business as usual. It appears that not only was the comment correct but now we are moving in the business world from crisis to crisis to crisis. This month’s Harvard Business Review magazine dedicated its Big Idea Series to the topic of crisis. Over this short week I am exploring what this new reality means for the compliance professional. Yesterday we looked at compliance as a trip wire to alert businesses a crisis is on the horizon, through the article A New Crisis Playbook for an Uncertain World. Today we look at cultures that are built to sustain during a crisis.
Our starting point for today is the article, Building a Culture That Can Withstand a Crisis by John E. Katsos, Jason Miklian, and Patrick L. McClelland. This article is based upon an interview the authors did with Alice Laugher, the head of Committed to Good (CTG), a private company founded in Afghanistan and based in Dubai, that provides specialist staffing and logistics to the humanitarian community. Since the company’s founding in 2006, its clients have included most major humanitarian organizations; it now operates in 26 countries. In 2019 Laugher was awarded the prestigious Oslo Business for Peace Award. In the article, the authors visited with Laugher on “what she and her team have learned about uncertainty through working in crisis zones, and how this might help managers new to the type of crisis leadership our tumultuous time requires.” It turned out she had some very interesting insights for the compliance professional to help a company in times of crisis.
1.When a New Crisis Appears
The most current crisis CTG is facing is in Afghanistan. Here Laugher said, “We navigate a new normal every day. The situation, the rules, the regulations, and the needs of the local population shift constantly. Can you imagine running a business in a place where banks are not operating? Or where corporate accounts are frozen? There is still active fighting and hostility in parts of Afghanistan where we have staff. How do you deliver salaries and make payroll to thousands of employees scattered across the country in such an environment? When the Taliban took over, we were forced to reevaluate our core objectives, achievements, and progress.” She said it “test[s] how strong our relationships with our staff, clients, and partners really are. We ride the waves together. It’s as simple as that. We share the same goal: to build humanitarian projects so that aid can get to the people who need it no matter the danger or challenge involved in getting it there.”
Compliance Lesson
Everyone in your compliance function must be on the same page. If an ethical issue arises, everyone must know what the corporate response should be; that is, we will only do business ethically and in compliance with not simply our policies and procedures but our culture and mission. So, are you communicating that message? Here I recall Louis Sapirman when, when he was Chief Compliance Officer (CCO) at Dun & Bradstreet, used the phrase Do the Right Thingto communicate the culture and values of the organization as it navigated a Foreign Corrupt Practices Act (FCPA) enforcement action. Does your compliance function and indeed entire organization have such a succinct, forceful and clear statement of culture values?
2. Uncertainties During a Crisis
When asked about dealing with uncertainties during crisis, Laugher said, “Each country is radically different, but preparation goes a long way everywhere we operate. You have to navigate local laws, some of which may be unpublished. In one country, the tax law is from 1921, so it certainly cannot be found easily and downloaded from the internet! And meeting tax obligations — something that is considered a back-office task — has much more serious consequences in conflict zones.”
Compliance Lesson
Here the lesson is you must have local compliance support ready and able when called upon by the business team or the greater organization. If you cannot have your compliance team embedded in high-risk areas, you should have local compliance assets trained to provide such support. A Regional Compliance Committee can be of great assistance here as they will have an ear closer to the ground. Indeed, Laugher noted, “it’s so important to have local staff members as part of your core team. They can help navigate the nuances and sensitivities of their country, and they have a deep understanding of their environments, a level of insight that can’t be matched by outsiders no matter how much research they do.”
It’s Really About Culture
Laugher believes that the culture at CTG drives the entire organization. She stated, “We have a culture that encourages people to go the extra mile because of the value of the work that we are enabling. We believe in what we are helping to deliver. Our people share a fundamental desire to make a difference and help those in need. Everyone trusts that we will jointly make the right decision for security and safety based on local knowledge and information, while still getting the job done. CTG is not a “look to the CEO for the answer” culture. I don’t pretend to have all the answers. Instead, we work together to find solutions to complex problems.”
Compliance Solution
Once again you have to drive your compliance message throughout the organization. Even when you do not have the answer immediately, compliance should be seen as a function to go to when you need to solve a problem. This is not simply being Dr. No from the Land of No but affirmatively being seen as a business enabler. As Laugher stated, “We embed it in everything we do.” As a CCO you should do so as well.
4. The Speed of Change
Covid-19 highlighted the speed of change. In literally a few days, companies had to figure out how to do business remotely, literally across the world. CTG was no different. How are you going to respond to the speed of a crisis, such as one that might damage your organization’s reputation in literally days across the world? Laugher said, “We have several plans of action as part of our day-to-day business in each country. Nonetheless, a lot of times our emergency plans do have to be used. So, we must remain versatile at both the local and leadership levels, and our culture and the trust we have in our team approach are essential.”
Compliance Lesson
Long term preparation is the key. Not only should you have plans in place, but have you cultivated and built relationships? Do you have relationships with the local, regional and state communities you are working, do you have relationships with both your outside sales agents and Supply Chain vendors who all may well be a part of the solution you need to have to activate? But building those relationships take time, effort, and care. You cannot start during the throes of a crisis; you must do so now.
The bottom line that the time to prepare for a crisis is now. Learn to work together as a team. As a CCO you will have to rely on your entire compliance team, from the most junior to the most senior. Know everyone and everyone’s role before crisis hits. Know who your key resources and assets will be throughout your company if you need to call upon them. Built up that trust with internal and external stakeholders.
Tag: compliance
Special Episode with the Deputy Commissioner, Securities Division of the Vermont Dept. of Financial Regulation
In this special episode, CSS’s Director of Retail Wealth Manager Services Korrine Kohm and William R. Carrigan, Deputy Commissioner, Securities Division of the Vermont Department of Financial Regulation discuss the latest news for registered investment advisers, including what will be required in 2022 surrounding continuing education requirements, the implementation of the new Marketing Rule and what’s next for Form CRS.
About Our Guest Speakers:
Korrine Kohm is CSS’s Director of Retail Wealth Manager Services. Prior to CSS, Korrine was the Chief Compliance Officer and Head of Operations at Estabrook Capital Management where she was responsible for all compliance functions of this SEC-registered, $2.1B investment advisory firm. Korrine began her regulatory career while working at Allied Irish Bank (NY) in the Operations Department where she was a key member of AIB’s Compliance Committee, responsible for ensuring compliance with Federal and State regulations. An active member of the National Society of Compliance Professionals for over 10 years, Korrine earned her Investment Adviser Certified Compliance Professional (IACCPTM) designation in 2006, is a member of the Association of Certified Fraud Examiners, and obtained her Certified Fraud Examiner designation. In addition to her experience in compliance and banking, Korrine began the 16-week intensive training course in Quantico, Virginia, to become a Special Agent with the Federal Bureau of Investigation. She has particular experience in crafting customized policies and procedures, developing and implementing compliance programs, conducting on-site compliance reviews, acquisition due diligence reviews, risk assessments and mock SEC examinations. She routinely councils clients on various regulatory matters, including SEC registration issues, social media and advertising, policies related to diminished financial capacity, disclosures and the annual review process.
William R. Carrigan was appointed Deputy Commissioner of the Securities Division in July 2016. He has worked at DFR since 2007 serving as Director of Examinations and Enforcement and Investor Education Coordinator. A Certified Fraud Examiner, he worked closely with the FBI and IRS to expose the $28 million Mac Parker Ponzi scheme, which involved hundreds of investors, and he was a member of the team that investigated the recent Jay Peak EB-5 matter that resulted in federal and civil lawsuits. Carrigan also spearheaded the inquiry that led to the recent $5.9 million settlement with Raymond James and Associates. He has 20 years of experience in the securities industry and held various positions prior to joining the division. He holds a bachelor’s degree in business management from Johnson State College and a master’s degree in forensic studies from Stevenson University in Maryland. He is a member of the Association of Certified Fraud Examiners and the North American Securities Administrators Association.
Perhaps the most prescient comment I heard during the height of the pandemic came from Jed Gardner, Group Director of Transformation at Linedata, which was that we have moved from disaster recovery to business continuity to business as usual. It appears that not only was the comment correct but now we are moving in the business world from crisis to crisis to crisis. This month’s Harvard Business Review magazine dedicated its Big Idea Series to the topic of crisis. Over this short week I will be exploring what this new reality means for the compliance professional. We begin with the article A New Crisis Playbook for an Uncertain World by John E. Katsos and Jason Miklian. As we enter a period of unprecedented instability, is your compliance function prepared?
The authors begin by identifying what makes us now in essentially permanent crisis but as Gardner reminds us, it’s just business as usual. They state, “Today we stand at the precipice of not one but three converging and potentially catastrophic long-term trends: climate change, globalization, and growing inequality.” Given the political instability of America and much of the world, these will only get worse. Moreover, because of this political instability, corporate America has been forced to take the lead in providing solutions to these crises. But one type of crisis can initiate several other types of crises, so “the Covid-19 pandemic, for example, was not just a health crisis but an economic and political one as well.”
Last year we saw increased pressure on compliance functions to speed things up, disregard existing controls for the sake of expediency and move to doing business with a wide variety of third parties, both on the sales side and in the Supply Chain that were not fully vetted through standard due diligence. The Department of Justice (DOJ) responded to these developments in a very clear manner, do not forsake your standard controls for the sake of expediency. If you do and the resulting conduct violates the Foreign Corrupt Practices Act (FCPA) or other federal law, standard or regulation, your organization will not be able to use the excuse that it was an unprecedented crisis.
What the authors found was that “the red-flashing danger signals were always apparent to anyone reading the local news or talking to local people.” Yet almost all companies were “trying to do what they thought was the right thing. But the ones that both survived and thrived had more than good intentions or strong leadership.” Most interestingly, the single most important tactic for every company was to employ a tool long used by every successful Chief Compliance Officer (CCO) and compliance professional – to listen. Every best practices compliance program has a series of early warning posts which should be monitoring your organization. It could be the hotline, your internal controls, your compliance professionals embedded in business units or it could be your local compliance resources who are not compliance function employees. The authors developed a business playbook for dealing with them that I have adapted for the compliance professional.
Listening Locally
A compliance function cannot do effective strategic risk planning or risk management without understanding your organization’s sociopolitical context. The authors found that companies which “had little engagement with local communities, viewing them merely as sources of consumers or raw materials, were unlikely to outrun upheaval.” This is compounded that when a crisis hits and it becomes economic, leading to layoffs, your information flow is constricted and perhaps resentments arise from arbitrary closings. The key is to build a broad base in such localities, both in your compliance function but also far beyond. This is where both ESG and corporate social responsibility (CSR) initiatives can be critical. Through such initiatives, companies can “build deeper ties with the broader community, because those connections are integral to business survival during crises. This means developing relationships with local leaders within and beyond the corporate world and working across societal dividing lines instead of siloing within the “safest” segment of the community.”
Now think about those same concepts from the compliance perspective. Even if you do not have compliance professionals physically located in all regions, this is where your local compliance champions can be so critical. They can provide you information on a wide variety of topics. You could also consider the Regional Compliance structure I have previously advocated which can put an early warning system in place.
Go Beyond the Government Requirements
If it is one thing the business community has learned over the past few years is that the fractured US government will not show leadership in any meaningful way. While businesses have called for greater government regulation and oversight, most particularly in the tech sector, the government has failed to answer. This was most evident in the Business Roundtables Statement on the Purpose of a Corporation where businesses advocated a broader view of stakeholders than simply shareholders. Of course, the Trump Administration laid down regulations that were clearly anti-ESG, even with all business concerns supporting ESG.
This means businesses may well have to go beyond the basic legal requirements. This is even more important in the age of social media which can amplify any corporate misstep that becomes a public controversary. Witness the reputational damage to companies when their supply chains are found to include forced labor or modern slavery of employees. For the compliance professional, it also means going beyond the local government where you might do business. If the port authority where you are bringing goods in continually demands bribes for unloading of equipment, you can engage with a higher level in that country.
Make Principled Choices
Most interestingly, the authors found that the third key step was to “not be afraid to take principled political stands.” They found that “firms tend to thrive when they make consistent choices and communicate them clearly, even if a segment of the population disagrees with them.” They pointed to “the case of the American yogurt company Chobani in the highly polarized United States.” While the company was criticized for hiring immigrants and supporting others in immigrating to the US, it continued to do so because it was not only the right thing to do, it was good for the business. It improved morale and brought a hard-working class of employees into the organization.
This would seem right in the wheelhouse of the compliance professional. Think of institutional justice and institutional fairness. Not only did the DOJ announce in the 2020 Update to the Evaluation of Corporate Compliance Programs that the CCO and corporate compliance function is the keeper of institutional justice within an organization but the social justice movement over the past 18 months have made clear that employees expect the same inside of an organization. Witness the current imbroglio of Activism. Even with a CCO who criticized internal company employee whistleblowers, numerous employees stepped forward with information about the toxic culture of the company, through specific instances of discrimination and harassment.
Many compliance professionals are currently engaging in these steps. However, they may not be thinking about them as early trip wires for the next crisis. With the further admonition from the DOJ in the 2020 Update to the Evaluation of Corporate Compliance Programs that the compliance function must have access across all the data lakes within a company, CCOs and others may be the most uniquely suited corporate functions to help be ready for the next crisis.
Is compliance the happiest profession? Are you passionate about compliance? If you are either or both, you are not alone. Guest Host Karen Woody and Tom Fox look at these and other stories this week in the Happiest Profession edition.
Stories
- Is Compliance the happiest profession? Amii Bernard-Bahn explores in Compliance Week (Sub Req’d)
- Report on SEC Enforcement Activity: Public Companies and Subsidiaries for 2021. Tom Gorman in SEC Actions.
- Supply chain and compliance. Mike Volkov in Corruption Crime and Compliance. Dick Cassin in the FCPA Blog.
- What does ESG mean for the SEC? Commissioner Crenshaw remarks to the Pepsico-PWE Conference in the Harvard Law School Forum on Corporate Governance.
- Corruption as psychic revenge. Richard Bistrong in the FCPA Blog.
- Mitigating cyber risks. Debevoise Plimpton lawyers in Compliance and Enforcement.
- COP26 wrap up. What are the lessons for compliance? Lawrence Heim in PracticalESG.
- SEC broke all whistleblower awards in FY 2021. Aaron Nicodemus in Compliance Week (Sub Req’d) Carrie Penman says it’s a wakeup call for companies in Ethics and Compliance Matters.
- Diversity at the top. Jim Deloach in CCI.
- How did Classical Athenians define corruption? Kellam Conover in GAB.
Podcasts and Events
- Have you or a loved one been impacted by Lyme Disease? This week I have run a 5-part series on this most misunderstood malady with Dr. Ben Locwin and Scott Endicott. In Part 1 we looked at Origins. In Part 2 we considered the Diagnosis Dilemma. In Part 3 we reviewed Treatment and Innovation. In Part 4, we discussed Prevention and Immunity. In Part 5, we looked ahead for where this disease detection, prevention and treatment might be heading.
- Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 10, a trip on the New Jersey Turnpike.
- This month on The Compliance Life, I visit with Wendy Badger, CCO at Tennant. In Part 1, she details her academic career and early professional life. In Part 2, changing ladders to advance your career. In Part 3, Wendy moves into the CCO Chair.
- How does a Compliance Bible become a best-seller? Check out Tom’s appearance on the C-Suite Network’s Best Seller TV to find out. Purchase The Compliance Handbook, 2nd edition here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Karen Woody is Associate Professor at Washington and Lee University School of Law and can be reached at kwoody@wlu.edu.
PRIIPs Delay, But Not Implementation Delays
In this episode, CSS’s SVP of Business Development Ashley Smith joins Chief Product Officer Ronan Brennan to discuss the latest on the PRIIPs RTS, UK/EU divergence, data management complexities of the UCITS to PRIIPs transition and operational best practices to implement now.
About Our Guest Speakers:
Ronan Brennan is the Chief Product Officer at Compliance Solutions Strategies (CSS). In his role, he has direct responsibility for the strategic evolution of the global suite of CSS products and regulatory content. Managing product in CSS involves ensuring the product suite is ready to support both the current and future compliance management and regulatory reporting needs of investment management and advisory firms globally. Ronan participates as a speaker in many industry events each year, in addition to publishing a company blog and development of thought leadership materials. Ronan has 26 years of experience in the technology sector, 21 of which have been spent in the investment data management and regulatory reporting space.
Ashley Smith is a sales and business development professional with 30 years of experience in the financial services sector. Ashley started his career with the Financial Times and has led sales, marketing and business development teams across leading solution providers in data management, market data, risk analytics, collateral management and regulatory compliance.
As Aaron Rogers is fined less than a player who had his shirttail untucked, he and Jay are back to reflect on some of the top compliance and ethics stories in the Immunized Not Vaccinated edition.
Stories
1. Will corruption forestall climate change? Monica Guy in the FCPA Blog.
2. Driving culture through sustainability. Linda Luty in Risk and Compliance Matters.
3. Stope little problems from becoming big ones. Mike Volkov in Corruption Crime and Compliance.
4. More on ‘effective compliance’? Michael Julian in the FCPA Blog.
5. What is ‘success’ in ABC compliance? Matthew Stephenson in GAB.
6. Revisiting your whistleblower program. Debevoise Plimpton lawyers in Compliance and Enforcement.
7. The role of BOD in ESG. Jurgita Ashley and Randy Vai Morrison in Harvard Law Forum on Corporate Governance.
8. Disclosing cybersecurity issues. Matt Kelly in Radical Compliance.
9. Mashreqbank fined $100MM by DFS. Jaclyn Jaeger in Compliance Week. (sub req’d)
10. Tailoring a Design Thinking program that fits for you. Carsten Tams on LinkedIn.
Podcasts and Events
11. How can a 1st responder deal with PTSD? One way is through poetry. Check out my interview with Detective Ed Gillespie, Policeman Poet of Baltimore in a very special episode of Greetings and Felicitations.
12. Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 9, a lost purse and panic in Shubert Alley.
13. This month on The Compliance Life, I visit with Wendy Badger, CCO at Tennant. In Part 1, she details her academic career and early professional life. In Part 2, changing ladders to advance your career.
14. In a sponsored podcast series, I visit with 6clicks on their innovative GRC solutions. In Episode 1, Joe Schorr on the hub and spoke approach. In Episode 2, Andrew Robinson on AI and ML in GRC. In Episode 3, Stephen Walter on building a content library. In Episode 4, Heather Buker on producing audit ready reports. In Episode 5, Ant Stevens on what’s next for 6clicks.
15. Next week, I am running a 5-part series on Understanding Lyme Disease. The episodes will post daily at 10AM. You can check out all episodes on the Greetings and Felicitations podcast. Episode 1: Origins and Evolution; Episode 2: The Diagnosis Dilemma; Episode 3: Treatment and Innovation; Episode 4: Protection and Immunity; Episode 5: Looking Ahead
16. How does a Compliance Bible become a best-seller? Check out Tom’s appearance on the C-Suite Network’s Best Seller TV to find out. Purchase The Compliance Handbook, 2nd edition here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
CCOs & ESG – Preparing Now for What’s Next
In this episode, CSS’s team of CCOs Matt Calabro and Victoria Olson discuss how CCOs can prepare now for what’s to come with ESG – from policies and procedures to marketing materials and disclosures.
About Our Guest Speakers:
Matt Calabro is an experienced Chief Compliance Officer, having served as CCO for registered mutual funds, investment advisers and a family of UCITS funds. Before joining CSS, Matt was Deputy CCO at Delaware Investments, where he led the daily activities of the firm’s compliance department covering advisory, fund and distribution activity. Under his leadership, Delaware implemented specific improvements in its guideline compliance, advertising review and Code of Ethics programs. Prior to Delaware, Matt spent 20 years in Raymond James’ investment advisory business, where he led mutual fund operations. While there, Matt implemented and upgraded controls, processes and technology and also served as the first full-time CCO to the mutual funds following the adoption of the Compliance Rule. Matt leverages his compliance and operations experience in the investment management industry to assist advisers and investment companies in advancing the effectiveness of their compliance programs.
Victoria Olson has been a compliance consultant for several years, most recently with Alaric Compliance Services. She is a Certified Regulatory and Compliance Professional (CRCP issued by FINRA Institute at Wharton), and a Chartered Life Underwriter. She also completed the Certified Anti-Money Laundering specialist (CAMS) course. Victoria previously served as the Chief Compliance Officer to an SEC-registered investment adviser and has extensive experiencing working with RIAs. Prior to consulting, Victoria was Chief Compliance Officer and AML Compliance Officer at Forethought Financial, Director of Compliance at Prudential Financial, and a Senior Compliance Officer at The Phoenix Companies. Victoria formerly served as Chair of the FINRA District 11 Committee and successfully completed the FINRA Series 4, 6, 7, 24 and 66 Examinations.
In this Episode of the FCPA Compliance Report, I have thrilled to have back fan favorite Mike DeBernardis, partner at Hughes Hubbard. Mike is back for our quarterly FCPA and compliance review and in this episode, we look at highlights from Q3 2021. Highlights of this podcast include:
- FCPA Enforcement Actions-WPP and Credit Suisse. What are the key lessons learned?
- What does it mean to extend at DPA?
- Pandora Papers-how do you think this will drive the move for greater transparency around trusts and other opaque corporate forms?
- SEC
a. Increased enforcement and admissions of liability in settlement docs.
b. ESG Reporting requirements-what does this mean for corps
c. Increased scrutiny for both crypto and SPACs
5. National Security Directive coming out in December.
6.HughesHubbard annual FCPA alert
Resources
Mike DeBernardis on Hughes Hubbard website.
This week I have been writing about the speech Deputy Attorney General (DAG) Lisa O. Monaco gave as a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to end with what it all might mean for the compliance professional. First note the emphasis on culture. Monaco’s remarks were, “Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.” This means that the DOJ will be assessing the entirety of corporate culture. As a compliance practitioner how do you demonstrate culture? Or to phrase the question using the Tom Fox mantra, how did you Document, Document, and Document your culture? Culture obviously starts at the top, but it must imbue and be embedded into an organization.
Equally important is compliance. Here Monaco said, “Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.” Note the significance of “company can fulfill its fiduciary duty to shareholders”.
This is a clear tip of the hat to Caremark and other legal requirements for a compliance program based upon civil statutes. This is not the DOJ saying we will punish a company for simply not having a compliance program. Yet make no mistake that if a company does not have a compliance program, not only will there be a very large chance of regulatory violation such as under the FCPA; if your organization does not have a compliance program, it will not receive credit when the penalty phase comes around. Monaco is pointing out as clearly as she can do so the potential legal costs not only from civil shareholder lawsuits but also from regulatory fines and penalties.
Another area which is new to the compliance function will be the DOJ’s review of all corporate malfeasance when assessing a company’s culture, commitment to compliance and possible fines and penalties. Here Monaco stated, “Today, the department is making clear that all prior misconduct needs to be evaluated when it comes to decisions about the proper resolution with a company, whether or not that misconduct is similar to the conduct at issue in a particular investigation. That record of misconduct speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.”
Typically, compliance dealt with anti-corruption compliance, trade compliance, anti-trust compliance and perhaps others. However now a CCO must be apprised of all corporate misconduct as it will be reviewed by the DOJ. For any multi-national organization, that alone will be daunting as how many compliance professionals have visibility into tax, Equal Employment Opportunity Commission (EEOC) claims, labor relations issues or the myriad of other legal issues that every corporate faces every day, literally across the globe? Yet Monaco said that prosecutors would look at just that, stating “A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant.” This is literally a sea change.
Finally, what might be the changes in how corporations are assessed under the FCPA Corporate Enforcement Policy, enacted by prior DAG Rod Rosenstein? Will there continue to be a presumption of declination if you (1) self-disclose; (2) extensively remediate; (3) thoroughly cooperate; and (4) disgorge any ill-gotten gains? If there is no presumption, will there be robust self-disclosure? There is nothing illegal about failing to self-disclose but if a whistleblower then steps forward or the DOJ then opens an investigation based upon other sources and it determines a violation has occurred the opportunity for a declination may well be out the window. Moreover, if there is no self-disclosure and the issue reappears or the remediation is not successful, the company now appears to have actual knowledge of a violation, once again potentially increasing the penalty.
As I wrote yesterday, there are many open questions from these changes. One thing is clear to me, the CCO role and job of the compliance function just got much more challenging.
Categories
Monaco Speech: Part 4 – Some Questions
Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up some questions that came up for me based upon her remarks. As compliance practitioners know, the first DAG in the Trump Administration announced a major change in FCPA enforcement in November 2017. It was called it the FCPA Corporate Enforcement Policy and it was incorporated into the United States Attorneys’ Manual. Although it was incorporated into the Manual, it was essentially a rejection of the Yates Memo and incorporating the FCPA Pilot Program from 2016 into a more formal structure.
The FCPA Corporate Enforcement Policy set a presumption of a declination for a company that met four requirements. One, voluntary self-disclosure, including disclosure of all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved in or responsible for the misconduct at issue. Two, timely and appropriate remediation. Third, full cooperation with the DOJ in the investigation. Fourth, no aggravating circumstances which could include “involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.”
My first series of questions relate to the Rosenstein policy. What is now required for a ‘presumption of a declination”? Will a company have to self-disclose not simply those individuals substantially involved or all employees, no matter how high or low in the employee chain? Must those disclosures be at the time of self-disclosure or as facts are developed in an investigation? Recall the Yates Memo mandated that if a company wanted any credit it had to disclose all employees involved in the misconduct. [So much so that the word ‘any’ was in bold, italics and underscored.] Will the DOJ revert back to that standard?
What of Deferred and Non-Deferred Prosecution Agreements (DPAs and NPAs)? Has the DOJ heard the criticism of these settlement mechanisms over the years? Matt Kelly and I catalogued them in the second Compliance into the Weeds podcast on Monaco’s speech. Or has the DOJ decided that there is some type of material defect in these tools which makes any settlement with a DPA or NPA simply ‘a cost of doing business’? Monaco raised these issues in the context of FCPA recidivist or those companies which have a broader history of corporate recalcitrant in complying with laws in general; i.e., tax, environmental, employment and every other law a corporation must deal with both in the US and internationally. Even though her remarks were directed to recidivists and other bad corporate actors, it would not be too far a stretch to see if the DOJ reconsidered such penalties for all those companies which find themselves in a FCPA imbroglio.
What might some changes look like? A couple of recent examples come from areas outside the FCPA context. Last week, the Federal Trade Commission (FTC) issued a new directive that any company which has one anti-competition violation under its belt will have to return to the FTC for pre-approval of any acquisition. That can be quite a business slow down if you are in a dynamic industry or profession. The other example comes from the world of US banking where the Federal Reserve put a growth cap on Wells Fargo for its behaviors. Once again something like that can be a very large business inhibitor.
The DOJ return to more robust monitorships could be another mechanism. While the monitors now usually concern themselves with the terms of the settlement agreement and whether the company under the settlement agreement is fulfilling its terms; the monitor could take a more active role in an organization, such as review any high-risk transaction or transaction but a certain dollar value. Such an intrusive monitorship would greatly slow down business in any organization. Yet FCPA recidivists do not seem to have gotten the message not to violate the FCPA. Indeed, even some under DPAs and NPAs are not fulfilling their agreed upon obligations. All of these factors could lead to some very different forms of settlement resolutions.
What about Monaco’s remarks around evaluation of all corporate conduct, not simply anti-bribery compliance? Her remarks bear citing in full on this point:
Going forward, prosecutors can and should consider the full range of prior misconduct, not just a narrower subset of similar misconduct — for instance, only the past FCPA investigations in an FCPA case, or only the tax offenses in a Tax Division matter. A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant.
Most compliance professionals work very diligently to create a culture around anti-corruption compliance. However now there must be compliance with a much broader set of laws; both in the US and internationally. How many compliance officers even know about these other areas? Further, if there is one resource in the organization who does keep track of such matters, it is usually in the legal department, who are loathe to share that information, even within an organization. How will a compliance professional be aware and then work to ensure compliance in these other areas?
As I said in the introduction, there are lots of open questions. Tomorrow I will sum up what it all may well mean for the compliance professional.
