Tag: DOJ

Categories
Blog

2021 – The Year in FCPA Enforcement

There was a paucity of Foreign Corrupt Practices Act (FCPA) enforcement actions in 2021. However, the few enforcement actions announced did provide significant lessons for every compliance professional.
Deutsche Bank
The year started off with a bang when, according to a Department of Justice (DOJ) Press Release, Deutsche Bank Aktiengesellschaft, “agreed to pay more than $130 million to resolve the government’s investigation into violations of the Foreign Corrupt Practices Act (FCPA) and a separate investigation into a commodities fraud scheme. “The resolution includes criminal penalties of $85,186,206, criminal disgorgement of $681,480, victim compensation payments of $1,223,738 and $43,329,622 to be paid to the US Securities & Exchange Commission in a coordinated resolution.” Settlement documents include a Deferred Prosecution Agreement (DPA) and Information from the Department of Justice (DOJ) and a Cease and Desist Order (Order) entered to with the Securities and Exchange Commission (SEC). This settlement comes on the heels of another FCPA settlement in August 2019, where the Bank paid $16.2 million to settle a ‘Princeling’ charge that it corruptly hired sons and daughters of foreign officials and of employees of state-owned enterprises.
One can only wonder at the culture at the Bank which basically boiled down to win at all costs: lie, cheat, steal, engage in bribery and corruption, manipulate the markets, we don’t care. Just Win Baby. The Bank was also comfortable in dealing with some very dodgy characters beyond even Donald Trump and his family. The Bank has now said it will no longer do business with Trump and his personal banker left the Bank at the end of 2020.
Does this mean the Bank will turn state’s evidence against Trump? It is hard to say at this point, but the Bank is committed in the DPA to “cooperate fully with the Offices in any and all matters relating to the conduct described in the Statement of Facts and other conduct under investigation by the Offices at any time during the Term, subject to applicable laws and regulations, until the later of the date upon which all investigations and prosecutions arising out of such conduct are concluded, or the end of the Term.” [emphasis supplied] While this is boilerplate language found in every DPA it certainly takes on greater significance now.
Amec Foster Wheeler
The next matter was the Amec Foster Wheeler FCPA enforcement action, which is currently owned by John Wood Group PLC (Wood), the successor-in-interest to Amec Foster Wheeler Plc. It involved a long-standing corruption investigation which involved multiple investigative and enforcement agencies in multiple jurisdictions regarding the use of the disgraced agent Unaoil to pay bribes to secure business. In a Press Release, the Company said that it had reached agreements with the UK Serious Fraud Office (SFO), the DOJ and SEC) in the US, and the Ministério Público Federal (MPF), the Comptroller General’s Office (CGU) and the Solicitor General (AGU) in Brazil, to resolve their respective bribery and corruption investigations into the past use of third parties in the legacy Foster Wheeler business. Under the terms of these various agreements, the Company will pay compensation, disgorgement and prejudgment interest, fines and penalties totaling $177m. The payment will “be phased over the next three years with approximately $62m payable in H2 2021, and the balance to be paid in instalments in 2022, 2023 and 2024.”
There were some key lessons learned from the matter. In the area of internal controls, hopefully in 2021, if a General Counsel is asked to draft an agreement, even an interim agreement which violates a company’s internal controls for the vetting and contracting with third-party agents, that GC would stop the process. But if not, there should trips wires which would alert those at the highest level of a corporation that a key control was been over-ridden or worked around. This of course means the Board of Directors should have visibility into the highest risks an organization faces and in the world of international commerce, a third-part sales agent is that level of risk.
This case also involved multiple failures in the area of Mergers and Acquisitions (M&A). There were at least two acquisitions involved here where the acquiring entity; first Amec  acquired Foster Wheeler (forming Amec Foster Wheeler) and then the second, the John Wood Group PLC (acquiring Amec Foster Wheeler) failed to perform either sufficient pre-acquisition due diligence or even post-acquisition audit of the acquired company’s high-risk ventures. Once again, this involved Petrobras which was well-known for corruption issues by 2014. There was no mention of the failures of Amec and Wood in the M&A areas on this matter but clearly something went through unnoticed.
Since at least the 2012 FCPA Resource Guide, the DOJ and SEC have specified the steps for compliance in M&A. It is pre-acquisition due diligence which should form the basis of post-acquisition integration. After acquisition, there should be a full forensic FCPA audit and investigation, most notably in high-risk markets and with high-risk ventures. There must be full compliance training and integration of the acquired entity into the acquirer’s compliance regime.
WPP
Finally, was the SEC Cease and Desist Order entered into with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Some of the key lessons from compliance including the following.
Culture Matters – It seems about the most basic thing to say in the compliance realm, but the most important thing is your corporate culture. If your culture puts no value on doing business ethically and in compliance, your organization will surely have problems. Investigations – From the ignoring of internal whistleblower reports, to selecting poor investigative counsel, to allowing the persons involved in the corruption to help shape the original internal investigation, this matter is an excellent teaching tool for how NOT to perform an investigation. M&A  – There was no preacquisition compliance due diligence into any of the entities acquired. This was bookended with no forensic compliance audit of the acquired entities after acquisition as well. Incentives – When do sales or remuneration incentives become perverse incentives? WPP crossed that threshold when they made the earnouts for the founders of the organizations they acquired, who were kept on to run subsidiaries such as WPP-India, contingent on hitting sales numbers they could not reach without engaging in bribery and corruption.
While there was a smaller number of FCPA enforcement actions in 2021 than in prior years, the cases that were resolved were significant. They provide many lessons for every Chief Compliance Officer (CCO) and compliance professional.

Categories
Daily Compliance News

December 15, 2021 China, Professors and Spying Edition


In today’s edition of Daily Compliance News:
·       Nat-West fined for ‘over-looking’ AML risks. (WSJ)
·       Another son pleads guilty. (WSJ)
·       DOJ to charge more execs for environmental crimes. (NYT)
·       China, Professors and Spying. (WSJ)

Categories
Blog

Not Your Father’s Monitor – Vin DiCianni on Monitorships in 2022

In October, Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime (Monaco Speech). Her remarks reframed a discussion about the uses of, reasons for and perceptions on independent monitors and monitorships. I asked Affiliated Monitors Inc. (AMI) founder Vin DiCianni for his thoughts around the remarks on monitors. He said, “For Affiliated Monitors this refreshed approach by DAG Monaco highlights the seriousness which businesses must place on the investment in their programs and in addressing what has for some been a negative experience with a monitor. For those who might be the subject of a monitorship, DAG Monaco recognized that the negativity that has sometimes surrounded monitorships as being punitive, should be seen in a different light bringing value, pointing a way forward and as a solution which has had great success in resolving matters.”
Monaco’s remarks should be studied by every compliance professional as they portend a very large change in the way the Department of Justice (DOJ) will utilize monitors going forward. Over this podcast series, sponsored by AMI, we have considered why DAG Monaco’s remarks herald a new era for monitorships from a variety of perspectives. Bethany Hengsbach discussed this change in monitorships from the white-collar enforcement and defense perspective. Mikhail Reider-Gordon looked at global aspects of the new DOJ monitor’s focus. Cristina Revelo discussed how ethics and compliance (E&C) assessments help drive more compliant companies. Jesse Caplan, Managing Director of Corporate Oversight, brought his views on the twin topics of antitrust and healthcare compliance. We conclude the series in Part 5, with AMI founder Vin DiCianni who takes a look down the road where monitorships are going in 2022 and beyond.
DiCianni heard a couple of different things in the Monaco Speech as they related to monitors. First, monitoring now has been around for quite some time. The DOJ used it historically with much greater frequency under prior administrations. DiCianni believes, “It works, so why not go back to a sanction that can help companies improve? And when you think about it, that’s what a monitorship is. It’s allowing the entity to stay in business, you know, to remain viable through, an independent monitor.” The Monaco Speech simply recognized the use of monitorships is a very good tool for DOJ to use.
Second, the Monaco Speech recognized companies are “perhaps becoming a little bit more lax about compliance, notwithstanding the DOJ guidance that has come out over the years.” DiCianni believes the Monaco Speech reinvigorated the point that companies need to go back and look at their compliance programs. Yet the reality is that it is sometimes hard for a company to make that type of dispassionate analysis. An independent monitor can assist in that process by looking at, for instance, your E&C program and controls around compliance.
Another key insight from the Monaco Speech was that going forward monitors would not be viewed as punitive, and they would not act as prosecutors. Here DiCianni noted, “I think the evolution of monitoring, and it’s an evolution and it’s continuing to evolve, has included consideration that the monitor is not simply an arm of the government.” He believes that the government saying to the monitor, “be a mentor, tell them how to fix them. You’ve seen it, compare it to other companies.” Once the settlement agreement is in place, “the whole notion is let’s fix this. I think that that’s crucial to this whole notion of how monitorships have evolved, because it’s no longer just, you know, a check the box. Are they doing this, doing that now it’s make recommendations on improvement and let’s see if the company make those changes.”
We considered the types of monitors and the types of skills a monitorship needs. It all begins with the settlement agreement, whether it is a Deferred Prosecution Agreement (DPA) or other form of resolution. A monitor must have the necessary skills to be able to look at things like business development, so they can understand how a company is going after business? Another growing area is in data analytics, as sometimes the monitorship is driven by data. This could require the monitor to have a data analytics team that can analyze test and look at data in various ways. Sometimes you do need forensic accounting. Sometimes you need an expert in healthcare when the monitorship is dealing with issues such as coding and billing. The AMI approach is to “shape each monitorship to make sure that we have a team that has the various perspectives, what would the government be looking for, but equally importantly how can this be helpful to the entity? Those are the most successful monitorships that we have engaged in. I think that having that broader perspective as you approach a monitorship is crucial.”
I concluded by asking DiCianni where he saw monitors going down the road. DiCianni believes that the use of monitors will increase, in many different areas such as different non-governmental groups and agencies, federal government agencies, state, and municipal agencies. For instance, AMI works with attorney inspector generals, the World Bank and other organizations. They will continue to be used as a tool, as more agencies that have never used them before are starting to recognize the benefits of them. He stated, “I think monitorships are going to continue to grow. The fear that I have is the bad monitoring, where the monitor that does not understand what they are doing and does not know what type of issues to look at or the kinds of things that they should be looking at. This will give everybody a bad name in terms of monitoring.” He concluded, “if you’re going to put a monitor in place to make sure that the selection of the monitor is appropriate. But I think it’s going to be a growing opportunity for both regulators and businesses.”
Affiliated Monitors
Vin DiCianni

Categories
Compliance Kitchen

DOJ settlement: Immigration and Employment Discrimination


DOJ – Gap, Inc. settlement: immigration and employment discrimination.

Categories
Daily Compliance News

December 3, 2021 the Recidivists on Notice Edition

In today’s edition of Daily Compliance News:

  • DOJ reaffirms recidivists are on notice. (WSJ)
  • Didi de-listing in US. (Bloomberg)
  • Current and former SEC Chiefs trade tips on crypto. (NYT)
  • Did Purdue Pharmacy wrongly hide assets in bankruptcy? (Reuters)
Categories
Everything Compliance

Episode 89, the Changes Coming Edition


Welcome to the only roundtable podcast in compliance. The entire gang is thrilled to be honored by W3 as a top talk show in podcasting. In the context of several different stories, the full gang takes into the recent speech by Deputy Attorney General Lisa Monaco announcing a shift in enforcement focus by the DOJ. We end with a veritable mélange of shouts outs and rants.

1. Karen Woody looks at it from the SEC perspective and reviews some additional remarks by SEC Chair Gensler on the topic. Karen shouts out to the TV show and pop culture phenomenon Succession.

2. Jay Rosen discusses the speech from the monitorship perspective. Rosen shouts out to dads everywhere by honoring OBS, Odell Beckham, Sr. for getting his son out of Cleveland and to the LA Rams.

3. Matt Kelly gives an overview of the speech and what it all means. Kelly has a Shout Out to People Magazine and Paul Ruud. The Mag named Ruud the ‘Sexiest Man in America for 2021’.

4. Jonathan Armstrong takes a look at the speech from the UK perspective and ties in a couple of recent UK data privacy enforcement actions. Armstrong shouts out and rants about the fraudster Dr. Ruja Ignatova and her fraudulent crypto currency OneCoin.

5. Jonathan Marks talks about this speech will impact internal investigations. He continues his last rant about hotels. This time for booking him into an already occupied room.

6. Tom Fox shouts out to the NFL Fashion Police for fining CeeDee Lamb over $15K for having his shirt tail out during a game while fining Aaron Rogers less than $15K for breaking Covid-19 protocols.  

The members of the Everything Compliance are:
•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Compliance Kitchen

DOJ Convict for Export of Rebreathers


The DOJ obtains a conviction for export of rebreathers without a BIS license.  The Kitchen reviews the press release and brings you the summary.

Categories
Blog

Monaco Speech: Part 5 – What Does It All Mean?

This week I have been writing about the speech Deputy Attorney General (DAG) Lisa O. Monaco gave as a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to end with what it all might mean for the compliance professional. First note the emphasis on culture. Monaco’s remarks were, “Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.” This means that the DOJ will be assessing the entirety of corporate culture. As a compliance practitioner how do you demonstrate culture? Or to phrase the question using the Tom Fox mantra, how did you Document, Document, and Document your culture? Culture obviously starts at the top, but it must imbue and be embedded into an organization.
Equally important is compliance. Here Monaco said, “Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.” Note the significance of “company can fulfill its fiduciary duty to shareholders”.
This is a clear tip of the hat to Caremark and other legal requirements for a compliance program based upon civil statutes. This is not the DOJ saying we will punish a company for simply not having a compliance program. Yet make no mistake that if a company does not have a compliance program, not only will there be a very large chance of regulatory violation such as under the FCPA; if your organization does not have a compliance program, it will not receive credit when the penalty phase comes around. Monaco is pointing out as clearly as she can do so the potential legal costs not only from civil shareholder lawsuits but also from regulatory fines and penalties.
Another area which is new to the compliance function will be the DOJ’s review of all corporate malfeasance when assessing a company’s culture, commitment to compliance and possible fines and penalties. Here Monaco stated, “Today, the department is making clear that all prior misconduct needs to be evaluated when it comes to decisions about the proper resolution with a company, whether or not that misconduct is similar to the conduct at issue in a particular investigation. That record of misconduct speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.”
Typically, compliance dealt with anti-corruption compliance, trade compliance, anti-trust compliance and perhaps others. However now a CCO must be apprised of all corporate misconduct as it will be reviewed by the DOJ. For any multi-national organization, that alone will be daunting as how many compliance professionals have visibility into tax, Equal Employment Opportunity Commission (EEOC) claims, labor relations issues or the myriad of other legal issues that every corporate faces every day, literally across the globe? Yet Monaco said that prosecutors would look at just that, stating “A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant.” This is literally a sea change.
Finally, what might be the changes in how corporations are assessed under the FCPA Corporate Enforcement Policy, enacted by prior DAG Rod Rosenstein? Will there continue to be a presumption of declination if you (1) self-disclose; (2) extensively remediate; (3) thoroughly cooperate; and (4) disgorge any ill-gotten gains? If there is no presumption, will there be robust self-disclosure? There is nothing illegal about failing to self-disclose but if a whistleblower then steps forward or the DOJ then opens an investigation based upon other sources and it determines a violation has occurred the opportunity for a declination may well be out the window. Moreover, if there is no self-disclosure and the issue reappears or the remediation is not successful, the company now appears to have actual knowledge of a violation, once again potentially increasing the penalty.
As I wrote yesterday, there are many open questions from these changes. One thing is clear to me, the CCO role and job of the compliance function just got much more challenging.

Categories
Blog

Monaco Speech: Part 4 – Some Questions

Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up some questions that came up for me based upon her remarks. As compliance practitioners know, the first DAG in the Trump Administration announced a major change in FCPA enforcement in November 2017. It was called it the FCPA Corporate Enforcement Policy and it was incorporated into the United States Attorneys’ Manual. Although it was incorporated into the Manual, it was essentially a rejection of the Yates Memo and incorporating the FCPA Pilot Program from 2016 into a more formal structure.
The FCPA Corporate Enforcement Policy set a presumption of a declination for a company that met four requirements. One, voluntary self-disclosure, including disclosure of all relevant facts known to it at the time of the disclosure, including as to any individuals substantially involved in or responsible for the misconduct at issue. Two, timely and appropriate remediation. Third, full cooperation with the DOJ in the investigation. Fourth, no aggravating circumstances which could include “involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.”
My first series of questions relate to the Rosenstein policy. What is now required for a ‘presumption of a declination”? Will a company have to self-disclose not simply those individuals substantially involved or all employees, no matter how high or low in the employee chain? Must those disclosures be at the time of self-disclosure or as facts are developed in an investigation? Recall the Yates Memo mandated that if a company wanted any credit it had to disclose all employees involved in the misconduct. [So much so that the word ‘any’ was in bold, italics and underscored.] Will the DOJ revert back to that standard?
What of Deferred and Non-Deferred Prosecution Agreements (DPAs and NPAs)? Has the DOJ heard the criticism of these settlement mechanisms over the years? Matt Kelly and I catalogued them in the second Compliance into the Weeds podcast on Monaco’s speech. Or has the DOJ decided that there is some type of material defect in these tools which makes any settlement with a DPA or NPA simply ‘a cost of doing business’? Monaco raised these issues in the context of FCPA recidivist or those companies which have a broader history of corporate recalcitrant in complying with laws in general; i.e., tax, environmental, employment and every other law a corporation must deal with both in the US and internationally. Even though her remarks were directed to recidivists and other bad corporate actors, it would not be too far a stretch to see if the DOJ reconsidered such penalties for all those companies which find themselves in a FCPA imbroglio.
What might some changes look like? A couple of recent examples come from areas outside the FCPA context. Last week, the Federal Trade Commission (FTC) issued a new directive that any company which has one anti-competition violation under its belt will have to return to the FTC for pre-approval of any acquisition. That can be quite a business slow down if you are in a dynamic industry or profession. The other example comes from the world of US banking where the Federal Reserve put a growth cap on Wells Fargo for its behaviors. Once again something like that can be a very large business inhibitor.
The DOJ return to more robust monitorships could be another mechanism. While the monitors now usually concern themselves with the terms of the settlement agreement and whether the company under the settlement agreement is fulfilling its terms; the monitor could take a more active role in an organization, such as review any high-risk transaction or transaction but a certain dollar value. Such an intrusive monitorship would greatly slow down business in any organization. Yet FCPA recidivists do not seem to have gotten the message not to violate the FCPA. Indeed, even some under DPAs and NPAs are not fulfilling their agreed upon obligations. All of these factors could lead to some very different forms of settlement resolutions.
What about Monaco’s remarks around evaluation of all corporate conduct, not simply anti-bribery compliance? Her remarks bear citing in full on this point:
Going forward, prosecutors can and should consider the full range of prior misconduct, not just a narrower subset of similar misconduct — for instance, only the past FCPA investigations in an FCPA case, or only the tax offenses in a Tax Division matter. A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant. 
Most compliance professionals work very diligently to create a culture around anti-corruption compliance. However now there must be compliance with a much broader set of laws; both in the US and internationally. How many compliance officers even know about these other areas? Further, if there is one resource in the organization who does keep track of such matters, it is usually in the legal department, who are loathe to share that information, even within an organization. How will a compliance professional be aware and then work to ensure compliance in these other areas?
As I said in the introduction, there are lots of open questions. Tomorrow I will sum up what it all may well mean for the compliance professional.

Categories
Blog

Monaco Speech: Part 3 – Culture

Deputy Attorney General (DAG) Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime last week (Monaco Speech). Her remarks were noted by many commentators, including on two Compliance Into the Weeds podcasts where Matt Kelly and myself took two deep dives into her speech our podcast. Her remarks reframed a discussion about this Department of Justice’s (DOJ) priorities on white collar criminal enforcement, including under the Foreign Corrupt Practices (FCPA). Her remarks should be studied by every compliance professional as they portend a very large change in the way the DOJ and potentially other agencies enforce the FCPA. This has significant implications for every Chief Compliance Officer (CCO), compliance professional and corporate compliance programs.
Today, I am going to take up her remarks on corporate culture. They were a small but significant part of her remarks so I will quote them in full. She said,
Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.
Let me also be clear: a company can fulfill its fiduciary duty to shareholders and maintain a commitment to compliance and lawfulness. In fact, companies serve their shareholders when they proactively put in place compliance functions and spend resources anticipating problems. They do so both by avoiding regulatory actions in the first place and receiving credit from the government. Conversely, we will ensure the absence of such programs inevitably proves a costly omission for companies who end up the focus of department investigations.
Although we understand the costs that enforcement actions can place on shareholders and others, our responsibility is to incentivize responsible corporate citizenship, a culture of compliance and a sense of accountability. So, the department will not hesitate to take action when necessary to combat corporate wrongdoing. [Emphasis Supplied]
I asked Affiliated Monitors Inc., (AMI) founder Vin DiCianni for his thoughts around these remarks. He said, “Last week’s announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes.  In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture.
A culture of compliance is the foundation of an organization’s compliance program. It is a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by the Board and Executive Leadership team. Their messaging should be continuously reinforced in an institution’s risk appetite statement, policies, training and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense.
Tina Rampino, Associate Managing Director at K2 Integrity, laid out some key questions to ask around culture. They included:

  • What is the tone that is set from the most senior levels of the organization?
  • Are employees motivated by doing any and all business no matter the risk?
  • Are they empowered to act with integrity and choose the right business that aligns with their compliance culture?

She went on to relate, “Many institutions have built training and communications programs to help employees understand what the “right business means” – reinforcing an institution’s risk appetite statement, incorporating policies and procedures, and training on red flags and high-risk issues.” She concluded, “A culture of compliance should empower employees, not just in the second line of defense but in all areas of the institution – to think about the risks being presented through their customers, transactions, and products and services and how they can do their part in mitigating risk to the institution.”
We next turned to some of the key actions senior executives and leaders can take to not simply ‘talk-the-talk’ but also ‘walk-the-walk’ of compliance. Senior executives and leaders are responsible for setting the tone from the top which means setting expectations for the importance of compliance throughout the organization and by modeling behaviors for their employees. Rampino details the seven elements of a culture of compliance:

  1. Tone from the Top.
  2. Establishing and communicating enterprise-wide policies and programs.
  3. Defining clear roles and responsibilities across the three lines of defense.
  4. Ensuring adequate staffing and resources for functions responsible for compliance.
  5. Designing and implementing a comprehensive compliance training program.
  6. Establishing compliance incentives
  7. Creating efforts to embed and sustain a compliance culture.

Monaco had two additional remarks around corporate culture and a culture of compliance that bear repeating. She said, a record of corporate misconduct, even outside the FCPA, “speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.” In a remark that tied back to yesterday’s discussion of monitors she said, “Stepping back, any resolution with a company involves a significant amount of trust on the part of the government. Trust that a corporation will commit itself to improvement, change its corporate culture, and self-police its activities. But where the basis for that trust is limited or called into question, we have other options. Independent monitors have long been a tool to encourage and verify compliance.” This last sentence would speak directly to DiCianni’s thoughts that “Unlike the previous administration’s very limited use of monitors, DAG Monaco described the value that integrity monitors bring to oversight for both the department and those entities subject to such oversight.”
Monaco noted she has sat on corporate boards when in the private sector. This experience certainly informs her approach as the DAG. The DOJ will be taking a much closer and in-depth look at corporate culture and whether there is a culture of compliance in any company which finds itself in a FCPA investigation or enforcement action. CCOs and compliance functions need to be ready to have demonstrable and documented evidence of a culture of compliance.