Tag: US Sentencing Guidelines

Categories
Blog

The NBA Betting Scandal, Part 4: The Role of Compliance in Sports Leagues

We previously considered the who, the what, and the histories of the NBA betting scandal. Today, we explore the ‘how’: how a compliance function could have prevented this, and what both sports leagues and corporations can learn from each other about safeguarding integrity. Whether your organization manages global investments or global fan bases, the lesson remains the same: governance without compliance is merely a façade, and compliance without culture is noise.

The NBA’s Blind Spot: Compliance Is Not Just for Corporations

The NBA, like many professional leagues, has long emphasized rules enforcement rather than risk management. It has compliance policies, anti-gambling rules, player education programs, and disclosure requirements, but these are largely reactive. What’s missing is the proactive, integrated approach that corporate compliance professionals have built over the last two decades.

Think about the Sarbanes-Oxley Act (SOX). Following a series of accounting scandals in the early 2000s, companies not only created new rules but also established compliance infrastructures, internal controls, whistleblower channels, independent oversight committees, and risk-based monitoring systems.

The NBA, in contrast, still operates under a “trust-the-player” model, one that assumes personal integrity will outpace financial temptation. The DOJ indictment proves that assumption no longer holds. In today’s data-driven, gambling-integrated sports environment, league compliance must evolve into a true governance function, not merely a disciplinary office.

The Corporate Compliance Framework Applied to Sports

To understand what that evolution might look like, I want to apply the classic corporate compliance framework — the Seven Elements of an Effective Compliance Program, as outlined in the US Sentencing Guidelines —to a professional sports context.

1. Standards and Procedures

Corporations have codes of conduct that define acceptable behavior. Sports leagues have them too, but they’re often vague or limited to rulebooks. The NBA needs a clear, enforceable code of compliance that articulates not just what players cannot do, but also why a framework rooted in integrity, rather than punishment, is necessary. Imagine a “Sports Compliance Charter” that explicitly defines insider betting as a form of fraud, akin to insider trading. That reframing alone would elevate the stakes, moving it from a “rules violation” to a “trust violation.”

2. Oversight and Accountability

Corporate boards delegate compliance oversight to audit and ethics committees. The NBA’s governance, however, largely resides in the Commissioner’s office. That’s too much concentration of oversight for a league managing billions in sports betting partnerships.

A modern model would involve an independent Compliance and Integrity Committee reporting directly to the league’s Board of Governors. This committee would review potential conflicts of interest, audit betting-related data, and monitor patterns of suspicious player performance. Independence breeds credibility.

3. Due Diligence and Risk Assessment

Before a merger, corporations perform risk-based due diligence. Before every season, leagues could conduct a similar compliance risk assessment, focusing on areas such as gambling exposure, data security, and player-agent relationships. Who are the players with large gambling debts? Which coaches or trainers have undisclosed financial interests in betting companies? These are not personal invasions; they are integrity controls. Compliance starts by identifying risk, not reacting to scandal.

4. Training and Communication

Corporate compliance officers understand that training isn’t about memorizing policy; it’s about shifting mindsets. The NBA’s anti-gambling training should move beyond the “don’t do this” model toward scenario-based ethics education where players explore gray areas, learn about real-world enforcement cases, and understand the long-term reputational damage of misconduct. In corporate terms, this distinction lies between check-the-box training and culture-building education. Compliance is not a slide deck; rather, it is a dialogue.

5. Monitoring and Auditing

Just as compliance programs utilize transaction monitoring or expense audits, the NBA can leverage data analytics to identify irregularities in player performance and betting patterns. If a player suddenly exits two games early, as Jontay Porter did, that should trigger an automatic integrity review, just as an anomalous financial transaction might trigger an AML alert.

This is where the corporate concept of continuous monitoring can revolutionize sports compliance. Algorithms already track betting odds in real-time; coupling that data with player analytics would enable early detection of suspicious trends.

6. Reporting and Whistleblowing

No compliance program functions without psychological safety. The NBA should establish anonymous channels for reporting concerns not only for employees but also for players, trainers, and referees. If a player suspects a teammate is manipulating outcomes, there must be a trusted way to report it without fear of retaliation. In the corporate world, such mechanisms are essential to uncovering misconduct early. The same must apply to locker rooms.

7. Enforcement and Remediation

Discipline must be consistent and transparent. When corporations investigate misconduct, they publish their findings, impose proportionate penalties, and integrate the lessons learned. The NBA’s enforcement process remains opaque, with outcomes often perceived as being influenced by politics. Public trust demands transparency in discipline. When penalties are seen as fair and consistent, they reinforce the league’s credibility, just as consistent FCPA enforcement enhances the integrity of the corporate sector.

Compliance Culture: The Missing Link

Ultimately, no framework works without culture. Compliance officers recognize that even the most sophisticated policies are ineffective if the culture prioritizes winning at any cost. Sports leagues often celebrate risk-taking, competitiveness, and personal brand-building, traits that, when unchecked, evolve into entitlement and moral flexibility. That’s the same cultural recipe that fueled Enron, Wells Fargo, and Volkswagen.

The solution is not to suppress ambition, but to align it with ethical purpose. Imagine if the NBA  and other leagues embedded compliance values into player leadership programs, performance reviews, and even contract bonuses. The message would shift from “Don’t get caught” to “Play with integrity.”

The Compliance Officer as Integrity Architect

For compliance professionals, this scandal presents an opportunity to reimagine the role of the compliance officer not just in business, but in every trust-based institution. In corporations, the CCO acts as an integrity architect, designing systems that enable ethical decision-making even under pressure. Sports leagues need the same role. Call it the Chief Integrity Officer: a function that bridges governance, analytics, education, and enforcement.

This role could oversee not just gambling risks, but conflicts of interest, sponsorship ethics, and social media conduct, the entire ecosystem of reputation management. In the modern economy, integrity is a managed asset, and someone must be accountable for its stewardship.

Moreover, corporate compliance programs succeed when leadership models ethical behavior. The same applies in sports. When coaches or executives participate in insider schemes, as alleged in the case of Damon Jones, they set a destructive tone. But imagine the opposite, a league where coaches discuss integrity as openly as game strategy, and general managers reward transparency over secrecy. Tone at the top is contagious. In corporations, it builds trust. In sports, it rebuilds it.

From Scandal to Systemic Change

The NBA betting scandal is a compliance failure, but it can also be a catalyst. Like Enron and WorldCom before it, this crisis can drive reform if the league commits to systemic change.

For compliance officers, the takeaway is both familiar and urgent:

  • Do not wait for regulation to force change.
  • Design compliance as governance, not guidance.
  • Measure culture as closely as you measure performance.

Whether you’re managing a multinational enterprise or a billion-dollar sports league, the principle remains constant: integrity isn’t enforced; it’s engineered.

Final Thought: Compliance Beyond the Court

The NBA’s scandal is not simply a sports story. It is a warning about what happens when performance eclipses principle. For compliance professionals, it also serves as a form of validation.

Our work, often behind the scenes, is what protects institutions from self-destruction. The NBA didn’t fail because of bad luck; it failed because of missing systems. The same can happen in any organization that mistakes compliance for bureaucracy instead of recognizing it for what it truly is: the infrastructure of trust. Whether you are in a boardroom or a locker room, culture always calls the next play.

Join us tomorrow, as we continue our exploration in Part 5, to delve into the intersection of culture, incentives, and the psychology of ethical failure. We will examine how even well-meaning individuals cross ethical lines when the system prioritizes results over values.

Categories
FCPA Compliance Report

Ellen Hunt on Compliance ROI and on a Due Diligence and the US Sentencing Guidelines

In this episode of the Diligent Compliance Week 2025 Speaker Preview Podcasts series, Ellen Hunt discusses her two presentations at Compliance Week 2025, “Culture Effectiveness and ROI: How to Move the Needleand “Assessing Effectiveness: Do the 30-Year-Old Federal Sentencing Guidelines Still Work? “

In her first panel presentation, they will discuss the following:

  • Demonstrate measurable and quantifiable ROI
  • Build psychological safety that drives ethical decision-making and engagement.
  • Navigate matrix environments to expand the influence.
  • Use data to tell compelling compliance success stories.
  • Partner with the C-suite to help them navigate disruptive changes, including deregulation and major economic geopolitical shifts.

In her second presentation, she and Carrie Penman, the Chief Risk and Compliance Officer at Navex, will debate whether the US Sentencing Guidelines should be updated.

I hope you can join us at Compliance Week’s 20th Anniversary National Conference. This year’s event will be held April 28-30 at The Mayflower Hotel, Autograph Collection, Washington, D.C. The lineup is first-rate, with some top ethics and compliance practitioners around.

Drop by the Diligent booth for some Compliance Podcast Network coffee to gain insights and make connections at the industry’s premier cross-industry national compliance event, offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 20th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs.

Categories
FCPA Compliance Report

FCPA Compliance Report – Eric Morehead on Understanding the Role and Function of the U.S. Sentencing Commission

Welcome to the award-winning FCPA Compliance Report, the longest-running compliance podcast. In this episode, Tom welcomes Eric Morehead to discuss the role and function of the U.S. Sentencing Commission.

Eric is the Director of Advisory Services Solutions at LRN and former Assistant General Counsel at the U.S. Sentencing Commission. He and Tom review the intricacies of the U.S. Sentencing Commission’s role, structure, and impact. Eric walks through his professional journey and explains the Sentencing Commission’s function in standardizing federal criminal sentences and promoting organizational compliance programs. He emphasizes the importance of the Sentencing Guidelines, the process for their amendment, and the challenges faced by the Commission, such as quorum issues. The discussion also touches on current topics, including the potential impact of executive orders on DEI policies and the FCPA pause, stressing the continued relevance of the Sentencing Guidelines in compliance program development.

Key highlights:

  • Eric Morehead’s Background and Role at the U.S. Sentencing Commission
  • Understanding the U.S. Sentencing Commission
  • Process of Creating and Amending Sentencing Guidelines
  • Impact of Sentencing Guidelines on Compliance Programs
  • Current Issues in Compliance: DEI and FCPA Enforcement

Resources:

Eric Morehead on LinkedIn

LRN

US Sentencing Guidelines for Organizations

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

The Trafigura FCPA Enforcement Action – Part 3 – The Penalty

We continue our exploration of the resolution of the FCPA enforcement action involving the Swiss trading firm G Trafigura Beheer B.V. (Trafigura), an international commodity trading company with its primary operations in Switzerland. The company pleaded guilty and will pay over $126 million to resolve an investigation stemming from the company’s corrupt scheme to pay bribes to Brazilian government officials to secure business with Brazil’s state-owned and state-controlled oil company, Petróleo Brasileiro S.A. Petrobras (Petrobras). The matter was resolved via a Plea Agreement. Information detailing the company’s conduct was also issued.

Given the multi-year nature of the bribery scheme, how high it went up in the organization, the lack of self-disclosure, and the admittedly lack of stellar cooperation, one might wonder how Trafigura could obtain any discount from their overall penalty.  There was no total figure to show the amounts of bribes paid by Trafigura in the Plea Agreement.  However, it was noted that Trafigura earned over $61 million in profits from the business obtained through the corrupt scheme. Yet Trafigura received a 10% discount off the 50th percentile of the applicable US Sentencing Guidelines acceptable range. How did Trafigura achieve this discount?

Cooperation

The starting point for this analysis is the Plea Agreement. However, we should note that Trafigura failed to preserve and produce certain documents and evidence on time and, at times, took positions inconsistent with full cooperation, “particularly during the early phase of the department’s investigation.” Additionally, Trafigura was slow to exercise disciplinary and remedial measures for certain employees whose conduct violated company policy. Finally, Trafigura “ultimately accepted responsibility for its criminal conduct. Its previous position in resolution negotiations also caused significant delays and required the offices to expend substantial efforts and resources to develop additional admissible evidence before the defendant constructively reengaged with the offices in agreeing to a negotiated resolution.”

This cooperation included (i) providing timely updates on facts learned during its internal investigation, (ii) making factual presentations to the DOJ, (iii) facilitating the interviews of employees and agents, including an employee located outside the United States, and arranging for counsel for employees where appropriate; (iv) producing relevant non-privileged documents and data to the department, including documents located outside the United States in ways that navigated foreign data privacy laws, accompanied by translations of certain documents; and (v) providing all relevant facts known to it, including information about individuals involved in the conduct. The compliance professional should note that Trafigura provided documents to the DOJ outside the United States in ways that navigated foreign data privacy laws.

The Remediation 

The Plea Agreement also included information on the remediation Trafigura carried out. Trafigura also took steps to fix the problems. These included (i) creating and implementing better, risk-based policies and procedures for things like fighting corruption, using middlemen and consultants, making payments to third parties, and assessing the risk of joint ventures and equity investments; (ii) improving the processes and controls around high-risk transactions; (iii) spending more money on training employees and testing their compliance; and (iv) making sure that the problems were fixed regularly. The final point is perhaps the most significant, as we have now seen the DOJ call out Albemarle and SAP for discontinuing their use of third-party agents.

Prior Misconduct

Trafigura also had prior misconduct, which the DOJ called out. While noting it was “not recent,” Trafigura had sustained a 2006 guilty plea for entering goods through false statements and a 2010 conviction for violating Dutch export and environmental laws concerning the discharge of petroleum waste in Côte d’Ivoire.

Fine Calculation

The explanation from the DOJ raised an open question in the minds of many compliance professionals regarding recent FCPA enforcement. That question was about how culture and prior misconduct were factored into the acceptable determination. This case follows the recent SAP enforcement action, in which a similar analysis was conducted. The DOJ does not discount fines off the low end of an acceptable range but instead in the middle between the high and low range. In the case of Trafigura, the high end of the acceptable range (after the complete calculation under the Sentencing Guidelines) was $170,345,061, and the low range was $85,172,530. As a result of the defendant’s cooperation and efforts to make things right, as well as the fact that some Trafigura Group companies had been guilty of similar crimes in the past, the DOJ took 10% off the middle of the two ranges, which put them in the 50th percentile. This led to a “total criminal fine” of $80,488,040, 10% less than the fifth percentile above the lowest possible fine under the Sentencing Guidelines.

Join us tomorrow, and we will conclude with lessons learned from the Trafigura enforcement action.

Categories
Blog

The SAP FCPA Enforcement Action-Part 4: The Fines: Self-Disclose, Self-Disclose, Self-Disclose

We continue our exploration of the SAP Foreign Corrupt Practices Act (FCPA) enforcement action. Today we go full geek in a look at the fine and penalty and most importantly what the fine and penalty communicate about what the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) want from companies embroiled in a FCPA investigation. First the numbers.

DOJ

According to the Deferred Prosecution Agreement, the criminal fine and penalty is in the amount of $63,590,859, equal to approximately 54% of the Criminal Penalty ($63,700,000), reduced by $109,141 under the Criminal Division’s Pilot Program Regarding Compensation Incentives and Clawbacks. Additionally, the DOJ agreed to a “credit toward the Criminal Penalty the amount paid by the Company to authorities in South Africa for violations of South African law related to the same conduct described in the Statement of Facts, up to a maximum of $55,100,000 (the “Penalty Credit Amount”).”

SEC

According to the SEC Order, “SAP acknowledges that the Commission is not imposing a civil penalty based upon the imposition of an $ 118.8 million criminal fine as part of SAP’s resolution with the United States Department of Justice.” However, SAP did agree to disgorgement in the following amount, $85,046,035 and prejudgment interest of $13,405,149, for a total payment of $98,451,184. SAP received a disgorgement offset of up to $59,455,779 based on the U.S. dollar value for any payments made or to be made to the Government of South Africa or a South African state-owned entity in any parallel proceeding against Respondent in South Africa.

The SEC Order also reported these additional fines and penalties.

  • On March 15, 2022, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the DWS conduct described above and paid ZAR 11 344.78 million ($21.4 million), which represented reimbursement of the entire amount SAP received from DWS under the 2015 and 2016 deals with DWS.
  • On October 18, 2023, SAP entered into a settlement agreement with the South African Special Investigative Unit and others relating to the Transnet conduct described above, pursuant to which it paid ZAR 214.39 million (approximately $11.42 million based on the exchange rate on the date of payment).
  • On November 1, 2023, SAP entered into a civil settlement with the South African Special Investigating Unit and others relating to the Eskom conduct described above, pursuant to which it paid ZAR 500 million (approximately $26.63 million based on the exchange rate on the date of payment).

The bottom line, as reported by the FCPA Blog is SAP agreed to pay a $118.8 million criminal penalty to the DOJ and an administrative forfeiture of $103.4 million to the SEC. SAP has also paid approximately $59.4 million to various South African authorities, for which they received a penalty credit of $55 million from the DOJ.

Fine Calculation

Let’s start with the DOJ. The basis comes from the US Sentencing Guidelines.  From the DPA we note the following:

  1. The November 1, 2023 U.S.S.G. are applicable to this matter.
  2. Offense Level. Based upon U.S.S.G. § 2Cl.1, the total offense level is 42, calculated as follows:
  • 2Cl.l(a)(2) Base Offense Level 12
  • 2Cl.l(b)(l) More than One Bribe +2
  • § 2Cl.l(b)(2), 2Bl.l(b)(l)(M) +24

Benefit (More than $ 65,000,000)

  • 2C 1.1 (b )(3) Involvement of High-Level Public Official +4

TOTAL                                                                                      42

  1. Base Fine Based upon U.S.S.G. § 8C2.4(d), the base fine is

$ I50,000,000.

  1. Culpability Score. Based upon U.S.S.G. § 8C2.5, the culpability score is

6, calculated as follows:

  • 8C2.5(a) Base Culpability Score 5
  • 8C2.5(b )(3)(B)(i) Unit had 200 or more employees + 3

and High-Level Personnel

  • 8C2.5(g)(2) Cooperation, Acceptance -2

TOTAL                                                                                      6

Calculation of Fine Range:

Base Fine                                                                     $ I50,000,000

Multipliers                                                       1.2 (min) / 2.4 (max)

Fine Range                                     $180,000,000 to $360,000,000

The key area to noted is the highlighted line entitled “§ 8C2.5(g)(2) Cooperation, Acceptance”.

The reason this line is so critical is that it is the one area under the US Sentencing Guidelines that a company can receive a discount or at least credit for actions it has taken to reduce the multiplier and thereby reduce the overall fine range. In the Sentencing Guidelines it states,

(g)       Self-Reporting, Cooperation, and Acceptance of Responsibility 

 If more than one applies, use the greatest:

  8C2.5(g)(1) (1)       If the organization (A) prior to an imminent threat of disclosure or government investigation; and (B) within a reasonably prompt time after becoming aware of the offense, reported the offense to appropriate governmental authorities, fully cooperated in the investigation, and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 5 points; or

 8C2.5(g)(2) (2)       If the organization fully cooperated in the investigation and clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 2 points; or

 8C2.5(g)(3) (3)       If the organization clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct, subtract 1 point.

All this means a company if company self-discloses to the DOJ, it can receive a 5-point discount off the overall multiplier. SAP did not self-disclose so it lost this discount. If SAP had self-disclosed the multiplier range would have been something like 0.7 to 1.4, making the fine range $126 million to $252 million. From there the discount under the Sentencing Guidelines led the following “The Fraud Section and the Office and the Company agree, based on the application of the Sentencing Guidelines, that the appropriate criminal penalty is $118,800,000 (the “Criminal Penalty”). This reflects a 40% discount off the 10th percentile of the Sentencing Guidelines fine range.” By my estimation, this failure to self-disclose cost SAP an additional $20,000,000 under the Sentencing Guidelines alone.

But the analysis does not end there as the overall fine and penalty is also governed by the Corporate Enforcement Policy, under which a company can garner a full declination if the following criteria are met (1) self-disclosure, (2) extensive cooperation, (3) extensive remediation, and (4) profit disgorgement. Obviously, SAP failed to meet this burden as it did not self-disclose so a full Declination was never in the cards. But the company could and did receive credit under the Corporate Enforcement Policy with a monetary penalty in the amount of $63,590,859, equal to approximately 54% of the Criminal Penalty. There was a further reduction of the overall criminal fine, reduced by $109,141 under the DOJ’s Pilot Program Regarding Compensation Incentives and Clawbacks.

Moreover, under the Corporate Enforcement Policy, SAP’s failure to self-disclose cost it an opportunity of at least 50% and up to a 75% reduction off the low end of the U.S. Sentencing Guidelines fine range. Its actions as a criminal recidivist, resulted in it not receiving a reduction of at least 50% and up to 75% will generally not be from the low end of the U.S.S.G. fine range but rather at the 40% amount noted above. SAP’s failure to self-disclose cost it an estimated $20 million under the Sentencing Guidelines. It’s failure to self-disclose and recidivism cost it a potential $94.5 million in discounts under the Corporate Enforcement Policy.

While all these numbers might be enough to make your head swim (as it did mine); the significance and why I went through it in this detail is that the DOJ is clearly sending the message that self-disclosure is the single most important thing a company can do in any FCPA investigation or enforcement action. Kenneth Polite said that when announcing the updated Corporate Enforcement Policy in January 2023; it was enshrined the new Monitor Selection Policy as the number one reason for a company not having a monitor required. I heard Fraud Section head Glenn Leon say it as well at Compliance Week 2023 in a Fireside Chat with Billy Jacobsen.

The DOJ’s message could not be any clearer. Self-disclose; Self-disclose; Self-disclose.

 Resources

SEC Order

DOJ DPA

Join us tomorrow where we conclude with lessons learned for the compliance professional.

Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 3

This week, we are exploring a shift in the duties of care owed by corporate officers to the corporation. This shift is coming through the Chancery Court of Delaware in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst and his part in the creation of an absolute toxic atmosphere of sexual harassment at the very highest levels of the organization. The case is styled In re McDonald’s Corporation Stockholder Derivative Litigation, and in it, the court formally recognizes the oversight duties of officers of Delaware corporations. Today we discuss the role of the Chief Compliance Officer (CCO) in both the reasoning for the decision and what it means for CCOs going forward.

Perhaps one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a key reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

Specifically, the “Guidelines state that “[h]igh- level personnel of the organization shall ensure that the organization has an effective compliance and ethics program” and such senior person(s) “be assigned overall responsibility for the compliance and ethics program.” The Guidelines went on to define an organization’s “high-level personnel” as “individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization,” which includes “a director; an executive officer; an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.”

The court somewhat dryly concluded “It would seem hard to argue that, simply by virtue of being an officer, the Chief Compliance Officer could not owe a duty of oversight. That, however, is the logical implication of Fairhurst’s position that only directors can owe a duty of oversight.”

The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

Finally, the CCO has a broad scope within an organization. Indeed the court noted, that only the Chief Executive Officer (CEO) has as broad a remit, stating “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority. With a constrained area of responsibility comes a constrained version of the duty that supports an Information-Systems Claim.”

Yet the breadth of this portfolio does not mean a CCO can be liable for every corporate failure, even those directly in culture or compliance. Here the standard of liability for the CCO is critical and standard is breach of the duty of loyalty through bad faith. The court noted, that in the decision of Stone v. Ritter, upholding the original Caremark decision, “the Delaware Supreme Court adopted the Guttman formulation and stated that a breach of the duty of loyalty, such as acting in bad faith, was a “necessary condition to liability.” After Stone, then-Vice Chancellor Strine acknowledged that Caremark duties carried overtones of care, but explained that “to hold directors liable for a failure in monitoring, the directors have to have acted with a state of mind consistent with a conscious decision to breach their duty of care.”

Rarely, if ever do you see a CCO engage in bad faith. There have been some instances but I can think or only one or two that rise to the level of bad faith. The good news for CCOs is that while there may be a new cause of action against them for a duty of oversight; if there is a compliance program in place and if that compliance program detects wrongdoing which is reported up to the Board; a CCO has most probably met their duty under this decision.

Please join me tomorrow as I explore how this court decision, together with the CCO certification mandate by the Department of Justice, the Monaco Memo and the new Corporate Enforcement Policy will all change the relationships and dynamics of Chief Compliance Officers in the corporate world.

Categories
FCPA Compliance Report

Eric Morehead – The US Sentencing Guidelines at 30

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. I visit Eric Morehead, the Director of Advisory Services at LRN, in this special episode. We discuss the US Sentencing Guidelines on the 30th anniversary of their enactment and review the recent report on the history of the Sentencing Guidelines. Morehead, a former staff attorney at the US Sentencing Commission, looks at the numbers and considers the broader impact of the Sentencing Guidelines on compliance in the US and across the globe.

Some of the highlights include:

  • What are the US Sentencing Guidelines?
  • Why were they enacted?
  • How have the DOJ and Courts supported them?
  • What were the two amendments to the US Sentencing Guidelines?
  • What may be down the road for the US Sentencing Guidelines?

Resources

LRN

Eric Morehead on LinkedIn

A Deep Dive Into Organizational Sentencing Data by Eric Morehead on Law360

Categories
Compliance Into the Weeds

300th Anniversary Episode – Policies Policies Policies

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this special 300th Anniversary episode, we consider a recent academic paper that suggests that policies play a small role in persuading employees not to engage in bribery and corruption. Highlights include:

·       What did the paper conclude?

·       What is the role of procedures?

·       Tom details the one function of policies.

·       How does an operationalized compliance program work?

·       What is the intersection of policies and internal controls?

 Resources

Matt in Radical Compliance

Categories
Blog

Impact of the Federal Sentencing Guidelines at 30

The Federal Sentencing Guidelines for Organizations (FSGO) by the US Sentencing Commission (USSC) turn 30 this year. For compliance officers, this was perhaps the most significant government release. It did not create the compliance profession, but it certainly put compliance professionals in the forefront of the design, creation and implementation of corporate compliance programs. The FSGO also laid out for the first time, the government’s expectations of what a well-designed compliance program should look like in practice. This led to a dramatic increase in compliance professionals. Earnie Broughton, writing in the ECI blog, said, “In many ways the promulgation of the guidelines was a defining moment in our collective journey in understanding and realizing the benefits of good corporate character.”

In 2021, the Bureau of Labor Statistics reported 291,000 compliance officers in the US. But more than driving the compliance profession and a concomitant increase in compliance professionals the FSGO has in many ways shaped the structure of the 21st century corporation and dramatically improved corporate governance. In these ways, it laid the environmental, social and governance (ESG) foundations. Last month the US Sentencing Commission (USSC) released a summary of the FSGO and how it helped drives these changes, “The Organizational Sentencing Guidelines: Thirty Years of Innovation(the History).

Regarding the FSGO themselves, they take a “carrot and stick” approach to the sentencing scheme that bases the fine range on the culpability of the organization. The guidelines instruct courts to determine culpability by considering six factors. The four aggravating factors, “that increase the ultimate punishment of an organization are: (i) the involvement in or tolerance of criminal activity; (ii) the prior history of the organization; (iii) the violation of an order; and (iv) the obstruction of justice.” The two mitigating factors are: “(i) the existence of an effective compliance and ethics program; and (ii) self-reporting, cooperation, or acceptance of responsibility.” Rather amazingly, the History reported that only 1.5% overall of all organizations sentenced “received the five-point culpability score reduction for disclosing the offense to appropriate authorities prior to a government investigation in addition to their  full cooperation and acceptance of responsibility.” Obviously, there is still room for improvement.

Rather unsurprisingly, the Department of Justice (DOJ) drew heavily on the FSGO for two key documents which laid out the foundations of an effective compliance program. The first was the 2012 FCPA Resource Guide (developed and released jointly with the Securities and Exchange Commission (SEC)) and its update, the 2021 FCPA Resource Guide, 2nd edition. The second was the Evaluation of Corporate Compliance Programs, initially released in 2019, and the 2020 Update to the Evaluation of Corporate Compliance Programs. The History noted that the Evaluation and its update, “was first developed in 2017 under the leadership of the DOJ’s first “corporate compliance expert”” and “provides greater clarity on some key issues prosecutors consider when assessing the adequacy of corporate compliance programs during charging and settlement decisions, by laying out “fundamental questions” that prosecutors should ask about compliance programs:

  • Is the corporation’s compliance program well designed. There were three key questions for consideration:
  • Is the program being applied earnestly and in good faith?
  • In other words, is the program being implemented effectively?
  • Does the corporation’s compliance program work in practice?

The Evaluation and its Update then proceed to describe “in detail the topics that prosecutors should consider when answering those questions.”Demonstrating its influence far beyond the DOJ, SEC and other government agencies, the Delaware court decision in Caremark demonstrates a key effect in the transformation of compliance programs, policies and procedures in the corporate world. The Caremark decision was a departure from prior Delaware case law which said that a board did not have to look for wrongdoing but only had to investigate if informed about it. That was from an old 1963 decision and the Court relied on the 1992 US Sentencing Guidelines to note how such views were no longer accepted. Board obligations had changed by 1996 with the following, “obligation to be reasonably informed concerning the corporation, without assuring themselves that information and reporting systems exist in the organization that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”

Caremark considered the proposed settlement of a derivative suit seeking to impose personal liability on members of the board of directors. The History noted, “the court considered whether director liability could stem from unconsidered action by the board. After observing that “[t]he Guidelines offer powerful incentives for corporations today to have in place compliance programs to detect violations of law, promptly to report violations to appropriate public officials when discovered, and to take prompt, voluntary remedial efforts,” the court concluded that “[a]ny rational person attempting in good faith to meet an organizational governance responsibility would be bound to take into account [the organizational guidelines].”

This meant that a director has a good faith duty to see that the organization establishes adequate information and reporting systems. i.e., a compliance program. No doubt due to the significance of the Delaware courts, “following the Caremark decision, federal and state courts recognized the importance of compliance programs in the context of shareholder derivative suits.” Caremark  and its progeny are now the law of the land regarding corporate governance and compliance across most states in the US.

All of these changes and much more point to the far- and wide-ranging impact of the FSGO.  “What began as an “experiment” to encourage legal compliance and foster more ethical business practices is now widely accepted as a success.” Moreover, “evidence suggests that compliance and ethics programs implemented using the guideline criteria produce positive effects on an organization’s behavior” and that the FSGO has had a significant impact on public and private sector actors.” Finally, the History concludes that the influence of FSGO “is now spreading around the globe, suggesting that the hallmarks of an effective compliance and ethics program have universal appeal.”

Categories
Everything Compliance - Shout Outs and Rants

Shout Outs and Rants from Episode 104

Welcome to theShout Outs and Rants from the Everything Compliance gang. In this episode, we have the quintet of Jonathan Marks, Jay Rosen, Tom Fox, Jonathan Armstrong, and Matt Kelly on a variety of shoutouts.

1. Jay Rosen shouts out to the firm Moxie, who is trying to create Oxygen from CO2 so that life can exist on Mars.

2. Matt Kelly shouts out to NASA engineers who scrubbed the space shuttle launch due to safety concerns.

3. Jonathan Marks shouts out the 30th anniversary of the US Sentencing Guidelines.

4. Tom Fox shouts out the American League-leading Houston Astros.

5. Jonathan Armstrong shouts out to the British television show “Have I Got News” for skewering Boris Johnson with his own words.

The members of Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.