Goldman Sachs: Part 5 – The Remediation

Thomas Fox - Compliance Evangelist
Contact
LinkedIn
Facebook
X
Send
Embed

Compliance Evangelist

We continue our exploration of The Goldman Sachs Group, Inc. (Goldman Sachs) Foreign Corrupt Practices Act (FCPA) settlements and related enforcement action, literally across the globe, from the state of New York to Singapore, Hong Kong, Malaysia and United Kingdom. Today, I want to focus the remediation.

In the Deferred Prosecution Agreement (DPA) Goldman Sachs committed to the Department of Justice (DOJ) (and probably the other government regulators) that it is “committed to continuing to enhance its compliance program and internal controls, including ensuring that its compliance program satisfies the minimum elements set forth in Attachment C to this Agreement (Corporate Compliance Program)”. Goldman Sachs did receive a huge benefit from finally getting that message as “based on the Company’s remediation and the state of its compliance program, and the Company’s agreement to report to the Offices as set forth in Attachment D, the Offices determined that an independent compliance monitor is unnecessary”.

Released as a part if its Press Release, Goldman Sachs laid out with some detail the “Completed and Ongoing Enhancements Since the 1MDB Transactions”. After the company finally woke and realized they were in serious FCPA hot water, they began designing a best practices compliance program. Initially, Goldman Sachs focused on the processes surrounding review and approval of complex transactions, including the heightened risk of reputational consequences that such transactions bring. Specifically, Goldman Sachs focused on:

  • Ensuring that we have sufficient controls to prevent business considerations from overriding control-side concerns;
  • Increasing the understanding of employee responsibility to escalate signs of inappropriate behavior or control transgressions;
  • Requiring additional focus on the review of transactions that might cause reputational risk;
  • Improving documentation and evidence of the committee discussions regarding transactions that might cause reputational risk;
  • Addressing transactions that might have reputational risks early enough to reduce the possibility of momentum “carrying them over the line”; and
  • Ensuring additional focus on transactions with large, “day-one” P&Ls, and/or those deemed “significant and complex”.

From this base starting point, Goldman Sachs made additional enhancements, which included:

  • Exercising heightened scrutiny of senior level people engaged in high risk areas, business or products;
  • Reviewing the firm’s committee structure to ensure it is fit for purpose;
  • Ensuring greater focus and additional actions when “red flags” are identified;
  • Further developing targeted e-communication surveillance based on new emerging technology;
  • Improving training on compliance responsibilities firmwide; and
  • Enhancing the firm’s systems and controls to prevent and detect money laundering and bribery-related behavior by the firm and its clients.

Goldman Sachs also put in some specific controls in both the anti-corruption area and anti-money laundering (AML) arena. In the area of Anti-Bribery and Anti-Corruption Controls, Goldman Sachs worked to enhance the firm’s systems and controls to prevent and detect bribery-related and corruption-related behavior. Regarding Insider Threats, the firm developed a program to monitor employee behavior that could cause reputational or financial harm to the firm, its employees or its clients. For transactions that might cause reputational risk and significant and complex transactions, the firm required additional focus on transactions that might cause reputational risk and Significant and Complex transactions.

The firm put in place a heightened scrutiny of senior level people engaged in high risk areas, businesses or products to provide another set of eyes on high-risk transactions. The firm will increase its reliance on data analytics to uncover anomalies by improving and increasing the use of data and metrics within the corporate compliance function. Goldman Sachs has put in additional backstops to prevent business unit control over-ride, by ensuring sufficient controls to prevent business considerations from overriding control-side concerns. The authority of the compliance function within Goldman Sachs was enhanced by ensuring the corporate compliance function has the proper stature and empowerment to properly challenge the operations folks. For the additional oversight on high-risk transactions, Goldman Sachs has worked to improve the documentation and evidence of committee discussions regarding transactions that might cause reputational risk.

The firm will move to a more proactive stance with early intervention on high-risk transactions, to address transactions that might have reputational risks early enough to reduce the possibility of momentum “carrying them over the line”. Red flags will be given a higher priority for clearance by ensuring greater focus and additional actions when “red flags” are identified. Finally, there is a renewed escalation process to increase the understanding of employee responsibility to escalate signs of inappropriate behavior or control transgressions.

In the area of AML, Goldman Sachs will enhance the firm’s systems and controls to prevent and detect money laundering by the firm and its clients. This will include, refining the Firmwide Suitability Committee charter to require all large “day-one” P&Ls to be specifically reviewed. Encouraging a more speak up culture.

All of these are certainly good starting points, but they will only work if Goldman Sachs makes a commitment to a cultural change of doing business ethically and in compliance. Obviously, this starts at the very top of the organization and, at least now, the Chief Executive Officer (CEO), David Solomon, and the firm’s Board of Directors are saying the right things. But the proof will be in the pudding the next time a deal similar to 1MDB pops up on the firm’s radar and whether senior management over-rides the existing internal controls and/or the corporate compliance function. One might think that a $5 billion fine and penalty would be enough to get the firm’s attention. We can only hope so at this point.

Please join me tomorrow where I take a look at lessons learned from the Goldman Sachs FCPA enforcement action.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox - Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox - Compliance Evangelist
Thomas Fox - Compliance Evangelist
Contact
more
less

Thomas Fox - Compliance Evangelist on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide