The goal of any company regarding its compliance regime should be to make compliance a part of the fabric of your company and the face that you present to the world. That was the message from the interview conducted by Adam Turteltaub of Loretta Lynch, US Attorney for the Eastern District of New York, in June. The interview was the basis of an article in the September issue of the SCCE, Sept/Oct issue of its Compliance and Ethics Professional Magazine, entitled “In the Spotlight: Loretta Lynch”. The article was as close a ‘must read’ of any Department of Justice (DOJ) representative on the subject of what the DOJ is looking for in a Foreign Corrupt Practices Act (FCPA) compliance program as I have recently come across. I hope that you are a SCCE member and can read the full article as it is worth its weight in gold.
There were three separate enforcement actions that Turteltaub discussed with Lynch which I would like to highlight for this article as lessons learned for the compliance practitioner. The first two were FCPA matters and the third was an anti-money laundering (AML) matter. They were the Morgan Stanley Declination to Prosecute, the Ralph Lauren Non-Prosecution Agreement (NPA), and the final case was the HSBC Deferred Prosecution Agreement (DPA).
This case involved Morgan Stanley and its Managing Director Garth Peterson. Peterson tried to convince Morgan Stanley to sell its interest in a building in Shanghai to the Shanghai government. However, the group purchasing the interest was actually made up of Peterson and a local government official “who had provided assistance to Peterson in securing business for Morgan Stanley in China.” Morgan Stanley discovered the subterfuge, thoroughly investigated the matter and self-disclosed to the DOJ. Morgan Stanley received the first publicly announced Declination from the DOJ.
While the numerous factors that the DOJ cited in its Press Release announcing the Declination are well known, the part I found interesting was the following quote in the SCCE article, “What set Morgan Stanley apart was that, after considering the facts and circumstances, the government concluded that Morgan Stanley was a company that had done all it could.” This matter presented “a fundamentally different situation from companies that say they don’t tolerate wrongdoing, yet push employees to meet goals and quotas overseas with little to no guidance on risks and consequences.” Further, this fundamental difference contrasted with companies who to tell employees “to “go along” to avoid being disadvantaged in overseas markets.” A final fundamental difference is that the Morgan Stanley matter was different from “companies that say “That’s not who we are,” yet have nothing on the record that informs me otherwise.” [Emphasis mine - that is TRF speak for Document, Document and Document].
In the article, we found out greater specifics on the bribery scheme used. The investigation “revealed that, over the course of five years, the manager of Ralph Lauren’s subsidiary in Argentina had made roughly $580,000 in corrupt payments to customs officials for unwarranted benefits, like obtaining entry for its products into the country without the necessary paperwork or without any inspection at all. The bribes were funneled through a customs broker who, at the manager’s direction, created fictitious invoices that were paid by Ralph Lauren in order to cover up the scheme.”
Interestingly the company did not have an anti-corruption program or provide any training during the five years of the conspiracy. Nevertheless, both the DOJ and Securities and Exchange Commission (SEC) “were impressed with their [Ralph Lauren’s] resulting commitment to compliance in this area globally, as well as their self-disclosure and full cooperation.” Lynch explained that these steps included a “host of remedial measures” that the company instituted; improvements in internal controls and their overall compliance regime; and termination of the employees engaged in the illegal conduct. Finally, the DOJ took into account “that they swiftly and voluntarily disclosed the conduct” in agreeing to the NPA only.
Coming in at an eye-popping fine of $1.9 billion the HSBC AML enforcement action was the largest forfeiture matter in history. While the size of this fine caught a lot of attention, Lynch emphasized that it could have been much higher and that the Bank acquitted itself well enough to reduce the size of its overall penalty. First she pointed to the admission of criminal conduct by the Bank. She also said that the Bank “gave the government every remedy we could have gained, and arguably even more, had we indicted the bank and taken it to trial to prove guilt.”
I have previously detailed the remedial steps that HSBC engaged in during the pendency of the enforcement action so I will not go into them again. But there are two items which seemed to standout in the mind of Lynch, the first of which was unprecedented. It was that HSBC agreed to “subscribe to a single global standard for compliance. This means that HSBC will apply the highest or most effective compliance requirements for operations worldwide, regardless of the laws and regulations that apply where a particular office or affiliate is located. In other words, if the U.K. has the toughest anti-corruption laws in the world, HSBC will apply them worldwide. If the AML requirements of in the United States are the most stringent, they will apply.” This last step told the DOJ that HSBC really did desire to create a gold standard best practices compliance program across all disciplines and the company.
The second notable action taken by HSBC was to split the role of the Chief Compliance Officer (CCO) out of the General Counsel’s (GC’s) office. Lynch believed that this showed “a deliberate, carefully crafted effort to give Compliance more prominence, more autonomy and more authority within the bank.” However, and most interestingly, she later averred that the splitting of these functions do not make sense in every organization, saying that a variety of factors, such as “organizational size, industry, regulatory, environment, staffing constraints and individual capabilities” can be taken into account by a company, and presumably the DOJ, when looking at an organization.
At the end of the day, what the regulators want to see is that a company “gets it” regarding compliance. While this is far from an ‘it’ factor, Lynch seems to indicate that it is a relatively simple task to see when company’s make compliance a top priority. As both DOJ and SEC representatives continue to speak through informal channels such as magazine article interviews, at conferences, in formal mechanisms such as enforcement action resolutions and Opinion Releases, companies need to use this information to drive home the message of compliance into the very fabric of their business.