Why Should Americans Care About the FIFA Indictments? Part I – Only the US Government Could Do It

A colleague recently posed that question to me. I thought it was an interesting one and although at first blush the response to me might appear self-evident, the fact that it was posed means that my view may not be universal. The more I thought about how to respond to my friend’s query, the longer my response became. So today, I begin a three-part series on why Americans should care about the Department of Justice (DOJ) bringing their indictments against the 14 named defendants who were all associated with the governing body of international soccer, the Fédération Internationale de Football Association (FIFA).

Over the weekend, I went to England to attend the wedding of my sister-in-law. My wife has numerous aunts, uncles, nieces, nephews and cousins and they all attend such family events. One of the more interesting comments I heard was from one of my wife’s cousins who said, “only America was big enough to take on FIFA” and that “you can say what you want about Americans but they get things done.” I realize the sample size may have been small to fully validate these perceptions but consider the headline from the lead editorial in the Sunday Times today which read “JUSTICE 1, FIFA O” where the Times discussed the revelations that Sepp Blatter himself is now under investigation by the US DOJ for direct involvement of the $10MM bribe paid to Jack Warner to swing his vote to award South Africa the 2010 World Cup.

The statement by my cousin-in-law presages something that is not discussed consistently about prosecutions under the Foreign Corrupt Practices Act (FCPA); that is the US government is the undisputed worldwide leader in the global fight against corruption and bribery. For all the discussion about whether it is fair or right to prosecute companies with headquarters outside the US for FCPA violations, the bottom line is if the US government did not engage in such prosecutions, no one else would do so. But these are not companies that lie outside the jurisdiction limit of US justice; these are companies that have voluntarily subjected themselves to US jurisdiction. Remember TOTAL, who howled about how unfair it was that the US government was prosecuting them? It turned out that they wired part of their bribes through the US banking system. Alstom was another company that fought the DOJ over jurisdiction. Yet it has listed securities on certain US exchanges which invoked FCPA jurisdiction, engaged in illegal conduct in the US and involved US citizens in the bribery and corruption allegations against it.

This fact of US leadership in the global fight against corruption and bribery was driven home even more so with the FIFA indictments. The Sunday Times had been investigating FIFA through investigative journalism for years. As far back as 2010, the Sunday Times published evidence that votes of FIFA executives could be purchased for votes to secure World Cup tournaments. The Sunday Times handed over wire tapes, videotapes and transcripts confirming these allegations to FIFA officials. FIFA’s response was to discipline those who had talked with reporters from the Sunday Times. Most amazingly, in May 2011 the Sunday Times provided this evidence to a British Parliamentary commission.

Did anything come about from this evidence being handed over to the UK government? A generous response might be not that we know of, as yet. This is in the face that the UK has arguably the strongest anti-corruption law on the books, the UK Bribery Act, which makes illegal the paying and receiving of bribes in both the public and private sector. So the laws are in the books in the UK, if the UK government wanted to enforce them.

The DOJ has made clear they will use all tools available to them in the fight against international corruption and bribery. For US companies or others subject to the FCPA, that means using a supply-side law, which criminalizes the conduct of the bribe payor. But there are numerous other laws that criminalize the conduct of the bribe receiver. We saw a couple of those at play with the FIFA indictments. These include money laundering and tax evasion, with tax evasion first. Ever since the conviction of Al Capone, the government has made use of laws against evading taxes on monies you are paid for criminal activity. Under FCPA cases, the companies seem to report the income from their ill-gotten gain accurately so we have not seen that tool used in FCPA prosecutions. However individuals who receive bribe payments generally do not report the income because they cannot account for receiving it for any honest or legal services. Since they do not report it, they do not pay taxes on it.

Anti-money laundering (AML) laws are an important tool in the fight against international bribery and corruption. My colleague Mike Brown, no doubt channeling his inner Woodward and Bernstein, often says that when it comes to bribery and corruption, you should “follow the money”. This is the basic truth about money laundering and why it is such an important tool in the fight against corruption. We have seen it used occasionally as an adjunct to FCPA prosecutions. Most recently was the money laundering charge against María de los Ángeles González de Hernandez, the official at a state-owned Venezuelan bank, Banco de Desarrollo Económico y Social de Venezuela (BANDES) who was paid upward of $5MM in bribes to win bond trading work. She was extradited to the US and pled guilty.

The bottom line is that only the US government has the wherewithal to engage in such a worldwide investigation and coordinate the actions of numerous of countries in providing assistance. Do you think the Swiss police would have been so involved if it was not for the US government lead in this investigation? From President Obama on down, the US government has made clear that it will lead the international fight against bribery and corruption. The FIFA indictments are yet one more indication that they will continue to do so.

But the US is no longer alone in this fight. Witness the large numbers of countries that have passed domestically and internationally focused laws against bribery and corruption. Whatever the motives behind the Chinese government prosecution of GlaxoSmithKline PLC (GSK) in China, the fact of the prosecution sent shock waves through western companies doing business in China that the old ways of bribing officials was no longer acceptable. The effect was that western companies doing business in China beefed up their compliance function and oversight of compliance. The same has been true from the burgeoning Petrobras corruption scandal in Brazil. Brazil itself has only recently enacted domestic anti-corruption legislation and it may have been the political fallout from the Petrobras corruption scandal that finally led the President of the country to accede to having the law made effective.

FIFA is the biggest sports empire in the world. The National Football League (NFL) is downright paltry when it comes to the monies, numbers and passions around international soccer. However the US government became aware of the inherent corruption at FIFA; whether through the investigative work of The Sunday Times, a whistleblower, an unrelated investigation into other criminal activities or some other means, Americans should care about the FIFA indictments because it shows the US government continues to lead the world’s fight against bribery and corruption.

Why should Americans care about the FIFA indictments? First as a measure of national pride, we have a Justice Department that has the wherewithal to take on the world’s largest sports organization, particularly one which thought itself above the law. While the US certainly did not bring the indictments against FIFA alone, it clearly was the leader in this effort to continue the fight against global corruption and bribery. For if America does not lead, others will not follow in this fight so Americans should care greatly that the DOJ is continuing to lead this fight with the laws available to it.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Lincoln Assassinated and HSBC’s Continued Self-Inflicted Woes

Today is the 150^th anniversary of the first successful Presidential assassination attempt. It was on this day in 1865 that John Wilkes Booth shot President Abraham Lincoln at Ford’s Theater in Washington DC. Booth was not a lone gunman but led a group of Confederate sympathizers who attacked or planned to attack leading US government officials. Co-conspirator Lewis T. Powell burst into Secretary of State Seward’s home, repeatedly stabbing him and seriously wounding him and three others, while George A. Atzerodt, assigned to kill Vice President Johnson, lost his nerve and fled.

HSBC continues to stay in the news, unfortunately largely for the wrong reasons in the realm of anti-corruption, facilitating tax evasion and money laundering. In an article in the New York Times (NYT), entitled “HSBC Is Deemed Slow To Carry Out Changes”, reporters Jessica Silver-Greenberg and Ben Protess noted that earlier this month, federal prosecutors made a quarterly count filing as a part of their report on the bank’s Deferred Prosecution Agreement (DPA) “faulting the bank for weaknesses in spotting suspicious transactions and for enabling a corporate culture resistant to change.”

The filing itself was based upon the corporate monitor’s Michael Cherkasky’s “confidential 1000 page report submitted to prosecutors in January. That report, people briefed on the matter said, offered a more scathing assessment of the bank’s progress.” The monitor has been “evaluating HSBC’s global operations for cracks in its money-laundering controls. As such, he has reviewed the bank’s various business lines, including its sprawling operations in China.”

In the technology area, the filing noted the “bank’s technology systems, despite some improvement, still suffer from “fragmentation” and “lack of connectivity” the Justice Department filing said. With its creaky framework, the filing said, “the collection and analysis” of data could suffer.” This lack of technology to both check on customers or potential customers and then review the transactions they might engage in were a prime deficiency noted in the original 2012 enforcement action where “prosecutors found that HSBC facilitated money laundering on behalf of Mexican drug cartels, allowing at least $881 million in tainted money to course through its United States branches.”

But perhaps the more troubling finding in the prosecutors filing was around the culture at the bank. There was not specific criticism of the tone at the top of the bank or with senior management but with the employees’ attitudes towards meeting the obligations under the DPA. The filing said that “Change at the bank was met with resistance” providing at least one example; “When presented with negative findings from auditors, the filing said, managers at the bank’s United States unit for global banking and markets “inappropriately pushed back.” Ultimately, the resistance caused an internal audit report “to be more favorable to the business than it would have been otherwise.”

Interestingly HSBC itself pushed back against the government’s filing, at least in the press. The article noted that “In response to the filing, Stuart Levey, the bank’s chief legal officer said, “The Justice Department recognized in its letter that HSBC has made material progress toward meeting the most stringent compliance standards imposed to date upon a global financial institution.” Levey also said that “the bank was continuing to meet all its obligations under the deferred-prosecution-agreement and that its leaders “are making progress toward that objective and appreciate the monitor’s ongoing work.””

Monitor Cherkasky’s report and the Department of Justice (DOJ) filing bring up a couple of interesting points for speculation. The first is the continuing dialogue and debate on the effectiveness of DPAs and whether they actually do achieve their stated goals of changing corporate culture and behavior. The NYT article said that the DOJ filing, which came under the name of the President’s Attorney General-designee, as head of the US Prosecutor’s office, comes “at a time when prosecutors are grappling with repeat offenders on Wall Street”. Moreover, “the filing underscores the Justice Department’s efforts to stem the pattern of corporate recidivism.” Just how hard should the DOJ come down on HSBC? There are other more aggressive steps the DOJ could take, even at this point. These include “extending the five-year deferred-prosecution agreement or singling out culpable employees by name.” Indeed the article cited to a recent speech by the head of the DOJ’s criminal division, Deputy Assistant Attorney General Leslie Caldwell, where she said, “the government has “a range of tools” to deal with corporate recidivism, including extending the term of a deferred-prosecution agreement while prosecutors investigate accusations of new criminal conduct.”

How about tearing up the DPA and simply criminally prosecuting the bank on the facts it admitted to in the DPA? Caldwell also spoke to that possibility when she said in the same speech, “Make no mistake: The criminal division will not hesitate to tear up a D.P.A. or N.P.A and file criminal charges where such action is appropriate and proportional to the breach.” Since parties are required to agree to facts in any DPA or Non-Prosecution Agreement (NPA) it would seem that tearing up those settlement documents and then prosecuting those companies on the underlying facts would be a relatively straightforward matter.

The other party in this debate is the Attorney General-nominee herself. While at this point it is not clear if the GOP majority will ever let her nomination come up for a vote before the full Senate, what if the Senate Judiciary Committee decides to reopen the hearings on this issue and then shoehorn it into the larger ongoing academic and FCPA Inc. debate on DPAs (and NPAs and other settlement tools). What if the FCPA testified on the “Façade of FCPA Enforcement”? What if Ted Cruz came in to ask why the DOJ is even bothering to prosecute the British banking giant?

At the time of its settlement in 2012, the HSBC fine was the largest for any bank involving money laundering. The monitor’s report and DOJ court filing demonstrate that the settlement is still controversial and the conduct engaged in by the bank many years ago may well continue to resonate up to this day and well into the future.

But the negative news for HSBC did not end with the filing of the DOJ report. As reported in the Financial Times (FT), in an article entitled “French magistrates open formal criminal probe into HSBC”, Emma Dunkley wrote that the parent entity of the bank, HSBC Holdings, “has been placed under criminal investigation by French authorities and made to post €1bn bail over allegations that its Swiss private banking arm helped clients avoid taxes.” This is separate and apart from the investigations into the company’s Swiss banking unit, which has been indicted or is under investigation “over tax evasion allegations in several other countries, including the US, Belgium and Argentina.”

In another article in the NYT, entitled “HSBC Facing Criminal Investigation in French Tax Case”, Chad Bray reported that the bank apologized after released documents “showed that its employees had reassured clients that the lender would not disclose details of their accounts to the tax authorities of their home countries and discussed options to avoid paying taxes on those assets. The bank has acknowledged previous “conduct and compliance failures” in its Swiss business and has said that it has overhauled its private banking business and reduced its client base in Switzerland by 70 percent since its peak.”

The woes of HSBC continue and indeed seem to be increasing. With the fallout from the monitor’s report and other ongoing investigations the bank may be in danger of having its DPA revoked. While HSBC is not the only poster child for Banks Behaving Badly it may find itself as the first bank to have its DPA torn up and either the entity or responsible individuals criminally prosecuted for recidivist behavior.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Gulliver’s Travels, Truth or Fiction?

There was once a man named Gulliver who traveled widely and wrote a book about his adventures called Gulliver’s Tales. During his first voyage, Gulliver is washed ashore after a shipwreck and finds himself a prisoner of a race of little people, who live in the country of Lilliput. After giving assurances of his good behavior, Gulliver becomes a resident in Lilliput and becomes a favorite of the court. From there, the book follows Gulliver’s observations on the Court of Lilliput. He is also given the permission to roam around the city on a condition that he must not harm their subjects and otherwise engage in illegal, immoral or unethical conduct.

I am continually amazed at how life imitates art because if I told you the following tale you might accuse me of simply making up things to write about. Imagine there is a corporate banking Chief Executive Officer (CEO), whose company signed one of the largest Deferred Prosecution Agreements (DPA) ever a little over two years ago giving assurances of good behavior going forward. Now imagine I tell you that the same CEO has been hiding money for years in a Swiss bank account through a shell corporation for ‘his privacy’ (IE., Hiding money from the Lilliputians of this world). Unfortunately for the real Stuart Gulliver, the CEO at the banking giant HSBC, these facts are true. While his company is in yet another scandal involving its illegal conduct, while under a DPA for its past sins, it turns out the CEO was hiding approximately $7.7MM in a Swiss bank account. To compound this effort to conceal his monies, he did so through a shell Panamanian company.

Yet, just like the fictional Gulliver, the real Gulliver has a very simply explanation for this practice. According to Jenny Anderson, in an article in the New York Times (NYT) entitled “HSBC Chief Defends Swiss Bank Account Worth $7.7 Million”, Gulliver said “This has an everyday explanation to it” and said the explanation was that he was trying to hide the money so his co-workers would not know he much money he made. Or as Anderson wrote, “In an effort to protect his privacy — he was the bank’s top earner — he put the money in Switzerland to hide it from the prying eyes of his Hong Kong colleagues. But he then had to hide it from his curious Swiss colleagues, so he created an anonymous Panamanian company.”

So it turns out that Gulliver was not only trying to hide his money from his co-workers but also from the Swiss by creating a shell corporation to launder the money into before depositing it in Switzerland. Similar to those pesky Lilliputians, who might want to find out something about him that he did not want them to know, as when the fictional Gulliver agreed to not violate the law or engage in otherwise unethical conduct. Of course the real Gulliver has protested that such arrangements were not illegal at the time he engaged in them, side-stepping the question of whether his conduct was unethical (Ethical bankers, does that topic belong in the fiction section?).

Gulliver also went on a charm offensive essentially claiming that not only him but the entire banking industry in general was being picked on. Channeling his inner Mother Theresa, Gulliver was quoted in an article in the Financial Times (FT), entitled “Standards for bankers higher than for bishops, claims HSBC chief Gulliver” by Martin Arnold and George Parker, as saying “It seems to me that we are holding large corporations to higher standards than the military, the church or civil service.” While I am not quite certain as to the pay scale of UK church leaders, I am relatively certain that those in the civil service and military do not have an extra $7.7MM laying around that they need to launder through a Panamanian corporation to hide in a Swiss bank account.

The real Gulliver should have just channeled his fictional Gulliver and said that when in the land of Lilliput, you do not have to tell the Lilliputians the truth, even if you have sworn in a pesky DPA to do so. From the real Gulliver’s statement about bankers being held to higher standards, he obviously thinks that the church, military and civil service (and probably the rest of us mere mortals) have Lilliputian ethical obligations compared to him.

What does all this mean for prosecuting HSBC in the newly erupted money laundering through its Swiss subsidiary scandal? Well it is great to know your CEO has first hand knowledge of the mechanics of such activities. The appropriate UK authorities or even the US Department of Justice (DOJ) could interview the real Gulliver as a subject matter expert (SME) on not only how to hide money from your fellow employees, but also from the Swiss and even gain insight into such machinations to hide money from your own national tax authorities. The real Gulliver may be a real find for the DOJ as an expert witness, at the trial of his company for breach its DPA.

Further, just think of the credibility the real Gulliver would have in negotiations with the DOJ on whether HSBC broke its promises to do business in compliance with US anti-money laundering (AML) laws when it signed its DPA back in 2012. He could go right into the meeting and say, “Lads, let me dispel any misconceptions you might have about Swiss bank accounts. They exist to hide money. At least that is how I use them personally.” He could then walk the lowly civil servants who work in the DOJ Fraud Section and who have lower standards than the whiter-than-white bankers through how the real world of money laundering works, or at least the real world of multi-millionaires who, for some reason, want to protect their own privacy.

The real Gulliver could answer yet another rhetorical question that he posed, and was reported in the FT article, when he asked, “Can I know what every one of 257,000 people is doing? Clearly, I can’t. If you want to ask the question could it ever happen again – that is not reasonable.” The real Gulliver could then go on to respond to this rhetorical flourish along the lines of the following, But I can tell you what is reasonable, to ask me if I know what I am doing and how I am doing it. I am hiding money in my Swiss bank account through a shell Panamanian company. He might even add, How brilliant is that?

Since the fictional Gulliver lived and traveled over 300 years ago, he may be distantly related to the real Gulliver of HSBC today. Nevertheless for a bank CEO to have laundered his own money through a shell corporation into a Swiss bank account ‘for privacy’ is one of those convergences where truth surely is stranger than fiction.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Lauren Bacall Whistling or How to Structure Customer Due Diligence

Yesterday we honored Robin Williams whom we lost earlier this week. Today we honor Lauren Bacall. She will always be a part of that great team of Bogey and Bacall. Most of us were introduced to her in the movie To Have and Have Not. I thought she was one of the most sultry and sexy icons of the 40s screen sirens. As Manohla Dargis wrote in her article for the New York Times (NYT) entitled, “That Voice and the Woman Attached,” that “When she opened her mouth in “To Have and Have Not” — taking a long drag on a cigarette while locking Humphrey Bogart in her gaze — she staked a claim on the screen and made an immortal Hollywood debut. But in 1944 at the exquisitely tender age of 19, she was also projecting an indelible screen persona: that of the tough, quick-witted American woman who could fight the good fight alongside her man.” She later married Bogart and together they were certainly Hollywood, if not American royalty, going forward. And she probably did more for the art of whistling than any person on Earth.

Yesterday I wrote about the Foreign Corrupt Practices Act (FCPA) investigation into certain transactions in Venezuela by Derwick Associates (Derwick) and a US company ProEnergy Services (ProEnergy). ProEnergy supplied turbines that Derwick resold to the Venezuelan government and then installed in that country. I wondered if US companies now need to become more concerned with not only who they do business with but how their customers might be doing business. In the parlance, you may now need to ramp up your ‘Know Your Customer’ information to continue throughout a seller-purchaser relationship.

Doug Cornelius, in a post on his Compliance Building blog, entitled “Proposed Regulations on Customer Due Diligence”, discussed “The U.S. Treasury Department’s Financial Crimes Enforcement Network has proposed revisions to its customer due diligence rules. Of course, the proposed rule would affect financial institutions that are currently subject to FinCEN’s customer identification program requirement: banks, brokers-dealers, and mutual funds.” While, investment advisers and private fund managers are not specifically mentioned in the proposed new regulation, Cornelius noted, “FinCEN suggested that it may be considering expanding these customer due diligence requirements to other types of financial institutions.” In other words, this new proposed regulation would not be directly applicable to a large number of US commercial enterprises doing business outside the United States.

However, the proposed regulation did provide some insight into how US companies, not otherwise subject to it, might think about ways to approach such an inquiry. Referencing an inquiry into anti-money laundering issues (AML) Cornelius wrote that AML programs should have four elements:

1. Identify and verify the identity of customers;
2. Identify and verify the identity of beneficial owners of legal entity customers;
3. Understand the nature and purpose of customer relationships; and
4. Conduct ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.

Clearly any FCPA based due diligence would focus on point 2. Cornelius zeroed in on it when he wrote “The definition of “beneficial owner” is proposed as have two prongs”:

• Ownership Prong: each individual who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of the equity interests of a legal entity customer, and
• Control Prong: An individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or (ii) any other individual who regularly performs similar functions.

He also noted, “For identifying ownership of an entity, FinCEN has proposed a form of certification.” But he found such a “certification to be overly simplistic. It only asks for individuals with ownership in the entity. This would clearly miss ownership of the account holder by other entities who could be “bad guys.” The certification also only requires one senior officer.  That makes it too easy to appoint a straw man as executive officer to hide the underlying control by a “bad guy.”” But the FinCen proposed notice itself states “these existing core requirements are already laid out in the BSA [Bank Secrecy Act] as minimum requirements”.

I was equally interested in points 3 and 4. Under point 3, an entity subject to the regulation needs to “Understand the nature and purpose of customer relationships”. The proposed regulation further explained “to gain an understanding of a customer in order to assess the risk associated with that customer to help inform when the customer’s activity might be considered “suspicious.”” Such an inquiry could help a business to “understand the relationship for purposes of identifying transactions in which the customer would not normally be expected to engage. Identifying such transactions is a critical and necessary aspect of complying with the existing requirement to report suspicious activity and maintain an effective AML (or anti-corruption compliance) program.”

The final point 4 relates to ongoing monitoring. Once again consider the position of the US Company, ProEnergy, in the referenced FCPA investigation. What can or should it have done in the way of ongoing monitoring of its customer. The proposed regulation states “industry practice generally involves using activity data to inform what types of transactions might be considered “normal” or “suspicious.”

Furthermore, FinCEN understands that information that might result from monitoring could be relevant to the assessment of risk posed by a particular customer. The proposed requirement to update a customer’s profile as a result of ongoing monitoring (including obtaining beneficial ownership information for existing customers on a risk basis), is different and distinct from a categorical requirement to update or refresh the information received from the customer at the outset of the account relationship at prescribed periods”. Lastly the proposed regulation states, “Finally, as noted above with respect to the obligation to understand the nature and purpose of customer relationships, monitoring is also a necessary element of detecting and reporting suspicious activities”.

There does not have to be a direct bribe or other corrupt payment made by a US company to have liability under the FCPA. FCPA enforcement is littered with companies that have paid bribes through third parties. However, as the Fifth Circuit said in Kay v. US, “[W]e hold that Congress intended for the FCPA to apply broadly to payments intended to assist the payor, either directly or indirectly,” [emphasis mine]. ProEnergy would seem to be at the far edge of potential FCPA liability but if it knew, had reason to know, or even perhaps should have known about some nefarious conduct by its customer, it does not take too many steps to get to some FCPA exposure. The proposed FinCEN rules on customer due diligence for financial institutions might be a good starting point for other commercial entities to consider.

If all of the above is a bit too heavy for a Friday, well view this clip on how to whistle by clicking here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Something is Rotten in Denmark or Is It the Banking Industry?

“Something is rotten in the state of Denmark” is one of the signature lines from Shakespeare’s play Hamlet. I thought about that when I read a couple of recent articles in the New York Times (NYT), entitled “Questions Are Asked of Rot in Banking Culture”, by Peter Eavis and the Wall Street Journal (WSJ), entitled “Lawmakers Tell Justice Dept. to Seek Swiss Banker Extraditions”, by Joel Schectman. Eavis wrote that banks have been accused of money laundering, tax dodging, market rigging and rampant risk-taking; all of which I would add could lead to potential Foreign Corrupt Practices Act (FCPA) violations.

Banks would seem to have a different relationship with the public than energy companies. Eavis said that the “At the heart of the issue is an inviolate social contract that bankers are supposed to honor. The government agrees to protect banks from collapse, and in return, bankers are meant to uphold the highest ethics when handling other people’s money. But when law-breaking and other missteps proliferate at banks, it is a sign that the industry has stopped cleaving to the special contract, endangering taxpayers. And bad management can be a leading indicator of future financial problems at an institution.”

But more than this ‘social contract’ is regulators. The Department of Justice (DOJ) has never been shy about enforcing the FCPA against energy companies who violate the law. “Too Big To Fail” still resonates as an excuse for regulators who didn’t regulate so that they “may find it hard to convince the public that they mean business” this time around and on this issue. Eavis noted that William C. Dudley, president of the New York Fed and Thomas J. Curry, Comptroller of the Currency, have both recently spoken out about banks and their culture. But Eavis notes, “each had a reputation for being too soft on the banks.”

The regulators told Eavis that they are indeed ‘ratcheting up the pressure’ on banks. Curry was quoted as saying, “We are ratcheting up the potential consequences. This is something new.” Eavis properly asks that with some of the best legal talent money can buy for defense, who deploy strategies like refusing to turn over potential evidence to regulators” and simply having such large profits “they can easily absorb the financial penalties the government throws at them”.

Eavis notes that one continuing area of concern and an area of potential change is compensation. He states “compensation is one area where bank regulators may need to do more if they want to do more to clean up bank culture, according to critics of the industry.” This is because bank compensation practices “can reward unhealthy levels of short-term risk-taking and entice bankers into ethical lapses.”

While it is doubtful that banks would ever make changes similar to those made by GlaxoSmithKline PLC (GSK) to move away from compensation variably based upon sales to a straight salary; Eavis reports that regulators outside the US “agreed after the crisis to overhaul bankers’ pay, in part by requiring them to wait several years before they receive all of their bonuses. The hope is that bankers will behave better if they know their employers can easily take back the deferred part of their pay.”

The problem regarding compensation in US banks is that they “are still deferring much less pay than their European peers. The Fed is in charge of regulating compensation at American banks. When asked whether the pay overhaul at American banks had gone far enough, Mr. Dudley said, “There is potential to defer more compensation for longer periods of time.””

However, banks need more than simply a change in compensation to address their cultures. It really is about ethics. Interestingly this is where ‘Too Big To Fail’ comes into play. But Eavis also writes “Some banks may be so large and complex that it would be difficult for managers to maintain a clean culture across all of their operations.” Dudley was quoted as saying, “Either the firm is not too complex, you can manage it, you do know what’s going on,” he said. “Or, if you don’t know, that’s sort of raising the question whether the firm is too complex to manage.” This means “he would not allow size or complexity to be an excuse for ethical breaches.”

Although not directed at US banks and bankers, Senators Carl Levine and John McCain, who jointly lead the Senate’s Permanent Subcommittee on Investigations, channeled their inner Howard Sklar when they wrote a letter to the DOJ and urged them to “at least attempt” extradition proceedings against indicted Swiss bankers. They jointly said “Even if the extradition request is denied, it will inform both Switzerland and its citizens that the United States is ready to make full use of available legal tools to stop facilitation of U.S. tax evasion and hold alleged wrongdoers accountable.”

I felt the DOJ response was well reasoned when a spokesman said, “extradition proceedings would be a poor use of resources. Because aiding tax evasion is not considered a crime in Switzerland, the country is unlikely to honor U.S. extradition requests.” But John Carney, a former federal prosecutor who is now a partner at Baker & Hostetler LLP, believes that “an extradition request from U.S. authorities would be a powerful signal”. He was quoted as saying “It’s a shot across the bow for folks who think it could never happen,” Further, “The unsettling part for a potential defendant is the request is there and if the [Swiss] government ever changes its view, it’s one step closer to actually happening.””

I have written about Bankers Behaving Badly more than once. The litany of financial crimes they have admitted to goes on almost monthly. But when the government regulators start talking about a rotten culture; that seems to take things up a notch or two. Remember, I come from Houston, which is the epicenter of FCPA enforcement. I do not remember any government official or regulator talking about “deep-seated cultural and ethical failures” at energy companies in Houston. These public comments should certainly be a wake up call for senior management at these institutions. My advice would be to get your Chief Compliance Officer (CCO) in for a meeting ASAP and while you are at it, you may want to consider hiring a Chief Ethic’s Officer as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

The Alchemist of Comedy and Utility Industry Compliance

Harold Ramis died on Monday. For a generation of comedians and fans of comedy he was one of the driving lights of that genre. He was one of the screenwriters of Animal House and wrote the screenplays for both of the Ghostbuster movies, in addition to starring in them. His New York Times (NYT) obituary called him the “Alchemist of Comedy” and quoted from Paul Weingarten, who wrote, in The Chicago Tribune Magazine in 1983, “More than anyone else, “Harold Ramis has shaped this generation’s ideas of what is funny.”” So thanks Harold Ramis for Blutto, Otter, Founder, D-Day, Dr. Spengler and all the rest.

I am currently attending the Society of Corporate Compliance & Ethics (SCCE), 2014 Utilities & Energy Conference. As usual, it is an excellent event for the compliance practitioner. One of the things that I find not only intriguing but also extremely useful about this conference is the pairing of compliance practitioners from the fields of energy and utility. I did not attend the utility focused sessions for the first couple of years but now prefer those sessions because they focus so much on the process of compliance. While the actual compliance issues are not anti-bribery or anti-corruption, the process-oriented approach utilized in the utility energy can be a great set of lessons for the energy industry compliance practitioner to consider when looking at an energy company compliance regime.

On Monday there was a presentation by David Douglass, Federal Energy Regulatory Commission (FERC) Compliance at Kansas City Power & Light Company. Initially, Douglass presented several different compliance models, which the anti-corruption compliance practitioner can use to benchmark or evaluate your company’s compliance program. The first one Douglass termed the Compliance Maturity Model – Compliance at Every Level. It included:

• Step 1 – Reacting only and engaging in panic. The elements of this level of maturity include the admonition to “Get it done”. Typically under this step compliance is operating in isolation and can only marshal resources as necessary and where ever they might be found.
• Step 2 – Anticipating and acceptance of compliance. This increased maturity can help to bring about some efficiency, usually through the accepted use of automation. This allows a compliance practitioner to see connections between multiple programs and take steps to plan future approaches to ongoing and ad hoc compliance challenges as they might arise.
• Step 3 – Collaborating. Under this step, compliance moves to being seen as a collaborative partner with the business units. This allows the identification of risks, the assessment of the company’s exposure to those risks and to prioritizing actions to meet those assessed risk. Finally, the collaboration step can allow for the re-use of technological components for multiple purposes, thus reinforcing great cost savings and value.
• Step 4 – Orchestrating through and with the rest of the company. Under this ultimate step in the model, compliance works to help set enterprise wide objectives to help to coordinate enterprise wide risk analysis and response. The corporate wide visibility to risk analysis, management and remediation as well as compliance performance.

In addition to the above Compliance Maturity Model, Dougalss discussed two of the programs were set out by federal utility regulators. The first was the FERC’s Effective Compliance Program, which has the following seven standards:

1.  Internal standards and procedures to prevent and detect violations;
2. High-level management knowledge and oversight of internal compliance programs;
3. Reasonable (due diligence) efforts to screen out “poor performers”;
4. Reasonable internal communications and training efforts;
5. Reasonable steps to evaluate program effectiveness, including confidential reporting options for employees;
6. Creating and enforcing compliance incentives and noncompliance sanctions;
7. After detection of a violation, companies shall take reasonable, responsive steps.

He then cited to the North American Electric Reliability Corporation’s (NERC’s) four hallmarks of effective compliance programs, which included the following:

1.    Senior management / leadership

• Compliance Program is established in the company.
• Compliance Program is formally documented and widely disseminated throughout the organization.
• The Compliance Program is supervised by a high ranking company representative.
• The head of the compliance function has access to President / CEO and Board.
• The Compliance Program is designed and managed with independence.
• There are sufficient resources dedicated to implement Compliance Program.
• The Compliance Program has the full support of all company leadership

2.    Preventive measures are in place

• A sufficient frequency of review of compliance program occurs.
• There is sufficient frequency of training of employees on compliance program.
• There is sufficiency of subject matter training of employees on compliance program.

3.    Prompt detection, cessation, and self-reporting

• There is a sustainable process to internally assess compliance with regulations.
• There is a sufficient response to identification of wrong-doing or misconduct.

4.    Effective remediation

• There are effective internal controls and procedures present to prevent recurrence of misconduct.

Douglass also discussed the ‘3-lines of defense concept” for a best practices compliance program. Under this concept a properly constructed compliance program has three lines of defense to prevent a compliance incident. These three lines of defense are identified as (1) the Risk Content Owners line of defense; (2) the Risk Process Owners line of defense; and (3) the Risk Content and Content Monitoring Owners line of defense.

 I.                Risk Content Owners

This first line of defense is the business owner(s) who are on the front lines for any company. Their roles include management of day-to-day business risks and to recommend actions to manage and treat that risk. This group also is tasked with complying with the company’s risk management process. Where appropriate, this group will implement risk management processes where applicable and this group will execute risk assessments and identify emerging risk.

 II.             Risk Process Owners

This second line of defense is typically the company legal and compliance departments. Not only are these the standard setters in an organization but they may also be charged with certain monitoring tasks. This group should establish policy and process for risk management. This group is the strategic link for a company in terms of risk. It should provide guidance and coordination among constituencies. It should identify enterprise trends, synergies, and opportunities for change. This group should also initiate change, integration and operationalization of new compliance best practices. Typically this group is the liaison between the third and first lines of defense. Lastly, this group will oversee certain risk areas and in terms of certain enterprise objectives such as compliance with regulations such as Foreign Corrupt Practices Act (FCPA), Export Control, etc.

III.           Risk Content and Monitoring Owners

This third, and final, line of defense is generally thought of as the Assurance Providers and consists of senior management, Internal Audit and up to the Board of Directors. Its roles include either working with or through senior management and/or the Board of Directors. This line of defense is tasked to rationalize and systematize risk assessment and governance reporting so that it is not only transparent but useful and stored in a manner that can be retrieved if a regulator comes calling. It will provide oversight on risk management content/processes, followed by the second line of defense. Finally, it will provide assurance that risk management processes are adequate and appropriate.

This tripartite model is an excellent way for a company to not only think through how to design an overall structure but as an outline to assess how well it may be doing in any one specific compliance area such as anti-corruption compliance under the FCPA. The first line of defense should be driven down to the Business Unit level. This will allow, indeed require, the Business Unit to buy into the overall compliance program. The legal and compliance departments are the key bridge that writes and leads implementation of the overall compliance program through training but also assesses whether the compliance program is effective and remains robust. The role of senior management is to provide overall leadership and deployment of resources throughout this entire process.

I have found that the anti-corruption compliance, or indeed the anti-money laundering (AML) or export-control practitioner can learn quite a bit from their peers in the utility industry. While they may not rise to the level of “Alchemist of Comedy”, as did Harold Ramis, you might want to listen to what they have to say.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Inspector Lestrade – Does Leadership Matter?

Continuing our Sherlock Holmes homage, today we draw inspiration from the character of Inspector Lestrade as the theme of this blog post. In the original Doyle works, he appears in 13 of the stories and we are only introduced to him as Inspector G. Lestrade. In the current PBS series, we are informed his given name is Greg. Lestrade is not exactly the sharpest tack in the shed, as evidenced by Holmes comments that he is “an absolute imbecile” from the The Red-Headed League and the “best of a bad lot” from The Boscombe Valley Mystery.

I thought about Inspector Lestrade when I read some of the comments of UBS Chief Executive Officer (CEO), Sergio Ermotti, as reported in the Wall Street Journal (WSJ) article entitled “UBS Chief’s Plea: Stop ‘Lecturing’ to Bankers” by David Enrich and Francesco Guerrera. UBS has not exactly been a law abiding corporate citizen over the past few years. As you might recall this is from the company, which had a $2.3 billion trading loss from one individual. It is also from the company that assisted approximately 17,000 Americans clients with illegally hiding $20bn of assets to avoid paying taxes on this money. UBS paid a fine of $780MM for these actions. But there is much more, as UBS also agreed to pay another $1.5 billion fine for its criminal actions in manipulating the LIBOR. What would you say the ‘tone’ is at UBS about complying with the law?

With all of these fines, penalties and criminal pleas behind him, Ermotti does not seem to think there is any room for criticism of his company. Rather unbelievably, Ermotti was quoted as saying, “Life is hard enough, and I think this constant lecturing on ethics and on integrity by many stakeholders is probably the most frustrating part of the equation. Because I don’t think there are many people who are perfect.” For those of you who might want that translated to Texan, the equivalent phrase is a very nasal twang of “Glass houses dear”. For the more spiritual out there you could fall back on “Let he who is without sin cast the first stone.” Perhaps the most relevant question would simply be ‘How many angels dance on the head of a pin?’

Late last year, I engaged in a dialogue with other Foreign Corrupt Practices Act (FCPA) commentators about whether motives matter in anti-corruption enforcement actions. I opined, in a post, entitled “Does Motive Matter in Anti-Bribery and Anti-Corruption Enforcement?”, that it really does not matter what the motives are for the Chinese government officials in prosecuting western companies, which violate Chinese national anti-bribery laws, if a company breaks the law, it can be subject to prosecution. The FCPA Professor, in a post, entitled “Should Motivations Matter”, said that impure motives do matter in anti-corruption enforcement actions, whether in China or the US. Others have suggested that the FCPA enforcement itself is hypocritical because the US allows gifts, entertainment, charitable donations and a wide variety of other acts to be given as a quid pro quo to US government officials, usually without criminal prosecution.

But Ermotti takes this debate to an entire new level. Now you cannot even criticize his bank unless you are ‘perfect’. Further, showcasing the obvious knowledge of his 60,000 plus employee base, Ermotti “said in the interview that most of the bad behavior that has landed UBS and others in hot water was caused by small groups of rogue employees and doesn’t reflect broader cultural problems in the industry. “It’s not because you’re a banker that you’re a criminal”.” This was in the face of criticism at the World Economic Forum in Davos (where Ermotti was interviewed and made his remarks) that “In a private meeting held between bank CEOs and central bankers and regulators Friday, several participants pointed to banks’ “conduct” issues as undermining efforts to rebuild public and investor confidence in the industry, according to executives and central bankers who were there.” This can be contrasted with Bank of England Governor Mark Carney who said at the same conference, “Whether or not [the industry] thrives will rest on the efforts of individuals and organizations to re-establish the system’s reputation for integrity”.

Yet again Ermotti doubled down when he claimed that the group, which cannot criticize, includes regulators and enforcement officials. This statement is almost the equivalent of another equally enlightened (former) CEO, Bob Diamond, who once ran Barclays and “told British lawmakers in 2011 that “there was a period of remorse and apology for banks. That period needs to be over.” The next year, Mr. Diamond was forced to resign after Barclays admitted trying to rig interest rates.” Ooops.

What does all of this say about the top of this once august organization? First and foremost, how you would like to be the person who has to ‘speak truth to power’ if your CEO says that only the ‘perfect’ can bring forward criticism? Do the words ‘career suicide’ ring any bells here? But more importantly you have a company which entered into a Deferred Prosecution Agreement (DPA) regarding its tax evasion violations and then pled guilt to criminal conduct that as reported in another WSJ article “Regulators described the alleged illegality as “epic in scale,” with dozens of traders and managers in a UBS-led ring of banks and brokers conspiring to skew interest rates to make money on trades.” What would you say about its ‘tone-at-the-top’? Are they committed to following the law? How about complying with the terms of their multiple settlement agreements with US regulators? How about changing the culture in their organization, not simply to make compliance a goal but actually obey the law? What about instituting and then following a best practices program for compliance with anti-corruption laws such as the FCPA or Bribery Act; anti-tax evasion laws such as the Foreign Account Tax Compliance Act (FACTA); relevant anti-money laundering (AML) laws; or indeed others.

Without a hint of irony, the WSJ piece on Ermotti’s remarks ends with the following quote from him, “The banking industry is an easy target.” I wonder if Ermotti has the self-awareness of Inspector Lestrade to understand the wisdom of his words?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Corruption in Turkey and Integrating Your Risk Assessment

One of the more public and ongoing corruption scandals in the world right now seems to be happening in Turkey. To say the events and facts are confused is an understatement. At this point there are not any international players who have been implicated but given the breadth and scope of what has come out of that country over the past month or so, it would only appear to be only a matter of time. It began in December when, according to the BBC, “The arrests were carried out as part of an inquiry into alleged bribery involving public tenders, which included controversial building projects in Istanbul. Those detained in the 17 December raids included more than 50 public officials and businessmen – all allies of the prime minister. The sons of two ex-ministers and the chief executive of the state-owned bank, Halkbank, are still in police custody.”

The Prime Minister claims that all of these arrests were simply political theater, generated by supporters of Fethullah Gulen, an influential Islamic scholar living in self-imposed exile in the US. Members of Mr. Gulen’s Hizmet movement are said to hold influential positions in institutions such as the police and the judiciary and the AK Party itself. Many believe the arrests and dismissals reflect a feud within Turkey’s ruling AK Party between those who back the Prime Minister, Recep Tayyip Erdogan. On Tuesday the Prime Minister and his supporters struck back at the police by removing approximately 350 police officers from their positions in the capital, Ankara. The Prime Minister and his supporters have also attacked the judiciary leading the investigation, claiming that it is all politically motivated.

In addition to the obvious turmoil based on the above, the country is feeling the fallout in the international monetary arena. In an article in the Financial Times (FT), entitled “Turkey warns of corruption probe risk”, reporter Daniel Dombey said that the country’s currency, the Turkish lira, had dropped 7.5% since the initial arrests back in December. He quoted the country’s Finance Minister, Mehmet Simsek, who said that there had been “some negative implications for the Turkish macro [economy].” Dombey also noted that the Turkish stock market had dropped almost 12% during the same time frame.

In the 2013 Transparency International (TI) Corruptions Perceptions Index (CPI), Turkey had a score of 50 which gave it a rank of 53 out of the 177 countries listed. It generally had better scores than other countries in southeastern Europe such as Greece and the Balkan countries. Other than Cyprus, it had better CPI scores than most other mid-eastern countries. But what about now and what does this mean for the US based multi-national who is currently doing business in Turkey or considering doing so?

One of the things that a compliance program must have is the flexibility to respond to changing events on the ground. Just as last summer’s GlaxoSmithKline PLC (GSK) corruption scandal in China brought attention to those issues in China, these very public events should bring the attention of your compliance team. My former This Week in FCPA co-host Howard Sklar said that a compliance program needed to be nimble in order to respond to such events in far-flung places. Risks change and they must be evaluated on a regular basis or in response to new facts on the ground, such as those which are present in Turkey.

There may also be more than anti-corruption risk at play in any given situation. If a company only looks at one type of risk, such as anti-corruption, rather than others such as export control or anti-money laundering (AML) it can lead to the concept of what is called the “functional trap” of labeling and compartmentalizing risk. In an article in the June issue of the Harvard Business Review (HBR), entitled “Managing Risks: A New Framework”, authors Robert Kaplan and Annette Mikes declare that good risk discussions must be integrative in order for risk interaction to be evaluated. If not, a business “can be derailed by a combination of small events that reinforce one another in unanticipated ways.”

The authors posit that it is difficult for companies to accurately and adequately discuss risk for a variety of reasons. One of these reasons is the aforementioned silo effect which can lead to a lack of discussion by a wide group regarding a number of risks, for example compliance risk; reputational risk; brand risk; credit risk; human resources risk are but a few of the types of risks mentioned in their article. The authors believe that one of the ways to knock down these silos when it comes to a more complete management of risk is to “anchor their discussions in strategic planning, one integrative process that most well-run companies already have” in place.

The authors cautioned that beyond simply introducing a systematic process for identifying and mitigating key risks, companies should also employ a risk oversight structure. The authors discussed the experience of the Indian IT company, Infosys, which uses a dual structure. It consists of a central team that identifies general strategy risks and then establishes central policy, together with a specialized, decentralized functional team. This second team designs and monitors policies and controls in consultation with local business units. These decentralized teams have the authority and expertise to respond to changes in the company’s risk profile coupled with the nimbleness and agility of being in the field to deal with smaller issues before they become larger problems for the central team back in the corporate office.

I believe that the current political turmoil in Turkey provides an example of the diversity your compliance program and risk assessment must maintain. Just as it is important to perform due diligence on third party representatives, before execution of an appropriate contract, the real work is in managing the relationship. In risk management, you must identify and assess the risk but the real work begins in managing the risk. This is where the rubber meets the road.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

‘You Scratch My Back’ Leads to a Fine and Penalty

As the riders loped on by him he heard one call his name

If you want to save your soul from Hell a-riding on our range

Then cowboy change your ways today or with us you will ride

Trying to catch the Devil’s herd, across these endless skies

 

The above lyrics are the closing stanza to the song “Ghost Riders in the Sky”. I thought about the advice for the cowboy to change his ways to save his soul from Hell when I read in both the Financial Times (FT) and the Wall Street Journal (WSJ) reports that Deloitte LLP (Deloitte) agreed to a one-year suspension from soliciting new consulting work from financial institutions and agreed to pay a $10MM fine to the state of New York Department of Financial Services (DFS) for its role in the Standard Chartered Bank (StanChart) money laundering scandal. StanChart was fined $340MM by the DFS for allegations of money laundering and doing business with Iran, all in violation of US laws.

The FT article, entitled “Deloitte banned for StanChart ‘violations’”, by Kara Scannell, reported that this suspension and fine was the first against a consulting firm by the DFS. The DFS cited Deloitte for ““misconduct, violations of law and lack of autonomy” in its review of the anti-money laundering (AML) practices of Standard Chartered.” Indeed it its settlement with Standard Chartered, it was alleged that “Deloitte “aided” the bank’s deception in hiding transactions linked to Iran.” In one instance, the FT reported that “Deloitte removed a recommendation aimed at rooting out money laundering from a report filed with the state regulator. In an email cited in the settlement, a Deloitte partner said: “‘[W]e agreed’ to [StanChart]’s request because ‘this is too much and too politically sensitive for both [StanChart] and Deloitte. That is why I drafted the watered-down version’.”

However, the real problem was probably better articulated by Ben Lawsky, superintendent of the DFS, who the FT quoted as saying, “At times, the consulting industry has been infected by an ‘I’ll scratch your back if you scratch mine’ culture and stunning lack of independence.” The WSJ article, entitled “Deloitte Unit Gets One-Year Ban”, penned by reporters Shayndi Raice and Michael Rapoport, noted that in the DFS resolution “Deloitte also agreed to overhaul its internal safeguards and create new standards to increase its independence with respect to clients.” Deloitte itself was quoted in the FT article as saying “it looks forward to working constructively with DFS to establish best practices and procedures that are ultimately intended to become the industry standard for all independent consulting engagements under DFS’s supervision”.

The WSJ also reported that the DFS has been concerned for some time “that consultants who review, and help banks with, regulatory issues are potentially subject to conflicts of interest because they are hired and paid by the same banks whose work they are supposed to assess.” Apparently the DFS is looking to use Deloitte’s remediation as a “model to govern all consultants who do work for banks under the agency’s supervision.” This comes on the heels of the US Senate’s Banking, Housing and Urban Affairs Committee, Subcommittee on Financial Institutions and Consumer Affairs’ hearing this past April on the same issue. The hearing was entitled “Outsourcing Accountability? Examining the Role of Independent Consultants”. The hearing was adjourned with no resolution of legislation introduced as yet but Massachusetts’ junior Senator Elizabeth Warren is on the Subcommittee so I would not be surprised for something to come out of this issue.

The use of external consultants was also mentioned in a recent enforcement action under the Foreign Corrupt Practices Act (FCPA); that being the Parker Drilling Deferred Prosecution Agreement (DPA). In the DPA there were the following statements about an un-named US law firm and an un-named partner at said law firm, which were listed as an agent of Parker Drilling in connection with its FCPA issues in Nigeria.

1. The law firm was a US limited partnership, which provided legal advice to Parker Drilling for the issue involving the FCPA violation at issue. (Paragraph 10)
2. An unidentified “outside counsel” who provided this legal advice was a partner in the unidentified law firm. (Paragraph 11)
3. Parker Drilling entered into an agreement with a Nigerian Agent who would “act as a consultant to [Law Firm] to provide professional assistance resolving these issues in Nigeria.” (Paragraph 33)
4. Payment to the Nigerian Agent was made through the law firm, which received the Nigerian Agent’s invoice and then forwarded on to Parker Drilling for funding.
   “When the Nigerian Agent required funds, Parker Drilling transferred funds to Law Firm by wire, and Law Firm in turn forwarded those funds to Nigerian Agent by international wire. Nigerian Agent’s funding requests typically first went by email to the Law Firm and U.S. Outside Counsel and asked for currency transfers, often $100,000 or more at a time.” (Paragraph 34)
5. This U.S. Outside Counsel was identified as requesting money from Parker Drilling for entertainment of the Nigerian President (Paragraph 35a); requesting money for payment to the Nigerian State Security Service and Minister of Finance tied to “winning the concession” for Parker Drilling (Paragraph 35d); advised Parker Drilling that the Nigerian Agent in question “will need $100,000 in expense advances to cover various out of pocket expenses and social events” and that the Nigerian Agent’s expenses were running “about 4000 a day per person because of the entourage entertainment.” (Paragraph 35g); and, finally, he advised Parker Drilling that the Nigerian Agent “needs another $150,000 to accomplish his objective”. (Paragraph 35h)

What does all this mean for the compliance practitioner? First of all, it drives home the need to perform due diligence on all third party providers which will provide legal or regulatory services. If there is no underlying due diligence, there can be no understanding of the background of the service provider. The Deloitte StanChart actions, the US law firm and US lawyer identified in the Parker Drilling DPA set out a couple of issues for the consideration of a compliance practitioner in dealing with third party consultants. First and foremost, be on the watch for any third party who suggests anything illegal or that even comes up close to that line. It is clearly a red flag if a third party suggests any violation of the FCPA, AML regulations or the like. Similarly, any claim that ‘this is the way business is done in [fill in the country]’ should immediately raise a red flag. Anytime a required report is ‘watered down’ it is also a clear red flag. Lastly, if your US outside counsel suggests hiring a Nigerian agent to ‘facilitate’ any legal issues, remember the primary liability is on your company, even if you only accept that legal advice, or as the lyrics suggest “cowboy change your ways today or with us you will ride” into a large FCPA or AML settlement.

—————————————————————————————————————————————————————–

For the classic Johnny Cash version of the song, click here. For a more rocking version, check out this clip of The Outlaws by clicking here.

——————————————————————————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

How to Assess Suspicious Financial Activity

The banking world is littered with institutions that have paid astronomical fines for their failures around anti-money laundering (AML) legislation. Much has been written and said about these events. However one of the areas that has received perhaps less attention is the programs that banks and other financial institutions have set up to comply with the ever-growing increase in AML regulations. But just as crooks tend to follow the money, sophisticated lawbreakers, who tend to engage in crimes such as money-laundering will try and move their operations to business and industries with less robust protections around AML. That is why I found this month’s article by Carole Switzer, President of the Open Compliance and Ethics Group (OCEG), in the June issue of Compliance Week, entitled “The Battle to Balance Vigilance and Suspicion”, to be instructive for the anti-corruption/anti-bribery practitioner who typically focuses on Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance.

In the article Switzer makes clear that she believes that “the most effective AML programs are based on the understanding that financial institutions have an obligation to all of their stakeholders to remain vigilant about AML risks. Banks are not required to prove money laundering; rather they are required to strike the right balance in their vigilant reporting of suspicious activity.” She recognizes that “banks must file a suspicious activity report (SAR) when suspicious activity arises. What qualifies as a suspicion often is a difficult question—as is the determination of whether or not to file a SAR.” Yet Switzer also notes that “filing of too many (and/or incomplete) SARs can overwhelm regulatory agencies, reducing their ability to address genuine criminal activity” and that filing “too few SARs and a company can turn a blind eye to potential money laundering, opening itself and, in some cases, its top managers to significant penalties.” I would posit that the dynamic tension would appear for any company; whether financial institution or other commercial operation. Hence, I believe that Switzer’s thoughts can be used by a non-financial concern to help protect it from violation of US or UK AML laws.

As usual, Switzer has provided a road map to illustrate her thoughts, entitled “Suspicious Activity Investigation Lifecycle”. In the diagram Switzer notes that it is important to understand each step in the lifecycle, so that a company can exploit “opportunities for technology and automation”. Technology, coupled with the human element, which recognizes the signs of suspicious AML activity can help your company protect itself and “hear through the noise.” She counsels that the “focus is to identify suspicious activity and report it, not to prove criminality; law enforcement will take it from there, blending your information with information from other institutions before making a decision on how to proceed.” She lists the following four steps.

1.      Triage – Switzer believes that “understanding and managing your inbound alerts can be an intimidating task. High alert volume and false-positives can abound, often at a 50:1 ratio (False/True).” A company should also focus on automated solutions that allow you to invest human capital into exception cases. Finally, remember to consistently review and modify the system until your organization can hear through the noise.

2.      Investigation – As an investigation process can tax your resources, you should strive to ascertain that you are making the right inquiries documenting the process at every turn. Some of the questions that Switzer suggests you focus on include “Do you understand the context? Are your procedures applicable to the product used? How does the processing channel affect the investigation? What history does the customer or organization have with your institution? Are you truly investigating or just documenting?”

3.      Action – After you have ­finished conducting research, obtained an understanding of the suspicious activity, its context, and the implications, Switzer advocates that this is the time to react. She believes that it is important to have a protocol in place. Some of her suggestions include placing the party on a continued Watch List, or you could “kick off your Enhanced Due Diligence cycle, or offboard the customer altogether.” She notes that the key here is “expediently limiting risk and exposure and promptly notifying regulatory authorities.” To which I would add: document, document, and document.

4.      Feedback/Review – As with any process you need validation or ‘a second set of eyes.” Switzer proposes that you should review your actions and reports for accurateness. Some questions that you may wish to keep in mind are the following: “Was your investigation fruitful? What did you learn? Is our current process sound and comprehensive? Learning what you have done, how it has affected your risk profi­le, and how you have reacted is critical to ongoing success.” A rigorous system would “constantly challenge assumptions and work to refine the process. Evaluate how your customers, products, and business are changing, and develop new scenarios.”

Switzer notes some of the more common mistakes made include failure to document your compliance efforts and missing of key internal and external deadlines for reporting. She cautions against tipping off customers directly during the inquiry process or indirectly through sending questions to a third party which may convey such information. Finally, training is important so that any report which is generated is not of such poor quality, incomplete or overly vague as to be useless and miss important information.

As with other areas of compliance, there are best practices which are fairly well known. Switzer reminds us that your suspicious activity program should constantly challenge your ongoing assumptions and evaluate the accuracy of your program. You should regularly review and adjust thresholds amounts for such investigations and study new typologies. Tone at the top is key in the suspicious activity area of AML compliance so your company should create a culture of compliance, ensure the staff is aware and empowered to do the right thing. Your compliance program should incorporate ongoing monitoring and outcome analysis. Lastly, do not forget to train.

Most non-financial enterprises do not look at potential AML issues, certainly not as thoroughly as financial institutions. However, I believe that this may well be the next area that corrupt persons and parties will try to exploit from otherwise law-abiding entities. The time to prepare is sooner rather than later. Switzer has laid a protocol which you can implement and which can go a long way down the road to protecting your company.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013