You are on page 1of 15


Compliance in Financial Institutions Fall 2013 I. CULTURES OF COMPLIANCE AND THE COMPLIANCE FUNCTION A. Tone at the Top (TATT) 1. Tone at the Top: The example set by upper levels of management, especially the CEO and the organizations most senior people by words and especially by actions, for the rest of the company. 2. The leadership sets the tone for the rest of the organization and the culture reflects their action, whether positive or negative. a. People emulate their leaders. 3. Tone in the middle further and enhances tone at the top. 4. A negative ethical culture, such as one where ethics is viewed as a hindrance to the business, indicates that management is not dedicated to making this commitment. 5. Creating TATT 1) Create well-thought out and easily understandable code of conduct; 2) Communicate it to all employees; 3) Reinforce it by having each senior executive and director embody the code. 6. For compliance to flourish, there must be meaningful accountability. a. Meaningful Accountability: When people take responsibility for their action and their actions have consequences. B. Redflex 1. FACTS Mayor threated to veto a bill concerning a red-light camera company unless they paid him a bribe. 2. OUTCOME Immediately upon receiving notice of the extortion attempt, Redflex contacted law enforcement to report the incident. Mayor was indicted on federal bribery charges. C. Cola Wars 1. FACTS High-level Coke employee offered to share high-level information about a new product with Pepsi. 2. OUTCOME Pepsi followed their Code of Conduct and immediately informed Coke about the theft of trade secrets. Coke quickly contacted the FBI to begin an investigation and assisted in the subsequent investigation and convictions. D. Absence of Tone at the Top 1. Gatekeepers are the auditors, lawyers, analysts, and also directors who are responsible for monitoring and oversight of others in the integrity of the financial markets. 2. Directors are fiduciaries for all stockholders; to act in their own self-interest is a breach of loyalty. E. Communicating Values 1. Top companies will have deeply ingrained core values, which are the bedrock of the company. 2. Great values are directly linked to great success. 3. CEO is the best communicator of an organizations value to the executive and other employees. F. Moritz, Consultant with Daylight Forensic 1. Organizations are established to generate revenues and operations and business development personnel are quite understandably focused on that objective. 2. Compliance requirements are frequently viewed as necessary evils. 3. The key elements needed for a successful compliance initiative a. #1 Objectivity i. Outside consultants have to gather and absorb a great deal of information about policies and procedures, and whether they are being followed in practice. ii. Most often, the difference between high performing compliance organization and those that perform poorly hinges on cross-functional coordination and communication. b. #2 Subject Matter Expertise


In order to have credibility with regulators and/or prosecutors, a compliance remediation project must be led by one or more professional with relevant experience. ii. It is recommended practice to hire only those outside parties or internal personnel that have the experience and subject matter expertise that is required. c. #3 Empowerment i. The action and words of senior management and the extent to which they support compliance initiatives are directly related to the success or failure of a compliance remediation project. ii. Need buy in from the top. 4. Implementation a. Failing to implement can provide a roadmap for prosecutors. b. It is also important to institute a system to regularly monitor the organizations adherence to the compliance program. c. The monitoring should be performed at least once annually and should include testing across the entire spectrum of the compliance program. d. Results should be communicated to senior management, problems should be addressed in a timely fashion, and then re-tested during the next compliance audit. Tone from the Top Setting an example. Reputation Risk Must set example/tone from the top to avoid reputation risk. Shareholders pull out Ex: London Whale/JPMC How does CEO show that tone is important? CEO cannot just talk about profit oriented business; must also address compliance issues Important to set a culture of compliance o Jamie Dimon: Do the right thing, money is not everything Do you allow moral issues to come into the corporate workplace? Values + Trust + Fairness Set the ethics of a the organization Business ethics are not always about the law o EX: Sometimes disclosures are made, but not required. Instilling in every employee a duty to do whats right Culture compliance exists outside the compliance department o prevent and protect misconduct Option Manipulation Back dating grants to 6 months ago to increase todays profit Person creating the option are making way more than the other employees Joe Murphys List p.42-43 II. STATUTORY AND REGULATORY GUIDANCE A. Federal Sentencing Guidelines for Organizational Crime 1. Held organizations accountable by applying just punishment for criminal actions and deterrence incentives to detect and prevent crime. 2. Gives companies a strong incentive to have an effective compliance program, either to receive a lessened sentence or mandated part of probation. 3. Jail sentences have gotten longer in the last few years. 4. Often corporate officials plead ignorance with broad assertions of lack of criminal intent.



a. This type of defense will be effectively undercut by the use of the standard ostrich jury instruction. b. The instruction tells the jury to determine the defendants knowledge from all the facts of the case and from their action; knowledge may be inferred by a combination of suspicion and indifference to the truth. c. A person cannot avoid liability by deliberately averting their eyes and ignoring conduct they suspect is improper. 5. The guidelines specifically mention an effective compliance program as a factor that influences sentencing decisions. B. McNulty Memorandum (issued in 2006) 1. DOJ shifts policy away from regular request for voluntary disclosure of privileged materials. a. Prosecutors may only request waiver of attorney-client or work product protections when there is a legitimate need for the privileged information to fulfill their law enforcement obligations. i. Legitimate Need: Must go beyond convenience or desirability for information, and needed based on the totality of circumstances. b. Requires making a special request and approval from her U.S. Attorney. 2. High value is placed on companies internal investigation quicker response times. a. Corporation is in the best position to discover and evaluate relevant evidence. 3. Prosecutors are given wide latitude in making charging decisions. a. Part of the decision involves analysis of the corporations pre-existing compliance program and its remedial actions. 4. Even though the government may reduce a sentence based on an effective compliance program, a company cant count on it. C. In Re Caremark (1996) 1. FACTS: Stockholders allege failure to monitor. 2. HOLDING: Court held that directors are potentially liable for a breach of duty to exercise appropriate attention if they knew or should have known that employees were violating the law, declined to make a good faith effort to prevent the violation, and the lack of action was the proximate cause of damages. a. Duty of care, in good faith. b. Problems Incentive to create labyrinth of procedures; compliance bureaucracies; does not motivate activeness. 3. Stock exchanges have enacted corporate governance rules as a listing prerequisite. D. Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles (2008) 1. Applies to banks that are large or greater than $50B. 2. Each foreign banking organization supervised by the Federal Reserve should implement a compliance program that is appropriately tailored to the scope, complexity, and risk profile of the organizations U.S. operations. a. Foreign banks have flexibility in organization oversight structure. 3. Compliance independence should not preclude compliance staff from working closely with the management and staff of the various business lines. a. MORE effective when STRONG WORKING RELATIONSHIPS between compliance and business lines exist. 4. Compliance staff should not be compensated on the basis of the financial performance of the business line. 5. Risk assessments are the foundation of an effective compliance monitoring and testing program. 6. Board of Directors a. Responsible for setting an appropriate culture of compliance within their organizations, for establishing clear policies regarding the management of key risks, and for ensuring that these policies are adhered to in practice. 7. Senior Management


a. Responsible for communicating and reinforcing the compliance culture established by the board and for implementing measures to promote the culture. E. Factors in Evaluating an Effective Compliance Program 1. Comprehensive 2. Extent and pervasiveness of the criminal conduct 3. Number and level of the corporate employees involved. 4. Serious, duration, and frequency of the misconduct. 5. Any remedial action taken by the corporation, including restitution, disciplinary action, and revisions to corporate compliance programs. 6. Promptness of any disclosure of wrongdoing. 7. Effective of corporate governance mechanisms in detecting and preventing misconduct. F. SEC 4 Factors Self-policing; Self-reporting; Remediation; Cooperation 9/10: Statutory and Regulatory Guidance with Respect to Corporate Compliance Reverse Mortgage Pay Day Loans Tone from the top Culture of compliance Corporate values Do the right thing

Anderson Accounting Culpability Index Sentencing Guidelines Credit- Internally report the problem, promptly report it, and fix it Carrot in Seaboard p. 62, put out to help clean up mess Foreign Corrupt Practices FERC III. ETHICS AND CODE OF CONDUCT A. Seven Steps to an Effective Compliance Program 1. FSGO requires an organization to exercise due diligence to prevent and detect criminal conduct. 2. Compliance standards and procedures. 3. Organizational leadership and a culture of compliance. 4. Reasonable efforts to exclude prohibited persons. 5. Training and communication of standards and procedures. 6. Monitoring, auditing, and evaluating program effectiveness. 7. Performance incentives and disciplinary actions. 8. Response to criminal conduct and remedial actions. B. Code of Conduct Benchmarking and Evaluation 1. Public availability 2. Tone at the top. 3. Readability and tone. 4. Non-retaliation. 5. Commitment to stakeholders. 6. Risk topics. 7. Learning aids. 8. Presentation and style. C. Code of Conduct 1. Cornerstone of an effective compliance program and culture of compliance is a strong value system based on integrity. D. NYSE Stock Exchange Code of Business Conduct


1. Lists most important topics for company policies a. Conflicts of interest b. Corporate opportunities c. Confidentiality d. Fair dealing e. Protection and proper use of listed companys assets. f. Compliance with law, rules, and regulations. g. Encouraging the reporting of any illegal or unethical behavior. 9/17: Ethics and Codes of Conduct Adelphia - Transition from mom-pop business to publicly traded company required different rules and procedures o Written form - Similar to conglomerate Tyco used company money as a piggy bank [$2M birthday party, shower curtain, etc.] - Company code of conduct and ethics o Generally were written in-house, difficult to read/understand, etc. o Requiring employees to sign an affirmation that they have read the handbook for accountability purposes. - Conflict of Interests o Compensation incentivizes are built to incentivize employees to increase revenues o Working for competitors (ex: tellers, programmers, etc.) o Private v. public side o Purchasing stocks on the gray list o Personal financial arrangements between employees (institutions have their own programs to help out employees, etc.) - Corporate Opportunities o EX: Using letterhead, competitors and commission, etc. - Compliance with Laws o Reputation risk o Insider trading laws o Political contributions - Encouraging the Reporting of Any Illegal or Unethical Behavior o MS Encourages employees to act autonomously and use best judgment in making the right decisions. Non-retaliation commitment complies w/ NYSE requirement Supervisory responsibilities Puts the supervisor responsible for employees failure to comply certain laws + Section about who to go to when its the supervisor itself requesting you do something wrong. Integrity hotline NYSE: Uses the phrase proactively promote ethical behavior. General talk to supervisor direction. Mentions the retaliation requirement. NYSE says nothing about gifts and entertainment, but MS does say a lot about it. o

Supplier gifts: - MS says you cannot give or receive a gift except one of or below nominal value - Must be an occasion - Different source, didnt solicit, thanks for companys business or good service, reward, never appropriate gifts


Whistleblower A. Sarbanes-Oxley Act



B. C.





1. Created the Public Company Accounting Oversight Board a. PCAOB: Oversees audits of public companies that are subject to securities laws. 2. SOX compliance is expensive, but the costs have fallen and the SEC has taken steps to address the issue. 3. Other countries are moving in similar direction, with higher standards and provisions similar to SOX. Other compliance laws include industry standards or organizational certification requirements. Computer Associates 1. FACTS: Major technology company with worldwide operations that suffered through many years of media headlines of accounting fraud, investigations, prosecutions, and convictions. Had 35-day month fraud. 2. OUTCOME: CA agreed to a Deferred Prosecution Agreement and also to pay $22.5M into a restitution fund for investors to settle the SEC lawsuit and avoid criminal prosecution. Brought in John Gnazzo who rebuilt the compliance program. a. Forefront of compliance program is integrity. b. Used hotlines, webscast, salary based on compliance, firings to education training seminars, independent auditing committee, staffed HR. c. Business Practice Officers: Regional compliance deputies in countries where CA operates. Gnazzos Best Practices for a World Class Compliance Program 1. Head of compliance is seen at the table. 2. CCO must be independent. 3. Open communication program. 4. BPOS embedded in offices worldwide. 5. Strong investigate response and process for allegations. Implementation of Whistleblower Provisions 1. Whistleblower Must be a person, companies are not eligible. 2. Factors that increase an award a. Significance of information provided. b. Assistance provided by whistleblower. c. Law enforcement interest. d. Participation in internal compliance systems. 3. Factors that can decrease an award a. Culpability. b. Unreasonable reporting delay. c. Interference with internal compliance and reporting requirements. Hotlines 1. Excellent way to receive allegations of fraud and other wrongdoing. 2. Allow employees and others outside the company to communicate compliance concerns to the company for appropriate action. 3. Insures that employees will feel comfortable coming forward with critical information. 4. Must be easily accessible to callers in every country where the business operates and be available in multiple languages. 5. Must be staffed 24 hours of day, 7 days a week by live operators trained to handle these calls. 6. Should be outsourced to a third party provider to ensure transparency, anonymity, and confidentiality Most important features. Non-Retaliation Policy 1. Fear of retaliation is a significant fear among employees. 2. Every company needs a strong policy against retaliation, to encourage employees to come forward and to protect them from any reprisals. 3. Policy should be Code and employee training programs. 4. Disclosure to any matter should only be made to those person necessary to conduct a full investigation of the alleged violation or to carry out appropriate discipline.


Gifts and entertainment Morgan Stanley code did not specify limits Supplier sends scarf for expediting delivery. Allowed to accept? No. Social Media - Supervision key Whistleblowers - Some act - Whistle blowing system - Lawyers can break privilege if serous financial or bodily harm - Compliance people cannot be whistleblowers - Look to u5 record


DUTY TO SUPERVISE IN THE FINANCIAL INDUSTRY A. In Matter of Gutfreund (1992) 1. FACTS: In 1991, the management of Salomon Brothers, Inc. (defendants) discovered that Paul Mozer, an employee of Salomon, had submitted a false bid in an auction conducted by the U.S. Treasury, in violation of federal securities laws. Management did not take action on Mozers conduct for several months, and in that time, he committed two additional violations of securities law. The Securities and Exchange Commission (SEC) (plaintiff) brought an administrative proceeding against Salomons management for a lack of supervision over Mozers activities in violation of Section 15(b) of the Exchange Act. The parties settled the matter, with the SEC publishing this entry of findings in regards to the settlement. 2. OUTCOME: Found that the supervisors failure to take action to discipline Mozer or to limit his activities constituted a serious breach of their supervisory obligation. B. Section 15(b)(4)(E) of Exchange Act 1. Authorizes the Commission to impose sanction against a broker-dealer if the firm has failed reasonably to supervise, with a view to preventing violation [of federal securities laws] another person who commits such a violation if such person is subject to his supervision. C. Supervisor 1. Definition: Whether under the circumstances and facts of a particular case that person has a requisite degree of responsibility, ability or authority to affect the conduct of the employee whose behavior is at issue. 2. Supervisors do not become supervisors under 15(b)(4)(E) soley because they occupy a job position.

FINRA looks at o Brokerage licensing anyone who comes in contact with customers 28 different ones available EX: Series 7, Series 23-24 Both need to know what their duties are Requires yearly education o Supervisors on a daily basis must read all the correspondence that is coming in and out of the group (includes email, anything that could be correspondence) o OSJ Office of supervisory jurisdiction o Insider trading: buying/selling on non-public material information o Cell phone usage is not allowed on the trading floor, because it has to be on a recorded line. o If you tape-record the call, you have to have surveillance on it too. (Difficult job, esp. with 15,000 brokers) Usually done with computers and random sampling, important to make sure enough are being recorded.


o 2) SIFMA- Securities interest group o White paper on compliance o Evolving role paper Risk assessments VI.

Pre-clearance for employees Usually requires the employees have their stock account at the firm Certain exceptions, etc., but then the statements were sent to the firm. Prevents front-running, insider trading, etc. Brokerages need audit department. Also have testing different from real audit Duty for legal/compliance if acting like a supervisor (discipline is an important factor)

PRIVACY, DATA SECURITY, AND DATA BREACH A. Gramm-Leach Bliley Act 1. Privacy Obligation Policy: Each financial institution has an affirmative and continuing obligation to respect the privacy and to protect the security and confidentiality of those customers non public information. 2. Opt Out a. May not disclose personal information unless it is disclosed to customer, customer is given an opportunity to direct that it not be given to a 3rd part, and customer is given an explanation of how to do that. ANTI MONEY LAUNDERING A. Money Laundering 1. Money Laundering: Process of filtering dirty money through a series of transaction in order to disguise or prevent detection of the source of the money. 2. Dirty funds are laundered to give them the appearance of proceeds from legitimate activity. 3. Consists of 3 steps a. (1) Placement: Placing of unlawful cash proceeds into commerce, whether through deposits or other means. b. (2) Layering: The separating of the criminal proceeds form their source of origin through may layers of complex financial transactions. c. (3) Integration: The use of seemingly legitimate transaction to disguise the laundering of criminal proceeds back to the criminal. B. Bank Secrecy Act 1. Congress passed the BSA in 1970. 2. Main purpose is to prevent financial institutions from being used as unwitting intermediaries for criminal activity. 3. Expected to reduce illegal activity by removing an implementation device and providing law enforcement with another means to more easily detect criminal schemes. 4. Requires financial institutions to report many types of transaction activity. 5. Reporting Requirements a. CTRs Currency Transaction Reports i. Required to be filed by a financial institution with the Treasury Department for any cash deposits, cash withdrawals, exchanges of currency, or other transfers of cash in excess of $10,000. ii. Must treat as one transaction if its by one individual in one day. b. SARs Suspicious Activity Reports i. Must be filed to report any suspicious activity that may relate to the violation of any law or regulations. ii. Bank must file a SAR at discovery of Any type of insider abuse; Violations of federal law when aggregate is $5K or more, and transaction in aggregate of $5K



or more that might involve money laundering, violations of BSA, or attempts to avoid BSA requirements. c. FBAR Report of Foreign Bank and Financial Accounts i. Any U.S. person or businesses, including financial institutions that are subject to U.S. jurisdiction, and have an interest (account, whatever) with an aggregate value exceeding $10K at any time during the year. d. FinCEN Financial Crimes Enforcement Network i. Person: Citizen or resident of U.S., a domestic partnership, a domestic corporation, or a domestic estate or trust. 6. Recordkeeping Requirements a. Must maintain certain records for 5 years. b. A bank must also maintain records of cash sales of all monetary instruments for between $3k-$10k, inclusive. c. Banks are required to retain records of all fund transfers of $3k or more that it sends, receives, and for which it acts as an intermediary. d. What information depends on the role in the process. e. Might be required to pass information to the next bank in a transfer chain. C. USA PATRIOT Act 1. Title III of the Act strengthens laws to counter money laundering and terrorist financing activity. 2. Amends the Bank Secrecy Act and allows for better prevention, detection, and prosecution of money laundering and terrorist financing. 3. Federal governments powers are strengthened by the Act in 3 areas a. (1) Regulations i. Requires all financial institution to implement and maintain and AML program. ii. At minimum, this would include a compliance officer, employee training program, internal policies, procedures and controls, and an independent audit function. b. (2) Criminal Sanctions i. Expands money laundering within the U.S. to include funds that are proceeds of foreign crimes of violence and political corruption. ii. Bans the laundering of the proceeds from cybercrime and prohibits supporting terrorist organizations. c. (3) Forfeiture i. Criminal forfeiture can be ordered by the court as a sanction to an individual or entity convicted. ii. Forfeiture finding requires the accused to forfeit to the U.S. government all property that is used for or is the proceeds of a criminal offense. iii. Asset Forfeiture Fun (Fund) receives proceeds of forfeiture and funds future investigations. D. Non-Financial Institutions 1. Persons involved in any trade or business are required to file an IRS/FinCEN Form 8300 for cash transaction over $10,000 and can face severe penalties for failure to comply. E. Compliance Programs 1. KYC Know Your Customer a. Due diligence program used to detect and identify any activity that is unusual or suspicious. 2. Red Flags a. Activity inconsistent with the customers business. b. Avoidance of reporting or recordkeeping requirements. c. Fund (wire) transfers. d. Insufficient or suspicious information provided by a customer. e. Certain activity or behavior by a bank employer. 3. Internal Controls and the Audit Function


a. A financial institution needs to have properly designed internal controls in place and the appropriate periodic independent audit function to test those controls and the program as a whole. b. Needs to an independent audit of the compliance department as a whole. 4. When suspicious activity is identified, the institution is then required by BSA and PATRIOT Act to perform an investigation into the potentially suspicious activity and determine whether it rises to the level that would require the filing of a SAR. F. Foreign Statutes 1. Many countries have followed the U.S.s lead in enacting their own regulations and requirements. a. Bahamas, Switzerland, Columbia, and Indonesia Money Laundering 1. Layering conducting series of transactions to hide the funds 2. Placement 3. Integration US 1956-1957 Swiss bank secrecy Policy decision of Congress is that the banks should want to know where the money is coming from, because its their problem too. KYC Know Your Customer

Core Foundation 1. Policies and procedures 2. Designated BSA compliance officer 3. Training 4. Independent testing Difference between fraud and money-laundering Money laundering makes bank money Prevention o CIP If a person walks in with $40M, their risk profile changes and their CIP changes Bank would have to establish a reasonable background for the client. o KYC Detection o Monitoring Once the computer program realizes the weird transactions on an account, a human needs to analyze this information. o KYC Periodical or event-based Reporting o SAR Targets o CTR Bank is required to file a report if you have take out $10,000 It is illegal to withdraw $8,000 to avoid the CTR


OFAC A. OFAC Office of Foreign Asset Control



1. Administers and enforces economic sanctions against targeted foreign countries, regimes, terrorists, international narcotics traffickers, and persons engaged in activities related to the proliferation of weapons of mass destruction. B. Lloyds Bank 1. FACTS On December 22, 2009, the U.S. Treasury Departments Office of Foreign Assets Control (OFAC)announced the settlement of apparent violations by Lloyds TSB Bank of OFAC regulations relating to Iran, Sudan and Libya. As reported here, Credit Suisse recently announced it had reached a $536 million settlement with regulators relating to violations of sanctions, including OFACs Iranian sanctions program. OFAC noted that Lloyds had fully cooperated with OFAC and promptly provided results of internal investigations. 2. OUTCOME The settlement requires annual compliance reviews and reporting to OFAC for the next two years. Lloyds agreed to pay a $215 million fine which was deemed satisfied by its earlier payment of a $350 million fine to the U.S. Department of Justice and the New York Count District Attorneys Office relating to the same matters. IX. CORRUPTION A. Foreign Corrupt Practices Act 1. Prohibits individuals and companies from corruptly making use of the mails or any means or instrumentality of intestate commerce in furtherance of an offer, promise, authorization, or payment of money or anything of value to a foreign official for the purpose of obtaining or retaining business for, or directing business to, any person or securing any improper advantage. 2. Requires issuers to implement policies and practices that reduce the risk that employees and agents will engage in bribery. 3. Knowing falsification of company records is prohibited. B. Schnitzer Steel 1. FACTS: Company acquires subsidiaries in foreign companies where there was previously a practice of paying bribes to foreign government officials to secure business. Practice continued after the acquisition. 2. OUTCOME: SEC discovered (with companys cooperation) kickbacks being paid in the form of gifts, etc. to local managers. Concealed as commissions, discounts or refunds. 3. REMEDIAL EFFORTS: Hired compliance consultant; Full cooperation; Evaluation of policies and procedures to determine if they are reasonably designed to detect and prevent violations; Adoption of all recommendations of the compliance consultant. C. Metcalf & Eddy 1. FACTS: Firm convicted of violating FCPA for unlawfully providing travel and entertainment expenses to Egyptian public officials. 2. REMEDIAL EFFORTS: Sets the standard for what the government expect in a FCPA compliance program. a. Clear FCPA policy; b. Establishing compliance standards and practices to be followed by employees, consultants, etc.; c. Assignment of senior officials to be responsible for oversight of compliance program; d. Creating and maintaining a committee to review the hiring of agents, consultants, or other representatives to do business in a foreign country; e. Clear corporate policies to make sure the company does not delegate substantial discretionary authority to individual that the company knows or should know are likely to engage in illegal activities. f. Making sure the company only does business with reputable and qualified individuals. g. Communicating FCPA policies, standards, and procedures to employees through training, etc. h. Implementation of appropriate discipline measures. i. Establishing a reporting system where criminal conduct can be reported without fear of retribution. j. Including in all foreign business contracts provisions on banning foreign bribery.


k. Periodic review of policies. l. Prompt investigations of reported alleged violations. m. Use objective measures to determine the regions or countries of high risk and conducting rigorous audits of its operations in such areas. D. U.K. Bribery Act of 2010 1. Introduces 4 new offenses a. Offering, promising or giving a bribe to another person; b. Requesting, agreeing to receive or accepting a bribe from another person; c. Bribing a foreign public official; and d. A corporate offence of failing to prevent bribery. 2. Key New Offense a. Introduces a new offence for businesses failing to prevent bribery. b. A business will commit the offence if an associated person performing services on its behalf bribes another person in order to obtain or retain either business or a business advantage for the company. c. The definition of associated person is very broad. 3. Potential Defense a. The only defense available to the company is proving that it had adequate procedures in place designed to prevent bribery from being committed by those performing services on its behalf. b. The government has published guidance on what constitutes 'adequate procedures'. 4. Jurisdiction a. The Act has a wide territorial scope. Acts of bribery committed by anyone in the UK or, if overseas, by a British citizen or any other person with a close connection with the UK can be prosecuted. b. The new corporate offence applies to any UK incorporated entity and any overseas entity that carries on a business or part of a business in the UK. 5. Penalty a. The Act carries a maximum penalty of 10 years imprisonment for all new offences, except the offence relating to commercial organizations, which will carry an unlimited fine. Arthur Middlemiss Must make sure the foreign companies have a plan, dont bring risk into U.S. banking system. Typical Bank Control Did you assess the risk of the transaction? Is it normal for the customer? Did you file a SAR? Banks concerns are primarily outward what its customers bring in. Foreign Corrupt Practices Act Usually looking at one transaction usually high dollar/conducted by corporations big guys Look at own processes o What are my own employees doing? Walmart April/2012 Whistleblower, routinely paid bribes in Mexico to get their giant buildings built really fast (because Mexico) $24M in suspicious transactions Problem was the once it happened it was covered up. 12/12 had to direct a shit ton of resources to making sure compliance bad for walmart Mark Cuban


OFAC Office of Foreign Asset Control IEEPA TWEA Sanctions o (1) Encourage change in behavior o (2) Apply pressure to comply o (3) Prevent and suppress terrorists o (4) Enforcements tools when international peace is threatened. Economic sanctions are a big deal for Iran If a country is a sanctioned country, two types of licenses to get: general (medical, educational, etc.) or specific Two types of sanctions: list-based (names of terrorists, drug dealers, etc.) and country based. o Also blood diamond sanction program, nuclear proliferation, etc.

FCPA 1) Company must keep accurate books and records. 2) Prohibits US companies, US citizens, etc. o Offering paying or promising o Money or anything of value o Directly or indirectly to obtain an improper advantage o To a foreign official o With corrupt intent Facilitation payments are not illegal. o UK payments acts says illegal but then it says maybe not


RISK ASSESSMENTS, RED FLAGS, AND MONITORING A. Specific Risk Areas 1. Acquisitions 2. Competitive landscape 3. Strong international growth 4. Customer base 5. Use of agents and other 3rd party channels 6. Internal control deficiencies 7. Adverse metrics 8. Incentive compensation B. Forensic Analysis Should focus on: 1. Potentially Anomalous Transactions: Designed to hide in plaint sight represent a miniscule percentage of the overall volume, but can potentially expose companies to a lot of liability. 2. High Risk Relationships: Include entities with whom the company is doing business, where a company employee has an undisclosed relationship or with entities that otherwise pose a high corruption risk. CORPORATE INVESTIGATIONS A. Investigative Response 1. A robust fraud prevention program will include risk assessment, detectin, education, awareness of fraud issues and prevention, and responsive investigations. 2. Fraud investigative unit must be responsible for the detection, investigation, and prevention of fraud and must have the strong support of senior management and the Audit committee. 3. Consideration should be given to hiring former law enforcement officials. a. Also Certified Fraud Examiners, Certified Protection Professionals, Professional Certified Investigators, etc. b. Investigator should get a minimum of 40 hours of training a year. 4. High-tech tools and resources to further their investigative efforts should supplement investigator skills.



5. Investigative Framework should be developed a. Intake Process: How compliance issues are routed for review an investigative determination. b. Assignment Process: Decides who actually conducts the investigation and under what oversight. c. Investigative Plan: Created at start of an investigation to identify the scope of the investigation, what documents will be analyzed, tools needed for the process, who will be interviewed, who leads, what investigative assistance will be needed, who will be needed from HR, legal, etc. B. Investigator Code of Conduct 1. Best practice to create a specific investigator code of conduct. 2. Countered issues raised regarding the behavior of investigators like spying on employees, surveillance techniques, use of personal information, etc. 3. Investigators should not permit any bias, prejudice, or preconceived opinion to impede the investigation. 4. Should always report facts accurately and completely. C. Upjohn v. U.S. (1981) 1. FACTS Counsel for Respondent, Upjohn Corporation, conducted a confidential investigation of the companys international offices following reports that some foreign managers were making questionable payments to various foreign government officials in violation of U.S. law. When the IRS attempted to obtain copies of questionnaires, memoranda, and interview transcripts from Upjohn relating to this investigation, Respondents objection on attorney-client and work product grounds was overruled by the Appeals Court, which held that attorney-client privilege did not apply to communications made by employees not in Upjohns control group; i.e., not responsible for directing the companys policies. 2. RULE When an attorney is retained to represent a corporation, the attorney-client and work product privileges may extend to every employee in that corporation. 3. HOLDING Corporate counsel represent the corporation, not merely the control group of officers and directors. Any employee capable of making a decision that would substantially effect the corporations legal position must be granted this privilege so that counsel may properly assess the corporations liabilities. Lower court reversed. Dont use a firm that does a lot of work for you, so they can be considered to be independent counsel. o Helps when discussing this with prosecutors How did the allegations arise? o Whistleblower? You get a lot. People will be on alert and then will complain about others to keep their own jobs. Regulatory request/industry sweeps (FINRA/SEC use) o They check to see how widespread the issue is. Legal and compliance people who read the news every day and run names them through information to see if they have accounts and such. Law firms dont usually do the investigations themselves bring in consulting firm because they have to bring in business people to analyze the numbers/ technology/ know where to get info. Big issue that comes up interviewing employees o Charters provide for indemnification and legal fees for employees if there is an investigation going on in your company. o When an employee is being investigated, generally the corporation will pay the legal fees and the employee can hire counsel to represent them. o Issue when do you say to an employee hey get a lawyer Internal counsel should not be in the room when the interview is going on. o Issue Employee wont talk if he sees the corporations lawyer in the room. o Issue Employee might think the corporations lawyer is THEIR lawyer. 18 USC 1512 obstruction of justice for employee not cooperating Corporation has attorney-client privilege


Dont have to worry about control group theory Upjohn warnings (inside or outside counsel) o Counsel represents the company and not you, the employee. o The communications between the attorney and company are protected by the attorney-client privilege. o The attorney client privilege belongs to the corporation and not the employee. o The corporation not the employee may choose to waive the privilege. If the interests between the employee and corporation change, then the employee agrees to repay the attorney fees. Hercules v. exxon Meeting o Start with warnings.


DRAFTING COMPLIANCE POLICIES AND PROCEDURES A. Why Create an Online Policies and Procedures System? 1. Ease of access. 2. Cost effectiveness. 3. Responsiveness. 4. Accountability. B. Policies and Procedures 1. Policies: Reflect the rules governing the implementation of the processes. 2. Procedures: Represent the implementation of policy and should evolve over time as rules change, new tools emerge, etc. 3. It is recommended that they are in different documents. C. Social Media 1. Social networking sites typically contain both static and interactive content. 2. The portion of a social networking site that provides for interactive communications constitutes an interactive electronic forum. a. Firms are not required to have a registered principal approve these communications prior to use. b. Firms must still supervise these communications. 3. When placing restriction on a personnels account, firms must require only those associated persons who have received appropriate training on the firms policies and procedures regarding the interactive communications may engage in such communications.

Policies/Procedures in Social Media Choice to permit or not permit. Need recordkeeping from supervisory capacity, surveillance, and disclosure statements. Two types of blogs: static (used generally as an advertisement) or non-static (difficult for FINRA, will lead to complications) Policies MUST BE Simple, consistent, and easy to use. o So people read it. Difference between policy and procedure Policy is how-to and policy is explains it Need buy-in from business people, because they are closer. Netflix CEO Hastings announced they were doing a billion viewing hours a month, but CFO says $2B a quarter. Made the material statement on his FB statement page. If you make a material statement, you need file the disclosure forms (8k with SEC first, which he didnt do).