Perspectives on Enforcement: Self-Reporting and Cooperation at the CFTC

by James McDonald

September 25, 2017 – 6:00 p.m.
NYU School of Law: Program on Corporate Compliance & Enforcement /
Institute for Corporate Governance & Finance
As Prepared for Delivery

Thank you for that introduction.  I’m happy to be here with you all today.  I want to talk today about some of our priorities for the CFTC’s Division of Enforcement, and in particular about our cooperation and self-reporting program.  In just a minute, I’ll talk in some detail about this program.  But to frame that discussion, I want to start by talking more generally about our mission in the CFTC and the Division of Enforcement, and some of our priorities going forward.  As I get started, please keep in mind that these are my own views and not necessarily those of the Commission or its staff.

CFTC Mission and Division of Enforcement

At the CFTC, our mission is to foster open, transparent, competitive and financially sound markets.  A vigorous enforcement program is essential to fulfilling this mission.  As Chairman Giancarlo has made clear, under his leadership, there will be no pause, no let up, and no relaxation in the CFTC’s efforts to enforce the law and punish wrongdoing.[1]

We in the Division of Enforcement have worked hard to follow through on that commitment.  We’ve pursued manipulation wherever we’ve found it—from cattle futures traded by feedyards to financial instruments traded by Wall Street banks.  We’ve brought fraud cases in traditional markets like precious metals, and in new markets like virtual currencies.  We’ve taken a leading role in stopping spoofing in our markets.  And those are just a few of the highlights.  We’ve done this without fear or favor.  And we have no plans of slowing down.

But against the backdrop of these enforcement actions, it’s worth reiterating how we think about our goal.  It’s not to bring enforcement actions for their own sake.  Rather, we’re mindful of our agency’s broader mission to facilitate healthy, robust, and resilient markets, and our ultimate goal is to deter misconduct in these markets.   Of course, we’re the Division of Enforcement.  So you shouldn’t be surprised that a primary way we do this is by bringing enforcement actions—often carrying substantial penalties.  That’s an important part of our job.[2]  But our efforts are always aimed at finding the best way to deter misconduct.

From this vantage point, we recognize that enforcement actions alone aren’t enough to prevent misconduct in our markets.  It’s not enough for us to wait for violations to occur, detect as many as we can, and then prosecute as many of those as we’re able.  That’s like playing a game of whack-a-mole—as soon as we bat down one violation, others just keep popping up.

Instead, to achieve optimal deterrence, we in law enforcement need the buy-in from the communities we police.  This is a reality that isn’t limited to the financial arena.  It’s a fact that applies across the board—from white collar crime in a company to violent crime on the street.  And law enforcement officials across the spectrum have to be thoughtful about how to meet their goals while keeping this reality in mind.  This is part of what our cooperation and self-reporting program is designed to achieve, and that’s what I’m going to talk about today.

Cooperation and Self-Reporting as a Law Enforcement Tool

Let me back up a little bit and explain what I mean.  I came to this job from my previous one as a federal prosecutor in the Southern District of New York.  There, I learned early on that you can’t prosecute unlawful conduct out of existence.  And I learned that to be true whether you’re talking about white collar crime or violent crime.

In one of my cases at SDNY, we charged two rival gangs with racketeering offenses.  We arrested and charged about fifty gang members who, for more than a decade, had terrorized a neighborhood in the South Bronx.[3]  Several of these gang members were responsible for murders that had previously gone unsolved; we charged these murders as murder in aid of racketeering, which carries a mandatory life sentence, and the possibility of death.  Several of the low-level gang members cooperated against the higher-level members.  Those cooperators gave us an inside perspective into how the gang worked, and who gave the orders.  The cooperation of the low-level members helped us successfully prosecute the higher-level members; they helped us go up the chain and hold the leaders responsible.

But even as we prosecuted the leaders of the gang, we knew that we couldn’t prosecute or arrest our way into peace in that South Bronx neighborhood.  We knew that our prosecution was necessary to return the neighborhood to normal and lawful order.  But it wasn’t sufficient.  Our prosecution couldn’t fix everything.  But it could provide the good folks in the community the protection and space necessary for them to take back their neighborhood.  And that’s what they did.  After we charged and arrested the gang members, the community came together and, with the help of neighborhood organizations and other government actors, resolved to clean up the neighborhood, to teach its younger members to respect the law, and to report unlawful activity when they saw it.  All the while, we in law enforcement served as their backstop.

Why do I mention this?  Is it so we can get our “tough on crime” message across with headlines reading “CFTC compares corporate misconduct to RICO murder?”  Of course not.

I mention it because it’s important for law enforcement in all contexts to have the humility to recognize that we’re one piece of the answer—an important piece to be sure—but just one piece.  For the most part, our job is to investigate, identify, and punish misconduct after it’s happened.  This type of after-the-fact punishment of course deters future misconduct.  But if deterrence is the goal, we can achieve even more deterrence—sometimes even stopping the misconduct before it starts—when a community is committed to it too.  That’s true whether you’re talking about a residential community in the South Bronx, or a financial community on Wall Street.

So what does this mean for enforcement in our markets?  It means that, with this perspective in mind, we at the CFTC are committed to working together with the companies and individuals we regulate to identify and prosecute wrongdoing that has occurred, and to stop future wrongdoing before it starts.  In particular, we’re committed to giving companies and individuals the right incentives to voluntarily comply with the law in the first place—and to look for misconduct and report it to us when they see it.  Just like the folks in that South Bronx neighborhood, companies are well positioned to detect wrongdoing in the first instance and to report it to authorities.  And once that misconduct has been stamped out, the companies are in a position to take preventative measures, to educate their employees on best practices, and to ensure the law is obeyed going forward.

We know the vast majority of businesses and market participants want to obey the law.  We know they work hard to do the right thing—not because they’re afraid of getting caught.  But because they want to run their businesses the right way.  These businesses know that misconduct within a company diminishes confidence in management.  It undermines the company’s culture.  It spawns even more misconduct.  And it creates enforcement risk—which could lead to substantial losses in the form of fines, or even criminal investigations and prosecutions.[4]  That’s why our markets are filled with people and businesses committed to doing the right thing.

We owe it to these businesses and individuals to make sure they compete on a level playing field.  We know that’s essential for them to thrive.  Unlawful activity puts honest businesses at a disadvantage.  It impedes free and fair competition.  It dampens economic growth.  And it undermines our democratic values, public accountability, and the rule of law.  That’s why we’re committed to ensuring all companies and individuals play by the rules.

So we come to the job with the understanding that both the Division of Enforcement and the companies we regulate want to prevent misconduct in the marketplace.  Are there things we at the Division of Enforcement can be doing to better achieve that shared goal?  We think there are.  One place we think we can be doing better is in the area of cooperation and self-reporting—and by implementing the program I’m talking about today.

Cooperation and Self-Reporting at the CFTC

Our cooperation and self-reporting program starts with the premise that the vast majority of businesses want to comply with the law.  But we also know that companies with even the best intentions can make mistakes, make bad choices, or have a few bad actors.  And we recognize that no matter how much corporate leaders may want to foster compliance within the company, when they detect misconduct, their decision whether to voluntarily report it often comes down to a business decision—to dollars and cents.  What’s the risk that, if we don’t report, regulators will detect it?  If they detect it, how much might we get fined?  If we report it, what sort of treatment can we expect?  Depending on how the answers shake out, company leadership may decide to voluntarily report the wrongdoing—or not.[5]

We at the CFTC want to shift this analysis in favor of self-reporting.  We think we can do this.  We think we can do it by spelling out the substantial benefit, in the form of a significantly reduced penalty, we’ll recommend for companies and individuals that self-report.  And by making crystal clear what we expect from self-reporters who want this substantial benefit.

That’s what I’m going to outline for you today.  First, I’m going to talk in some detail about this self-reporting program, and I’ll talk about it in the context of company self-reporting.  Then I’ll say a few words about our cooperation program more generally, and about some of the broader principles and ideas at play.

OK, so what do we expect from a company that wants to be treated as a self-reporter, and that wants the substantial benefits that come with it?

First, we expect the company to voluntarily report wrongdoing to the Division.  This disclosure must be truly voluntary—it must be made before an imminent threat of disclosure or of a Government investigation, and it must be made independent of any other legal obligation.  It also must be a real disclosure—it has to be made to the Division of Enforcement in a manner designed to notify us of the misconduct.  A company can’t simply make a vague reference to the conduct, tucked away in the depths of some compliance report, and later claim to have voluntarily disclosed.  It doesn’t work that way.

The company also must disclose the misconduct to the Division within a reasonably prompt time after becoming aware of it.  And the company must disclose all relevant facts known to it at the time.  We recognize that, at the time of the first voluntary disclosure, the company may not yet know all of the relevant facts, or even the full extent of the conduct.  That’s ok.  To incentivize voluntary disclosure at the earliest possible time, we’ll recommend the company receive full credit where the company made diligent efforts to figure out the relevant facts at the outset, fully disclosed the facts known to it at the time, continued to investigate, and disclosed additional relevant facts as the company became aware of them.

Second, the company must fully cooperate with the Division throughout the investigation.  We’ve issued detailed guidance that lists the sorts of things we expect for full cooperation.  These requirements include things like disclosing all facts relevant to the misconduct as the company becomes aware of them during its own investigation—including facts related to the involvement of any individuals.  That’s an important point.  It’s not enough simply to report the wrongdoing in a general narrative.  Particular facts should be attributed to particular people.

We expect this cooperation to be proactive, not reactive.  It’s not enough just to be responsive to Division staff during the course of an investigation.  Some of this falls on us:  Because the specific requirements for full cooperation are always case specific, you should expect us to clearly communicate what we expect from your cooperation.  And some of this falls on you:  Full cooperation requires an active effort to find all related wrongdoing, and not taking a squinty-eyed view of the facts to minimize the misconduct or avoid disclosures.

Third, the company must timely and appropriately remediate to ensure the misconduct doesn’t happen again.  This means the company must work to fix the flaws in its compliance and internal controls programs that allowed the misconduct in the first place.  Just like with full cooperation, the exact type of remediation is going to depend on the circumstances of the particular case.

If the company does these things, we in the Division of Enforcement will commit to do the following.

First, we’ll clearly communicate with the company—at the outset—our expectations regarding self-reporting, cooperation, and remediation.  Our self-reporting program is not going to be a game of gotcha—where only once you’re at the settlement table do you learn there’s been one slip up in the process that takes you out of the self-reporting lane.  You’ll know right up front what we expect from you, and you’ll know if there’s a point you’re veering off course, so that you’ll have a chance to get back on track.

Second, we will work with you on remediation.  The specific remedial efforts that will be warranted in each case will vary.  But whatever the facts and circumstances, we’ll make our expectations clear, and we’ll work with you to get it right.

Third, you can expect concrete benefits in return for your self-reporting, cooperation, and remediation.  If a company does those three things, the Division of Enforcement will recommend a substantial reduction in the penalty that otherwise would be applicable.  In truly extraordinary circumstances, the Division may recommend declining to prosecute a case.

I want to mention here that many of these general themes—including the basic requirements of self-reporting, cooperation, and remediation—line up with other self-reporting programs, most notably at the Department of Justice.  One goal in advancing our self-reporting and cooperation program is to bring ours in line with our law enforcement partners, so companies covered by multiple regulators don’t have to work within multiple, sometimes conflicting, self-reporting and cooperation regimes.

So that’s a broad overview of what we’ll expect from self-reporters, and what they can expect from us, under this self-reporting and cooperation program.  But I want to be clear about a few additional things.  First, this should not be interpreted as giving a pass to companies or individuals.  From an enforcement standpoint, this self-reporting and cooperation program is one of the most aggressive tools we have in our bucket.  It’s geared towards getting companies and individuals who know about the misconduct to tell us about it.  It’s geared towards enabling us to identify all of those involved in the wrongdoing, and to prosecute the individuals who committed the wrongful acts.  This is a law enforcement tool that originated in organized crime and gang prosecutions like the one I just talked about, which we’re now applying as part of our enforcement program at the CFTC.

Through this program, we’re committed to aggressively prosecuting, not just the company ultimately responsible for the misconduct, but also the individuals involved.  And this doesn’t stop with the person who actually hit the trade button.  We’ll work hard to move up the chain to the supervisors who made the decision behind the act, or who directed it.  Just like in a racketeering case, when we talk cooperation, we’re talking cooperating up, not down.  And we’re talking about substantial cooperation—the type that allows us to bring charges against others.  This program is about gaining an insider perspective so we can more effectively prosecute all of the bad actors.[6]

The second thing I want to make clear is that two of the concepts I’ve talked about today—self-reporting and cooperation—are related, but distinct.  To be a self-reporter, you have to tell us about the misconduct before we know about it.  But our broader program also gives credit for cooperation, after the investigation is underway, where the company or individual did not self-report in the first instance.  In those circumstances, too, the cooperator stands to earn a substantial benefit in terms of a reduced penalty.  But the benefit will be less substantial than the self-reporting benefit.  The biggest reduction is reserved for those who self-report, fully cooperate, and remediate.  We will continue to give substantial credit for cooperation.  But all else equal, it will be significantly less than for those companies that self-report the misconduct at the outset.  Today, we’ve issued an update to our cooperation advisory to make this clear, and to spell out some of the things I’ve talked about today.

The third thing I want to make clear is that even when we’re talking about self-reporting, this won’t amount to a “get out of jail free” card.  If you self-report to us, that doesn’t mean you can just tell us about the misconduct and that’s the end of it.  We’re going to investigate to confirm the scope of the wrongdoing.  But we’re going to do it expeditiously.  We’re talking months, not years.  This can be further expedited by a company’s own internal investigation.  Once we have a sense of the scope of the misconduct, the resulting harm and how it can be remediated, we’ll be in a position to recommend the substantial benefit that comes with self-reporting.

Finally, I want to make clear that my goal here is not to dictate or demand any particular outcome.  The goal is not to insert ourselves into a company’s internal affairs, or to force a company to self-report.  Rather, our goal is to emphasize that companies and individuals have a choice.  They are certainly entitled not to self-report, to hope they don’t get caught, and then to defend themselves if they do.  Those are their rights.  But if they choose that course, no one should be surprised when they’re met with vigorous, aggressive prosecution, accompanied by full monetary penalties.  That’s the choice they will have made on the front end.  My point here today is to emphasize that there’s a choice in which path to take, and to highlight the incentives we believe should lead toward the path of self-reporting and cooperation.

Cooperation, Self-Reporting, and General Principles

To close, I’d like to offer a few comments about the general principles at play here.  As you can tell, our self-reporting and cooperation program is built around a few principles that I expect will guide our Division going forward, so I want to say a few words about them.

The first principle is that we can’t get to optimal deterrence by prosecution alone.  To get there, we want to have the buy-in of the folks we regulate.  As I said before, this isn’t a new idea—it’s one that spans across virtually all areas of law enforcement, and across party lines.

Second, we recognize that even businesses that want to buy-in live in a world where incentives matter.  Our self-reporting program is designed to shift those incentives in favor of self-reporting and cooperation.

Finally, I believe the program I’ve outlined today should align the interests and incentives of the Commission and the business community on this point.  From the enforcement perspective, I’ve already talked about the ways cooperation and self-reporting advance our interest in holding wrongdoers accountable and deterring misconduct going forward.

But this program should line up with businesses’ goals as well.  We know that, separate and apart from the threat of enforcement, businesses have independent reasons to comply with the law, to self-report, to do the right thing.  We want our enforcement program to complement those other independent reasons to self-report, not to undermine them.

Here’s what I mean.  When I go out and talk with business leaders, a word they often use when talking about company goals is integrity.  They talk about trying to foster and maintain a culture of integrity.  They talk about the fact that they have to overcome the reality that there’s all too often a tendency to look the other way.  To not want to rock the boat.  To get along.  This tendency can easily overwhelm the competing impulse to do the right thing.

The question at the end of the day for these business leaders is how to create this culture of integrity—this culture where good people say something when they see something fishy happening down the hallway.  It doesn’t come easily.  And it doesn’t come in one fell swoop.  It takes hard and persistent work.  It’s built act, by act, by act.  A series of events—some significant, some seemingly less so—that taken together create this culture.

It’s the business leaders—and those they promote to management—who serve as the examples for the employees they’re asking to cultivate this culture.[7]  When it comes time for the employees to make a critical decision—do the right thing or look the other way—these employees look to what the company leaders do.  Do they permit dissent?  Foster candor?  Recognize and reward integrity?  What do these business leaders do when employees raise misconduct within the company to the management level?  Do these business leaders then self-report the wrongdoing and cooperate?  Or do they turn a blind eye and hope not to get caught?

The self-reporting and cooperation program I’ve outlined today should shift the incentive structure in favor of self-reporting and cooperation.  If it does, we’ll have made great strides toward stopping misconduct in our markets.

Footnotes

[1] See J. Christopher Giancarlo, Remarks of Acting Chairman J. Christopher Giancarlo Before the 42nd Annual International Futures Industry Conference (Mar. 15, 2017).

[2] See John C. Coffee, Jr., Law and the Market:  The Impact of Enforcement, 156 U. Pa. L. Rev. 229, 242-46 (2007) (explaining that vigorous enforcement in U.S. markets contributes to higher valuations and reduced cost of capital).

[3] See Press Release, “48 Members And Associates Of 2 Rival Bronx Street Gangs Charged In Federal Court With Racketeering Offenses, Including 3 Murders, Narcotics Trafficking, And Firearms Offenses,” December 9, 2015.

[4]  Ian Ayres & John Braithwaite, Responsive Regulation:  Transcending the Deregulation Debate 35-53 (1992) (exploring how different enforcement strategies can produce different expected compliance results).

[5] Louis Kaplow & Steven Shavell, Optimal Law Enforcement with Self-Reporting of Behavior, 102 J. Pol. Econ. 583, 601-03 (1994) (concluding that self-reporting programs can lead to optimal enforcement, but observing that “[i]t does not appear . . . that the benefits of self-reporting are fully realized in practice” because law enforcement often does not provide proper incentives for market participants to self-report).

[6] See Mark A. Cohen, Theories of Punishment and Empirical Trends in Corporate Criminal Sanctions, 17 Managerial & Decision Econ. 299, 406-08 (1996) (finding that company cooperation increased likelihood of individual convictions).

[7] See Marshall B. Clinard, Corporate Ethics and Crime:  The Role of Middle Management (1983) (explaining that author interviewed retired middle managers of Fortune 500 companies concerning why some corporations were more ethical than others, and finding that more than 50 percent stated top management behavior was the main reason for ethical (or unethical) behavior whereas only 3 percent believed it was related to the financial condition of the firm); see also Cindy R. Alexander & Mark A. Cohen, The Causes of Corporate Crime, in Prosecutors in the Boardroom at 27-28 (Anthony S. Barkow & Rachel El Barkow eds., 2011) (citing and discussing Clinard’s study).

James McDonald is Director of Enforcement at the U.S. Commodity Futures Trading Commission

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.