Category Archives: Corporate Compliance

Extending the “Failure to Prevent” Model of Corporate Criminal Liability in the UK

by Liz Campbell

Prosecuting corporate criminality is not straightforward. As a result of these difficulties, the UK Parliament is turning to an indirect form of corporate criminal liability: the Bribery Act 2010 introduced the corporate offence of failure to prevent bribery (FtPB), and this provision has been emulated with respect to the failure to prevent the facilitation of tax evasion in the Criminal Finances Act 2017.  

In brief, a relevant commercial organisation (C) is guilty of FtPB if a person associated with C bribes another person with the intention of obtaining or retaining business or an advantage for C.  An ‘associated’ person is an individual or body who ‘performs services’ for or on behalf of the organisation, and this definition was framed broadly intentionally.[1]  Crucially, the corporate entity can rely on the section 7(2) defence that it had “adequate procedures” in place designed to prevent persons associated with it from bribing. Continue reading

NIST Releases an Updated Version of its Cybersecurity Framework

by Sabastian V. NilesMarshall L. Miller, and Jeohn Salone Favors

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released an updated Cybersecurity Framework that revises NIST’s baseline recommendations for the design of cybersecurity risk management programs.  In announcing its release, Commerce Secretary Wilbur Ross described the updated Framework as “a must do for all CEOs” and recommended that “every company” adopt the Framework as its “first line of defense.”  As with the prior version, the updated NIST Framework provides a useful tool to guide and benchmark company approaches to cybersecurity risk and will impact how regulators evaluate cybersecurity programs and incident responses across sectors. Continue reading

The Evolving First Line of Defense

by Michael Held

Keynote Address

Good morning.  It’s an honor to join you at the 1LoD Summit.  The views I express today are my own, not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.[1]

I’ve heard it said that being in the risk control business can be, and often is, a thankless task. We get all the blame when something goes wrong, and none of the glory when things go right.  So, I want to start my remarks with a word of gratitude to you, my fellow travelers in the world of risk controls.  Thank you—not just for the invitation to speak today, but also for the work you perform each day at your firms. 

The growing sophistication and stature of the first line of defense is, in my view, an unqualified improvement in corporate governance—especially at financial firms.  Let’s begin with what you are defending.  Continue reading

FinCEN Releases Frequently Asked Questions Regarding Customer Due Diligence and Beneficial Ownership Requirements

by David S. Cohen, Franca Harris Gutierrez, Sharon Cohen Levin, Jeremy Dresner and Michael Romais

Last week the Financial Crimes Enforcement Network (FinCEN) issued much-anticipated Frequently Asked Questions (FAQs) that provide additional guidance to financial institutions relating to the implementation of the new Customer Due Diligence Rule (CDD Rule), set to go into effect on May 11, 2018.[1] In general, the FAQs clarify certain issues that have caused implementation challenges for financial institutions. While FinCEN’s earlier guidance provided a general overview of the CDD Rule—including the purpose of the rule, the institutions to which it is applicable, and some relevant definitions—the new FAQs provide greater detail for financial institutions seeking to comply with the CDD Rule. The FAQs are meant to assist covered financial institutions in understanding the scope of their customer due diligence (CDD) obligations, as well as the rule’s impact on their broader anti-money laundering (AML) compliance. While the guidance is helpful in clarifying some of FinCEN’s expectations, the implementation challenge lies in applying the CDD Rule to a financial institution’s specific products and services.

As financial institutions work to meet the CDD Rule’s fast-approaching May 11 compliance deadline, they should pay special attention to the following key areas summarized below. Continue reading

Retaliation on the Rise; How Should Companies Respond?

by Timothy J. Lindon


Avoiding retaliation for reported workplace misconduct is essential for companies and enforcement officials. Companies are accountable not just for their bad acts, but also for the cover up, including how they respond to allegations.  A new survey of conduct in the US workplace by the Ethics and Compliance Initiative (ECI)[1] has some bad news.  Employees say that retaliation against whistleblowers is on the rise, doubling in the past four years.  These disturbing results should motivate companies to (1) encourage candid internal discussions of what exactly constitutes retaliation (and what does not); (2) train managers to handle retaliation concerns and to avoid unintended acts of retaliation; and (3) ensure anti-retaliation programs are supported by a strong ethical culture.

The ECI Survey

Since 2000, ECI, a leading ethics and research organization for compliance professionals, has surveyed workplace conduct from the employees’ perspective.  Their 2017 survey of more than 5,000 employees across the US has good and bad news. Continue reading

Techniques for Reinforcing a Culture of Compliance

by Natalie Noble

The importance of establishing a robust “culture of compliance” within corporations is a common refrain among government regulators.[1] But developing a structured process, much less a firm definition, around such a squishy concept can be a daunting task for compliance officers. At its core, an effective culture of compliance should shape employees’ gut instincts by reinforcing values that weigh against breaking the law. To accomplish this, companies should supplement their traditional ethics trainings and “tone at the top” by integrating compliance factors into their incentives programs and forestalling ethical fading. As an additional line of defense, companies should actively encourage employees to slow down and think methodically about their decisions before they take final action. Continue reading

The Jury is Out on Compliance in the First Test of the Bribery Act’s Adequate Procedures Defence

by Omar Qureshi, Iskander Fernandez, and Amy Wilkinson

Last month saw the first contested prosecution of a corporation for failure to prevent bribery under section 7 of the U.K. Bribery Act 2010 (the “Bribery Act”), providing the first insights into how such a case may be argued and determined.  The defendant company Skansen Interiors Limited (“SIL”) was found guilty of failing to prevent bribery by one of its employees, who paid £10,000 (and offered, and tried to secure payment of a further £29,000) to another in order to secure two contracts for SIL.  The individuals involved had already pleaded guilty to substantive bribery offences.

A jury found SIL did not have adequate procedures designed to prevent bribery.  While the judge did not give her views on what may constitute adequate procedures and why SIL’s fell short, the jury’s verdict indicates that even small companies may need to have documented and targeted procedures in place, specifically addressing bribery prevention, if they are to succeed in proving an adequate procedures defence. Continue reading

DOJ Memorandum Addressing Agency Guidance

by Matthew L. Biben, Courtney M. Dankworth, Mark P. Goodman, Maura Kathleen Monaghan, Jacob W. Stahl and Eric Silverberg

On January 25, the Department of Justice (the “DOJ”) released a memorandum by former Associate Attorney General Rachel Brand (the “Brand Memo”) prohibiting the DOJ from relying on noncompliance with other agencies’ guidance documents as evidence of a defendant’s violation of applicable law. While the Brand Memo is arguably only a restatement of the established principle that agency guidance is nonbinding, it may nevertheless have important implications for cases brought by the DOJ under the False Claims Act (the “FCA”) and other enforcement actions.


The Brand Memo prohibits the DOJ from using “its enforcement authority to effectively convert agency guidance documents into binding rules” by using a party’s noncompliance with other agencies’ “guidance documents as a basis for proving violations of applicable law” in affirmative civil enforcement (“ACE”) cases. It also applies to both “future ACE actions brought by the Department, as well as (wherever practicable) to those matters pending as of the date of this memorandum.”

The Brand Memo follows a directive from Attorney General Sessions, dated November 16, 2017, prohibiting all DOJ sections from issuing “guidance documents that purport to create rights or obligations binding on persons or entities outside the Executive Branch.”[1] This directive required the DOJ to refrain from using its own guidance documents to “coerc[e]” persons to take or avoid taking actions beyond what is required by statutes or regulations. These memos highlight the DOJ’s increased skepticism of “rulemaking by guidance.”

It should be noted that the Brand Memo permits the DOJ to rely upon agency guidance to paraphrase or explain statutes and regulations, and to prove that a party had knowledge of a particular statute or regulation. It does not elaborate on these scenarios. The breadth of the carve-outs poses a risk that the exceptions will swallow the rule. However, in light of the Trump administration’s disapproval of the use of guidance documents, it is unlikely that these exceptions will be widely invoked.


Implications for FCA Actions Brought by the DOJ

The Brand Memo is likely to reduce, if not eliminate, the circumstances in which the DOJ brings FCA actions predicated on failures to comply with agency guidance documents. Instead, the DOJ will be confined to proving violations based on the text of the applicable statutes or regulations. This development will be particularly relevant in certain industries

  • In the life sciences sector, where DOJ attorneys often rely on guidance issued by the Department of Health and Human Services’ Office of the Inspector General and Food and Drug Administration.
  • In the healthcare sector, where DOJ attorneys often rely on the Centers for Medicare & Medicaid Services’ Medicare Benefit Policy Manual.
  • In the mortgage sector, where DOJ attorneys often rely on provisions of the HUD Handbook or on Mortgagee Letters issued by the Department of Housing and Urban Development.

In light of the Brand Memo, the DOJ may no longer be able to argue that defendants’ reimbursement submissions were false because the defendants were not in compliance with the applicable standards set forth in agency guidance.

Many FCA cases also turn on whether or not any alleged false statements were material. In Universal Health Services v. United States ex rel. Escobar,[2] the Supreme Court held that FCA plaintiffs must satisfy a “rigorous” materiality standard, i.e., that the government would not have provided reimbursement had it known about the alleged false statement. In light of the Brand Memo, the DOJ may no longer be able to rely on agency guidance to establish the importance to an agency decision of a defendant’s misrepresentation. It therefore may be more difficult in some circumstances for the DOJ to satisfy Escobar’s heightened materiality requirement.

A few examples highlight the circumstances in which the DOJ relied on agency guidance in the past but might not be able to do so in the future in light of the Brand Memo:

  • In 2012, the DOJ brought an FCA action against Life Care Centers of America, a large skilled nursing home operator. The DOJ alleged that the defendant engaged in a scheme to increase revenue by placing as many patients as possible in the highest reimbursement category for skilled rehabilitation therapy even though such therapy was often not medically reasonable and necessary. The complaint relied on the Medicare Benefit Policy Manual, which is an agency guidance document, to explain what types of skilled rehabilitation therapy are appropriate. This matter ultimately settled in 2016 for $145 million.[3]
  • Last year, the DOJ announced the settlement of an FCA action against Residential Home Funding Corporation, an entity that originates residential mortgages. The DOJ alleged that the defendant made false statements in order to participate in a government program under which it had the authority to endorse mortgages for Federal Housing Administration insurance (meaning that the federal government would cover losses on loans that defaulted). The DOJ’s allegations were premised in part on the defendant’s failure to follow requirements set forth in the Department of Housing and Urban Development Handbooks, which are agency guidance documents. This matter was settled for $1.67 million.[4]

The Brand Memo also casts doubt on the DOJ’s ability to rely on the Auer deference, a well-known but often-challenged doctrine providing that courts should defer to an agency’s interpretation of its own regulations, as set forth in that agency’s own guidance documents, unless the agency’s interpretation is clearly erroneous.[5]

Implications for FCA Actions Brought by Relators

FCA actions can be brought by relators, private individuals who allege misconduct related to false claims for government reimbursement or other government benefits. If the DOJ declines to intervene in an action brought by a relator, the relator can elect to proceed alone. While the Brand Memo technically applies only to actions led by the DOJ, it has potentially significant implications for actions prosecuted by relators as well.

The Brand Memo was issued shortly after a leaked internal memorandum by Michael Granston, the Director of the DOJ Civil Division’s Fraud Section, which outlined the circumstances in which DOJ attorneys should seek early dismissal of FCA actions (the “Granston Memo”).[6] The Granston Memo described the substantial increase in actions led by relators alone and argued that the DOJ should consider invoking its statutory authority to seek early dismissal of such cases when they impose significant burdens on the DOJ. For example, each of these cases still must be actively monitored by the DOJ, and the rulings issued in such cases may create precedents that negatively impact the DOJ’s ability to litigate its own FCA cases. To the extent that a case brought by a relator acting alone relies on agency guidance, FCA defendants can now use the Brand Memo to argue to the DOJ that the case should be dismissed because the reliance on guidance documents is improper. Even if the DOJ does not elect to try and dismiss a case, the Brand Memo gives FCA defendants ammunition to argue that relators who stand in the shoes of the DOJ should not be permitted to rely on agency guidance.

Implications for Use by Defendants to Establish Compliance

The Brand Memo does not preclude defendants from using agency guidance documents to establish that they complied with applicable standards set forth in agency documents. At the very least, proof of compliance with standards described in agency guidance should negate allegations that the defendant was acting with knowledge of wrongdoing.[7]

Implications for Criminal Cases and Administrative Enforcement Actions

Even though the Brand Memo applies only to ACE actions brought by the DOJ Civil Division, its logic extends to other contexts as well. The underlying principle that “guidance documents cannot create binding requirements that do not already exist by statute or regulation” should apply equally to actions brought by the DOJ Criminal Division and to enforcement actions brought by other agencies. Whether that happens remains to be seen.


Companies should not use the Brand Memo as a justification for disregarding agency guidance. That said, the Brand Memo may be helpful to companies that are currently facing FCA actions predicated on agency guidance. In such cases, the Brand Memo may provide FCA defendants with leverage to secure a relatively favorable resolution. In future cases, defendants should be able to invoke the Brand Memo to dissuade the DOJ and private relators from bringing actions arising from noncompliance with standards set forth in agency guidance.

[1] “Memorandum for All Components: Prohibition of Improper Guidance Documents,” from Attorney General Jefferson B. Sessions III, November 16, 2017, available at

[2] 136 S. Ct. 1989 (2016).

[3] “Life Care Centers of America, Inc. Agrees to Pay $145 Million to Resolve False Claims Act Allegations Relating to the Provision of Medically Unnecessary Rehabilitation Care,” October 24, 2016, available at

[4] “Acting Manhattan U.S. Attorney Settles Civil Mortgage Fraud Lawsuit Against Residential Home Funding Corp.,” September 28, 2017, available at

[5] Auer v. Robbins, 519 U.S. 452, 461 (1997).

[6] “Factors for Evaluating the Dismissal Pursuant to 31 U.S.C. 3730(c)(2)(A),” from Director of Commercial Litigation Branch, Fraud Section Michael D. Granston, January 10, 2018, available at For additional information, please consult our recent client update, titled “DOJ Creates Potential Openings for Early Dismissal of False Claims Act Suits,” available at

[7] See, e.g., United States ex rel. Walker v. R&F Prop. of Lake Cnty, Inc., 433 F.3d 1349, 1356–58 (11th Cir. 2005).

Matthew L. Biben, Courtney M. Dankworth, Mark P. Goodman and Maura Kathleen Monaghan are partners; Jacob W. Stahl is a counsel; and Eric Silverberg is an associate at Debevoise & Plimpton LLP.

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law.  PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.

DOJ Applies Principles of FCPA Corporate Enforcement Policy in Other White-Collar Investigations, Increasing Opportunity for Corporate Declinations

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Marshall L. Miller, and Jonathan Siegel

Late last week, the Department of Justice’s Criminal Division announced at an ABA white-collar conference that it has begun using the FCPA Corporate Enforcement Policy as “nonbinding guidance” in other areas of white-collar enforcement beyond the FCPA.  As a result, absent aggravating factors, DOJ may more frequently decline to prosecute companies that promptly self-disclose misconduct, fully cooperate with DOJ’s investigation, remediate in a complete and timely fashion, and disgorge any ill-gotten gains.  As a first example of this approach, the officials pointed to DOJ’s recent decision to decline charges against Barclays PLC, after the bank agreed to pay back $12.9 million in wrongful profits, following individual charges arising out of a foreign exchange front-running scheme. Continue reading

The Dodd-Frank Act’s Whistleblower Protection Provisions

by John O’Donnell, Scott Balber, and Geng Li

In 2010, in the wake of the financial crisis, Congress passed comprehensive financial regulation reform legislation known as the Dodd-Frank Act (Pub.L. 111-203). Section 922 of the Dodd-Frank Act established both a bounty award program as well as anti-retaliation protection for whistleblowers who report securities law violations.

Pursuant to the mandate of Section 922, the US Securities and Exchange Commission (“SEC”) established an Office of the Whistleblower, and implemented its final rules on the Dodd-Frank Program through a comprehensive rulemaking process that involved significant public input in May 2011. Continue reading