by Patty P. Tehrani, Esq.
Have you noticed the number of articles and blogs covering the troubling trend of personal liability for compliance officers and Chief Compliance Officers (CCOs) in the financial services sector? While anyone entering this industry knows it is highly regulated and replete with regulatory requirements, the growing liability of its compliance professionals is worrisome. Those responsible for overseeing their firm’s compliance program have many duties, and now more than ever find themselves on the receiving end of enforcement actions. This is evident in expanded corporate probes of compliance professionals or increasing regulatory expectations cited in speeches and proposed regulations.
Compliance professionals are concerned about facing personal liability especially when it is for non-rogue behavior. As a result, I thought this trend warranted a closer review. Continue reading
By Robert W. Werner
The compliance infrastructure for managing financial crime risk at financial institutions is intended to be based on utilizing a risk-based, rather than rule-based, approach. A risk-based approach seeks to allocate resources commensurate with varying risk levels, reflecting the fact that financial institutions cannot eliminate all the risk of illicit activity occurring within an institution without completely shutting down all of its business. To optimize compliance, financial institutions must balance the need to provide legitimate and critical financial services and products with appropriate controls designed to mitigate the financial crime risk associated with those services and products to appropriate levels.
Where activity would violate law or regulation, the calculus is easy because the activity is simply prohibited. However, most legitimate activity will necessarily allow for some level of risk that it may be abused by criminals to facilitate illicit conduct or to exploit products and services for illicit purposes. Arriving at the right balance within this context requires an understanding of the risks, what level of controls can reasonably be put in place to mitigate that risk, and then making judgments based on an institution’s tolerance for reputational, regulatory and operational risk, about whether to engage in the activity. This last element, the exercise of judgment, must be arrived at within the framework of an institution’s risk appetite statement. Continue reading
by Michael W. Peregrine
This year marks the fifteenth anniversary of the Sarbanes Oxley Act, enacted July 30, 2002, providing an important compliance-based teaching moment for both the governing board and executive management
As many lawyers and compliance professionals may recall, the law was enacted in response to the series of notorious and crippling accounting controversies that had occurred in prior months involving such companies as Enron and WorldCom. The goals of the Act included efforts to enhance the reliability and transparency of public company financial statements.
That seminal legislation has had an enormous impact not only on the development of corporate compliance programs. It has also affected the board’s relationship to compliance, the role of ethics and “tone at the top” within an organization, the general counsel’s role with respect to compliance, and laws affecting both whistleblower activity, and various forms of obstruction of justice. Continue reading
by Margot Sève
This post is an abstract of the article published under the same title in the Revue Trimestrielle de Droit Financier / Corporate Finance and Capital Markets Law Review (Thomson Reuters), as part of the thematic section edited by Michel Perez and Margot Sève entitled “International Financial and White Collar Crime, Corporate Malfeasance and Compliance.”
On December 9, 2016, France adopted law n° 2016-1691 on transparency, the fight against corruption, and the modernization of the economy. The law has been commonly called the “Sapin II” law, after French Minister of Finance Michel Sapin who, in 1993, authored the first Sapin law on transparency in politics and public procurement, and sought in 2016 to further enhance transparency and combat corruption.
While France has in recent years certainly made efforts towards more severe punishment for corruption-related offenses, it has nonetheless been criticized for its weak enforcement track record. For example, while the sanctions for active and passive corruption of domestic officials, active and passive corruption in the private sector, corruption of foreign officials, and influence peddling were increased in 2013, only one company (Total S.A.) was fined between 2000 and 2016 for acts of corruption of foreign public officials. This lack of enforcement efficiency has led the OECD, as part of its monitoring of countries’ implementation and enforcement of the OECD Convention on Combatting Bribery, to report serious concerns regarding “the lack of foreign bribery convictions in France.” Continue reading
by Michael W. Peregrine
The Board’s audit committee is well advised to receive an update on the risk and compliance lessons from the recent Wells Fargo sales practices controversy. The general counsel, teaming with the chief risk & compliance officer, would be well suited to deliver this update. As well-chronicled in the recently released special investigative report (“Report”), the “20/20” lessons from the controversy transcend the financial services industry, to offer value to corporate boards across industry sectors. These lessons demonstrate how matters of organizational structure, corporate culture, and risk identification and reporting can coalesce in undisciplined circumstances to create significant corporate exposure. In several respects, these lessons prompt comparisons to the conclusions reached by investigative counsel in the GM ignition switch controversy of 2014. This comparison may help underscore the basic risk oversight message to the audit committee; i.e., that these issues have arisen in several of the largest U.S. companies and may arise again without proper supervision. Continue reading
by Nicole Stryker and Richard Girgenti
Compliance officers today face many challenges. The pace of regulatory change is swift and expectations globally are constantly changing. For example, while the Trump Administration has voiced plans to roll back regulations – particularly in the financial, healthcare and environmental arenas – many international and U.S. state regulators have said they may look to fill any gaps, making it hard for compliance officers to predict the net impact of these regulatory changes on their organizations. Brexit and other significant geopolitical developments further complicate the regulatory landscape. These regulatory fluctuations make it challenging for compliance officers to prioritize their compliance efforts. Continue reading
by Douglas K. Yatter, Yvette D. Valdez, and J. Ashley Weeks
Financial services firms and market participants face an ever-evolving landscape of regulatory programs designed to encourage and enable whistleblowers to report potential misconduct. On August 30, 2016, the US Commodity Futures Trading Commission (CFTC) published proposed amendments to its whistleblower program. Drawing from the agency’s experience in administering its program over the past five years, as well as strides the US Securities and Exchange Commission (SEC) has made in administering its analogous program, the CFTC’s proposal aims to enhance the whistleblower review process and adopt new enforcement authority for whistleblower retaliation. Continue reading
by Harry First*
Corporations sometimes argue that individuals who engage in cartel behavior are “rogues,” a term often used in two different ways. One is the dictionary sense of a “rascal or scoundrel,” one who “wanders apart from the herd” or varies “markedly from the standard.” The other is a low-level employee who participates in cartel behavior out of view of management. Deterring such people requires an understanding of the psychology of rogue behavior, but it is the rogue who is at fault, not the corporation. Indeed, it is this conclusion that makes “rogues” so attractive an explanation to corporations. Continue reading
by Timothy J. Lindon
The compliance message to companies from Washington is practical and encouraging. Regulators are not looking to reward check-the-box programs or companies that simply say the right things about integrity in their Codes of Conduct. They are looking for innovative approaches that work to prevent misconduct in the real world, and can be measured.
The problem of course is identifying and measuring what works. We have lots of compliance metrics like training completion rates and the number of helpline calls, but none of them measures fully the impact of our programs on ethical decisions by individual employees. In fact, research shows that many of the activities credited under the federal sentencing guidelines may actually be counter-productive. For example, training that is regarded by employees as a check-the-box exercise is viewed as insincere and undermines compliance with policies.
So what works? Continue reading
by Donald C. Langevoort & Hillary A. Sale
How to develop a corporate culture supporting corporate compliance is a key topic. Directors and officers both play roles in creating corporate culture; they are responsible for tone at the top, and that tone is key to compliance. The role of directors is what we explore today – as well as how the securities and corporate laws set the contours of that role. Our interest is in whether and how directors can and do play a role in building a culture of candor and its contribution to a culture of compliance.
Various actors on the federal level have been pushing boards of directors to become more involved in disclosure quality control, and as boards do so, they are increasingly engaged in setting the compliance and candor culture. Continue reading