Reality Bites: The New Risky Enforcement Environment
It is easy to forget that businesses need to focus on a number of significant risks. Anti-corruption is one of many threats to global companies. The tone-from-the-top message has to cut across all of these risk. The reason for this change is the financial crisis. In response, government activism and enforcement powers have been expanded in a dramatic way. More than ever, compliance must be a top priority for every business.
The government has new powers and is exercising them aggressively after the financial crisis. This trend is likely to continue. The Dodd-Frank Act represents the biggest expansion of government power over banking and markets since the Great Depression. The U.S. Chamber of Commerce estimates that the 2300-page Act will require 500 regulations, 60 studies, and 93 report. The U.K. Bribery Act, which is effective July 1, 2011, creates new and significant compliance challenges.
Consider the enforcement trend in five primary areas:
Foreign Corrupt Practices Act (“FCPA”): The Justice Department is committed to its aggressive enforcement of the FCPA, with record fines and sentences each year. Lanny Breuer, the AAG in charge of the Criminal Division, has called it the “new era of FCPA enforcement.” The SEC has brought more enforcement actions than at any other time, and is committed to increasing the number of these actions. In fact, the SEC recently launched a comprehensive investigation of financial institutions relating to their dealings with sovereign wealth funds.
The Office of Foreign Assets Control (“OFAC”): OFAC has increased its enforcement of U.S. economic and trade sanctions. In 2009 and 2010, OFAC recovered over $1 billion – a significant increase from roughly $5 million recovered in 2007 and 2008. In Aug. 2010, Barclays forfeited $298 million to settle allegations relating to transactions on behalf of customers from Sudan, Libya, Iran, Cuba, and Burma. This also satisfied a $176 million OFAC fine. In May 2010, ABN AMRO forfeited $500 million for transactions with targets of U.S. economic sanctions, on top of $80 million paid to OFAC and state banking regulators in Dec. 2005. This is the largest ever for OFAC violations.
False Claims Act and Fraud: Using the False Claims Act, the federal government last year recovered more than $3 billion in civil settlements and judgments, a 25% increase from 2009. In health care fraud, the government has dedicated more resources to enforcement than at any other time in its history – and the results are clear: $2.5 billion in recoveries in 2010—the largest amount in False Claims Act history. The ten largest recoveries in 2010 involved healthcare, with several large recoveries against pharmaceutical companies. The joint task force—the Health Care Fraud Prevention and Enforcement Action Team, or HEAT—is credited with recovering almost $1.85 billion since October 2007.False Claim Act recoveries involving defense contracts was near $300 million.
Securities Regulations: The SEC ordered $1.03 billion in penalties and $1.82 billion in disgorgement in 2010. Insider trading investigations reached unprecedented levels, with the SEC and DOJ focused on expert consulting networks.
Antitrust Enforcement: The EU’s fines exploded last year to over $3 billion euro, while US fines fell off from $1 billion to $555 million.
Targeting the Gatekeepers: In-House Counsel and Compliance Officers
In this environment, general counsel, compliance professionals, and outside counsel continue to face personal liability for regulatory violations. The government recently re-indicted Glaxo’s in-house counsel for false statements and obstruction of justice, despite evidence suggesting that counsel’s statements were consistent with all information obtained from retained counsel. Compliance officers, general counsel, and external lawyers are no longer only counselors to the targets but are targets themselves. Despite the inherent tension, lawyers are expected to act as both advocates for clients and gatekeepers and whistleblowers for the government. In other words, lawyers are expected to balance serving their clients’ interests and the public interest.
In 2010, the SEC and FINRA brought several actions against Chief Compliance Officers. FINRA fined a CCO $10,000 for failing to report ten customer complaints to FINRA as part of the information required by FINRA rules. An ALJ ordered a CCO to pay $65,000 and imposed a one-year bar for failing to supervise registered representatives in sales of securities to elderly customers. The SEC upheld a penalty of $30,000 and added a two-year bar for a CCO who aided and abetted company’s failure to preserve and produce e-mails and instant messages of a registered representative. FINRA fined an individual $10,000 and suspended him for 10 days a person for acting as a CCO without proper qualifications. FINRA permanently barred the CCO/Head Trader for falsifying order tickets and creating inaccurate trade confirmations, resulting in approximately $1.3 million in profits.
Whistleblowers Will No Longer Be Whistling in the Dark
Dodd-Frank increases protections and incentives for whistleblowers. The SEC regulations have not been issued yet but there is considerable controversy over the mechanics of the whistleblower program. Under Dodd-Frank, the whistleblower is entitled to 10% to 30% of any penalties (including disgorgement) over $1 million, and an award is mandatory for cases that cross the threshold. Whistleblowers are protected from retaliation and exposure, and the Act creates a private right of action against retaliation. As of Sept. 30, 2010, the SEC had a $451.9 million whistleblower fund.
New incentives for whistleblowers likely will result in an increase in whistleblowers reporting directly to the Government. The SEC reports that it already has received several potential whistleblower tips in the latter half of 2010. The SEC forecasts it will get 30,000 whistleblower tips a year and expects about half of the tips to lead to formal money claims.
Compliance in the New and Risky Environment
These risks call for increased diligence and new ways of addressing compliance issues. Companies will need to develop an integrated program which addresses not only specific industry risks but new risks. An integrated approach means focusing on all enterprise risks – e.g. health and safety, data privacy, discrimination, environmental, money laundering, false claims, corruption, trade regulations and whistleblower complaints, and implementing an integrated strategy with common principles across all disciplines.
The Board of Directors has to be involved in oversight of risk management. The Board sets a tone, and that tone filters through senior management, and into codes of conduct and implementing ethical principles. Typically, the Board allocates its responsibilities for compliance in different committees – some even create a separate compliance committee.
The Board needs to develop the entity’s risk philosophy and concur with the entity’s risk appetite. Working closely with senior management, the Board should assess the extent to which management has established effective risk assessment and management programs. Most importantly, the Board needs to be apprised of the most significant risks and whether management is responding appropriately