Compliance Reminders, Notices and Certifications
After the Department of Justice announced its declination of the Morgan Stanley case, the FCPA Paparazzi littered the Internet with recommendations of steps to take modeled on Morgan Stanley’s compliance program. Companies embraced these principles and emulated Morgan Stanley’s compliance program. Everyone wanted to have a “Morgan Stanley” compliance program.
I do not mean to burst the FCPA Paparazzi’s balloons but the facts of Morgan Stanley, as publicly disclosed, were fairly limited. I will not repeat all the ins and outs here but suffice it to say the facts for both sides – the Department of Justice and Morgan Stanley – could not have been better. As reported, the violation boiled down to the actions of a single person, who was charged, who engaged in a transaction against the direct order of Morgan Stanley supervisors not to do so.
In addition to this unique “rogue employee” situation, Morgan Stanley was able to demonstrate that they did everything in their power to educate the individual about the FCPA, remind the individual about the FCPA and communicate to the individual the need to comply with the FCPA.
While commentators have cited the Morgan Stanley case for its overall importance, it provides a limited avenue for the FCPA bar to shoehorn their specific cases into the Morgan Stanley precedent. Unfortunately, the shoe is very small.
Two aspects of the Morgan Stanley case, however, do provide some helpful low-cost reminders to compliance professionals.
First, as described by the Department of Justice, Morgan Stanley dumped a blizzard of compliance reminders and notices on its executives and employees reminding them of the importance of compliance. This is a low-cost and very easy practice which looks good on paper, has a positive impact on executives and employees, and is a nice piece of evidence to cite to the Justice Department in case a company faces an investigation.
Compliance reminders can be drafted in a variety of ways – strict reminders and warnings are one way, but creative messages, vignettes or fact situations with a little entertainment in the presentation could go a long way to getting a message out, reminding executives and managers and making sure the message of compliance sticks.
The cost of such notices is often the photons needed to send an email and the time it takes to draft an email and have it approved. It is a technique which has striking benefits and takes little effort. It can easily be built into a compliance program as an important way to communicate the message of compliance throughout an organization.
Second, in the Morgan Stanley case, the individual certified on numerous occasions that he was in compliance with the FCPA and Morgan Stanley’s compliance program. Again, most certification programs are done electronically and online. If so, the benefit again to a company can be significant, especially when it targets certifications in high-risk areas quarterly as opposed to a general policy of requiring certifications each year. Considering the low-cost nature of this requirement and the benefits of such documentation, companies should consider designing a certification program which is tailored to risky areas and risky businesses.