Lessons Learned from the Goldman Sachs FCPA Enforcement Settlement (Part III of III)
Goldman Sachs has a new leadership role – unfortunately, it is for corruption. It would be a serious mistake to characterize or describe the Goldman corruption scheme as the result of a few, bad actors. Instead, Goldman suffered this scandal because of a culture and a weak set of controls crafted to promote business with little regard for compliance.
The lessons learned from this massive case are significant and should be studied by compliance and business leaders.
Walking the Walk, Not Just Talking the Talk: Goldman suffered from a significant incongruity, one that is present in many companies. On the one hand, Goldman leaders adopted statements, policies, procedures, codes of conduct and other compliance related statements evidencing their commitment to compliance. Indeed, Goldman had an anti-corruption compliance policy and procedures. Goldman had two significant control functions – compliance and business intelligence. On its face, Goldman appeared to maintain and promote an ethics and compliance culture.
But like everything else in life – looks can be deceiving.
In practice, however, Goldman’s culture was anything but committed to compliance. Even senior executives in moments of candor noted the disconnect. Business deals that involved large fees were not held accountable for compliance. Certain senior executives like Leissner were able to skirt compliance requirements and controls. The bottom line was the bottom line in Goldman – money ruled, compliance faded in the background. When a lucrative business deal was arranged, compliance either rolled over, did not follow up or simply just let the deal go through without adhering to Goldman written policies and controls. In the end, this deficiency reflected a weak corporate culture of compliance.
Ineffective and Ill-Designed Controls: If a company is committed to its culture of ethics and compliance, it should be fairly straightforward to design and implement controls. In the case of Goldman, financial controls included review committees. Large, global conference calls were conducted by the review committee to review paperwork and presentations.
While facially attractive, such controls were deficient in several respects. As noted by the government, compliance and business intelligence played a limited role in these meetings. As part of its remediation, compliance and business intelligence’s respective roles would be expanded going forward.
But why was this never done before?
Why was an assessment or audit never conducted to identify this fundamental gap?
Even more disconcerting, as described by the government, the Capital Committee’s review and ultimate approval was conditioned on follow up items for review and confirmation. This follow-up procedure, however, was not documented, nor adhered to as a prerequisite to moving forward with the proposed transaction. Furthermore, the Capital Committee review process omitted documentation requirements and failed to ensure adequate audits and monitoring of transactions.
Compliance Empowerment: As reflected in the government’s outline of relevant facts, the compliance department did not have adequate resources or authority within the business to carry out its responsibilities. Goldman’s remediation effort included a doubling of its compliance staff and increased participation on relevant business committees.
Goldman is a company in size and stature, like many other large financial companies, that should have addressed these issues before the current scandal. There is simply no excuse for a company with resources and responsibilities that demand elevation of the compliance function and empowerment of the function within the business so that it can exercise appropriate authority, has line of sight across the organization, and has a meaningful seat at the C-Suite table to play a valuable role as a business partner.
Due Diligence Enforcement and Accountability: Goldman’s compliance function properly identified Jho Low as a significant risk and that Goldman should have no involvement with Jho Low. Nonetheless, despite the rejection of Jho Low on three occasions, as a potential client or business partner, Leissner and Ng were not dissuaded from dealing with Jho Low. Compliance appeared to have no credibility. Goldman’s business was not held accountable nor were there any controls in place to require certification or representations that the Goldman business executives terminated dealings with Jho Low.
Absence of Financial Oversight: The facts outline a campaign of greed involving hundreds of millions of dollars. Leissner, Ng, another Goldman employee and Low personally benefited by stealing in the hundreds of millions of dollars, resulting in transfers among shell companies, purchases of real estate and art, investments in movie projects and other attempts made to launder bribery proceeds.
In reviewing these transactions, the question arises – where were the financial controls to ensure that the proceeds of the large bond offerings were used for legitimate purposes? There is little explanation for this failure and by definition such a defective accounting underscores the weakness in basic financial controls to protect against theft.