Since the outset of the twenty-first century, there has been a relentless flow of events and circumstances that has given birth to a new regulatory and enforcement landscape. Over the past decade and a half, we have had front row seats to the launching of the war on terror in the wake of the 9/11 attack; the financial reporting crisis of the early 2000s; the changing dynamics of emerging global economies; the financial recession of 2008 with the resulting economic uncertainty and lingering global financial instability; healthcare reform and escalating costs; and the proliferation of digital data, social media, and cyber attacks. These events, each in their own unique way, have profoundly altered the government’s approach to regulation and enforcement.
Fueled by a powerful mix of constant media attention, growing resentment toward business and financial executives, and ever-increasing regulation, companies in today’s global economy find themselves in a continuously evolving and increasingly complex, volatile, and risky regulatory environment. None of this has been lost on those who function in the C-suite or on corporate boards. The new terrain has rapidly changed the way executives think about and conduct business. Not surprisingly, a 2015 survey1 of U.S. CEOs by KPMG found that global economic growth and the regulatory environment are the two issues that have the most impact on their companies.
As organizations attempt to navigate this changing regulatory landscape, they face new risks and uncertainty resulting from a new regime of government enforcement that is now global in nature and unprecedented in its aggressiveness. With broader mandates and authority, enforcement agencies are employing new strategies, tactics, and weapons and are using the latest technology tools. Those organizations that fail to effectively manage the risks presented by this new regime find themselves facing harsher penalties and sanctions than anything experienced before.
The list of billion-dollar fines levied by regulatory authorities continues to lengthen. In 2014, Bank of America agreed to pay a record settlement of $16.5 billion with the U.S. Department of Justice (DOJ), resulting from mortgage lending abuses that arose from its acquisition of Countrywide Financial in 2008 and Merrill Lynch in the following year. This settlement, the largest ever, was a capstone to a legal journey that can be traced back to the dark days of the financial crisis.
In January 2016, Goldman Sachs agreed to a $5 billion settlement resulting in the largest regulatory penalty in its history, and resolving U.S. and state claims stemming from the firm’s sale of mortgage bonds heading into the financial crisis.2 In November 2013, JPMorgan Chase agreed to a $13 billion settlement for U.S. mortgage mis-selling. Other financial services settlements include BNP Paribas ($9 billion for U.S. sanctions violations); Citigroup ($7 billion for mis-selling mortgage-backed bonds); Credit Suisse ($2.5 billion for aiding tax fraud); HSBC ($1.9 billion for money laundering lapses); and UBS ($1.5 billion for manipulation of the London Interbank Offered Rate—LIBOR).
Fines and penalties are only part of the cost to the financial sector. The Conduct Costs Project, an independent research foundation, estimated that in the five years to the end of 2013, the total legal cost of misconduct by 10 major international banks totaled $250 billion, after including legal fees as well as fines and other penalties.3 As a further indication of the aggressiveness of regulators in the past few years, five banks were the subject of criminal charges and agreed to plead guilty to manipulating the global foreign exchange market, an almost unprecedented outcome.
The financial services sector was not the only industry to be heavily fined. The array of billion-dollar penalties since 2012 includes life sciences company GlaxoSmithKline (GSK), which paid $3 billion for the unlawful promotion of some of its drugs and failure to report safety data. Johnson & Johnson (J&J) agreed to pay a $2.2 billion fine to resolve criminal and civil allegations relating to three prescription drugs. In the energy sector, BP, in July 2015, agreed to pay $18.7 billion to settle all federal and state claims arising from the 2010 Deepwater Horizon oil spill.4 This included a civil penalty of $5.5 billion, the largest pollution settlement under the federal Clean Water Act. The settlement added at least $10 billion to the roughly $44 billion BP had already incurred in legal and cleanup costs.
The risks of regulatory enforcement are particularly acute in highly regulated sectors such as financial services, healthcare, and energy. There are, though, certain regulatory regimes, such as anti-bribery and corruption, anti-money laundering (AML), and trade sanctions that affect all industries where enforcement is not just a national effort, but is the subject of long-arm jurisdiction and global cooperation among enforcement authorities. Examples of international enforcement include EU fines of a number of banks totaling $2.3 billion for manipulating the European Interbank Offered Rate. Also, Swiss and British regulators have worked together to investigate collusion in the foreign exchange markets. In charging Hewlett-Packard with Foreign Corrupt Practices Act (FCPA) violations in 2014, U.S. Securities and Exchange Commission (SEC) chair Mary Jo White acknowledged the “great support” the commission had received from regulators in Australia, Guernsey, Liechtenstein, Norway, Canada, Switzerland, and the UK.5
Events since 2000, many unforeseen, have been drivers over the past decade and a half of new laws and regulations and a re-ordering of priorities for enforcement authorities. A shock wave was started at the beginning of the past decade with the September 2001 attack on the Twin Towers in New York City. With the onset of the war on terror and terrorist financing, a new regime of AML enforcement activity began that extended far beyond the original intent of the USA Patriot Act, designed primarily as a tool to fight terrorism.
The enforcement of the AML laws has continued unabated since then. In the early days of the USA Patriot Act, enforcement was focused on discrete programmatic deficiencies, such as failures to report suspicious activities. It has since grown to become a steady and institutionalized regime of enforcement that challenges every aspect of a firm’s AML compliance program, including oversight, customer due diligence, monitoring, reporting, and independent testing. Just as significantly, AML regulators have broadened their focus from traditional banks to include the alternative investment industry, money service businesses, investment advisors, cyber-currency companies, innovative payment technologies, and retail companies offering financing.
The post 9/11 enforcement regime, designed to combat terrorist financing, has been a two-front attack. In addition to AML enforcement, government regulators unleashed the power of economic and trade sanctions against individuals, entities, and countries suspected of terrorist ties. A time-honored weapon of foreign policy was now deployed by the U.S. Department of the Treasury’s little-known Office of Foreign Assets Control (OFAC) as part of the war on terror. The result has been that many U.S. companies (e.g., Weatherford International and American Express) and foreign firms (e.g., BNP Paribas, ING, and HSBC) have found themselves the target of enforcement efforts and subjected to heavy fines and penalties. The risks of economic and trade sanctions are not likely to go away any time soon and have kept companies on their toes, as events in the Ukraine, Russia, Iran, North Korea, and other rogue nations have required organizations to constantly reevaluate their risk profiles.
Just as the United States and the rest of the world were coming to grips with the reality of global terrorism, a new event, the financial reporting crisis of 2001-02, erupted within weeks of 9/11 and shook people’s confidence in the capital markets as profoundly as the Twin Towers attack had shaken confidence in U.S. national security. There was a bubble created by the confluence of earnings pressure, grey areas of accounting, and rationalizations that justified reporting high earnings at all cost. When it burst, it brought down companies and individuals whose successes were too good to be true. The result was the passage of new laws and regulations, most notably the U.S. Sarbanes-Oxley Act and amendments to the U.S. Federal Sentencing Guidelines for Organizational Defendants (the FS Guidelines). These measures were designed to revamp fundamental principles of corporate governance, risk management, compliance, and practices around financial reporting. Along with the passage of Sarbanes-Oxley came a wave of enforcement actions involving both companies and individuals accused of an array of wrong-doing including, among other forms of misconduct, improper revenue recognition, earnings management, stock options backdating, and misstated loan reserves.
These and other reforms, and the resulting onslaught of enforcement activity that followed, began a process of rebuilding confidence that we had turned the corner into a new era of improvements in corporate governance that would protect the public from future corporate misdeeds. That is, until the next shock wave hit—the dramatic economic downturn of 2008-09—that nearly reached Great Depression proportions and once again called into question the soundness of U.S. laws, regulations, and economic policies, as well as the reliability of government enforcement efforts. With the economic recession came the unraveling of massive and well-publicized Ponzi schemes, such as those perpetrated by Bernie Madoff and Allen Stanford, further eroding public confidence. And, as with the previous events, the implications were felt around the world. With the downward spiral of stock prices and home values and the loss of jobs, anger and resentment toward those believed responsible turned to a fevered pitch that still lingers in the public discourse, whether in the media or on the campaign trail, further fueling demands for new laws and regulations and setting the agenda for more aggressive enforcement.
“Too big to fail” became the catchphrase in the days following the start of the financial crisis. Nonetheless, historic institutions such as Bear Stearns, Lehman Brothers, AIG, Merrill Lynch, Wachovia, and others collapsed, were sold off, or turned to government bailouts for their very survival. As with the financial reporting crisis of a few years earlier, Congress and the president were quick to react. Congress passed the Emergency Economic Stabilization Act of 2008, authorizing trillions of dollars to shore up the economy, stabilize weakened financial institutions, and purchase troubled assets. A new watchdog, the Office of the Special Inspector General for the Troubled Asset Relief Program (TARP), was created with enforcement powers to oversee part of the program. Soon after, Congress passed the American Recovery and Reinvestment Act of 2009, which created new federal programs and authorized hundreds of billions of dollars in new federal funding. There was also the Fraud Enforcement and Recovery Act (FERA) of 2009, which was intended to strengthen regulatory controls and help prevent and detect potential fraud, waste, and abuse.
All of these new laws, regulations, and enforcement activity were just the opening act for the most sweeping and comprehensive financial regulatory reform since the Great Depression, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).6 This historic piece of legislation once again dramatically altered the regulatory landscape. In addition to many significant changes to the structure of federal financial regulation and wide-ranging provisions covering numerous reforms from corporate governance to executive compensation, Dodd-Frank also greatly altered the enforcement landscape. It contained a number of provisions, both procedural and substantive, that were designed to facilitate enforcement of the securities laws and expand the scope of remedies available to regulators.
The enforcement powers of two agencies, the SEC and the Commodities and Futures Trading Commission (CFTC), in particular, were greatly increased. One such change was in the area of whistleblowers. Dodd-Frank established monetary awards for whistleblowers in any SEC or CFTC enforcement action resulting in a sanction of more than $1,000,000, with award amounts determined as a percentage of the recovery. It also created a private right of action for whistleblowers against employers who retaliate. The CFTC’s mission was also expanded, for the first time, to include oversight of the swaps market.7
Dodd-Frank also strengthened the SEC’s enforcement powers in several key respects. It enabled the SEC to impose monetary penalties under certain circumstances against any person, rather than just regulated entities, in cease-and-desist proceedings. And it expanded federal court jurisdiction for the SEC to bring enforcement actions against persons for activity outside of the United States when an individual takes “significant steps in furtherance” of a violation and the conduct has a foreseeable impact within the United States.
The result of these post–financial crisis laws and regulations has been nothing short of dramatic. The passage of Dodd-Frank and the new powers of the SEC and the CFTC opened the door for a new era of regulatory enforcement focused on restoring the integrity of the capital markets. Since then there has been aggressive enforcement against market abuses and manipulation and insider trading. More particularly, the CFTC, with its newfound enforcement powers, became a major player in enforcement actions for manipulation of LIBOR and the foreign exchange rate (forex), along with other agencies with jurisdiction including the SEC and DOJ. There was also a new round of investigations into the possible manipulation of precious metal prices.
The first wave of investigations and enforcement actions focused on activities of banks falsely inflating or deflating their average interest rates so as to profit from trades. In the United States, LIBOR is used as a benchmark in the derivatives markets, thereby bringing the CFTC into the picture. What followed was one of the most expensive scandals to hit Wall Street since the financial crisis. By the time the dust had settled, as of May 2015, global banks had paid more than $9 billion in fines to U.S. and European regulators. More than 100 traders or brokers have been fired or suspended, 21 have been charged, and several bank executives have been forced out.8
The second wave of investigations focused on the manipulation of foreign exchange rates and led to guilty pleas by four global banks: Citigroup, JPMorgan Chase, Barclays, and Royal Bank of Scotland (RBS).9 Although it was not charged criminally, a fifth bank, UBS, was also accused of foreign currency manipulation. The accusations resulted in the DOJ voiding an earlier non-prosecution agreement (NPA) and requiring UBS to plead guilty to a previous charge of LIBOR manipulation. A sixth bank, Bank of America, while not found guilty, agreed to a fine of $204 million for unsafe practices in foreign markets. All told, the six banks were fined $5.6 billion for their role in the rigging of foreign exchange markets. This was in addition to fines paid in November 2014, when the CFTC fined Citigroup and JPMorgan Chase $310 million each, RBS and UBS $290 million each, and HSBC $275 million for their roles in attempting to manipulate global foreign exchange benchmark rates to benefit their traders’ positions.
Also in the past year, the CFTC and DOJ launched a third wave of new investigations of 10 major financial institutions, including Barclays, Bank of Nova Scotia, Deutsche Bank, Credit Suisse, Goldman Sachs, HSBC, JPMorgan Chase, UBS, Société Générale, and Standard Bank, for possible price-fixing in the precious metal markets10 (which includes gold, silver, platinum, and palladium) for which banks historically set the market.
In addition to these new areas of enforcement activity, government agencies directed their attention to those issues that played a large role in the financial and subprime crisis. Under the auspices of the Financial Fraud Enforcement Task Force and its Residential Mortgage-Backed Securities (RMBS) Working Group, recoveries exceeding $36 billion have been made, with the largest settlement of nearly $17 billion with the Bank of America. There were also investigations related to the packaging, marketing, sale, arrangement, structuring, and issuance of RMBS, collateralized debt obligations (CDOs), and banking practices concerning the underwriting and origination of mortgage loans, all or some believed to be the cause of the financial meltdown of 2008-09. Among the settlements arising from these investigations were ones with Goldman Sachs ($5 billion), Morgan Stanley ($2.6 billion), JPMorgan Chase ($13 billion), and Citigroup ($7 billion).
Not all of the heightened enforcement activity in recent years can be traced to the factors that brought about the financial crisis. Prosecutors and enforcement agencies have also turned their attention to a number of important insider trading cases, perhaps as a way of assuring the public that, regardless of their form, breaches of fiduciary duty in the financial sector would be taken seriously.
In its 2014 and 2015 annual reports, the SEC continued to remind the investment community that insider trading remained a high priority, because illegal tipping or trading undermines “the level playing field that is fundamental to the integrity and fair functioning of the capital markets.” Over the past six years, the SEC and DOJ have brought hundreds of insider trading cases against entities and individuals, including financial professionals, corporate insiders, attorneys, and others from all walks of life.
In an effort to address other abuses that led to the financial crisis, and perhaps one of the most significant outgrowths of the crisis, was the creation by Dodd-Frank of the Consumer Financial Protection Bureau (CFPB). Assuming the oversight of consumer compliance from a patchwork of different federal agencies, the CFPB was created as a watchdog empowered to write rules for consumer protection governing all companies offering consumer financial services or products. These companies include most banks, mortgage lenders, and credit card and private student loan companies, as well as payday lenders.
The CFPB was also given the authority to examine and enforce consumer finance regulations for banks and credit unions with assets of more than $10 billion and all mortgage-related businesses, payday lenders, student lenders, and other non-bank financial companies, such as debt collectors and consumer reporting agencies. The CFPB also oversees the enforcement of federal laws intended to ensure the fair, equitable, and nondiscriminatory access to credit for individuals and communities.
Beginning in 2010, the CFPB wasted no time in getting to work. The agency’s purview has been sweeping and has targeted debt collectors, credit card issuers, mortgage businesses, student loan issuers, and banks from large to small. In his July 2015 testimony11 before the Senate Committee on Banking, Housing, and Urban Affairs, CFPB Director Richard Cordray proudly boasted that in the five years since the passage of Dodd-Frank and the four years since the CFTC opened, it had brought enforcement actions that resulted in more than $10 billion in relief for more than 17 million consumers and that its supervisory actions had resulted in financial institutions providing more than $178 million in redress to more than 1.6 million consumers.
Enforcement actions have targeted misconduct and illegal practices in the mortgage industry, deceptive practices in the marketing and enrollment of credit cards, unfair billing, and illegal debt collection. Among other areas, actions have been taken against payday lenders and installment lenders for unlawful lending and collection practices.12
As part of the new initiatives led by SEC Chair White, which she has referred to as the “broken windows” strategy13—fashioned after the strategy that was used to reduce crime in New York City in the early to mid-1990s by focusing on low-level crimes as a means to reduce more serious crimes—the SEC filed 13514 accounting related enforcement actions in the fiscal year ended in September 2015, a 41 percent increase over the 9615 brought in 2014 and nearly double the accounting related enforcement actions brought in 2013.16 Concededly, these new cases were smaller in scale and mostly involved less egregious conduct than the accounting scandals of the early 2000s.
As part of this renewed initiative, the SEC has used new technologies, and in 2012 it deployed a computerized system designed to root out accounting fraud. To drive this initiative, the SEC set up a task force in 2013 to identify and prosecute financial reporting misconduct.17 There can be little doubt that the SEC is putting more resources into pursuing accounting fraud and is looking into an array of potential accounting fraud cases. These range from how companies recognize revenue to how they value assets and other obligations, and whether disclosures properly inform investors.
These new initiatives resulted in sanctions involving the largest pharmacy healthcare provider in the United States, which settled allegations of misconduct including improper acquisition-related accounting adjustments that boosted reported earnings in 2009. Other significant SEC accounting fraud cases in the wake of the mortgage meltdown involved a $20 million settlement with the Bank of America in which the bank admitted failing to disclose uncertainties about potential higher costs related to mortgage repurchase claims, as part of its $16.5 billion mortgage settlement with the government. Diamond Foods paid $5 million as part of its settlement with the government for inflated earnings related to its failed recording of costs.
More recently in 2015, the SEC settled with a bank holding company charged with misrepresenting the value of the bank’s loan portfolio to investors by failing to downgrade and impair delinquent loans that would not be repaid in full. Other settlements involved a $15 million fine for an online consumer finance company for manipulating company revenues and a $35 million settlement for a China-based advertising company accused of understating the company’s valuation in connection with a management buy-out.
A renewed focus on financial reporting fraud and disclosures in 2014 and 2015 meant that both were record-breaking years for sanctions imposed by the SEC. During SEC Chair White’s first full year in charge, the commission filed 755 enforcement actions and obtained orders for $4.1 billion in penalties and disgorgement.18 In her second year, the SEC filed 807 enforcement actions covering a wide range of misconduct and obtained orders totaling approximately $4.2 billion in disgorgements and penalties.19 This strongly suggests that financial reporting fraud was part of a much broader expansion of enforcement activity.
Shifts in public policies resulting from changes in administration and shifts in domestic priorities have also played a significant role since 2000 in defining enforcement agendas. Two examples of this are the focus since the financial crisis on rising government spending and debt, and the implications of healthcare reform. The most obvious consequences of this focus have been the recent attention to offshore tax evasion as well as fraud, waste, and abuse in government spending, particularly government healthcare reimbursement programs.
The passage and signing into law of the Patient Protection and Affordable Care Act (PPACA) highlighted the provision of healthcare services in the United States. One of the revelations, already well known to providers and consumers of healthcare, was the escalating costs of healthcare, much of it financed by the government. An integral part of the government’s efforts to implement healthcare reform was its commitment to fight fraud, waste, and abuse in healthcare, even touting that its fight, spearheaded by the Department of Health and Human Services and the DOJ, “will continue to improve with the new tools and resources provided by the Affordable Care Act.”20
In fiscal year 2014, the U.S. government spent $836 billion on healthcare, nearly two-thirds for Medicare.21 By 2023, government-financed healthcare expenditure is projected to reach $2.5 trillion and account for 48 percent of national healthcare expenditure. In an attempt to curb these escalating costs, the government has placed a high priority on identifying fraud, waste, and abuse in the provision of healthcare services, with an aggressive regime of enforcement designed not only to recoup misappropriated funds, but also to levy fines and penalties. The government is relying upon an arsenal of laws and regulations, including the False Claims Act (FCA), which allows private citizens to become whistleblowers and bring civil actions on behalf of the government and to share in any recovery; the Anti-Kickback Statute, which prohibits drug and device companies from providing incentives to healthcare professionals and organizations for prescribing their drugs or using their devices; and the Stark Law, which limits certain physician referrals. The government’s efforts have led to more than $14 billion in recoveries under the FCA alone.
In recent years, the life sciences industry, like the healthcare sector, has also come under intense government scrutiny for the misuse of taxpayer dollars, particularly in the pricing of life sciences products that are subject to government reimbursement. Other public policy interests, such as the health and safety of patients, and the transparency and accountability for drugs and medical devices sold to the public, and often reimbursed by the government, have also been drivers of enforcement efforts in the life sciences industry.
In 2013, Johnson & Johnson (J&J) agreed to pay $2.2 billion to resolve criminal and civil liability arising from allegations relating to the promotion of prescription drugs for uses not approved as safe and effective by the Food and Drug Administration (FDA) (referred to as off-label promotions). The settlement also covered allegations that J&J paid kickbacks to physicians (e.g., paying for speaker programs for doctors to tout the purported benefits of certain drugs, defraying the cost of outpatient clinics to administer the drugs and with the resources and support to bill Medicare).
In announcing the settlement with J&J, then Attorney General Eric Holder emphasized the public policy considerations underlying the settlement, noting, “The conduct at issue in this case jeopardized the health and safety of patients and damaged the public trust.” Assistant Attorney General for the DOJ’s Civil Division Stuart F. Delery added, “As patients and consumers, we have a right to rely upon the claims drug companies make about their products. And, as taxpayers, we have a right to ensure that federal healthcare dollars are spent appropriately.”22
Another way in which the government has attempted to address the growing fiscal deficit has been to recoup tax revenues lost in offshore tax havens. Bank secrecy laws in foreign jurisdictions have long provided safe havens for criminals, money launderers, and tax cheats to hide assets from the tax authorities. The result has been not only the loss of billions of dollars in tax revenues, but also a challenge to the enforcement of criminal laws against drug dealers and criminal organizations, among others, and to the effectiveness of AML efforts.
To address this problem, the Internal Revenue Service (IRS) and the Tax Division of the DOJ, along with U.S. Attorneys’ Offices, have focused on foreign financial accounts used to evade U.S. taxes and reporting requirements. The United States has used a variety of tactics to pierce the veil of secrecy and anonymity associated with these accounts. The tactics include reliance on self-reporting requirements of the Bank Secrecy Act; lengthy and complex investigations; agreeing with foreign governments on a range of tax treaties and information exchanges; and enforcement actions against foreign banks.
The passage of the Foreign Account Tax Compliance Act (FATCA) in 2010 closed many of the gaps in prior laws and enforcement efforts. FATCA requires financial institutions outside the United States, including banks, brokerage firms, mutual funds, hedge funds, and certain insurance companies, to report information on financial accounts held by U.S. account holders to the IRS or face 30 percent taxes/penalties on withholdable payments received from U.S. sources.
The results of this focus on cross-border tax evasion have been telling. In the United States, more than 43,000 taxpayers joined a voluntary IRS disclosure program, revealing hidden offshore accounts, and paid $6 billion in back taxes, interest, and penalties.23 In 2008, as a result of government investigations, UBS entered into a deferred prosecution agreement (DPA) with the DOJ, paid a $780 million fine, and turned over 4,700 accounts with U.S. client names that had not been disclosed to the IRS.
Despite this progress, the Senate Permanent Subcommittee on Investigations, Committee on Homeland Security and Governmental Affairs, in its report on Offshore Tax Evasion in February 2014, criticized the DOJ for not having moved more quickly against other Swiss banks and found that “U.S. law enforcement has failed to prosecute more than a dozen Swiss banks that facilitated U.S. tax evasion, failed to take legal action against thousands of U.S. persons whose names and hidden Swiss accounts were disclosed by UBS, and failed to utilize available U.S. legal means to obtain the names of tens of thousands of additional U.S. persons whose identities are still being concealed by the Swiss.”24 Notwithstanding the criticism, it appears that the DOJ Tax Division has been investigating scores of other Swiss banks regarding accounts held by U.S. citizens and in the second half of 2015, the DOJ entered into 75 NPAs and DPAs associated with the DOJ Tax Swiss Bank Program. More than $1 billion was recovered under the program.25 Even more recently, Julius Baer announced an additional $547 million agreement in principle with the DOJ.26
Offshore tax evasion enforcement took on global dimensions with the release in August 2015 by the Organization for Economic Cooperation and Development (OECD) of three reports.27 The documents are intended to help governments and financial institutions implement the global standard for the automatic exchange of financial account information to combat offshore tax evasion.
Over the past 20 years, we have witnessed a global shift in political and economic power away from the United States, in a phenomenon Fareed Zakaria has described as “the rise of the rest.”28 Among the drivers of enforcement priorities, the risk of doing business in emerging economies has created a new regime of enforcement that did not exist in the twentieth century. With accelerated globalization has come a growing recognition that corruption is endemic in many countries, especially in emerging markets, and that corruption has had a corrosive impact distorting worldwide competition.
Over the past decade, people have become more aware of the harm of corruption on the legitimacy of governments and international commerce. This has prompted efforts to curb the practice of bribery, particularly in the passage and enforcement of anti-bribery and corruption laws around the globe.
For more than two and a half decades since the passage of the FCPA in 1977, the United States stood virtually alone in criminalizing the bribery of foreign government officials, and there seemed to be little appetite in the United States, and virtually none outside of the United States, to prosecute this activity. But in 2004–05, all of this changed. The DOJ and SEC dusted off the FCPA and, with unprecedented vigor, started prosecuting companies and individuals who violated its provisions.
At the same time, dozens of foreign countries passed similar anti-corruption laws and stepped up their enforcement efforts. Perhaps most significantly, enforcement activities have ramped up as never before in Brazil (Embraer and Petrobras), China (GSK), and the EU (Yara International of Norway and SBM Offshore of the Netherlands). In November 2014, U.S. Assistant Attorney General Leslie Caldwell noted, “The global trend against foreign corruption continues to face many challenges, but the tide has turned.” With enforcement actions taking place around the globe, there is strong evidence that an anti-corruption trend has been established, with little indication of it subsiding.
The United States continues to take the lead in its enforcement against corruption. While the number of U.S. enforcement actions has been stable in 2012–14 compared to its peak year in 2010, penalties of more than $1.5 billion in 2014 amounted to more than double the amount collected in 2013 and more than the previous three years combined.29 Outside the United States, there were more enforcement actions in 2014 regarding the bribery of foreign officials than in any other year of the previous decade, other than in 2011.30 Other notable recent trends include increased cross-border cooperation with foreign law enforcement; continued emphasis by the DOJ and the SEC on the benefits of self-reporting and cooperation; and a sustained focus on the prosecution of individuals, both U.S. and non-U.S. citizens.
Most notably in the past year, the Brazilian government’s investigation of the state-run oil company, Petrobras, has dominated headlines, a firm sign that Brazil’s 2013 Anti-Corruption Law will be enforced. In March 2015, the Brazilian Office of the Comptroller General, the chief federal enforcement authority for anti-corruption, announced that it had extended its probe and opened cases against 10 Brazilian construction companies doing business with Petrobras. At the same time, Brazil’s Supreme Court approved investigations of 54 politicians allegedly involved in kickback schemes. In all, more than 200 companies and 80 individuals faced possible charges.31 As of August 2015, there were 117 indictments, five politicians had been arrested, and criminal charges had been brought against 13 companies. It has been estimated that the total of all bribes amounted to nearly $3 billion.32
The new era of regulatory enforcement in the United States has been defined as much or more by government tactics as it has been by the areas that the government has chosen to pursue. These new tactics since 2000 are the result of not only a more aggressive enforcement posture, but also the passage of new laws that have expanded the authority of enforcement agencies and provided them with new tools to achieve their objectives. Also, new technologies, and the willingness and ability to deploy them, have added significantly to the enforcement arsenal.
The expanded use of whistleblowers has been a game changer in the new era of regulatory enforcement and has become a favored tool of the government.33 To be sure, whistleblower laws have served as useful means to identify potential wrongdoing by incentivizing those with knowledge of such wrongdoing to report directly to the government. These laws have also served another important policy objective. They have created a strong incentive for corporations to shore up their internal reporting mechanisms so that potential whistleblowers will report potential wrongdoing internally through a company’s compliance mechanisms.
As mentioned earlier, Dodd-Frank created strong incentives—10 to 30 percent of fines and penalties were more than $1 million—to encourage persons to report potential violations of the federal securities laws or of the Commodities Exchange Act to the SEC and the CFTC, respectively. Since the whistleblower program began in August 2011, the SEC has received more than 14,000 tips from whistleblowers. In fiscal year 2015, eight whistleblowers received more than $37 million, including an award of $30 million to a single whistleblower, the highest award to date under the program. The number of whistleblower tips has increased each year since the program’s implementation, with a 30 percent increase from 2012 to 2015.34
A particular challenge for companies today is the effectiveness of their anti-retaliation policies and processes. The SEC has stated on numerous occasions that it is paying special attention to instances of retaliation against whistleblowers, even where the underlying whistleblower reports were later unsubstantiated. The SEC has also focused on confidentiality agreements with employees in severance agreements or other agreements attempting to prevent employees from coming forward to the SEC.35 In April 2015, the SEC said that it had fined KBR, a Houston-based entity, for violating whistleblower protections by requiring “witnesses in certain internal investigations interviews to sign confidentiality agreements with language warning that they could face discipline and even be fired if they discussed matters with outside parties without the prior approval of KBR’s legal department.”36
Other government agencies have found whistleblower programs to be a valuable tool in their enforcement arsenal. Relying in large measure on the actions of private citizens to identify and report government fraud, the FCA has long been a key enforcement tool for the federal government in matters involving government contracts or other government expenditures. Many states and large cities have also enacted their own false claims laws.
In essence, the FCA provides for private citizens (whistleblowers) to file a qui tam civil complaint with the government. If the government decides to go forward with the qui tam action and is successful, the relator is entitled to receive 15 to 30 percent of the amount recovered by the government. This is an enormous incentive since violators of the FCA are liable for three times the amount that the government is defrauded and for civil penalties of $5,000 to $10,000 for each false claim.
The FCA was enacted in 1863 during the Civil War to address the problem of suppliers defrauding the Union Army and has been amended many times since then, most significantly in 1986 and more recently in 2009 in the aftermath of the financial crisis. In the latter case, FERA was enacted and changes were made in 2010 as part of the PPACA. Since FERA amended the FCA, the government has collected nearly $25 billion under the act, initiating more than 4,000 new FCA matters.37 Before 2010, there was only one year in the history of the FCA when more than 700 new FCA matters were filed.
In 2014, the Justice Department recovered nearly $6 billion under the FCA,38 an unprecedented amount. Previously, the most robust FCA enforcement had been in the healthcare and defense/procurement sectors, but in 2014, more than half of the $6 billion ($3.1 billion) was from settlements with financial institutions, most of the rest ($2.3 billion) was from Medicaid and Medicare fraud cases. Also, it is worth noting that nearly half of the $6 billion was recovered through lawsuits (qui tam actions) originally filed by whistleblowers.
In 2015, saw a slight decline in government recoveries under the FCA with over $3.5 billion in settlement or judgments.39 Nonetheless, the FCA remains a powerful weapon in the government’s arsenal against fraud and corruption. FCA enforcement continued to cover any industry that received government funding from healthcare to defense contracting to housing finance, to education, to technology and beyond. Of particular note is that of the $3.5 billion recovered, $2.8 billion related to recoveries from qui tam actions, and interestingly $1.1 billion or 32% of the year’s recoveries were from cases filed by whistleblowers in which the government did not intervene.40
The IRS also has a whistleblower law41 that enables private individuals to report on companies’ and individuals’ underpayments of tax, and persons otherwise guilty of violating the internal revenue laws. The IRS Whistleblower Law, like the FCA, rewards whistleblowers who report allegations of fraud on the government. In general, a whistleblower can receive an award of 15 to 30 percent of the collected proceeds (including penalties, interest, additions to tax, and additional amounts). In fiscal year 2014, the IRS made 101 awards to whistleblowers, totaling $52 million.42
With or without the government’s intervention, there is little doubt that FCA cases will continue. While the trend of relators bringing actions, even without the government’s intervention, will likely rise, no one should question that the government remains strongly committed to the use of this powerful tool. In a September 2014 speech,43 Assistant Attorney General for the Criminal Division Leslie Caldwell said that the DOJ would “be stepping up (its) use of one tool (to combat crime) . . . (and) investigating and filing cases under the False Claims Act. Through our Fraud Section, we will be committing more resources to this vital area, so that we can move swiftly and effectively to combat major fraud involving government programs.”
In the same way that the private sector over the past few years has learned to harness “big data” and use data and analytics tools and techniques to develop business insights and manage risks, so too has the government begun to make use of the same tools and techniques to assist in its identification of potential wrongdoing. It is widely known that agencies such as the SEC, Financial Industry Regulatory Authority (FINRA), and CFTC are using sophisticated data and analytics and trade surveillance techniques to investigate market manipulation and insider trading cases.
An example of this is the SEC’s Division of Economic Risk and Analysis (DERA), which has developed a computer program, Accounting Quality Model (AQM), that analyzes large amounts of companies’ financial data looking for outliers that would be indicators of financial reporting abuses. In addition to looking at various fraud indicators, it relies on an analysis of financial ratios to identify potential anomalies. More recently, DERA has stated that it is developing text analytics to identify potential deception in SEC filings or other public information.
The CFTC also performs broad types of surveillance including market, financial risk, and business analytics. The CFTC’s market surveillance includes the monitoring of trading and positions of market participants on an ongoing basis. Through the acquisition and leveraging of large volumes of information throughout the organization and the development of sophisticated analytics, it seeks to identify trends and/or outlying events that warrant further investigation.44 Its financial risk and surveillance technology enables it to identify traders whose large open trading positions might pose a financial risk to the industry or a clearing firm. Finally, its business analytics platform allows it to keep pace with the growth in industry data volume and complexity to improve its ability to conduct surveillance, investigations, and economic analysis. Not to be left behind, FINRA has also made known its efforts to develop a suite of “big data” information sources and analytics to improve its regulatory oversight of securities firms.45
In addition to parallel enforcement actions by state and local agencies within the United States, perhaps the most pervasive change over the past few years has been the increased cooperation among global regulators and government enforcers. This is especially so in the areas of anti-bribery and corruption, AML, and market manipulation. Assistant Attorney General Leslie Caldwell emphasized this point when she observed, “[W]e increasingly find ourselves shoulder-to-shoulder with law enforcement and regulatory authorities in other countries . . . and this includes not just our long-time partners, but countries in all corners of the globe.”46
One example of the pervasiveness of global cooperation that brought together authorities in Europe, the Middle East, and Asia was the investigation and settlement of bribery charges against Alstom S.A., a French power and transportation company.47 In December 2014, Alstom agreed to pay a $772 million criminal fine, the largest FCPA criminal fine up to that time.48 Alstom pleaded guilty to resolve charges of corruption around the globe, including in the Bahamas, Egypt, Indonesia, Saudi Arabia, and Taiwan. In its press release announcing the guilty plea and settlement, the DOJ acknowledged the assistance of authorities in Indonesia, Switzerland, Saudi Arabia, Cyprus, and Taiwan. In addition, the United Kingdom and Indonesia have also filed charges related to corruption.
In an effort to bring greater efficiency to enforcement and to leverage its limited resources, the DOJ has increasingly turned to the use of civil fraud complaints, while the SEC has made greater use of administrative proceedings. The result has been that in the first half of fiscal year 2015, the SEC levied more civil penalties than in any other comparable six-month period since 2005.49
Since the passage of Dodd-Frank, the SEC has chosen to bring an increasing number of enforcement actions to its in-house administrative law judges (ALJs) instead of federal district courts. Dodd-Frank expanded the range of individuals who are subject to SEC administrative proceedings and increased penalties that could be imposed by ALJs in these proceedings. Administrative proceedings versus proceedings in district courts also have the advantage for the SEC of limiting the scope of discovery, not requiring a jury, and not being subject to the federal rules of evidence. Clearly, the SEC is availing itself of the new authority and jurisdiction of its ALJs.
The use of administrative proceedings has come under some criticism, and litigants have challenged the jurisdiction and use of ALJs by the SEC. To address some of this criticism, in May 2015, the Division of Enforcement released written guidelines on the factors (e.g., use of limited SEC resources, types of claims, and legal theories, etc.) that it will consider when determining whether to bring contested enforcement actions in federal court or before its own ALJs.
More recently, in September 2015, the SEC announced that it had voted to propose amendments to rules governing its administrative proceedings.50 While these changes address some of the criticism by moving closer to what a charged party might receive in federal court by, among other things, expanding the administrative proceeding schedule, making greater discovery available to respondents, and providing for the exclusion of unreliable evidence, critics nonetheless still argue that the amendments do not go far enough and still do not equate with the rights afforded in a federal civil proceeding.51 Perhaps as a result of this mounting criticism, it appears as though the SEC may have slowed down the number of contested cases that it is sending to administrative law judges. In the full fiscal year ended in September 2015, the SEC sent 28 percent of its contested cases to its administrative judges compared to 43 percent for the previous 12 months.52 Where the SEC will end up on this issue remains to be seen.
Just as the SEC has made greater use of administrative proceedings, the DOJ has relied more on bringing civil fraud proceedings where it once might have considered bringing a criminal case. The use of civil fraud complaints has its advantages. Civil fraud cases require a lower burden of proof and give the government the advantage of conducting more expansive discovery than would otherwise be the case in a criminal matter. In addition, these quasi-criminal actions are brought by a prosecuting attorney, often require admissions of wrongdoing to settle and offer no guarantee against a subsequent criminal charge for the same conduct.53 As one legal commentator observed, “[I]n place of grand jury indictments, the Department of Justice has focused more and more on bringing fraud charges against entities and individuals through civil complaints alleging violations of FIRREA [the Financial Institutions Reform, Recovery, and Enforcement Act] or the False Claims Act.”54
Even though corporations have been the object of extensive fines, penalties, and sanctions, it is individuals within the organization who commit wrongdoing, not the company, and it is individuals who have the responsibility to ensure that the company upholds standards of integrity designed to prevent and detect wrongdoing.
While prosecutions of individual wrongdoing have always been part of the government’s enforcement strategy, the DOJ put an exclamation point on its intention to focus on individual wrongdoing in a memorandum (Yates Memo) released in September 2015 and followed by a major policy address55 the next day by Deputy Attorney General Sally Q. Yates. The memorandum issued new guidelines to government prosecutors regarding individual accountability for corporate wrongdoing. While some of the points in the memo reflect existing practices regarding the investigation and prosecution of corporate wrongdoing, other points, however, are groundbreaking and create new challenges for internal corporate investigations.
In setting out six principles to guide DOJ enforcement actions, the main message was the requirement that a company seeking cooperation credit by self-reporting must make full disclosure of wrongdoing, particularly by identifying culpable individuals within the organization. Deputy Attorney General Yates discussed the rationale for the six principles in saying, “Some are institutional policy shifts that change the way we investigate, charge and resolve cases. Some address the way that DOJ interacts with the targets of an investigation. Some of these policies are new and some are already being practiced at various places within DOJ but now will apply to everyone across the department. Fundamentally, these new policies ensure that all department attorneys—from main justice to the 93 U.S. Attorney’s Offices across the country—are consistent in using our best efforts to hold individual wrongdoers accountable.”
The six principles are:
To be sure, even prior to the release of the Yates Memo, the government had made clear that it intended to focus its enforcement efforts on individuals within the organization, with a particular emphasis on gatekeepers. In the first six months of fiscal year 2015, median fines levied by the SEC on individuals were the highest in a decade, with half of the fines exceeding $122,500. This represents a 66 percent increase since 2005, when half the fines exceeded $60,000. This comes at a time when median fines paid by firms have declined sharply. In the same period of time, half of the SEC’s fines on firms fell below $200,000, a decline from $600,000 in 2005.56
An example of the government’s focus on gatekeepers can be seen in enforcement actions of the SEC in 2015. The SEC has made a point of charging compliance personnel who fail to identify and call out wrongdoing in their companies.57 In August 2015, the SEC brought an action against a former compliance consultant in the Retail Control Group of the compliance department at Wells Fargo and its predecessor entities.58 However, an SEC administrative law judge, Cameron Elliot, refused to sanction59 the former compliance consultant for violating securities laws even though he found that the consultant failed to raise any red flags indicating insider trading by a Wells Fargo employee despite evidence to the contrary. In 2015, the SEC charged chief compliance officers (CCOs) from BlackRock and SFX Financial Advisory Management Enterprises for allegedly failing to properly implement compliance procedures at their respective firms. In 2014, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) fined the CCO of MoneyGram $1 million for failing to ensure that his company abided by the AML provisions of the Bank Secrecy Act.
In 2014, Andrew Ceresney, the SEC Director of the Division of Enforcement, provided the standard for the type of conduct that could lead to liability for a compliance or legal officer when he said, “we have brought—and will continue to bring—actions against legal and compliance officers when appropriate. This typically will occur when the Division believes legal or compliance personnel have affirmatively participated in the misconduct, when they have helped mislead regulators, or when they have clear responsibility to implement compliance programs or policies and wholly failed to carry out that responsibility.”60
Over the past 15 years, prosecutors and enforcement agencies have brought actions intended not only to determine liability and assess fines and penalties, but also to reform industry practices. To this end, the government has frequently used corporate settlements and integrity agreements for settling corporate fraud and misconduct in the form of DPAs and NPAs and the requirement of monitors to police these agreements. Some changes are under discussion, but the DOJ’s and the SEC’s continued aggressive use of DPAs and NPAs is a clear indication that these resolutions are “a vital part of the federal corporate law enforcement arsenal, affording the U.S. government an avenue both to punish and reform corporations accused of wrongdoing.”
In 2015, the DOJ and SEC entered into 100 DPAs and NPAs. This was a substantial increase over 2014 when the DOJ and the SEC entered into a total of 30 DPAs and NPAs, two more than the number issued in 2013. The overwhelming number of DPAs and NPAs have been with the DOJ. Many of these have been related to the FCPA. In 2015, the substantial majority of the 100 corporate DPAs and NPAs were associated with the DOJ Tax Swiss Program.61
Assistant Attorney General Caldwell stated that these negotiated resolutions allow the DOJ to “impose reforms, impose compliance controls, and impose all sorts of behavioral change.”62 She went on to describe these settlements as “a more powerful tool than actually going to trial.” DPAs and NPAs are likely to continue to be used for the foreseeable future as the DOJ Tax Division settles with approximately 100 Swiss banks related to their participation in a DOJ tax disclosure and non-prosecution program.63
In the healthcare and life sciences sectors, the regulators often settle matters with companies alleged to have engaged in fraudulent conduct through the use of corporate integrity agreements (CIAs). These function in a similar way to DPAs and NPAs in that they require the settling party to comply with requirements related to the conduct of its business. As with DPAs and NPAs, settlements under a CIA will frequently require the company to engage an independent review organization (IRO) to monitor, test, and attest to compliance with specific matters in the CIA. The CIA has become an important vehicle used by the government to change industry practice. For example, between 2004 and 2009, settlements were reached with 11 manufacturers to resolve allegations of improper promotion of drugs for unauthorized purposes (off-label promotion). By 2015, the list was more than 30.
One important common component of many settlements with federal and state regulators is the requirement that after a settlement the corporation hire a monitor for a period of time to review and report on the company’s compliance efforts. In most cases, the “monitor’s primary responsibility should be to assess and monitor a corporation’s compliance with those terms of the agreement that are specifically designed to address and reduce the risk of recurrence of the corporation’s misconduct, including, in most cases, evaluating (and where appropriate proposing) internal controls and corporate ethics and compliance programs.”64 The use of corporate monitors as a means to verify an organization’s compliance with settlement agreements has become an increasingly popular tool of the government. It is estimated that 40 percent of DPAs and NPAs with the DOJ and the SEC from 2004 through 2010 included the requirement of a monitor.65
The government will consider a number of factors in determining the need for a monitor, including the severity, duration, and pervasiveness of the offense or misconduct and subsequent remediation efforts. To address the criticism about the cost of monitorships, recent settlements with the DOJ and SEC involving separate matters with Weatherford International and Avon Products Inc. have included a hybrid approach of requiring the company to retain a monitor for 18 months and then self-report for 18 months thereafter.66
As a condition of leniency and as a way of affecting corporate behavior, government enforcement agencies make a practice of evaluating the effectiveness of an organization’s compliance programs. The government will seek, among other things, to determine whether there is a strong culture of integrity, whether third-party risk has been mitigated, and whether internal controls have been designed and implemented to ensure that the risk of misconduct within the organization has been addressed.
The challenge for many organizations is that there is no universally accepted definition of an effective compliance program. Guidance for what the government will require in a compliance program can be found in a number of different sources. Compliance programs are mandated under numerous laws and regulations, including, but not limited to, the Bank Secrecy Act’s anti-money laundering rules, the Dodd-Frank Act’s rules on swap dealers and futures commission merchants, SEC rules governing investment advisors and investment companies, bank regulations implementing the Volcker Rule against proprietary trading by banking firms, and rules of self-regulatory organizations such as FINRA and NASDAQ. Agreements to institute or upgrade compliance programs are often found in consent agreements with regulatory agencies, deferred prosecution agreements and non-prosecution agreements, and settlements of shareholders derivative lawsuits and class action litigation.67
One of the best examples of the benefit of an effective compliance program was the case of Morgan Stanley where the managing director of their Chinese real estate investment and fund advisory group secretly arranged the payment of nearly $2 million to himself and a Chinese government official, disguised as finder’s fees that Morgan Stanley’s funds owed to third parties. Even though the managing director pleaded guilty to FCPA violations and the DOJ and SEC could have charged Morgan Stanley with criminal and civil violations of the provisions of the FCPA, the government declined to charge Morgan Stanley. In declining to bring any enforcement actions against Morgan Stanley, the government explicitly pointed to the company’s voluntary disclosure of the matter and how it had constructed and maintained a system of internal controls reasonably designed to avoid the conduct that its managing director pleaded guilty to, and a robust compliance program that itself included, among other things, anti-corruption policies, extensive training programs, various reminders of the company’s gift-giving and entertainment policies, guidance on the engagement of consultants, requirements for employees to disclose outside business interests, and annual certifications of adherence to Morgan Stanley’s code of conduct.
One of the most important developments in recent years is the government’s heightened scrutiny of the effectiveness of an organization’s compliance program. Assistant Attorney General Caldwell stressed the need for companies to design compliance programs “that don’t just look good on paper, but actually work.” She described a company’s compliance program and its compliance personnel as “the first lines of defense against fraud, abuse and corruption” and made clear that from the perspective of the DOJ “effective compliance programs are those that are tailored to the unique needs, risks and structure of each business or industry.”68
More specifically, Assistant Attorney General Caldwell listed the hallmarks of what the government would examine to determine if a company’s compliance program was effective. These hallmarks included:
For practical guidance, Assistant Attorney General Caldwell referred companies and their attorneys to documents released by the DOJ in connection with the resolutions of investigations, including plea agreements, DPAs, and NPAs, to determine whether a compliance program will pass muster. The principal guidance for what constitutes an effective compliance and ethics program can be found in the FS Guidelines that were originally adopted in 1991 and amended in 2004 and 2010. Organizations that can demonstrate good corporate citizenship, including voluntary disclosure of misconduct to the government, full cooperation with government investigations, and an effective compliance and ethics program can mitigate, or even avoid, potential criminal sanctions.
The DOJ and the SEC, in interpreting the FS Guidelines, have made it clear69 that the effectiveness of a company’s compliance program will be a critical factor in determining the outcome of an enforcement proceeding and whether the proceeding will result in criminal charges, the requirement of a monitor, or whether potential penalties and fines will be mitigated. From the perspective of the DOJ, compliance programs must not only have the hallmarks discussed by Assistant Attorney General Caldwell, but they must also have adequate governance, technology infrastructure, software, and record keeping to be able to document the effectiveness of the company’s compliance program.
Since the FS Guidelines are very broad, the DOJ, SEC, and other agencies have issued additional guidance over time. One such attempt at clarification can be found in the “Hallmark of Effective Compliance Programs” contained in the Resource Guide to the FCPA.70 This additional guidance provides companies and their attorneys more detailed direction on how the government will assess a company’s efforts at preventing, detecting, and responding to potential misconduct. Other guidance can be found in the “Principles of Federal Prosecution of Business Organizations” in the U.S. Attorneys’ Manual.71 Perhaps the most explicit indicator of the government’s seriousness about its evaluation of a company’s compliance program was the DOJ Fraud Section’s hiring of Hui Chen as compliance counsel to provide expert guidance to prosecutors as they consider the enumerated factors in the U.S. Attorney’s Manual and whether a company has taken meaningful remedial actions.72
The experiences of the first 15 years of the twenty-first century hold some powerful lessons for business leaders as they seek to avoid the consequences that have plagued corporations that were unprepared for the relentless, often unpredictable, flow of events and circumstances that have been the genesis of the new era of regulatory enforcement that exists today. Effectively managing risk in this new era is not only a challenge for business leaders, it is an imperative. No responsible organization can hope to thrive, let alone survive, in this environment unless it is prepared to devote the effort and resources that are necessary to ensure that it has appropriate and effective governance, risk, and compliance programs and processes in place to foster and support a culture of integrity.
The pace, volume, and complexity of regulatory change, together with the heightened scrutiny, broader authority, and more aggressive tactics of enforcement authorities have raised the bar to new heights for companies. Compliance can no longer be looked at as an isolated or occasional exercise. It must now be part of a continuing alignment and integration of the activities and businesses of an organization. All parts of a company need to be responsible and accountable for fostering a culture of integrity that sets and supports core values, understands its risk profile and tolerance, and embeds ethics and compliance into its business strategies and operations as well as its performance management and compensation framework.
Those organizations that will lead the way in this new era will not only seek to comply with the letter of the law, but will also work tirelessly to create an environment of trust with their employees, customers, regulators, and shareholders that is based on sound ethical principles and behaviors. This is not only a prescription to manage the risks in the new era of regulatory enforcement but also a way forward to strengthen a company’s brand and reputation and to ensure its sustainable success.