Normally, when the Justice Department brings charges of Foreign Corrupt Practices Act violations against company executives, charges against the company itself aren't far behind.

That is, unless you are Morgan Stanley.

In what legal experts say is a first-of-its-kind case (or at least the first one that has been publicized), the U.S. Justice Department and the Securities and Exchange Commission opted not to bring an enforcement action against Morgan Stanley over violations of the FCPA, citing the company's robust compliance program as the reason for declining to prosecute. The case stands in sharp contrasts to the events unfolding at Walmart, where management is accused of burying the findings of an internal FCPA investigation. Walmart now faces stiff penalties and massive fallout from the charges. 

The decision not to pursue charges of any kind is a marked departure from previous cases. Typically, the Justice Department and the SEC give companies credit for  strong compliance programs, often entering into non-prosecution agreements or deferred prosecution agreements, which almost always come with strings attached.  It's rare that companies get complete exoneration, without so much as a slap on the wrist.

“What's different about this case is that it is a homerun,” says Jeffrey Kaplan, a partner with law firm Kaplan & Walker. “It's a perfect case for compliance officers to go to their boards, their senior executives, their employees to show that their compliance programs really do count.”

“This is one of the most significant prosecutorial events the compliance community has ever seen,” says Roy Snell, CEO of the Society of Corporate Compliance and Ethics. “Corporate America has been sent a clear message that those who try will be rewarded. Those who don't try should take note.”

Historically, the Justice Department has only revealed cases where it has given credit for compliance programs and improvements implemented after a violation occurred—as part of a settlement, for example. Such a practice has sparked criticism lately from the business community, academics, and practitioners, who argue that such a policy rewards wrongdoers rather than the companies that institute strong compliance programs.

“There has been a loud call to install a compliance defense for companies,” says Tom Gorman, a former SEC senior counsel in the enforcement division and now a partner with Dorsey & Whitney. “This case seems to recognize that issue.”

The Morgan Stanley case stems from allegations of fraud committed by one of Morgan Stanley's managing directors, Garth Peterson. According to the SEC complaint filed last month in U.S. District Court for the Eastern District of New York, Peterson circumvented the company's internal controls when he convinced Morgan Stanley to sell real-estate interest to Chinese state-owned entity Shanghai Yongye Enterprise.  Unbeknownst to Morgan Stanley, Yongye was actually a shell company owned by Peterson and the chairman of Yongye.

The complaint also alleged that Peterson arranged to pay himself and the Chinese official $1.8 million in fraudulent finders' fees that Morgan Stanley's funds purportedly owed to third parties. “This case illustrates the SEC's commitment to holding individuals accountable for FCPA violations, particularly employees who intentionally circumvent their company's internal controls,” said SEC's Division of Enforcement Director Robert Khuzami in a statement.

The Department of Justice cited similar concerns when it announced that it was pursuing criminal charges against Peterson. “This defendant used a web of deceit to thwart Morgan Stanley's efforts to maintain adequate controls designed to prevent corruption,” said U.S. Attorney Loretta Lynch for the Eastern District of New York. “Despite years of training, he circumvented those controls for personal enrichment.”

“What's different about this case is that it is a homerun. It's a perfect case for compliance officers to go to their boards, their senior executives, their employees to show that their compliance programs really do count.”

—Jeffrey Kaplan,


Kaplan & Walker

As part of his settlement with the SEC, Peterson will be permanently barred from the securities industry, pay more than $250,000 in disgorgement, and relinquish his interest in the Shanghai real estate.

Peterson pleaded guilty in New York federal court in April to conspiring to evade internal accounting controls that Morgan Stanley was required to maintain under the FCPA. During sentencing, scheduled for July 17, Peterson faces up to five years in prison and a maximum fine of $250,000. 

Compliance Credit

One of the top factors to winning exoneration for Morgan Stanley was how quickly it moved to launch a full internal investigation into the charges against Peterson. According to the SEC, the company conducted a “thorough internal investigation to determine the scope of the improper payments and other misconduct involved.”

The Justice Department similarly credited the company with constructing and maintaining a system of internal controls, “which provided reasonable assurances that its employees were not bribing government officials.”

Both agencies specifically cited the following compliance practices as reasons not to bring an enforcement action:

Maintaining strong internal controls: The Justice Department credited Morgan Stanley with maintaining a system of internal controls designed “to ensure accountability for its assets and to prevent employees from offering, promising, or paying anything of value to foreign government officials.” The company additionally took care to update such controls on a regular basis “to reflect regulatory developments and specific risks, prohibit bribery, and address corruption risks.”

Frequent training on internal policies: Morgan Stanley frequently trained its employees on its internal policies, the FCPA, and other anti-corruption laws.  Between 2002 and 2008, Morgan Stanley trained various groups of Asia-based personnel on anti-corruption policies on at least 54 occasions. 

During the same period, Morgan Stanley trained Peterson on the FCPA at least seven times. In addition to live and Web-based training, Peterson participated in a teleconference training seminar in June 2006 conducted by Morgan Stanley's global head of litigation and the global head of its anti-corruption group, according to the SEC.


Below is a summary of Morgan Stanley's anti-corruption rules from the company's code of conduct:

We prohibit all forms of bribery. In particular, we prohibit offering, promising, giving or authorizing others to give anything of value, either directly or indirectly, to any party in order to gain an unfair business advantage, such as obtaining or retaining business. We also prohibit receiving, or agreeing to receive, anything of value that results or may result in the improper performance of your duties as a Morgan Stanley employee.

Special considerations apply when interacting with a Government Official. “Government Official” is broadly defined and includes: (i) officials and employees; (ii) agents, advisors or consultants; and (iii) other individuals acting in an official capacity on behalf of:

Governments and governmental agencies and instrumentalities;

Companies or organizations that are partially or wholly owned or controlled by governments or governmental agencies (notwithstanding that the company may be publicly listed); or

Political parties and political candidates.

You must use the Events and Conferences System to obtain preclearance from your supervisor and your regional anti-corruption group representative before giving gifts, entertaining, or providing anything of value to a government official or private client. For specific preclearance thresholds, consult the Global Anti-Corruption Policy, as well as the applicable expense management policy for your business.

Corruption risk also exists when Morgan Stanley hires a third party to act on Morgan Stanley's behalf in order to obtain or retain business, known as a “Business Partner,” or when Morgan Stanley takes a majority interest in an entity. Before retaining a business partner, such as a co-investor, agent, consultant, joint venture partner, or other business intermediary, you must conduct due diligence through Morgan Stanley Corporate Security and seek preclearance from your regional anti-corruption group representative through the Business Partner System. Similarly, you must conduct transactional due diligence when Morgan Stanley is considering taking a majority interest in an entity in order to address potential legal, regulatory, and franchise corruption risk concerns. Factors to consider include an entity's reputation, its industry, and geographic location.

Source: Morgan Stanley.

Written compliance certifications: Morgan Stanley additionally required each of its employees, including Peterson, annually to provide written certifications that employees are adhering to Morgan Stanley's code of conduct, which includes a portion that directly addresses corruption risks and activities in violation of the FCPA.

Frequent FCPA-related compliance reminders: A Morgan Stanley compliance officer specifically informed Peterson in 2004 that employees of Yongye were government officials for purposes of the FCPA.

Peterson also received at least 35 FCPA-related compliance reminders. These reminders included circulations of Morgan Stanley's anti-corruption code of conduct; policies on gift-giving and entertainment; guidance on engagement with consultants; and policies addressing specific high-risk events, including the Beijing Olympics.

Continuous monitoring: The Justice Department further credited Morgan Stanley for its continuous monitoring practices: “Morgan Stanley's compliance personnel regularly monitored transactions, randomly audited particular employees, transactions, and business units, and tested to identify illicit payments.”

The Justice Department and the SEC further credited Morgan Stanley with conducting extensive due diligence on all new foreign business partners and for imposing stringent controls on payments made to business partners. “Both were meant to ensure, among other things, that transactions were conducted in accordance with management's authorization and to prevent improper payments, including the transfer of things of value to officials of foreign governments,” according to the SEC. Morgan Stanley additionally required its employees, including Peterson, annually to disclose their outside business interests.

Matt Burkhard, a spokesman for Morgan Stanley, says the company is pleased that this matter is resolved. “We cooperated fully with the government, and we are very satisfied with this outcome,” he says.

While Morgan Stanley's compliance program earned it a reprieve, it doesn't mean it serves as a model to be readily copied, since every company has different circumstances and needs, say anti-corruption experts. Compliance officers should also take care not to assume that the internal controls drawn out by the prosecutors are the only ones that matter, stresses Kaplan. Prosecutors highlighted the compliance processes in this particular case that helped show where the employee circumvented internal controls. “Looking at the bigger picture, there is still a lot more that companies need to do as it applies to their own anti-corruption and compliance programs,” he says.

Still, the case serves as a victory for compliance efforts. “Sometimes people question, ‘do we need to have all these compliance controls? Is this really necessary?' says Kaplan. “This is as good as a case that we've had to date as to why a lot of this stuff really matters.”

Going forward, the hope is that the Justice Department and the SEC will continue to provide examples such as the Morgan Stanley case, and continue to give guidance in situations where they decline to prosecute, Gorman says, “because it is very helpful to the business community.”