The Department of Justice is warning compliance officers at U.S. banks that more needs to be done to prevent financial crime at their companies and that it will come down hard on the company when misdeeds can be traced back to failures in compliance programs.
In a speech last month at the Money Laundering Enforcement Conference, Deputy Attorney General James Cole expressed frustration over lackluster compliance efforts at banks. “Despite years of admonitions by government officials that compliance must be an important part of a corporation's culture, we continue to see significant violations of law at banks, inadequate compliance programs, and missed opportunities to prevent and detect crimes,” he said.
During the last year alone, banks have paid $17 billion in settlements to U.S. law enforcement and regulators, according to Cole, not including the $13 billion settlement various government agencies reached with JPMorgan Chase over improper mortgage lending practices and securitizations. Included in the figure, for example, is the $3.7 billion in penalties from resolutions reached, thus far, with Rabobank, Barclays, UBS, RBS, and brokerage firm ICAP in the manipulation of LIBOR and other benchmark interest rates.
“This is a very tough enforcement environment for the banking industry,” says Jean Veta, a partner with law firm Covington & Burling. “The Justice Department is under significant political pressure to get tough on the banks, and I think they're reacting to that pressure.”
The list of financial crimes that the Justice Department is increasingly focusing on include:
Money laundering;
Violations of the Bank Secrecy Act;
Mortgage origination fraud;
Tax violations involving off-shore accounts;
Discriminatory lending practices; and
Manipulation of foreign exchange rates.
The Justice Department is also pursuing crime under other statutes, as well. “We've seen an increased interest in the Justice Department using the False Claims Act against banks, and I think that will continue,” says Veta. “Similarly, we're seeing an increased focus on the use of Financial Institutions Reform, Recovery, and Enforcement Act.”
Ken Springer, president and founder of investigations and consulting firm Corporate Resolutions, says more insider-trading cases are on the horizon too. “They're probably picking and choosing what targets to go after next,” he says.
Settlement Considerations
In his speech, Cole also offered much-needed insight to compliance and legal executives as to what factors the Justice Department considers when resolving an enforcement action.
In every case, Cole said the Justice Department's settlement decisions are guided by the agency's “Principles of Federal Prosecution of Business Organizations,” which spells out the determining factors of whether a company will face charges. Those factors include:
The nature and seriousness of the offense;
The pervasiveness of the wrongdoing within the corporation, including the complicity of corporate management;
The corporation's history of similar misconduct, including prior criminal, civil, and regulatory actions against it; and
The adequacy of a corporation's pre-existing compliance program.
“We have found that these factors are often linked,” said Cole. “How widespread the misconduct is, how high in the corporate hierarchy knowledge of it goes, and how effective a corporate compliance program is are often related to each other, and to a corporation's criminal history.”
A common denominator in many of these cases is a failure by senior bank management to foster an ethical corporate culture. “Companies regularly argue during negotiations that they have taken various steps to set the right tone at the highest levels of their institutions—but based on what we have seen, we cannot help but feel that the message is not getting through often enough or clearly enough,” said Cole.
Condemning wrongful conduct as “shameful,” “reprehensible,” or “contrary to our core values” after an announced resolution is “simply too little, too late,” he said.
Tone-in-the-middle is just as important—if not more important—than tone-at-the-top when it comes to reaching a settlement between the company and the Justice Department, said Cole. “We look hard at the messages that bank management and supervisors are actually giving to employees in the context of their day-to-day work,” said Cole. “We look at chats, e-mails, and recorded phone calls—things that are readily available to senior management and compliance professionals.”
“The Justice Department is under significant political pressure to get tough on the banks, and I think they're reacting to that pressure.”
—Jean Veta,
Partner,
Covington & Burling
The Justice Department also tries to determine, in the process of conducting witness interviews, what wider compliance messages management and supervisors have—or have not—conveyed. “We examine the incentives that banks provide their employees to either cross the line, or to exhibit compliant behavior,” said Cole.
“We are concerned that too many bank employees and supervisors value coming as close to the line as possible, or even crossing the line, as being ‘competitive' or ‘aggressive,'” Cole added. “Too many supervisors seem to incentivize excessive risk taking, knowing that risky products can be unloaded down the road, or anticipating that they will have left for another bank by the time such risks are played out, leaving someone else to deal with the consequences.”
More Extensive Investigations
The Justice Department is also calling on banks to conduct more thorough investigations of problems when they arise. When a bank's audit or compliance function uncovers a problem, it must conduct a thorough probe of not only employees who are in the same position or department in which the wrongdoing took place, but also other types of employees in other business units or locations where similar misconduct could occur.
“It will never be enough merely to identify and address a particular problem once it surfaces,” said Cole. Instead, banks need to think more broadly about potential issues within the company, and then redouble efforts to detect and prevent them, he said.
Andrea Mitchell, a partner with law firm BuckleySandler, says that most large banks already are sufficient at conducting effective investigations. “Banks now routinely look at a practice that raises compliance concerns in one business unit and look to see if there is potential for that same practice to be creating exposure in another area of the bank,” she says.
SIZE DOESN'T MATTER
Below is an excerpt from Attorney General James Cole's speech on financial services crime.
When a problem is identified, we expect banks to undertake a thorough search—at every level, across the institution—for misconduct that may have been committed elsewhere, by similarly situated employees or in similar business units. We expect that banks will not look only at employees in the same positions or in the same offices to determine whether they are violating the law—but that, cognizant of the ways in which violations have occurred, they will also look to other places or other types of employees where similar misconduct could take place. Whenever employees in different units, or in different office locations, or involved in different product lines, are engaging in criminal conduct at the same institution, it is well past time for that institution to think more broadly about problems that may span across the organization as a whole. In fact, we have seen this pattern in a number of financial institutions and what this tells us is that even if a specific conduct didn't directly involve senior management, that repetition speaks volumes about the culture senior management has create in the institution. A culture that breeds violations instead of a culture that encourages compliance.
The benefits of having a strong compliance program can go a long way toward mitigating institutional liability. For instance, last year, we announced the guilty plea of a former managing director of Morgan Stanley to a violation of the Foreign Corrupt Practices Act. The managing director admitted that he had conspired to evade Morgan Stanley's internal accounting controls in order to transfer a multi-million dollar ownership interest in a Shanghai building to himself and a Chinese public official. The Department announced that it was declining to bring any enforcement action against Morgan Stanley—in large part because the bank had voluntarily disclosed the misconduct, cooperated throughout the investigation, and had constructed and maintained a system of internal controls that provided reasonable assurances that its employees were not bribing government officials. Our decision not to prosecute Morgan Stanley was founded primarily on the strength of its robust and active compliance program.
But where we do not see such exemplary conduct, we must—and we will—use all of the tools available to us to hold banks answerable for their crimes.
When we see criminal violations in multiple business units or locations, we will hold banks accountable. When we see compliance programs that are not comprehensive, or are not funded, or lack sufficient resources to be effective, we cannot give them credit. When we see repeat players—such as banks that have previously entered into non-prosecution agreements or deferred prosecution agreements with the Department, and yet come under scrutiny again for other violations of law—we will have no choice but to consider all of the possible actions at our disposal. And when we see crimes condoned by management, banks, like all corporations, will face significant consequences.
Of course, we are mindful of the consequences of our actions, and we must act responsibly. Collateral consequences, including harm to innocent employees and to the public, is one of the nine factors we carefully consider in determining what action to take. And in this regard, we work closely with our regulatory partners, both here and abroad, to ensure that we understand the specific, likely consequences for a bank when it is accused of criminal conduct or when it is resolving criminal conduct. And we take steps to minimize those consequences, while holding the individuals and institutions that are responsible to account. But to be clear, the size of a financial institution does not mean that it gets immunity in a criminal case.
Source: Justice Department.
Still, some say banks need to pull off a careful balancing act to remain compliant while also pursuing profitable lines of business. “Financial institutions have to navigate a constantly-evolving and expanding regulatory environment in a safe-and-sound manner while remaining competitive in the market,” says Mitchell. While compliance and business objectives are not inherently conflicting, “it is often—maybe even typically—unclear where the legal lines are, and the enforcement agencies are continually moving them through informal processes without the benefit of changes to applicable laws,” she says.
Add to that the challenge that most companies, including financial institutions, “do not have unlimited resources to devote to compliance, and compliance professionals are really stretched,” Mitchell adds.
Cole similarly acknowledged the difficulty of the job that compliance officers within financial institutions face. “Compliance is seldom thought of as a money-maker for any bank, and it may be challenging to get sufficient resources and authority to do the job well,” he said. Nonetheless, he warned that compliance programs that lack funding or sufficient resources will not be given credit during settlement negotiations.
“The fact that there are institutions that have been identified as having these significant violations of law should not be attributed to the industry as a whole,” says Mitchell. “It would be inaccurate to characterize financial institutions across the board as lacking adequate compliance management systems, or as engaging in significant violations of law as a matter of routine.”
According to financial legal experts, banks rarely cut corners on compliance on purpose. “We work with banks of all sizes throughout the country that are deeply committed to compliance and foster a very strong corporate culture of compliance,” Mitchell adds.
Veta agrees. “Most banks do their utmost to be compliant,” she says. “No compliance program can be one hundred percent perfect.”
Many banks are devoting more resources to risk and compliance functions, which has even caused a hiring crunch for compliance professionals in the financial sector. “Financial institutions are pouring millions of dollars into technology, consultants, attorneys, and compliance professionals,” so that they can “stay ahead of the curve and maintain compliant operations,” says Mitchell.
If a company doesn't take its own compliance program seriously, neither will the Justice Department. “To have an effective compliance program, we expect banks to put in place procedures to detect problems, and proactively utilize those procedures,” said Cole, “without waiting until the government comes knocking at their door with a subpoena.”
No comments yet