Compliance Programs – Page 42 – Compliance Building

Second Circuit Affirms Ionia Management Case

The Second Circuit Court of Appeals focused on the standard for convicting a company of criminal charges for acts of its managers and employees in US v. Ionia.

The Second Circuit declined to change the standards for corporate criminal liability and keeps Respondeat Superior in place.

The court found there was ample evidence that the crew acted within the scope of their employment and acted within in their authority in committing the bad acts. There was also evidence that the company benefited from these bad acts.

Unfortunately, the court chose not to take into account whether the company had effective policies and procedures to deter and detect criminal actions.

“Adding such an element is contrary to the precedent of our Circuit on this issue. See Twentieth Century Fox Film Corp., 882 F. 2d at 660 (holding that a compliance program, “however extensive, does not immunize the corporation from liability when its employees, acting within the scope of their authority, fail to comply with the law”). And this remains so regardless of asserted new Supreme Court cases in other areas of the law. As the District Court instructed the jury here, a corporate compliance program may be relevant to whether an employee was acting in the scope of his employment, but it is not a separate element.”

There was some hope that the court would alter the doctrine of respondeat superior and include a good faith defense or limit the doctrine to higher level employees. A company can be brought down by lower level employees violating company policies.

See also:

Naked Corporate Defendants on The FCPA Blog
Press Release on Trial and Conviction
Re-evaluating Corporate Criminal Liability on the White Collar Crime Blog

President’s Working Group on Financial Markets Reports

Asset Managers’ Committee and the Investors’ Committee of the President’s Working Group on Financial Markets Reports have released their best practices reports for hedge fund managers and investors, respectively: Asset Managers’ Committee Report (.pdf) and the Investors’ Committee Report (.pdf).

In the Asset Manager’s Committee Report:

A Manager should establish a comprehensive and integrated compliance and business practices framework that is supported by adequate resources. The goal of the framework is to provide guidance to the Manager and its personnel in respect of ethical, regulatory compliance and conflict of interest situations. Critical to the success of the framework is a strong culture of compliance.

Risk-Based Compliance

Certain customers, vendors, and intermediaries represent a higher compliance risk than others. Risk indicators include geography, relationships to government officials, business type, method of payment, and dollar volume.

In places where risks are very low, compliance burdens can be reduced. Where risks are not low, compliance is heightened . When there are more red flags, the proper response is more compliance.

The key to a risk-based approach is tracking and sorting the critical elements. Apply enhanced due diligence and heighten ongoing monitoring of high-risk parties proportionate to their risk profiles.

SEC Internet Enforcement

In the December Issue of Compliance Week, Bruce Carton tells some of the history of the SEC’s enforcement history. One of the first internet efforts was an email address for the public to send tips. Back in 1996 there were about 20 complaints a day. Now there as many as 10,000 a day.

With all the complaining about the SEC, it is important to note that the SEC cannot uncover every violation or financial scam out there. How do you deal with 10,000 emails a day? Clearly the SEC missed some things in its Madoff investigations. Maybe they were a little soft on him given his reputation. Given that he convinced so many smart, rich people money, I assume he his very persuasive.

You have an under-manned agency looking at a charming man with a great reputation. There are lots of other bad guys out there. You move on and look for more problems.

Lessons from Rome

Mary Bennett of the Ethical Leadership Group wrote three lessons we can learn from the ancient Roman army:

First, there is the timeless importance of culture. People in a society or organization will behave according to the most widely accepted common denominator, modeled by those at the top. We must train and communicate with our leaders so they get this. So that they can communicate and stress the importance of this culture on the organization

Second, we must realize that human behavior is motivated by both the carrot and stick. Roman soldiers got paid if they followed the rules; they got executed if they did not. A simple and effective approach. We may not be able to adopt this exact approach in our ethics and compliance efforts. But must be sure to reward good behavior as well as discipline bad behavior. Do both consistently.

Third, good controls are a must. The Roman army minimized its risks through clear rules, repeated training, and swift reinforcement with the carrot and stick. What worked in Rome can work in your organization through your ethics and compliance efforts.

GRC Predictions for 2009

Sumner Blount of CA has published his GRC Predictions for 2009.

Risk will continue to grow in importance.
Risk and compliance initiatives will continue to be consolidated.
A shift in how risk is perceived and categorized.
Continued regulatory requirements.

SEC Inspector General Testifies In Congress

SEC Inspector General H. David Kotz In the first Congressional hearing since the Madoff scandal broke in December, Mr. Kotz said his agency’s handling of the Madoff case may be a symptom of more widespread problems with how the agency handles its examinations and investigations.

Kotz testified on the subject of “Assessing the Madoff Ponzi Scheme.”

Frankly it sounds like the SEC will spend as much time and energy investigating themselves on the Madoff matter as they will actually investigating the Madoff matter itself.

See also:

Coverage in the Wall Street Journal: Madoff Case Symptom of Widespread Problems, SEC’s Kotz Says
Transcript of Testimony of H. David Kotz Inspector General of the SEC before the House Committee on Financial Services
The Conglomerate: Madoff and SEC Reform

You Need An Impartial Chief Compliance Officer

As Merritt Maxim of CA points out, Madoff Scheme Highlights Need for Impartial CCO, one of the biggest red flags in the Madoff scandal was that was the disclosure that Madoff’s brother Peter served as the firm’s Chief Compliance Officer.

“While having any sibling or family member serve as a CCO should not be an immediate cause for concern, the results of the Madoff scheme indicate that the only CCO who could have enabled the Madoff scam to persist was someone who was either:

A) Related to Bernard Madoff
B) Complicit in the fraud
C) Did not adequately fulfill their responsibilities as a CCO or
D) All of the Above.”

Corporate In-House Counsel in the Age of Internal Compliance

You can listen to a webinar from the Georgetown Journal of Legal Ethics Fall Symposium – Corporate Compliance: The Role of Company Counsel from October, 2007.

Panel III – Corporate In-House Counsel in the Age of Internal Compliance

Mitt Regan, Professor, Georgetown Law
Tanina Rostain, Professor of Law, New York Law School
Kathleen Barlow, Vice President, Marsh USA
Ann Straw, Vice President & Chief Compliance Officer, Laidlaw International
Scott Killingsworth, Partner, Powell Goldstein

Professor Rostain started off with a summary of her paper: General Counsel in the Age of Compliance – A Research Agenda (.pdf).

She cites two reasons for compliance regimes. One is the diffusion of compliance throughout the organization. The goal is to centralize the management of those functions. The second is the multi-disciplinary approach to compliance. You need different types of knowledge and expertise. In-house counsel needs to relinquish some of the control to group managers.

Are in-house counsel managers first? or are they lawyers first? Which is the better model? Do they exert more influence when they take the role of manager or the role of lawyer? Professor Rostain cited some previous studies on these topics. If they focused on legal risk, they had less influence over corporate decision making. Lawyers limited to explaining the risk and deferring the risk decision to the managers had less influence in the the corporation. One survey responder equated managers as playing offense and counsel playing defense.

Professor Rostain stated an example of counsel making clear what her personal opinion was and what her professional opinion is.

Killingsworth pointed out the dark side of the new powers of general counsel. After SOX, new reporting obligations were forced on general counsel. One problem is that the general counsel may be investigating a potential violation and have a duty to report it at the same time, making it difficult to do both well. Counsel are also worried about the increased risk of criminal action against in-house counsel. You only talk to regulatory people about your compliance program when it has failed. You need to penetrate down to everyone that can get you in trouble and everyone that can keep you out of trouble. Is important to mpve from abstract compliance terms into the mechanics of the business processes.

Straw states that “knowledge of the business” is the most important part of creating an effective compliance program. The face of compliance needs to be visible and accessible. A code of conduct sitting on the bookshelf is not effective.

Barlow focused on risk. She talked about ERM, the process and how it fits into compliance.

The Roles and Responsibilities of the General Counsel in the Organization’s Ethical Culture

The Markkula Center for Applied Ethics at Santa Clara University hosted a panel discussion on The Roles and Responsibilities of the General Counsel in the Organization’s Ethical Culture. The panel consisted of:

Tom McCoy, executive vice president, legal affairs, and chief administrative officer, Advanced Micro Devices, moderator
Craig Nordlund, senior vice president, general counsel and secretary, Agilent Technologies
Martin Collins, senior vice president and general counsel, Novellus
Fred Gonzalez, vice president, general counsel, and secretary, SonicWall

You can also listen to an audio recording of the panel discussion. (MP3)

Craig offers up the Winona Ryder paradigm as the reason Enron happened:

“Why did she do it? Well, first of all, she figured she wouldn’t get caught. And secondly, if she did get caught, she figured because she was famous, she would get off scot-free. And so he said in the environment in which Enron was operating, Ken Lay and his executive team had that same sort of sense, that they probably wouldn’t get caught, but if they did, nobody was punishing white collar crime of that magnitude, and so they’d get off and they could move on successfully to another job.”

Craig sees the role of the general counsel shifting from one acting as an advocate to one acting as a policeman. The Chief Compliance Officer, the General Counsel and the Audit Committee are holding the company accountable as a whole.

Martin likes to look at general counsel as a “consigliere,” someone that is turned to for their advice and their judgment. If you are just repeating the law as it’s written down by outside counsel, you are not doing your job. General counsel needs to focused on preventing problems from arising in the first place.

Fred believes that general counsel needs to “avoid underestimating the risk of suppressing facts solely to preserve internal solidarity.”

Is it unethical if you do not get caught? Of course it is still wrong.

Is ethics a function of the general counsel. One response is that it is not a function at all. It is a set of values and a vision.