SCCE
October 7, 2013
Is Government Credit for
Compliance Programs Real?
Win Swenson,
Compliance Systems Legal Group
www.cslg.com
My Background and Where My NonPublic Info Comes From
 Headed unit at US Sentencing Commission that
developed the Organizational Sentencing Guidelines.
 Member of the 2003-2004 Ad hoc Advisory Group to the
Sentencing Commission.
 Co-chaired Advisory Group under the auspices of the
Ethics Resource Center that studied 20 year impact of
Guidelines.
 In private practice since 1996 – worked with many
companies that had significant compliance “issues”.
My Background and Where My NonPublic Info Comes From
 Been a “monitor” or similar “independent” third party in
several major cases.
 Retained by the US Department of Justice to advise
prosecutors on the C/E program of a company.
 Hired to provide an “independent” viewpoint on a
monitor’s reports.
1
The Policy History
– How Is This Supposed to Work?
Federal Sentencing Guidelines Theory
 Very different kinds of companies can be
convicted.
 Use carrot and stick formula based on “good
corporate citizenship” criteria:





How serious was the offense?
Senior managers involved?
Voluntary disclosure?
Cooperation?
Ethics/Compliance program meeting all elements?
Federal Sentencing Guidelines Theory
 Definition of a creditworthy “effective” E/C
program should reflect “structured flexibility”.
2
Federal Sentencing Guidelines











Risk assessment for compliance/ethics risks
Risk-based standards, procedures and controls
Management role: “Promote” E/C
Board role: Oversight of E/C
CCO and “DTD” personnel with reporting to board
Care in delegating authority
“Practical” communications and training on roles/risks
Internal reporting and advice systems
Auditing, evaluation
Discipline and incentives
Response – investigation, remediation, and disclosure
Federal Sentencing Guidelines – How much
Difference In a Fine Can They Make?
 Two companies, same offense, but one with
mitigating factors (E/C program, cooperation, no
senior personnel) and the other without:
a) 4 to 1
b) 12 to 1
c) 40 to 1
d) 80 to 1
Imagine No Guidelines….
3
Cases Before Guidelines
Sentencing Commission studied sentences in about 2,000
corporate criminal cases spanning about five years.
 In how many did the court consider what the company
did to prevent and detect violations – i.e., whether it had
a good E/C program?
Answer: 0
And Now? Cases Since
 Of 3,433 corporate sentences 1991-2011, in how many
did the company did get credit for its E/C program?
Answer: 5
….and, unofficially, all are believed to be minor cases.
Huh?
“What’s up with that?”
4
It’s a Little Complicated
Ethics Resource Center 2012 Study
THEFEDERALSENTENCING
GUIDELINESFORORGANIZATIONS
ATTWENTYYEARS
A Call to Action for More Effective Promotion
and Recognition of Effective Compliance and
Ethics Programs
See www.ethics.org/topic/federal-policy
Big Companies  Not Generally Indicted –
Instead: DPAs and NPAs Criminal Cases
DPAs and NPAs Entered into By DOJ
Year
# of Agreements
2004
5
2005
20
2006
24
2007
41
2008
25
2009
23
2010
40
2011
32
2012
21 – Through Q2 Only
Source: GAO and Gibson Dunn combined.
5
Good News: DOJ Charging Policy Very
Similar to FSG Factors
The Not So Good News: ERC Study
Found….
 Lots of lip service, but the evidence that Government is
considering C/E programs is “word of mouth”.
 DPAs often require E/C program upgrades, but no
analysis of what company already had.
 Voluntary disclosure matters most.
 Even within the Department of Justice, differing policies
– Environment (yes credit) vs. Antitrust (no credit).
But Things Are Now Rapidly Changing….
6
Today It is Clear That….
 E/C programs do matter in several key ways
 True in DOJ and SEC enforcement cases
 Also other regulatory agencies such as FERC
 The government is looking at them with a new, more
critical lens
Today It is Clear That….
 E/C programs do matter in several key ways
 True in DOJ and SEC enforcement cases
 Also other regulatory agencies such as FERC
 The government is looking at them with a new, more
critical lens
U.S. Department of Justice and SEC
“In addition to
considering whether a
company has selfreported [and]…
cooperated, DOJ and
SEC also consider the
adequacy of a
company’s
compliance program
when deciding what, if
any, action to take."
7
1) A Good C/E Program Can Help Eliminate
Criminal Charges, and Even Avoid a DPA
 C/E programs can – especially coupled with
self-disclosure and strong cooperation – change
the outcome in a criminal case.
 More
on “cooperation” in a moment….
Effect of a Good C/E Program
Universal Corporation – August 3, 2010
 “Universal maintained on its Website an employee
‘hotline’…. It is because of this … initiative that the
improper conduct came to light. The [nonprosecution] disposition partly reflects credit given
for Universal's pre-existing compliance program.”
Noble Corp. – November 4, 2010
 “Noble's pre-existing compliance program and
steps taken by Noble's audit committee to detect
and prevent improper conduct from occurring”
contributed to a non-prosecution decision
Effect of a Good C/E Program
Ralph Lauren – April 22, 2013
 SEC's FCPA Unit Chief: "This NPA shows the benefit
of implementing an effective compliance program.
Ralph Lauren Corporation discovered this problem
after it put in place an enhanced compliance
program …. That level of self-policing along with its
self-reporting and cooperation led to this
resolution."
8
Effect of a Good C/E Program
Morgan Stanley – April 25, 2012
 In press release announcing indictment of a MS
employee, the Government details extensive efforts
by Morgan Stanley to establish a strong FCPA
compliance program in China. The indicted
employee “used a web of deceit to thwart” the
Company’s compliance program.
 Result: Declination.
Reverse Effect of a Poor E/C Program
Biomet – March 26, 2012
 “Biomet’s compliance and internal audit functions
failed to stop the payments to doctors even after
learning about the illegal practices…. A company’s
compliance and internal audit should be the first line
of defense against corruption, not part of the
problem.”
 Result: DPA with DOJ, and SEC order which
included a third-party “consultant”.
2) The E/C Program Can Influence the
Terms of the Settlement
 May 24, 2010, Chief of Fraud Section at DOJ
Criminal Division stated only half of corporate
cases get a monitor and “if you have …an
excellent compliance program, then it will be
less likely that we will install a compliance
monitor.”
9
Effect of a Good E/C Program on Likelihood
of Monitor
Johnson and Johnson – April 8, 2011
 “Due to J&J’s pre-existing compliance and ethics
programs, extensive remediation … as well as the
enhanced compliance undertakings included in the
agreement, J&J was not required to retain a
corporate monitor, but it must report to the
department on … its …enhanced compliance efforts
every six months.”
3) The Experience the Company Has
with the Monitor If It Gets One
 In one case, monitor found that the program had
not permeated the corporate culture and saw
his role as forcing the change – a nightmare for
senior management.
 In other cases I am familiar with, the E/C
program is solid, with broad buy-in, and the
experience becomes a positive one, where the
monitor confirms the company’s good work.
Outside of FCPA, Cases Are All Over the
Map But Still Yield Clues
So, what might
the government
be looking for in
your C/E
program?
10
Is it Real?
The most important trend is:
 The government is showing signs of
looking “behind the curtain” to see how
the E/C program is actually functioning.
US Attorney Preet Bharara (SDNY)
“There are lots of situations in which compliance
programs are simply lip service and they are on paper and
nobody actually cares … and they are just to be used in a
conference room with prosecutors when you say ‘Don’t
indict us because we have this thick compliance
program.’”
“In all these frauds… you have the bad guys that are doing
them, but you also have the good guys who didn’t say
anything… because there is not a climate where people
think they can elevate things, and its all lip service and …
all these frauds … would have been avoided … if good
people… did something about it. That’s the big lesson you
learn after doing this job after four years.”

At CNBC “Delivering Alpha” conference, July 2013 (a few days
before indictment of SAC Capital).
USA Preet Bharara Announcing
Indictment of SAC Capital
“Today’s indictment, though, is not just a narrative of
names and numbers. It is, more broadly, an account of a
firm with zero tolerance for low returns but seemingly
tremendous tolerance for questionable conduct.
“And so, S.A.C. became, over time, a veritable magnet
for market cheaters. The S.A.C. Companies operated a
compliance system that appeared to talk the talk, but
almost never walked the walk.”
11
James B. Stewart, New York Times on
SAC Capital July 27, 2013
 “Whether the elaborate compliance
system at SAC Capital was little more
than a Potemkin Village will be at the
center of both the SEC’s civil
enforcement [case against the CEO] and
this week’s criminal indictment against
the firm.”
Delegating Authority to Ethically
Challenged Personnel:

SAC said it took care not to hire employees with
compliance issues, but one of its hires is at the center
of the criminal insider trading case and had been fired
from another company for just that – which SAC knew.
(The Legal Department objected and was overruled.)

Beyond that, “the government sited multiple examples
of SAC employees who were hired precisely because of
their purported ‘contacts’…. The government said SAC
rarely, if ever, showed any interest in ethics, integrity or
compliance in vetting candidates.”
 James Stewart, NY Times July 27, 2013
Communications, Discipline and
Disclosure:
 After an earlier case of insider trading at SAC,
“This could have been an important teaching
moment for [the CEO] to drive home to the rest of
his employees that SAC had zero tolerance for
unethical… trading.”
 “Instead, ‘the consequences were limited,’ the
government said. The employees ‘were allowed
to keep their jobs’ and SAC failed to report the
insider trading to …law enforcement.’”
 James Stewart, NY Times July 27, 2013
12
Tone at the Top:
 The CEO “didn’t bother to attend” all the
training.
 The CEO “doesn’t seem to have taken [the
firm’s compliance manual] all that seriously,
admitted under oath that he didn’t
“remember exactly what it said” but thought
insider trading laws were “vague”.

James Stewart, NY Times July 27, 2013
Unprofessional Internal Investigations:
 “‘Internal investigations by the SAC
compliance department were generally
weak, with an emphasis on confirming’
that suspicious communications were
innocent, the government asserted”.
 James Stewart, NY Times July 27, 2013
Credit for “Cooperation” = Solid
Internal Investigation
 Many federal settlements credit the
company’s “extensive cooperation.”
 What they mean by this is, a thorough,
professional investigation, with the
results shared with the Government.
13
Other Takeaways from the Cases
Involvement of Mid-Level Managers
 DOJ is calculating the application of the Federal
Sentencing Guidelines in determining fine
amounts.
 Several cases show a bump up because of
involvement of “substantial authority
personnel”.
Role of CECO
 In Healthcare, clear bias that CECO not report to
General Counsel.
 Outside of Healthcare, the cases do not show
this bias. Compare Pfizer healthcare settlement
with its FCPA DPA. DOJ and SEC officials say
they won’t dictate structure.
 But, evidence of a weak E/C function hurts, and
evidence of a strong, independent function
helps.
14
Be Prepared
 How would you “prove” your program?
 Why do you think it is “best practice” and how do you
show that?
 How do you prove your company has tried diligently
to make it “effective”?
What Prosecutors Think
Trust Us
15
Trust Us
US Attorney Preet Bharara (SDNY)
“There are lots of situations in which compliance
programs are simply lip service and they are on
paper and nobody actually cares … and they are
just to be used in a conference room with
prosecutors when you say ‘Don’t indict us
because we have this thick compliance program.’”
 July 2013 (a few days before indictment of SAC Capital).
Trust But Verify
 Consider using third-party evaluation/review.
 Companies with compliance issues today are
finding that a past review done by a credible
third party is highly useful.
 Don’t rely on fluffy awards.
 Avoid newly minted “compliance experts” who
just left the government and have never done
this work before.
16
Q&A?
Thank you!
wswenson@cslg.com
Compliance Systems Legal Group
www.cslg.com
17