POLICIES, PROCEDURES AND COMPLIANCE PROGRAMS FOR ...

55
THINKING LIKE AN EXAMINER: POLICIES, PROCEDURES AND COMPLIANCE PROGRAMS FOR BANKS AND BANKERS Jeffrey A. Tisdale Managing Partner Tisdale & Nicholson, LLP 2029 Century Park East, Suite 1040 Los Angeles, CA 90067 Tel: (310) 286 - 1260 E - Mail: Jtisdale@T - NLaw.com

Transcript of POLICIES, PROCEDURES AND COMPLIANCE PROGRAMS FOR ...

THINKING LIKE AN EXAMINER:

POLICIES, PROCEDURES AND COMPLIANCE

PROGRAMS FOR BANKS AND BANKERS

Jeffrey A. TisdaleManaging Partner

Tisdale & Nicholson, LLP2029 Century Park East, Suite 1040

Los Angeles, CA 90067

Tel: (310) 286-1260

E-Mail: [email protected]

INTRODUCTION

1. INTRODUCTION

1. While it is not news that Directors and Officers will be held accountable by state and

federal laws and bank regulatory agencies for guiding and operating their financial institution in a

"safe and sound" manner, with the “Great Recession” and new Trump administration appointees,

the approach keeps changing:

What are the limits if any on the definition and application of "safe and sound" conditions and

practices and who decides what fits the definitions;

2

INTRODUCTION

1.1.1 The term "unsafe and unsound practices" is not defined in any statute, but the following suggested explanation offered by the Chairman of the FHLBB at the time the Financial Institutions Supervisory Act of 1966 (FISA) was under consideration, has been often cited with approval by the courts:

“Generally speaking, an ‘unsafe or unsound practice’ embraces any action, or lack of action, which is contrary to generally accepted standards of prudent operation, the possible consequences of which, if continued, would be abnormal risk of loss or damage to an institution, its shareholders, or the agencies administering the insurance funds.”

1.2. How do you document the identification of safe and sound conditions and practices and implement them for your institutions;

1.3. How do examiners approach such questions and make determinations of adequacy or inadequacy of practices; responding to examiners and reports of examination;

3

UNDERSTANDING BANK EXAMINATIONS

2. UNDERSTANDING BANK EXAMINATIONS

2.1 Why are there “Safety and Soundness” Exams and What are They?

2.1.1 Two main goals are to ensure public confidence in the banking system and to assess

compliance with laws and regulations.

2.1.2 Rationale:

2.1.2.1. Maintain public confidence in the integrity of the system needed because

customer deposits are primary funding source without which banks would not

be able to provide financial services.

4

UNDERSTANDING BANK EXAMINATIONS

2.1.2.2. Bank examinations play a vital role in protecting the integrity of the Deposit

Insurance Fund. Examinations help identify problem situations and help prevent

identified problems from deteriorating to the point where depositor payoffs or

financial assistance by the FDIC become unavoidable.

2.1.2.3. The stability of a bank or the existence of weak risk management practices are

revealed through exams of capital, assets, management, earnings, liquidity,

and sensitivity to market risk (“CAMELS”).

2.1.2.4. Evaluating a bank's adherence to laws and regulations is believed to be best

accomplished through periodic onsite examinations.

5

UNDERSTANDING BANK EXAMINATIONS

2.2 Safety and Soundness Examinations: What is UFIRS?

2.2.1. The Uniform Financial Institutions Rating System (UFIRS) was adopted by the Federal

Financial Institutions Examination Council (FFIEC) on November 13, 1979, and updated in

December 1996. Over the years, the UFIRS has been a primary supervisory tool for evaluating

financial institutions on a uniform basis and for identifying institutions requiring special attention.

2.2.2. The UFIRS takes into consideration certain financial, managerial, and compliance factors

that are common to all institutions. Under this system, the supervisory agencies endeavor to ensure

all financial institutions are evaluated in a comprehensive and uniform manner.

6

UNDERSTANDING BANK EXAMINATIONS

2.2.3. Under the UFIRS, each financial institution is assigned a composite rating based on an

evaluation of six financial and operational components (CAMELS), which are also rated.

2.2.4. Management's ability to respond to changing circumstances and address risks that result

from new business conditions, activities, or products, is an important factor in determining an

institution's risk profile and the level of supervisory concern. For this reason, the management

component is given special attention when assigning a composite rating.

7

UNDERSTANDING BANK EXAMINATIONS

Disclosure of Ratings

Bank regulators believe it is appropriate to disclose the UFIRS component and composite ratings to bank management.

2.3 The Process of Examining

Discussions with Management

The examiner-in-charge (EIC) discusses the recommended component and composite ratings with senior management and, when appropriate, the board of directors, near the conclusion of the examination. EIC ratings are subject to review and final approval by the regional personnel or designee.

Component and composite ratings are not based on a numerical average but rather a qualitative evaluation of an institution's overall managerial, operational, and financial performance.

8

UNDERSTANDING BANK EXAMINATIONS

The management component rating: sensitive but important:

The quality of management often single most important element in the successful operation of an

insured institution.

Most indicative of how well risk is identified and controlled.

All examination findings, including the composite and component ratings whether disclosed verbally

or in the written report of examination (“ROE”), are subject to the confidentiality Rules and

Regulations.

9

UNDERSTANDING BANK EXAMINATIONS

Examination Letters

For “troubled institutions” status (a CAMELS composite 3 rating or worse) communicated to bank management between the close of an examination and the issuance of an enforcement action.In higher risk situations, immediate corrective measures, including the issuance of a temporary order

requiring an institution to cease and desist, may be appropriate.

EXAMINATION TYPES

Risk-Focused Supervision

Evaluate the safety and soundness of a bank.

Examiner focuses resources on assessing management's ability to identify and control risks. Internal and external audits, loan reviews, and other control activities are integral considerations in an assessment of a bank's risk profile.

10

UNDERSTANDING BANK EXAMINATIONS

Full-Scope Examinations

Defined as the procedures necessary to evaluate all CAMELS components.

In a full-scope examination, all examination activities are considered: Risk Management, IT,

BSA/Anti-Money Laundering (AML)/ Office of Foreign Assets Control, Trust, Registered Transfer Agent,

Municipal Securities Dealer, and Government Securities Dealer examination programs. Examination

ratings (when assigned) and summary comments should be included in the risk management ROE.

Compliance and Community Reinvestment Act examination activities are included in the overall

supervision program with separate reports and examination cycles.

11

UNDERSTANDING BANK EXAMINATIONS

Limited-Scope Examinations and Visitations

The terms limited-scope examination and visitation are interchangeable: any review that does

not meet the minimum requirements of a full-scope examination to assess changes in an

institution's risk profile or to monitor compliance with corrective programs.

Results are generally conveyed in a memorandum from the EIC to the regional authority and

sent to the institution.

Institutions Subject to Corrective Actions

Limited-scope reviews are scheduled within six months after an enforcement action is issued to

evaluate an institution's progress in implementing the corrective program.

12

UNDERSTANDING BANK EXAMINATIONS

Newly Chartered Insured Institutions

For bank regulators, adverse economic conditions and other factors often affect newly chartered

institutions more than established institutions, and the failure rates of de novo institutions exceed

those of established institutions. Therefore, unseasoned institutions pose a material risk to the Deposit

Insurance Fund (DIF) and warrant close regulatory oversight.

13

UNDERSTANDING BANK EXAMINATIONS

Monitoring Activities

During the three-year de novo period, examiners emphasize the need for management to seek prior

approval for any proposed material change(s) from the approved business plans. Examiners assist in

monitoring activities by:

Conducting general visitation and examination procedures,

Assessing institutions' overall risk profiles and management capabilities,

Reviewing institutions' conformity with business plans,

Documenting their findings in reports of examination.

14

UNDERSTANDING BANK EXAMINATIONS

Changes in Business Plans

What is a major deviation or material change in a business plan? Shifts in asset or liability mix;

variances in loan, deposit, or total asset volumes from original projections; or the introduction or

deletion of a specific business strategy (such as the initiation of subprime lending or the gathering of

brokered deposits).

State nonmember banks requesting deposit insurance must agree to obtain the prior approval

of the FDIC for any material change to their business plan. Such changes may be evidenced

by significant (+/- 25 percent) deviation in asset growth projections; changes in the

asset/liability mix or products and services offered; or the introduction of new business strategies

such as an unplanned establishment of loan production offices or use of third parties to broker,

underwrite, or originate credit on behalf of the institution.

15

UNDERSTANDING BANK EXAMINATIONS

Change of Ownership Control

Full-scope examinations are conducted within twelve months after a change of control. Thereafter,

standard examination intervals apply.

SCHEDULING EXAMS

Periodic on-site are an integral part of the examination program. Investigations, phone calls, emails,

limited-scope examinations, correspondence, and other forms of customized contact are made as

necessary. The purpose is to identify and obtain corrections in an institution's policies and procedures

before serious financial problems develop.

16

UNDERSTANDING BANK EXAMINATIONS

Anticipatory Supervision

To effectively prevent or mitigate serious problems in an institution, such problems or conditions that

are likely to cause problems must be identified and corrected early.

To avoid deterioration in the institution's condition, financial losses, or institution failures, corrective

action should be taken as soon as possible.

To address minor issues identified during an examination, examiners may present suggestions to

management during discussions.

For more significant problems, examiners discuss the deficiencies with management.

17

UNDERSTANDING BANK EXAMINATIONS

Scheduling Considerations

The following lists include sources of information that may influence examination schedules or

activities

Offsite Analysis and Monitoring

Statistical CAMELS Off-Site Rating System

Comprehensive Analytical Reports

Interim Financial Reports

Growth Monitoring System

UBPR Analysis

Press Releases

18

UNDERSTANDING BANK EXAMINATIONS

Other Financial Indicators

Unusually high or fluctuating profit levels

Significant operating losses

Significant provision expenses to the allowance for loan and lease losses (ALLL)

Significant levels of delinquent loans

Significant changes in balance sheet composition

Unusually elevated or rapidly growing asset concentrations

High reliance on brokered funds

Excessive trading

Excessive dividends

Unusually high or low ratios or numbers

19

UNDERSTANDING BANK EXAMINATIONS

Applications or Other Bank-Provided Data

Merger activity

Large defalcation

Change of control

Adverse audit report findings

Newly insured institution

Change in external auditor

New subsidiaries or business lines

20

UNDERSTANDING BANK EXAMINATIONS

Cancellation of blanket bond insurance

Exercise of a new power or profit center

Acquiring party in an FDIC-assisted transactions

Large paydown/payoff of previously classified loans

Affiliation with a problem institution/holding company

21

UNDERSTANDING BANK EXAMINATIONS

Known Characteristics

Unusually high or low salaries

Compensation linked to financial-performance metrics

Significant litigation

Infighting among officers or directors

Officers or directors with past due loans

Dominating or self-serving management

Operating at the margin of laws and regulations

Inexperienced or questionable management

Substantial outside business interests of a key officer

22

UNDERSTANDING BANK EXAMINATIONS

Conducting business with questionable firms

Lack of diversity in business lines

Higher-risk business strategies

Refinancing poor quality loans

Advertising above-market interest rates

Large blocks of bank stock pledged as collateral-holder can exert control

Numerous or unusual affiliated loan participations

Improper handling of correspondent bank accounts

Sacrificing price or quality to increase loan volumes

Hiring of a dismissed, unethical, or marginal officer

23

UNDERSTANDING BANK EXAMINATIONS

Other Bank Regulators

Improper handling of correspondent bank accounts

Increased or unusual loan participations among affiliated or closely-held institutions

Large blocks of stock pledged as collateral

Affiliation with an institution or holding company rated 3, 4, or 5

Large defalcation

Banker with past due loans at another institution

Loans classified at other institutions

24

UNDERSTANDING BANK EXAMINATIONS

Media

New chief executive officer or chief lending officer

Adverse publicity

Annual or interim period losses

Adverse economic event in a community

Natural disaster such as a flood, fire, or earthquake

Large defalcation

Large financial commitment as sponsor or lead bank in a major project or development

Banker death or disappearance

Announcement of major new activity or department

25

UNDERSTANDING BANK EXAMINATIONS

Rumors/Observations/Other

Change in external auditor

High or sudden employee turnover

Significant litigation against the institution or insiders

Unusual activity in stock of the institution (price movement up or down, or heavy trading volume)

Institution advertising above-market rates

Significant change in asset/liability compositions

Questionable loans being booked

Relationships with borrowers of questionable character

Confidential or anonymous tips

26

UNDERSTANDING BANK EXAMINATIONS

PRE-EXAMINATION ACTIVITIES

Examinations reflect a coordinated effort between risk management and specialty examiners to

assess an institution's overall risk profile. For example, Risk Management, Information Technology,

Bank Secrecy Act, and Trust examinations.

Reviewing External Audit Workpapers

27

UNDERSTANDING BANK EXAMINATIONS

MEETINGS WITH BANK PERSONNEL:

The Board of Directors

During the pre-examination process, or on the first day of the examination, board members should

be encouraged to attend any or all meetings conducted during an examination. Attendance is

voluntary and that a lack of participation not viewed negatively.

Management

First Day Introductions, request, additional information, discuss other general examination

requirements.

28

UNDERSTANDING BANK EXAMINATIONS

Follow-up on Prior Examination Issues

Strategic Planning and Budget The EIC and management should discuss asset and/or capital

growth plans, new business or business products, and other strategic and budget issues during the

course of the examination.

Loan Discussion Management should participate in loan discussions and the initial review of

adverse classifications, as appropriate, considering the size and condition of the institution and loan

portfolio.

Material Preliminary Findings Normally, the EIC should notify senior management of major findings

and possible recommendations before the final management meeting.

Management Meeting All major examination issues to be discussed with senior management as

soon as practical during an examination.

29

UNDERSTANDING BANK EXAMINATIONS

Meetings with Directors

The following policies have been established for meetings with boards of directors. These policies are

designed to encourage director involvement in, and enhance director awareness of supervisory

efforts and to increase the effectiveness of such efforts. The bank's composite rating is the most

important variable in deciding if and when these meetings should be held.

Banks Assigned a Composite Rating of 3, 4 or 5

The EIC and the regional designee meet with the board of directors

30

UNDERSTANDING BANK EXAMINATIONS

Banks Assigned a Composite Rating of 1 or 2

The EIC will meet with the board or a board committee during or subsequent to the examination

when 36 months or more have elapsed since the last such meeting; the management component

of the CAMELS rating is 3, 4 or 5; any other CAMELS performance rating is 4 or 5; or any two

performance ratings are 3, 4 or 5.

Other Considerations

To encourage awareness and participation, examiners should inform bank management that the

examination report (or copies thereof) should be made available to each director for thorough and

timely review, and that a signature page is included in the examination report to be signed by each

director after review of the report.

31

UNDERSTANDING BANK EXAMINATIONS

Summary

Risk management examiners must have a general knowledge of the key principles, policies, and

practices relating to IT, BSA, consumer protection, trust, and other specialty examinations.

Additionally, examiners should be knowledgeable of state laws and regulations that apply to the

banks they examine; the rules, regulations, statements of policy and various banking-related statutes

contained in the FDIC Rules and Regulations; and the instructions for completing Consolidated

Reports of Condition and Income.

32

UNDERSTANDING BANK EXAMINATIONS

DISCLOSING REPORTS OF EXAMINATION

The report of examination (”ROE”)is highly confidential. Although a copy is provided to a bank, that

copy remains the property of the bank regulator. Without the bank regulator's prior authorization,

directors, officers, employees, and agents of a bank are not permitted to disclose the contents of a

report. Under specified circumstances, regulations permit disclosures by a bank to its parent holding

company or majority shareholder.

Standard regulations do not prohibit employees or agents of a bank accountants and attorneys

from reviewing the ROE.

33

WHAT ARE POLICIES AND PROCEDURES?

3. WHAT ARE POLICIES AND PROCEDURES?

These are written guidelines that address specific areas of risk for the company. Whereas a code

of conduct sets forth the company's ethical tone, policies and procedures are tailored to the

everyday risks and concerns that confront employees.

Are policies and procedures all that are needed?

34

THE CASE FOR AN INTEGRATED

COMLIANCE PROGRAM

4. THE CASE FOR AN INTEGRATED COMPLIANCE PROGRAM

4.1 There is a great deal of confusion about the relative roles of various Compliance Programs. Part of the

confusion arises because many companies have not treated their corporate, safety & soundness,

and compliance policies and procedures in the integrated way.

4.2 In today's high-scrutiny world, companies should be focusing on an overall Compliance Program

tailored to fit the unique needs of the company that result from its size, complexity, regulatory

requirements, culture, and risk profile.

35

WHAT SHOULD AN INTEGRATED

COMPLIANCE PROGRAM LOOK LIKE?

5. WHAT SHOULD AN INTEGRATED COMPLIANCE PROGRAM LOOK LIKE?

5.1 Designing an Integrated Compliance Program

Compliance Programs: Generally consist of a Code of Conduct, policies and procedures, a

compliance officer and compliance committee, training and education for employees, reporting

mechanisms for complaints, and auditing and monitoring.

The goal is to reduce or eliminate the number of places bad practices or wrongdoing can hide and

to prevent and detect potential violations of law and policy.

36

WHAT SHOULD AN INTEGRATED

COMPLIANCE PROGRAM LOOK LIKE?

These programs often cover topics as diverse as policies on confidentiality, employment issues,

investments, insider trading, and so on. Accordingly, - the mere process of developing a

comprehensive, thoughtful Compliance Program can help management identify weaknesses in the

organization and areas for needed improvement. The business advantages resulting from this

process are compelling and the resulting legal protections can be even more so. Some say that too

much focus on risks and compliance will inhibit good growth and focus the company inwardly. The

counter argument is that no one wants to be the next company rocked by a bank secrecy act or

mismanagement scandal and that managing risk can enhance future growth by reducing costs

and instilling an enterprise-wide value system that encourages ethical behavior, not just risk-averse

behavior.

37

WHAT SHOULD AN INTEGRATED

COMPLIANCE PROGRAM LOOK LIKE?

5.2 Compliance Programs Today

Being out of compliance with applicable laws and policies means that a company is running the

risk of damage to its business model, reputation and financial condition from its failure to comply

with laws and regulations, internal standards and policies, and expectations of key stakeholders

such as customers, employees and society as a whole.

That risk is the focus of a Compliance Program.

38

HOW SHOULD YOU GO ABOUT DEVELOPING

A COMPLIANCE PROGRAM?

6. HOW SHOULD YOU GO ABOUT DEVELOPING A COMPLIANCE PROGRAM?

6.1 Make it Company-Specific

6.2 Make it comprehensive.

Bank examiners look for an overall treatment of compliance that intends to cause the institution to

avoid legal violations and unsafe and unsound conditions.

39

ONCE YOU HAVE AGREED ON THE CONTENTS OF A

COMPLIANCE PROGRAM, WHAT THEN?

7. ONCE YOU HAVE AGREED ON THE CONTENTS OF A COMPLIANCE PROGRAM, WHAT THEN?

The key to an effective overall Compliance Program is the process by which the company implements

and enforces it. The Compliance Program must be more than words on paper — it must be

communicated effectively and consistently from the top of the organization on down, and regularly

evaluated and tested.

7.1 Put It in Writing

7.2 Communicate the Policies

7.3 Enforce Policies Consistently

7.4 Verify Adherence to the Policies

40

MANAGEMENT’S CENTRAL ROLE

8. MANAGEMENT'S CENTRAL ROLE

8.1 Management Generally

This process requires input from a variety of disciplines including litigation, labor and human resources,

securities law experts, and others.

8.2 What are the Responsibilities of the Compliance Officer?

The compliance officer is the individual charged with the administration of every facet of the

Compliance Program. The compliance officer keeps abreast of any industry or regulatory

developments and ensures that the company and its employees are informed of these

developments.

41

BOARD OF DIRECTORS ROLE

9. BOARD OF DIRECTORS ROLE

In light of their overall responsibilities for policies and procedures, directors should take

reasonable steps to satisfy themselves that they and management have taken steps to

ensure that the company regularly reevaluates its Compliance Program in light of recent

events and regulatory pronouncements.

42

AUDIT COMMITTEE ROLE

10. AUDIT COMMITTEE ROLE

10.1. General Oversight and Monitoring. Audit committees play a central role in connection with

the oversight and monitoring of a company's Compliance Program and a direct role in establishing

the complaint and whistleblower provisions described below.

10.2. Procedures. When the audit committee has established complaint procedures, it is not

required to actually investigate complaints or administer the procedures itself.

10.3. Waivers — Including Failure to Act. Under the Securities Exchange Rules, waivers of a

Compliance Program (which can include a failure to invoke disciplinary measures in connection

with wrongdoing) and amendments to the Code of Conduct portion of the Compliance Program

must be reported in various ways.

43

WHAT KIND OF TRAINING SHOULD A

COMPLIANCE PROGRAM REQUIRE?

11. WHAT KIND OF TRAINING SHOULD A COMPLIANCE PROGRAM REQUIRE?

The compliance officer should organize comprehensive compliance training for new employees

and annual compliance training for current employees. It is very important to document the

attendance by employees and their receipt of any compliance materials.

44

SHOULD WE USE AN OUTSIDE CONSULTANT TO

HELP US DEVELOP A COMPLIANCE PROGRAM?

12. SHOULD WE USE AN OUTSIDE CONSULTANT TO HELP US DEVELOP A COMPLIANCE PROGRAM?

In light of the expanding complexity associated with Compliance Programs generally and the

administration of certain items in particular (such as the ethics hotlines), it is becoming increasingly

common for companies to use outside consultants to develop their Compliance Program.

The use of an outside consultant adds a level of credibility to the process that may make it easier for

senior management and the board of directors to achieve full buy-in.

45

WHY SHOULD MY COMPANY HAVE AN INTEGRATED COMPLIANCE

PROGRAM? WE ALREADY HAVE LOTS OF POLICIES AND PROCEDURES!

13. WHY SHOULD MY COMPANY HAVE AN INTEGRATED COMPLIANCE PROGRAM? WE ALREADY HAVE LOTS

OF POLICIES AND PROCEDURES!

13.1 Even if your company already has a multitude of policies and procedures and tries to abide

by all applicable laws, the current regulatory climate strongly encourages the implementation of an

integrated Compliance Program.

13.2 Recently, Congressional, regulatory and public pressure have resulted in successive high profile

investigations, prosecutions and fines of financial institutions involved in alleged violations of the Bank

Secrecy Act, OFAC and manipulating interest rate calculations of LIBOR . If they act illegally, businesses

also face inevitable litigation from consumers, shareholders and other litigants.

13.3 To the extent that a Compliance Program is designed to deal with risks to the overall enterprise,

those risks come from diverse directions more than just one area of the law.

46

THREAT OF CRIMINAL, CIVIL AND

REGULATORY LIABILITY

14. THREAT OF CRIMINAL, CIVIL AND REGULATORY LIABILITY

The threat of criminal, civil and regulatory liability is very serious and manifests itself in several forms.

14.1 Liability for All Actions of Employees, Not Only Executives

Vicarious liability is a principle of federal corporate civil and criminal prosecution. A company can be

held criminally liable for the acts of any employee or agent committed within the scope of its agency

and employment and undertaken with the intent to benefit the company. The doctrine of "collective

knowledge" can result in corporate (criminal) prosecution where no one individual possessed requisite

levels of criminal intent.

Federal prosecutors have increasingly attempted to use these same principles to pierce the corporate

veil and impose criminal and civil liability on parent companies for the wrongful acts of subsidiaries.

47

THREAT OF CRIMINAL, CIVIL AND

REGULATORY LIABILITY

Administrative Liabilities

14.2 Regulatory Investigations

The bank regulatory agencies and the SEC have set forth criteria that they consider in determining

how much to credit "self-policing, self- reporting, remediation, and cooperation , i.e., damage

control” by companies that are the subject of investigations. The regulatory report includes the

following criteria it will consider in this determination:

What is the nature of the misconduct involved?

How did the misconduct arise?

Where in the organization did the misconduct occur?

How long did the misconduct last?

How much harm has the misconduct inflicted upon investors and other corporate constituencies?

Did the share price of the company's stock drop significantly upon its discovery and disclosure?

48

THREAT OF CRIMINAL, CIVIL AND

REGULATORY LIABILITY

How long after discovery of the misconduct did it take to implement an effective response?

What processes did the company follow to resolve many of these issues and ferret out necessary

information? Were the Audit Committee and the Board of Directors fully informed? If so, when?

Did the company commit to learn the truth, fully and expeditiously? Did it do a thorough review of

the nature, extent, origins and consequences of the conduct and related behavior? Did

management, the Board or committees consisting solely of outside directors oversee the review?

Did the company promptly make available to the regulator’s staff the results of its review and

provide sufficient documentation reflecting its response to the situation?

What assurances are there that the conduct is unlikely to recur? Did the company adopt and ensure

enforcement of new and more effective internal controls and procedures designed to prevent a

recurrence of the misconduct?

49

THREAT OF CRIMINAL, CIVIL AND

REGULATORY LIABILITY

Crime Liability

14.3 U.S. Attorney's Manual

In 1999, the Department of Justice issued an unpublished guidance to United States Attorneys' Offices

entitled "Federal Prosecution of Corporations" (the "Holder Memo"),[1] setting forth factors federal

prosecutors should consider in deciding whether to pursue criminal charges against a company. On

January 23, 2003, under then Deputy Attorney General Larry D. Thompson, the Justice Department

issued the Thompson Memo,[2]which revised the Holder Memo. Although the Thompson Memo

reiterates much of the Holder Memorandum the areas of revisions include increased scrutiny on the

quality of a company's Compliance Programs and cooperation with federal investigators. The

Thompson Memo lists factors a prosecutor should consider in deciding whether to criminally charge a

company which are similar to those used by bank regulators as just discussed:

50

THREAT OF CRIMINAL, CIVIL AND

REGULATORY LIABILITY

14.4 Federal Sentencing Guidelines

The Guidelines are used by federal prosecutors in deciding whether to prosecute criminal conduct

by an organization and what type of sentence to seek if a conviction is obtained. A key element in

the decision-making process is whether the company had a thorough Compliance Program in place

at the time of the alleged crime.

14.5 Foreign Corrupt Practices Act

Federal Foreign Corrupt Practices Act of 1997 (the "FCPA") relates to a company’s accounting and

bookkeeping practices. The FCPA is designed to prevent businesses from obtaining an improper

competitive advantage by making unlawful payments (bribes). In addition, its books and records

provisions prohibit the distortion of corporate records to conceal misuse of funds more broadly than

just to conceal bribery.

51

THREAT OF CRIMINAL, CIVIL AND

REGULATORY LIABILITY

The possible sanctions for violations of the FCPA can be draconian, including civil and criminal

penalties against a company and its officers and directors.

14.6 Board of Directors Personal Liability: as mentioned, Compliance Programs that break down

and are not fixed can ultimately translate into Directors’ liability.

52

SEC RULES

15. SEC RULES

15.1. SEC Disclosure Requirements

An SEC reporting company must disclose whether it has adopted a written code of ethics that applies to its principal

executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar

functions. If the company has not adopted such a code of ethics, it must disclose why it has not done so.

15.2. Whistleblower Statutes and Rules

Three sections of Sarbanes-Oxley cover corporate whistleblowers.

15.3. Internal Controls Attestations

In general, under Sarbanes-Oxley §404, each public company has to include as part of its annual SEC filing report an

independent auditor's attestation of management's report as to the adequacy of the company's internal controls and

procedures (with exceptions for small companies).

53

BUSINESS BENEFIT

16. BUSINESS BENEFITS

An effective Compliance Program can save a company money. Observing the law makes good

business sense. Employee misconduct can cause: significant out-of-pocket costs, such as fines or

penalties; civil damage awards or settlements; lost opportunities to compete; decreased sales

due to damaged reputation; and substantial legal fees. Misconduct also results in: lost employee

productivity, often at senior levels, due to the efforts to solve legal problems; disruptions to

business operations; damage to employee morale; and heightened scrutiny by governmental

agencies. An effective Compliance Program can help a company avoid or mitigate expenses

by:

creating a business environment that discourages wrongdoing, reducing the likelihood that

employees will violate corporate policies or law;

54

BUSINESS BENEFIT

detecting misconduct at an earlier stage, allowing the organization to act quickly to minimize

adverse consequences;

demonstrating good faith to governmental agencies considering legal action against the

company;

reducing the company's exposure under the Guidelines; and

avoiding collateral consequences in civil litigation by meeting oversight responsibilities and

reducing the application of respondant superior.

55