POLICIES, PROCEDURES AND COMPLIANCE PROGRAMS FOR ...
-
Upload
khangminh22 -
Category
Documents
-
view
5 -
download
0
Transcript of POLICIES, PROCEDURES AND COMPLIANCE PROGRAMS FOR ...
THINKING LIKE AN EXAMINER:
POLICIES, PROCEDURES AND COMPLIANCE
PROGRAMS FOR BANKS AND BANKERS
Jeffrey A. TisdaleManaging Partner
Tisdale & Nicholson, LLP2029 Century Park East, Suite 1040
Los Angeles, CA 90067
Tel: (310) 286-1260
E-Mail: [email protected]
INTRODUCTION
1. INTRODUCTION
1. While it is not news that Directors and Officers will be held accountable by state and
federal laws and bank regulatory agencies for guiding and operating their financial institution in a
"safe and sound" manner, with the “Great Recession” and new Trump administration appointees,
the approach keeps changing:
What are the limits if any on the definition and application of "safe and sound" conditions and
practices and who decides what fits the definitions;
2
INTRODUCTION
1.1.1 The term "unsafe and unsound practices" is not defined in any statute, but the following suggested explanation offered by the Chairman of the FHLBB at the time the Financial Institutions Supervisory Act of 1966 (FISA) was under consideration, has been often cited with approval by the courts:
“Generally speaking, an ‘unsafe or unsound practice’ embraces any action, or lack of action, which is contrary to generally accepted standards of prudent operation, the possible consequences of which, if continued, would be abnormal risk of loss or damage to an institution, its shareholders, or the agencies administering the insurance funds.”
1.2. How do you document the identification of safe and sound conditions and practices and implement them for your institutions;
1.3. How do examiners approach such questions and make determinations of adequacy or inadequacy of practices; responding to examiners and reports of examination;
3
UNDERSTANDING BANK EXAMINATIONS
2. UNDERSTANDING BANK EXAMINATIONS
2.1 Why are there “Safety and Soundness” Exams and What are They?
2.1.1 Two main goals are to ensure public confidence in the banking system and to assess
compliance with laws and regulations.
2.1.2 Rationale:
2.1.2.1. Maintain public confidence in the integrity of the system needed because
customer deposits are primary funding source without which banks would not
be able to provide financial services.
4
UNDERSTANDING BANK EXAMINATIONS
2.1.2.2. Bank examinations play a vital role in protecting the integrity of the Deposit
Insurance Fund. Examinations help identify problem situations and help prevent
identified problems from deteriorating to the point where depositor payoffs or
financial assistance by the FDIC become unavoidable.
2.1.2.3. The stability of a bank or the existence of weak risk management practices are
revealed through exams of capital, assets, management, earnings, liquidity,
and sensitivity to market risk (“CAMELS”).
2.1.2.4. Evaluating a bank's adherence to laws and regulations is believed to be best
accomplished through periodic onsite examinations.
5
UNDERSTANDING BANK EXAMINATIONS
2.2 Safety and Soundness Examinations: What is UFIRS?
2.2.1. The Uniform Financial Institutions Rating System (UFIRS) was adopted by the Federal
Financial Institutions Examination Council (FFIEC) on November 13, 1979, and updated in
December 1996. Over the years, the UFIRS has been a primary supervisory tool for evaluating
financial institutions on a uniform basis and for identifying institutions requiring special attention.
2.2.2. The UFIRS takes into consideration certain financial, managerial, and compliance factors
that are common to all institutions. Under this system, the supervisory agencies endeavor to ensure
all financial institutions are evaluated in a comprehensive and uniform manner.
6
UNDERSTANDING BANK EXAMINATIONS
2.2.3. Under the UFIRS, each financial institution is assigned a composite rating based on an
evaluation of six financial and operational components (CAMELS), which are also rated.
2.2.4. Management's ability to respond to changing circumstances and address risks that result
from new business conditions, activities, or products, is an important factor in determining an
institution's risk profile and the level of supervisory concern. For this reason, the management
component is given special attention when assigning a composite rating.
7
UNDERSTANDING BANK EXAMINATIONS
Disclosure of Ratings
Bank regulators believe it is appropriate to disclose the UFIRS component and composite ratings to bank management.
2.3 The Process of Examining
Discussions with Management
The examiner-in-charge (EIC) discusses the recommended component and composite ratings with senior management and, when appropriate, the board of directors, near the conclusion of the examination. EIC ratings are subject to review and final approval by the regional personnel or designee.
Component and composite ratings are not based on a numerical average but rather a qualitative evaluation of an institution's overall managerial, operational, and financial performance.
8
UNDERSTANDING BANK EXAMINATIONS
The management component rating: sensitive but important:
The quality of management often single most important element in the successful operation of an
insured institution.
Most indicative of how well risk is identified and controlled.
All examination findings, including the composite and component ratings whether disclosed verbally
or in the written report of examination (“ROE”), are subject to the confidentiality Rules and
Regulations.
9
UNDERSTANDING BANK EXAMINATIONS
Examination Letters
For “troubled institutions” status (a CAMELS composite 3 rating or worse) communicated to bank management between the close of an examination and the issuance of an enforcement action.In higher risk situations, immediate corrective measures, including the issuance of a temporary order
requiring an institution to cease and desist, may be appropriate.
EXAMINATION TYPES
Risk-Focused Supervision
Evaluate the safety and soundness of a bank.
Examiner focuses resources on assessing management's ability to identify and control risks. Internal and external audits, loan reviews, and other control activities are integral considerations in an assessment of a bank's risk profile.
10
UNDERSTANDING BANK EXAMINATIONS
Full-Scope Examinations
Defined as the procedures necessary to evaluate all CAMELS components.
In a full-scope examination, all examination activities are considered: Risk Management, IT,
BSA/Anti-Money Laundering (AML)/ Office of Foreign Assets Control, Trust, Registered Transfer Agent,
Municipal Securities Dealer, and Government Securities Dealer examination programs. Examination
ratings (when assigned) and summary comments should be included in the risk management ROE.
Compliance and Community Reinvestment Act examination activities are included in the overall
supervision program with separate reports and examination cycles.
11
UNDERSTANDING BANK EXAMINATIONS
Limited-Scope Examinations and Visitations
The terms limited-scope examination and visitation are interchangeable: any review that does
not meet the minimum requirements of a full-scope examination to assess changes in an
institution's risk profile or to monitor compliance with corrective programs.
Results are generally conveyed in a memorandum from the EIC to the regional authority and
sent to the institution.
Institutions Subject to Corrective Actions
Limited-scope reviews are scheduled within six months after an enforcement action is issued to
evaluate an institution's progress in implementing the corrective program.
12
UNDERSTANDING BANK EXAMINATIONS
Newly Chartered Insured Institutions
For bank regulators, adverse economic conditions and other factors often affect newly chartered
institutions more than established institutions, and the failure rates of de novo institutions exceed
those of established institutions. Therefore, unseasoned institutions pose a material risk to the Deposit
Insurance Fund (DIF) and warrant close regulatory oversight.
13
UNDERSTANDING BANK EXAMINATIONS
Monitoring Activities
During the three-year de novo period, examiners emphasize the need for management to seek prior
approval for any proposed material change(s) from the approved business plans. Examiners assist in
monitoring activities by:
Conducting general visitation and examination procedures,
Assessing institutions' overall risk profiles and management capabilities,
Reviewing institutions' conformity with business plans,
Documenting their findings in reports of examination.
14
UNDERSTANDING BANK EXAMINATIONS
Changes in Business Plans
What is a major deviation or material change in a business plan? Shifts in asset or liability mix;
variances in loan, deposit, or total asset volumes from original projections; or the introduction or
deletion of a specific business strategy (such as the initiation of subprime lending or the gathering of
brokered deposits).
State nonmember banks requesting deposit insurance must agree to obtain the prior approval
of the FDIC for any material change to their business plan. Such changes may be evidenced
by significant (+/- 25 percent) deviation in asset growth projections; changes in the
asset/liability mix or products and services offered; or the introduction of new business strategies
such as an unplanned establishment of loan production offices or use of third parties to broker,
underwrite, or originate credit on behalf of the institution.
15
UNDERSTANDING BANK EXAMINATIONS
Change of Ownership Control
Full-scope examinations are conducted within twelve months after a change of control. Thereafter,
standard examination intervals apply.
SCHEDULING EXAMS
Periodic on-site are an integral part of the examination program. Investigations, phone calls, emails,
limited-scope examinations, correspondence, and other forms of customized contact are made as
necessary. The purpose is to identify and obtain corrections in an institution's policies and procedures
before serious financial problems develop.
16
UNDERSTANDING BANK EXAMINATIONS
Anticipatory Supervision
To effectively prevent or mitigate serious problems in an institution, such problems or conditions that
are likely to cause problems must be identified and corrected early.
To avoid deterioration in the institution's condition, financial losses, or institution failures, corrective
action should be taken as soon as possible.
To address minor issues identified during an examination, examiners may present suggestions to
management during discussions.
For more significant problems, examiners discuss the deficiencies with management.
17
UNDERSTANDING BANK EXAMINATIONS
Scheduling Considerations
The following lists include sources of information that may influence examination schedules or
activities
Offsite Analysis and Monitoring
Statistical CAMELS Off-Site Rating System
Comprehensive Analytical Reports
Interim Financial Reports
Growth Monitoring System
UBPR Analysis
Press Releases
18
UNDERSTANDING BANK EXAMINATIONS
Other Financial Indicators
Unusually high or fluctuating profit levels
Significant operating losses
Significant provision expenses to the allowance for loan and lease losses (ALLL)
Significant levels of delinquent loans
Significant changes in balance sheet composition
Unusually elevated or rapidly growing asset concentrations
High reliance on brokered funds
Excessive trading
Excessive dividends
Unusually high or low ratios or numbers
19
UNDERSTANDING BANK EXAMINATIONS
Applications or Other Bank-Provided Data
Merger activity
Large defalcation
Change of control
Adverse audit report findings
Newly insured institution
Change in external auditor
New subsidiaries or business lines
20
UNDERSTANDING BANK EXAMINATIONS
Cancellation of blanket bond insurance
Exercise of a new power or profit center
Acquiring party in an FDIC-assisted transactions
Large paydown/payoff of previously classified loans
Affiliation with a problem institution/holding company
21
UNDERSTANDING BANK EXAMINATIONS
Known Characteristics
Unusually high or low salaries
Compensation linked to financial-performance metrics
Significant litigation
Infighting among officers or directors
Officers or directors with past due loans
Dominating or self-serving management
Operating at the margin of laws and regulations
Inexperienced or questionable management
Substantial outside business interests of a key officer
22
UNDERSTANDING BANK EXAMINATIONS
Conducting business with questionable firms
Lack of diversity in business lines
Higher-risk business strategies
Refinancing poor quality loans
Advertising above-market interest rates
Large blocks of bank stock pledged as collateral-holder can exert control
Numerous or unusual affiliated loan participations
Improper handling of correspondent bank accounts
Sacrificing price or quality to increase loan volumes
Hiring of a dismissed, unethical, or marginal officer
23
UNDERSTANDING BANK EXAMINATIONS
Other Bank Regulators
Improper handling of correspondent bank accounts
Increased or unusual loan participations among affiliated or closely-held institutions
Large blocks of stock pledged as collateral
Affiliation with an institution or holding company rated 3, 4, or 5
Large defalcation
Banker with past due loans at another institution
Loans classified at other institutions
24
UNDERSTANDING BANK EXAMINATIONS
Media
New chief executive officer or chief lending officer
Adverse publicity
Annual or interim period losses
Adverse economic event in a community
Natural disaster such as a flood, fire, or earthquake
Large defalcation
Large financial commitment as sponsor or lead bank in a major project or development
Banker death or disappearance
Announcement of major new activity or department
25
UNDERSTANDING BANK EXAMINATIONS
Rumors/Observations/Other
Change in external auditor
High or sudden employee turnover
Significant litigation against the institution or insiders
Unusual activity in stock of the institution (price movement up or down, or heavy trading volume)
Institution advertising above-market rates
Significant change in asset/liability compositions
Questionable loans being booked
Relationships with borrowers of questionable character
Confidential or anonymous tips
26
UNDERSTANDING BANK EXAMINATIONS
PRE-EXAMINATION ACTIVITIES
Examinations reflect a coordinated effort between risk management and specialty examiners to
assess an institution's overall risk profile. For example, Risk Management, Information Technology,
Bank Secrecy Act, and Trust examinations.
Reviewing External Audit Workpapers
27
UNDERSTANDING BANK EXAMINATIONS
MEETINGS WITH BANK PERSONNEL:
The Board of Directors
During the pre-examination process, or on the first day of the examination, board members should
be encouraged to attend any or all meetings conducted during an examination. Attendance is
voluntary and that a lack of participation not viewed negatively.
Management
First Day Introductions, request, additional information, discuss other general examination
requirements.
28
UNDERSTANDING BANK EXAMINATIONS
Follow-up on Prior Examination Issues
Strategic Planning and Budget The EIC and management should discuss asset and/or capital
growth plans, new business or business products, and other strategic and budget issues during the
course of the examination.
Loan Discussion Management should participate in loan discussions and the initial review of
adverse classifications, as appropriate, considering the size and condition of the institution and loan
portfolio.
Material Preliminary Findings Normally, the EIC should notify senior management of major findings
and possible recommendations before the final management meeting.
Management Meeting All major examination issues to be discussed with senior management as
soon as practical during an examination.
29
UNDERSTANDING BANK EXAMINATIONS
Meetings with Directors
The following policies have been established for meetings with boards of directors. These policies are
designed to encourage director involvement in, and enhance director awareness of supervisory
efforts and to increase the effectiveness of such efforts. The bank's composite rating is the most
important variable in deciding if and when these meetings should be held.
Banks Assigned a Composite Rating of 3, 4 or 5
The EIC and the regional designee meet with the board of directors
30
UNDERSTANDING BANK EXAMINATIONS
Banks Assigned a Composite Rating of 1 or 2
The EIC will meet with the board or a board committee during or subsequent to the examination
when 36 months or more have elapsed since the last such meeting; the management component
of the CAMELS rating is 3, 4 or 5; any other CAMELS performance rating is 4 or 5; or any two
performance ratings are 3, 4 or 5.
Other Considerations
To encourage awareness and participation, examiners should inform bank management that the
examination report (or copies thereof) should be made available to each director for thorough and
timely review, and that a signature page is included in the examination report to be signed by each
director after review of the report.
31
UNDERSTANDING BANK EXAMINATIONS
Summary
Risk management examiners must have a general knowledge of the key principles, policies, and
practices relating to IT, BSA, consumer protection, trust, and other specialty examinations.
Additionally, examiners should be knowledgeable of state laws and regulations that apply to the
banks they examine; the rules, regulations, statements of policy and various banking-related statutes
contained in the FDIC Rules and Regulations; and the instructions for completing Consolidated
Reports of Condition and Income.
32
UNDERSTANDING BANK EXAMINATIONS
DISCLOSING REPORTS OF EXAMINATION
The report of examination (”ROE”)is highly confidential. Although a copy is provided to a bank, that
copy remains the property of the bank regulator. Without the bank regulator's prior authorization,
directors, officers, employees, and agents of a bank are not permitted to disclose the contents of a
report. Under specified circumstances, regulations permit disclosures by a bank to its parent holding
company or majority shareholder.
Standard regulations do not prohibit employees or agents of a bank accountants and attorneys
from reviewing the ROE.
33
WHAT ARE POLICIES AND PROCEDURES?
3. WHAT ARE POLICIES AND PROCEDURES?
These are written guidelines that address specific areas of risk for the company. Whereas a code
of conduct sets forth the company's ethical tone, policies and procedures are tailored to the
everyday risks and concerns that confront employees.
Are policies and procedures all that are needed?
34
THE CASE FOR AN INTEGRATED
COMLIANCE PROGRAM
4. THE CASE FOR AN INTEGRATED COMPLIANCE PROGRAM
4.1 There is a great deal of confusion about the relative roles of various Compliance Programs. Part of the
confusion arises because many companies have not treated their corporate, safety & soundness,
and compliance policies and procedures in the integrated way.
4.2 In today's high-scrutiny world, companies should be focusing on an overall Compliance Program
tailored to fit the unique needs of the company that result from its size, complexity, regulatory
requirements, culture, and risk profile.
35
WHAT SHOULD AN INTEGRATED
COMPLIANCE PROGRAM LOOK LIKE?
5. WHAT SHOULD AN INTEGRATED COMPLIANCE PROGRAM LOOK LIKE?
5.1 Designing an Integrated Compliance Program
Compliance Programs: Generally consist of a Code of Conduct, policies and procedures, a
compliance officer and compliance committee, training and education for employees, reporting
mechanisms for complaints, and auditing and monitoring.
The goal is to reduce or eliminate the number of places bad practices or wrongdoing can hide and
to prevent and detect potential violations of law and policy.
36
WHAT SHOULD AN INTEGRATED
COMPLIANCE PROGRAM LOOK LIKE?
These programs often cover topics as diverse as policies on confidentiality, employment issues,
investments, insider trading, and so on. Accordingly, - the mere process of developing a
comprehensive, thoughtful Compliance Program can help management identify weaknesses in the
organization and areas for needed improvement. The business advantages resulting from this
process are compelling and the resulting legal protections can be even more so. Some say that too
much focus on risks and compliance will inhibit good growth and focus the company inwardly. The
counter argument is that no one wants to be the next company rocked by a bank secrecy act or
mismanagement scandal and that managing risk can enhance future growth by reducing costs
and instilling an enterprise-wide value system that encourages ethical behavior, not just risk-averse
behavior.
37
WHAT SHOULD AN INTEGRATED
COMPLIANCE PROGRAM LOOK LIKE?
5.2 Compliance Programs Today
Being out of compliance with applicable laws and policies means that a company is running the
risk of damage to its business model, reputation and financial condition from its failure to comply
with laws and regulations, internal standards and policies, and expectations of key stakeholders
such as customers, employees and society as a whole.
That risk is the focus of a Compliance Program.
38
HOW SHOULD YOU GO ABOUT DEVELOPING
A COMPLIANCE PROGRAM?
6. HOW SHOULD YOU GO ABOUT DEVELOPING A COMPLIANCE PROGRAM?
6.1 Make it Company-Specific
6.2 Make it comprehensive.
Bank examiners look for an overall treatment of compliance that intends to cause the institution to
avoid legal violations and unsafe and unsound conditions.
39
ONCE YOU HAVE AGREED ON THE CONTENTS OF A
COMPLIANCE PROGRAM, WHAT THEN?
7. ONCE YOU HAVE AGREED ON THE CONTENTS OF A COMPLIANCE PROGRAM, WHAT THEN?
The key to an effective overall Compliance Program is the process by which the company implements
and enforces it. The Compliance Program must be more than words on paper — it must be
communicated effectively and consistently from the top of the organization on down, and regularly
evaluated and tested.
7.1 Put It in Writing
7.2 Communicate the Policies
7.3 Enforce Policies Consistently
7.4 Verify Adherence to the Policies
40
MANAGEMENT’S CENTRAL ROLE
8. MANAGEMENT'S CENTRAL ROLE
8.1 Management Generally
This process requires input from a variety of disciplines including litigation, labor and human resources,
securities law experts, and others.
8.2 What are the Responsibilities of the Compliance Officer?
The compliance officer is the individual charged with the administration of every facet of the
Compliance Program. The compliance officer keeps abreast of any industry or regulatory
developments and ensures that the company and its employees are informed of these
developments.
41
BOARD OF DIRECTORS ROLE
9. BOARD OF DIRECTORS ROLE
In light of their overall responsibilities for policies and procedures, directors should take
reasonable steps to satisfy themselves that they and management have taken steps to
ensure that the company regularly reevaluates its Compliance Program in light of recent
events and regulatory pronouncements.
42
AUDIT COMMITTEE ROLE
10. AUDIT COMMITTEE ROLE
10.1. General Oversight and Monitoring. Audit committees play a central role in connection with
the oversight and monitoring of a company's Compliance Program and a direct role in establishing
the complaint and whistleblower provisions described below.
10.2. Procedures. When the audit committee has established complaint procedures, it is not
required to actually investigate complaints or administer the procedures itself.
10.3. Waivers — Including Failure to Act. Under the Securities Exchange Rules, waivers of a
Compliance Program (which can include a failure to invoke disciplinary measures in connection
with wrongdoing) and amendments to the Code of Conduct portion of the Compliance Program
must be reported in various ways.
43
WHAT KIND OF TRAINING SHOULD A
COMPLIANCE PROGRAM REQUIRE?
11. WHAT KIND OF TRAINING SHOULD A COMPLIANCE PROGRAM REQUIRE?
The compliance officer should organize comprehensive compliance training for new employees
and annual compliance training for current employees. It is very important to document the
attendance by employees and their receipt of any compliance materials.
44
SHOULD WE USE AN OUTSIDE CONSULTANT TO
HELP US DEVELOP A COMPLIANCE PROGRAM?
12. SHOULD WE USE AN OUTSIDE CONSULTANT TO HELP US DEVELOP A COMPLIANCE PROGRAM?
In light of the expanding complexity associated with Compliance Programs generally and the
administration of certain items in particular (such as the ethics hotlines), it is becoming increasingly
common for companies to use outside consultants to develop their Compliance Program.
The use of an outside consultant adds a level of credibility to the process that may make it easier for
senior management and the board of directors to achieve full buy-in.
45
WHY SHOULD MY COMPANY HAVE AN INTEGRATED COMPLIANCE
PROGRAM? WE ALREADY HAVE LOTS OF POLICIES AND PROCEDURES!
13. WHY SHOULD MY COMPANY HAVE AN INTEGRATED COMPLIANCE PROGRAM? WE ALREADY HAVE LOTS
OF POLICIES AND PROCEDURES!
13.1 Even if your company already has a multitude of policies and procedures and tries to abide
by all applicable laws, the current regulatory climate strongly encourages the implementation of an
integrated Compliance Program.
13.2 Recently, Congressional, regulatory and public pressure have resulted in successive high profile
investigations, prosecutions and fines of financial institutions involved in alleged violations of the Bank
Secrecy Act, OFAC and manipulating interest rate calculations of LIBOR . If they act illegally, businesses
also face inevitable litigation from consumers, shareholders and other litigants.
13.3 To the extent that a Compliance Program is designed to deal with risks to the overall enterprise,
those risks come from diverse directions more than just one area of the law.
46
THREAT OF CRIMINAL, CIVIL AND
REGULATORY LIABILITY
14. THREAT OF CRIMINAL, CIVIL AND REGULATORY LIABILITY
The threat of criminal, civil and regulatory liability is very serious and manifests itself in several forms.
14.1 Liability for All Actions of Employees, Not Only Executives
Vicarious liability is a principle of federal corporate civil and criminal prosecution. A company can be
held criminally liable for the acts of any employee or agent committed within the scope of its agency
and employment and undertaken with the intent to benefit the company. The doctrine of "collective
knowledge" can result in corporate (criminal) prosecution where no one individual possessed requisite
levels of criminal intent.
Federal prosecutors have increasingly attempted to use these same principles to pierce the corporate
veil and impose criminal and civil liability on parent companies for the wrongful acts of subsidiaries.
47
THREAT OF CRIMINAL, CIVIL AND
REGULATORY LIABILITY
Administrative Liabilities
14.2 Regulatory Investigations
The bank regulatory agencies and the SEC have set forth criteria that they consider in determining
how much to credit "self-policing, self- reporting, remediation, and cooperation , i.e., damage
control” by companies that are the subject of investigations. The regulatory report includes the
following criteria it will consider in this determination:
What is the nature of the misconduct involved?
How did the misconduct arise?
Where in the organization did the misconduct occur?
How long did the misconduct last?
How much harm has the misconduct inflicted upon investors and other corporate constituencies?
Did the share price of the company's stock drop significantly upon its discovery and disclosure?
48
THREAT OF CRIMINAL, CIVIL AND
REGULATORY LIABILITY
How long after discovery of the misconduct did it take to implement an effective response?
What processes did the company follow to resolve many of these issues and ferret out necessary
information? Were the Audit Committee and the Board of Directors fully informed? If so, when?
Did the company commit to learn the truth, fully and expeditiously? Did it do a thorough review of
the nature, extent, origins and consequences of the conduct and related behavior? Did
management, the Board or committees consisting solely of outside directors oversee the review?
Did the company promptly make available to the regulator’s staff the results of its review and
provide sufficient documentation reflecting its response to the situation?
What assurances are there that the conduct is unlikely to recur? Did the company adopt and ensure
enforcement of new and more effective internal controls and procedures designed to prevent a
recurrence of the misconduct?
49
THREAT OF CRIMINAL, CIVIL AND
REGULATORY LIABILITY
Crime Liability
14.3 U.S. Attorney's Manual
In 1999, the Department of Justice issued an unpublished guidance to United States Attorneys' Offices
entitled "Federal Prosecution of Corporations" (the "Holder Memo"),[1] setting forth factors federal
prosecutors should consider in deciding whether to pursue criminal charges against a company. On
January 23, 2003, under then Deputy Attorney General Larry D. Thompson, the Justice Department
issued the Thompson Memo,[2]which revised the Holder Memo. Although the Thompson Memo
reiterates much of the Holder Memorandum the areas of revisions include increased scrutiny on the
quality of a company's Compliance Programs and cooperation with federal investigators. The
Thompson Memo lists factors a prosecutor should consider in deciding whether to criminally charge a
company which are similar to those used by bank regulators as just discussed:
50
THREAT OF CRIMINAL, CIVIL AND
REGULATORY LIABILITY
14.4 Federal Sentencing Guidelines
The Guidelines are used by federal prosecutors in deciding whether to prosecute criminal conduct
by an organization and what type of sentence to seek if a conviction is obtained. A key element in
the decision-making process is whether the company had a thorough Compliance Program in place
at the time of the alleged crime.
14.5 Foreign Corrupt Practices Act
Federal Foreign Corrupt Practices Act of 1997 (the "FCPA") relates to a company’s accounting and
bookkeeping practices. The FCPA is designed to prevent businesses from obtaining an improper
competitive advantage by making unlawful payments (bribes). In addition, its books and records
provisions prohibit the distortion of corporate records to conceal misuse of funds more broadly than
just to conceal bribery.
51
THREAT OF CRIMINAL, CIVIL AND
REGULATORY LIABILITY
The possible sanctions for violations of the FCPA can be draconian, including civil and criminal
penalties against a company and its officers and directors.
14.6 Board of Directors Personal Liability: as mentioned, Compliance Programs that break down
and are not fixed can ultimately translate into Directors’ liability.
52
SEC RULES
15. SEC RULES
15.1. SEC Disclosure Requirements
An SEC reporting company must disclose whether it has adopted a written code of ethics that applies to its principal
executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar
functions. If the company has not adopted such a code of ethics, it must disclose why it has not done so.
15.2. Whistleblower Statutes and Rules
Three sections of Sarbanes-Oxley cover corporate whistleblowers.
15.3. Internal Controls Attestations
In general, under Sarbanes-Oxley §404, each public company has to include as part of its annual SEC filing report an
independent auditor's attestation of management's report as to the adequacy of the company's internal controls and
procedures (with exceptions for small companies).
53
BUSINESS BENEFIT
16. BUSINESS BENEFITS
An effective Compliance Program can save a company money. Observing the law makes good
business sense. Employee misconduct can cause: significant out-of-pocket costs, such as fines or
penalties; civil damage awards or settlements; lost opportunities to compete; decreased sales
due to damaged reputation; and substantial legal fees. Misconduct also results in: lost employee
productivity, often at senior levels, due to the efforts to solve legal problems; disruptions to
business operations; damage to employee morale; and heightened scrutiny by governmental
agencies. An effective Compliance Program can help a company avoid or mitigate expenses
by:
creating a business environment that discourages wrongdoing, reducing the likelihood that
employees will violate corporate policies or law;
54
BUSINESS BENEFIT
detecting misconduct at an earlier stage, allowing the organization to act quickly to minimize
adverse consequences;
demonstrating good faith to governmental agencies considering legal action against the
company;
reducing the company's exposure under the Guidelines; and
avoiding collateral consequences in civil litigation by meeting oversight responsibilities and
reducing the application of respondant superior.
55