Two men share securities regulation news

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Securities Regulation Daily, May 19, 2015

Caldwell: Cooperation with DOJ is optional, but noncooperation has consequences

By Anne Sherry, J.D.

Leslie R. Caldwell, head of the Criminal Division of the Department of Justice, emphasized the importance of corporate accountability in remarks at the Compliance Week Conference in Washington, D.C. The Assistant Attorney General allowed that cooperation with investigators is a choice, but cited the nearly $9 billion penalty against BNP Paribas as an example of the consequences of refusing to cooperate. Caldwell also encouraged companies to report data security breaches, clarifying that the Criminal Division is not looking to investigate or prosecute companies that fall victim to cyber-attacks.

Taking compliance risk seriously. Caldwell lamented that compliance programs are often behind the curve because they target the risk of regulatory or law enforcement exposure in the wake of misconduct, rather than the risk of the misconduct itself. Companies should examine all of their lines of business, even those that are not subject to regulation, when designing compliance programs, she said. Compliance programs must also take into account the operational realities and risks attendant to the company’s particular line of business. For example, FCPA compliance may require different internal controls for different companies depending on their exposure to corruption.

As part of an effective compliance program, a company should ensure that vendors, agents, consultants, and other third parties are aware of the expectation that its partners are compliant. This may mean terminating business relationships with partners that demonstrate a lack of respect for laws and policies, Caldwell said. This is just one of the hallmarks of an effective compliance program, which should also include strong support at the top; a strong message of compliance even in informal communications; periodic review of policies and practices; and an effective system for reporting violations internally.

Alstom S.A., the French power company that pleaded guilty to FCPA violations last year, paid the price for compliance violations. The Justice Department considered the company’s lack of an effective compliance program in arriving at the $772 million settlement, along with its failure to voluntarily disclose bribes, its refusal to cooperate with the government’s investigation for several years, the breadth of the misconduct, and the company’s criminal history. That said, while the Criminal Division does evaluate the quality of a company’s internal investigation, it does not believe it necessary or productive for internal investigators to “look under every rock and pebble.” For example, a multinational company that discovers an FCPA violation in one country need not investigate elsewhere if it has no reason to suspect that the misconduct is more widespread.

Cooperation. After an internal investigation confirms potential criminal conduct, the company must choose whether to disclose the findings to the government. Caldwell stressed that few companies have a legal obligation to disclose criminal misconduct or to cooperate beyond compliance with a lawful process. But, she said, the company may receive significant credit for cooperation, particularly early cooperation, when the government is contemplating how to prosecute. BNP Paribas, on the other hand, not only refused to cooperate with the government’s investigation, but actually hindered the investigation by dragging its feet and fighting disclosure requests. The bank—at the parent level—pleaded guilty to conspiracy, publicly admitted misconduct, and paid penalties of over $8.9 billion.

Cybersecurity. Caldwell also spoke about the risk of data breaches. The Criminal Division is seeking to partner with the private sector to prevent the breaches. She reassured companies that the division is not looking to investigate or prosecute victim companies, and encourages them to report actual or suspected breaches even if the intrusion was caused by inadequate safeguards. A Cybersecurity Unit within the Computer Crime and Intellectual Property Section is dedicated to partnering with the private sector and the public to combat cyber-crime. The Unit’s “best practices” guidance is intended as a living document that both identifies vulnerabilities and recommends solutions.

MainStory: TopStory Enforcement

Securities Regulation Daily

Introducing Wolters Kluwer Securities Regulation Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.

A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.