Gregory A. Brower is a Shareholder with Brownstein Hyatt Farber Schreck LLP in the firm’s Las Vegas, NV and Washington, DC offices, and Carrie E. Johnson is a Shareholder in the firm’s Denver, CO office. Mr. Brower also serves on WLF Legal Policy Advisory Board and is the WLF Legal Pulse’s Featured Expert Contributor, White Collar Crime and Corporate Compliance.

The recently-announced $2.9 billion settlement between the DOJ and The Goldman Sachs Group, Inc. (“Goldman”), provides yet another reminder to all businesses that compliance is most important when it is hardest.  In other words, as the chief of the SEC’s Foreign Corrupt Practices Act (“FCPA”) Unit explained, “compliance works well for smaller deals, but then gives way under the weight of a bigger deal or of higher-up people in the organization pushing it.”  This was apparently the case at Goldman, which agreed to the record fine as part of a deferred prosecution agreement (“DPA”), while a subsidiary pled guilty to violating the FCPA.  The DPA and plea deal resolved the investigation into Goldman’s role in the joint DOJ-SEC investigation into Malaysia’s sovereign wealth fund.

The settlement documents reveal a familiar pattern by which senior executives push to pursue a potentially lucrative deal or partnership despite red flags uncovered during the compliance team’s due diligence work.  According to the record, Goldman compliance officials refused to approve certain Malaysian bond deals with a third party because of concerns with the individual’s past business dealings.  Firm executives eventually moved forward with the deals despite these compliance concerns.  In commenting on the facts of this case recently, the chief of DOJ’s FCPA Unit pointed to what he described as the biggest challenge to compliance in this area, namely, warning that “money going out the door to third-parties . . . is where the problems typically occur.”

This settlement is interesting, not just because of its dollar amount (a new record) but also because it offers a very clear reminder that the DOJ and SEC continue to actively and aggressively pursue FCPA investigations.  The settlement also reveals a remarkable degree of candor and transparency from the DOJ and SEC about what they see as “red flag” conduct and what they recommend companies must do to stay out of trouble.  Among the lessons that companies can and should learn from this latest settlement are:

1. Third-Party Partners Must be Vetted – The Goldman settlement is a reminder of the potential dangers for any company that uses third-party agents. Because businesses conducting foreign commerce generally cannot avoid using third parties, thorough vetting is essential for suppliers, lawyers, lobbyists, and consultants of all types. This is especially true when using agents in countries that are known for corruption.  The vetting process can be challenging, but it is absolutely necessary and should be documented in a way that can allow the process to stand up to subsequent scrutiny by DOJ/SEC.  Additionally, a company’s compliance policy should include requirements distributed to third-party vendors and partners that extend beyond the initial vetting process so that these vendors are on notice that their FCPA compliance expectations are ongoing.

2. Empower the Compliance Function – While this lesson may seem obvious, even companies with significant resources have not taken it to heart. Faint dedication to compliance could have motivated the DOJ and the SEC to stress in their recently released 2020 update to the FCPA Resource Guide that prosecutors will evaluate a compliance program based in part on whether it is properly resourced and empowered.  To be taken seriously by government investigators and prosecutors, a company’s compliance function must be adequately funded and staffed, and must be led by an corporate officer who has both the appropriate level of seniority within the organization and the right type of experience to be able to interact effectively with the rest of the C-suite and the board of directors.  The compliance function must also operate with a reasonable degree of independence, with a clear reporting line to an independent compliance committee or subcommittee of the board.

3. Tone (and substance) From The Top On Down – Many companies do a pretty good job of having a textbook compliance program on paper and appear, as a result, to have an effective system of control functions in place. This paper program is often accompanied by periodic statements from senior executives about the importance of ethics and compliance within the organization.  Too often, however, this is more of a marketing effort than an accurate depiction of the actual compliance reality.  While it is important that the tone at the top reflects an appropriate emphasis on compliance, it is even more important that the actual day-to-day compliance work, throughout the ranks of the company, be real, robust, and supported in meaningful way at every level of the corporate org chart.

4. Individual Liability is Possible – Corporate executives and middle-managers should never assume that the worst-case-scenario outcome from a foreign corruption investigation is that the company might pay a big fine. The reality is that individual corporate actors can be, and often are, also charged criminally.  Indeed, in the Goldman investigation, the firm’s former Southeast Asia chairman was charged and pled guilty to conspiring to launder money and to violate the FCPA.  Corporate employees must remember that the 2015 Yates Memo reminds DOJ prosecutors that “[o]ne of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing.”

5. Expect Robust FCPA Enforcement to Continue – Following a record-breaking 2019, 2020 is on pace to be another record year for number of FCPA settlements and total amount of fines paid. DOJ and SEC officials have made it clear that this trend is likely to continue, regardless of the outcome of the upcoming presidential election.  Indeed, we can expect that a Biden Administration is likely to prioritize robust FCPA enforcement, including continued cooperation between domestic and, increasingly, foreign enforcement agencies.  The Goldman investigation, for example, included at least nine different agencies from six different countries.

* * *

While effective compliance, particularly within a large, multi-national business organization, is not easy, this investigation and resolution is a reminder that companies need to ensure that their corporate compliance programs are not only present on paper, but are alive, active, and functioning within every aspect of the business, every day, and in every place, no matter how remote or foreign, the company does business.  When red flags are identified, the first part of the compliance function is working.  But it’s the second part, i.e. taking appropriate action in response to these red flags, even if it means passing on a potentially lucrative opportunity, that is the even more important part of the compliance process.