Coping with government enforcement actions is disruptive, expensive and potentially crippling to your corporate image and brand. There is growing evidence that robust corporate compliance programs lead to lesser punishment. Nevertheless, many businesses lack proper internal controls and mishandle crisis situations, says Bruce Reinhart, member, McDonald Hopkins.
Smart Business spoke with Reinhart about the benefits of strong compliance programs and the consequences of breaking the law.
How has the enforcement environment for businesses changed in recent years?
First, the consequences of improper conduct have become more severe. Actions that traditionally were considered a civil or regulatory violation are now being prosecuted as a crime. More companies are being punished with debarment from government contracting and funding programs.
Second, the targets of these investigations have changed. We are seeing increasing prosecutions of corporate executives, officers and directors. Laws such as Sarbanes-Oxley created expanded individual responsibilities for corporate management. Failure to comply with these responsibilities can lead to civil or criminal enforcement action.
Third, the number of agencies with enforcement power is growing. As one example, there has been an explosion in the number of federal, state and local inspectors general whose mission is to ferret out waste, fraud and abuse in government programs. These offices have the power to conduct criminal investigations and financial audits. They can, and do, make referrals for criminal prosecution while also attempting to recoup money that they claim was misspent or misused.
Are there particular industries that are seeing more enforcement activity?
Hot enforcement targets are companies with international operations. The U.S. Foreign Corrupt Practices Act prohibits bribe payments to foreign government officials by U.S.-based companies or companies that have securities registered through the SEC. In 2010 and 2011, companies and individuals paid more than $2 billion in fines and disgorgements in FCPA settlement actions with the government. Like the FCPA in the U.S., the U.K. Bribery Act now creates criminal liability in the U.K. for bribe payments to government officials anywhere in the world. The U.K. Bribery Act is broader than the FCPA because it also provides criminal liability for commercial bribery. As businesses initiate or expand operations overseas, they increase their potential FCPA and U.K. Bribery Act exposure.
There is also increasing activity in the financial services sector. The U.S. Treasury Department continues to expand its requirements that lenders adopt anti-money laundering programs and other customer due diligence. Most recently, new requirements for residential mortgage lenders and residential mortgage loan initiators were enacted with an effective date of August 13. Failing to comply can be very expensive. For example, in August 2011, Ocean Bank in Miami, was assessed $10.9 million in civil penalties for failing to implement an effective compliance program and failing to properly train its compliance staff.
We also expect to see increased enforcement activity in the health care and government contracting sectors. The FBI and the Department of Health and Human Services Inspector General have made health care fraud a top priority. Fraud in minority and small business contracting processes is getting more attention. Other agencies are much more aggressive about tracking government funds and recovering waste, fraud and abuse. An additional wrinkle is the growth of whistleblower private enforcement suits alleging false claims to the government.
Are there tangible benefits from investing in compliance programs and aggressive crisis management?
Yes. For many years it was believed that robust compliance programs and cooperating in government investigations would mitigate punishment if some illegal conduct slipped through the cracks. In a recent case involving Morgan Stanley, the U.S. Department of Justice publicly acknowledged this for the first time. A managing director in a division based in China was criminally prosecuted for arranging a multi-million dollar bribe to a government official. Morgan Stanley was not charged. The Department of Justice said, ‘After considering all the available facts and circumstances, including that Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the Department of Justice declined to bring any enforcement action against Morgan Stanley related to [the managing director’s] conduct. The company voluntarily disclosed this matter and has cooperated throughout the department’s investigation.’
How does a business protect itself?
The first step is fostering a culture of integrity and compliance, which is not as easy as it sounds. In Ernst & Young’s 2012 Global Fraud Survey of senior executives at leading companies around the world, 15 percent of the 1,700 participants admitted they would use bribery to win or retain business, a six percent increase over the 2010 survey results.
Second, invest in compliance up front. Compliance is an integral part of an overall risk management strategy and there are many cost-effective ways to minimize compliance risk. Nevertheless, the 2012 Ernst & Young survey showed that ‘companies pursuing opportunities in rapid-growth markets face specific risks that are not always being managed effectively. For example, due diligence on third parties is expected by regulators but almost half the respondents (44 percent) reported that background checks were not being performed.’
Third, when a crisis happens manage it properly. Conduct a thorough investigation. Especially in crisis settings, better information leads to better management decision making.
Bruce Reinhart is a member at McDonald Hopkins. Reach him at (561) 472-2970 or firstname.lastname@example.org.
Insights Legal Affairs is brought to you by McDonald Hopkins LLC