Widespread expectation of increased financial services regulation is being coupled with the expectation of increased compliance enforcement.
More from Compliance Week
In a speech at the Compliance Week 2009 conference in Washington last week, Deputy Attorney General Dave Ogden said protecting national security continues to be the Department of Justice's No. 1 priority. But prosecuting financial crimes aggressively will receive "renewed emphasis in months ahead."
After listing the Department of Justice's pursuit of its case against Bernard L. Madoff and the indictment of the chief investment officer of Stanford Financial Group Co., Ogden said there are now more than 2,100 mortgage fraud cases being investigated by the FBI.
Meanwhile, former Deputy Attorney General Paul McNulty observed that compliance enforcement has been rising rapidly. Enforcement of the Federal Corrupt Practices Act (FCPA) has "dramatically increased," including skyrocketing penalties. "Within the past six months, we've seen hundreds of millions" in fines, he said at the conference.
Citing the Securities and Exchange Commission, McNulty said there has been "more enforcement of FCPA in the past two years than in the past 30 years." He said financial crimes such as money laundering, fraud and tax issues are also receiving increased enforcement action.
What to do for a government audit
"Have you taken practical steps necessary to encourage compliance?"
That question, posed by former Deputy Attorney General Paul McNulty at the Compliance Week 2009 conference last week, should be easy to answer -- if you have indeed taken those steps.
But the wrong answer could be costly. "If you think compliance is expensive, try noncompliance," McNulty said.
McNulty suggested a number of goals for compliance officers to identify at the outset of an incident or crisis, particularly if it was a "bet-the-company situation."
The organization should conduct a credible and cost-efficient investigation. The goal should be to pursue it an internal investigation in such a way that the government won't need to do one itself, particularly in a way that requires the agency to expend resources. There's an opportunity at the outset for senior management to convince the government that it can rely on what compliance officers say. The investigation should be thorough, "sufficiently independent" and timely.
Company officers should focus on getting compliance credit and cooperation credit. Working collectively with the government on compliance should mean something. Gaining cooperation credit will be tricky, in McNulty's estimation, but compliance officers and counsels should insist on not waiving attorney-client privileges and rely on current Department of Justice guidelines. When an organization's defense attorneys make it clear at the outset that cooperation is the goal, however, mitigation and remediation will be easier.
Avoid a monitor. Government agencies will consider whether a corporation needs a hedge. In order to avoid it, the corporation will have to convince the government that it's taking the necessary steps independently, as above. Begin the process of thorough remediation as soon as possible.
McNulty offered constructive ways for the audience to address incidents as they arose but warned that the "road ahead is going to be rough. Much will be outside of the control of compliance officers." He suggested that they maintain a commitment to a culture of ethics and compliance, insisting that that remain a cornerstone of activities. In his view, "companies that have and demonstrate that commitment" will be seen and appreciated by enforcement officials. -- A.H.
Why is this happening? McNulty said that given the requirements of the Sarbanes-Oxley Act (SOX), more information must now be disclosed and acted upon. Technology for internal information exchange has been widely implemented.
McNulty said he anticipates that compliance enforcement actions around consumer privacy and trade are likely forthcoming. "Public expectation is high," he said, with more effort by the Department of Justice to hold individuals responsible. "We now see the pendulum swinging to the company. Cooperation is expected. Compliance is expected to be strong."
Ogden noted that the Department of Justice has partnered with the Department of Housing and Urban Development, state attorneys general, the Federal Trade Commission and other governmental bodies to address predatory lenders targeting participants in the Obama administration's housing program for the elderly. They have expanded Medicare fraud strike force teams and are working to ensure that there is access to real-time claims data.
Stopping fraud took precedence in Ogden's assessment of the road ahead, reflected in his statement that it was important "for any number of reasons, but it's critical for the president to able to implement his healthcare agenda."
Compliance with transparency and tracking requirements enacted as part of the federal stimulus bill is likely to be strong. Given the unprecedented outflow of approximately $4 trillion dollars dedicated to rescue funds like the Troubled Asset Relief Program and Term Asset-Backed Securities Loan Facility, along with $787 billion allocated though the American Recovery and Reinvestment Act, Ogden said he anticipates the prospect for grant fraud and the need to "remain vigilant in the use of federal funds." He added that he plans to "look back at financial fraud and look forward at financial fraud, including competitiveness and FCPA enforcement."
Given such regulatory conditions, McNulty expressed sympathy for compliance officers trapped in the middle of tough economic times, with fewer resources and increasing regulatory constraints.
He observed that misconduct often increases during tough times, a reality that studies have confirmed. In that context, compliance becomes even more important, though admittedly more difficult.
In a broad sense, the trend has been toward more public disclosure, transparency and international cooperation. "Those factors can easily be applied to other kinds of enforcement," McNulty said.
He offered advice to the compliance officers in attendance on how to respond to the heightened enforcement environment. While he observed that best practices and lists abound, his five must-haves include the following:
Leadership: Corporate leaders must set a strong, ethical tone and structure, demonstrating the ability to affect the conduct of employees.
Risk-based strategy: Compliance officers should know precisely where and how they are doing business. What programs are in place to address risks? Such programs should be "physical, tangible and demonstrable."
Standards for controls: Procedures and policies need to be coupled with strong practical controls.
Training and communication: Compliance officers must get the word out in a way that is connected to a risk-based strategy.
Monitoring: Compliance officers should constantly monitor and improve on the elements above.
Let us know what you think about the story; email firstname.lastname@example.org.