Financial crimes resulting in increased compliance enforcement

By Alexander B. Howard, Associate Editor 08 Jun 2009 | SearchCompliance.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More from Compliance Week SEC commish, FINRA head: Reform financial services regulations Ex-SEC chief Pitt decries state of Sarbanes-Oxley and risk management

In a speech at the Compliance Week 2009 conference in Washington last week, Deputy Attorney General Dave Ogden said protecting national security continues to be the Department of Justice's No. 1 priority. But prosecuting financial crimes aggressively will receive "renewed emphasis in months ahead."

After listing the Department of Justice's pursuit of its case against Bernard L. Madoff and the indictment of the chief investment officer of Stanford Financial Group Co., Ogden said there are now more than 2,100 mortgage fraud cases being investigated by the FBI.

Meanwhile, former Deputy Attorney General Paul McNulty observed that compliance enforcement has been rising rapidly. Enforcement of the Federal Corrupt Practices Act (FCPA) has "dramatically increased," including skyrocketing penalties. "Within the past six months, we've seen hundreds of millions" in fines, he said at the conference.

Citing the Securities and Exchange Commission, McNulty said there has been "more enforcement of FCPA in the past two years than in the past 30 years." He said financial crimes such as money laundering, fraud and tax issues are also receiving increased enforcement action.

What to do for a government audit "Have you taken practical steps necessary to encourage compliance?" That question, posed by former Deputy Attorney General Paul McNulty at the Compliance Week 2009 conference last week, should be easy to answer -- if you have indeed taken those steps. But the wrong answer could be costly. "If you think compliance is expensive, try noncompliance," McNulty said. McNulty suggested a number of goals for compliance officers to identify at the outset of an incident or crisis, particularly if it was a "bet-the-company situation." The organization should conduct a credible and cost-efficient investigation. The goal should be to pursue it an internal investigation in such a way that the government won't need to do one itself, particularly in a way that requires the agency to expend resources. There's an opportunity at the outset for senior management to convince the government that it can rely on what compliance officers say. The investigation should be thorough, "sufficiently independent" and timely. Company officers should focus on getting compliance credit and cooperation credit. Working collectively with the government on compliance should mean something. Gaining cooperation credit will be tricky, in McNulty's estimation, but compliance officers and counsels should insist on not waiving attorney-client privileges and rely on current Department of Justice guidelines. When an organization's defense attorneys make it clear at the outset that cooperation is the goal, however, mitigation and remediation will be easier. Avoid a monitor. Government agencies will consider whether a corporation needs a hedge. In order to avoid it, the corporation will have to convince the government that it's taking the necessary steps independently, as above. Begin the process of thorough remediation as soon as possible. McNulty offered constructive ways for the audience to address incidents as they arose but warned that the "road ahead is going to be rough. Much will be outside of the control of compliance officers." He suggested that they maintain a commitment to a culture of ethics and compliance, insisting that that remain a cornerstone of activities. In his view, "companies that have and demonstrate that commitment" will be seen and appreciated by enforcement officials. -- A.H.

Why is this happening? McNulty said that given the requirements of the Sarbanes-Oxley Act (SOX), more information must now be disclosed and acted upon. Technology for internal information exchange has been widely implemented.

McNulty said he anticipates that compliance enforcement actions around consumer privacy and trade are likely forthcoming. "Public expectation is high," he said, with more effort by the Department of Justice to hold individuals responsible. "We now see the pendulum swinging to the company. Cooperation is expected. Compliance is expected to be strong."

Ogden noted that the Department of Justice has partnered with the Department of Housing and Urban Development, state attorneys general, the Federal Trade Commission and other governmental bodies to address predatory lenders targeting participants in the Obama administration's housing program for the elderly. They have expanded Medicare fraud strike force teams and are working to ensure that there is access to real-time claims data.

Stopping fraud took precedence in Ogden's assessment of the road ahead, reflected in his statement that it was important "for any number of reasons, but it's critical for the president to able to implement his healthcare agenda."

Compliance with transparency and tracking requirements enacted as part of the federal stimulus bill is likely to be strong. Given the unprecedented outflow of approximately $4 trillion dollars dedicated to rescue funds like the Troubled Asset Relief Program and Term Asset-Backed Securities Loan Facility, along with $787 billion allocated though the American Recovery and Reinvestment Act, Ogden said he anticipates the prospect for grant fraud and the need to "remain vigilant in the use of federal funds." He added that he plans to "look back at financial fraud and look forward at financial fraud, including competitiveness and FCPA enforcement."

Given such regulatory conditions, McNulty expressed sympathy for compliance officers trapped in the middle of tough economic times, with fewer resources and increasing regulatory constraints.

He observed that misconduct often increases during tough times, a reality that studies have confirmed. In that context, compliance becomes even more important, though admittedly more difficult.

In a broad sense, the trend has been toward more public disclosure, transparency and international cooperation. "Those factors can easily be applied to other kinds of enforcement," McNulty said.

He offered advice to the compliance officers in attendance on how to respond to the heightened enforcement environment. While he observed that best practices and lists abound, his five must-haves include the following:

Leadership: Corporate leaders must set a strong, ethical tone and structure, demonstrating the ability to affect the conduct of employees.

Risk-based strategy: Compliance officers should know precisely where and how they are doing business. What programs are in place to address risks? Such programs should be "physical, tangible and demonstrable."

Standards for controls: Procedures and policies need to be coupled with strong practical controls.

Training and communication: Compliance officers must get the word out in a way that is connected to a risk-based strategy.

Monitoring: Compliance officers should constantly monitor and improve on the elements above.

Tags: Financial services compliance requirements,  SOX and other public company compliance requirements,  Managing governance and compliance,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Financial services compliance requirements Online privacy: New rules for melding e-commerce and information Security and compliance can go together, when done in the right order PCI DSS compliance fails to raise the bar on financial fraud Security and privacy top IT agenda for Massachusetts CIO Mass. officials, compliance officers debate data protection law Twitter security risks, popularity spark regulatory concerns Top regulatory compliance trends that will affect IT in 2009 SEC commish, FINRA head: Reform financial services regulations Enforcement date for FACT's Red Flags Rule approaches Panels describe risks of noncompliance with Mass. data protection law SOX and other public company compliance requirements Discovery process puts onus on electronic records management tools Electronic discovery critical to health of company, IT organization Business model risk is a key part of your risk management strategy Ex-SEC chief Pitt decries state of Sarbanes-Oxley and risk management Chapter excerpt: The Three Core Disciplines of IT Risk Management Leveraging your business intelligence resources for compliance Kill-switch bill would add certification, licensing burdens Enforcement date for FACT's Red Flags Rule approaches Economic downturn won't kill regulatory compliance projects FAQ: What is the impact of Sarbanes-Oxley on IT operations? Managing governance and compliance Google adds Dashboard: Does transparency mean more online privacy? NERC CSO warns of cybersecurity threats, risk to electric grid Priorities for your sound regulatory compliance management policy Threat management for information systems relies on categorization HITECH FAQ: What is the impact of the HITECH Act on IT operations? Survey shows privacy policy success lies in collaboration with IT Record locator service a step to health information exchange U.S. CIO Vivek Kundra on Data.gov, OpenID and government transparency Nonprofits are working to maintain donor trust with PCI compliance Mass. data protection law requirements amended, deadline extended

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Fair Credit Reporting Act (FCRA)  (SearchCompliance.com) XBRL  (SearchCompliance.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary