This week I have been considering the new developments in the long-running 1Malaysia Development Berhad (1MDB) scandal. These developments include a guilty plea by a former Goldman Sachs Group Inc. (Goldman Sachs) banker in Southeast Asia, Timothy Leissner, who was the client relationship manager for the Malaysian sovereign wealth fund, the country’s former Prime Minister Najib Razak and the person alleged to have looted the fund, Jho Low. As was laid out in a two-count Criminal Information(Information) Leissner pled guilty to both money laundering and violations of the Foreign Corrupt Practices Act (FCPA). He was ordered to forfeit $43.7 million in ill-gotten gains from his illegal activities. A separate (but related) three-count Indictment, named Goldman Sachs Managing Director, Roger Ng, who was charged with conspiracy to violate the FCPA and money-laundering. Ng was arrested in Singapore and will presumably be transported to the US to stand trial or more likely plead guilty. Also named in the Indictment was international fugitive Jho Low. I want to conclude this short series by considering the lessons for the compliance professional that we have learnt so far.

Due Diligence, Due Diligence, Due Diligence

One thing made clear from this matter is that due diligence is not a one-time, discreet event. It is an ongoing process by which new information comes in and is evaluated for a risk-based approach to conducting business. Most interestingly in this matter, Leissner tried to get Goldman Sachs to take on Low as a customer. However, according to the Information, these attempts were unsuccessful because certain personnel within Goldman Sachs’s Compliance Group and Intelligence Group refused to approve the business relationship with Low, “in part, on concerns that they had about the source” of his wealth.

This rejection of Low’s application was communicated to Leissner and Ng. However, “Notwithstanding their knowledge of the concerns that had been raised about” Low not being a suitable client for Goldman Sachs, Leissner “and other employees and agents” of Goldman Sachs,  continued to work with Low based upon their belief that he “would help ensure that government officials within 1MDB, the Malaysian government and Abu Dhabi would deliver lucrative business deals to” Goldman Sachs.

Yet, even though Low’s involvement in all three bond deals, Projects Maximus, Magnolia and Catalyze, was well-known throughout the southeast Asia region, this was not a part of the evaluation by Goldman Sachs on whether it should have gone forward with any of the transactions. In Goldman Sachs’ most recent Quarterly Report(10-Q), filed after the guilty plea and indictments were released, it stated, in part, “In addition, an unnamed participating managing director of the firm is alleged to have been aware of the bribery scheme and to have agreed not to disclose this information to the firm’s compliance and control personnel. That employee, who was identified as a co-conspirator, has been put on leave.”

Further, in a Financial Times (FT) article, entitled “More than 30 Goldman Sachs executives reviewed 1MDB deals”, Laura Noonan and Stefania Palma reported, “A second person with knowledge of the deal’s approval process confirmed that more than 30 people at the bank reviewed it. “There was no concern that the money was going to be stolen”.” The internal Goldman Sachs reviewers included former Chief Executive Officer CEO Lloyd Blankfein and the current CEO David Solomon, “who was head of Goldman’s investment banking division from 2006 to 2012, as well as Gary Cohn, then chief operating officer of the bank.”

In an unrelated FCPA Blog article, entitled “US v. Hoskins complicated due diligence on intermediaries, Eric Lochner raised a risk related to FCPA violations, stating, “compliance officers will also need to police against opportunists inside and outside the organization. The Hoskins ruling created a class of at least some (possibly many) foreign intermediaries beyond the reach of the FCPA. So some employees and third parties might try to exploit that distinction, where those foreign nationals beyond reach do the dirty work of operating a bribery scheme.” That could certainly apply to Low. 

Override of Internal Controls and Oversight

Even though the compliance and legal functions at Goldman Sachs prevented the company from taking on Low as a client, they failed miserably for the three bond deals. One of the reasons was the over-ride of internal controls. The 10-Q stated, “[T]he plea and charging documents indicate that Leissner and Ng knowingly and willfully circumvented the firm’s system of internal accounting controls, in part by repeatedly lying to control personnel and internal committees that reviewed these offerings…The indictment of Ng and Low alleges that the firm’s system of internal accounting controls could be easily circumvented and that the firm’s business culture, particularly in Southeast Asia, at times prioritized consummation of deals ahead of the proper operation of its compliance functions.”

How did (apparently) the southeast Asia business unit override these controls? It was the old-fashioned way, they lied. But you might wonder why an organization as large and international in scope as Goldman Sachs allow employees’ dissimilation to expose it to up to $1.8bn in fines, penalties and costs for this matter? It all brings up the need to have what Jonathan Markshas called “the “four eyes review/approval principle“, which requires a second review by supervisors from different reporting lines for substantive decisions, transactions, changes/overrides, etc. The second set of eyes must not only be done by someone from different reporting lines, but by someone who can be skeptical, is competent, understands the “red flags”, and if necessary can elevate any issues they might have. The “four eyes review/approval principle” is used to facilitate delegation of authority and increase transparency with the goals being adherence to company’s policies, compliance with laws and regulations, and the deterrence and detection of misbehavior or fraud.”

Corrupt Corporate Culture

Where was Goldman Sachs’ culture in all of this? As noted in the 10-Q, “the firm’s business culture, particularly in Southeast Asia, at times prioritized consummation of deals ahead of the proper operation of its compliance functions. In addition, an unnamed participating managing director of the firm is alleged to have been aware of the bribery scheme and to have agreed not to disclose this information to the firm’s compliance and control personnel.” This means there was a culture which supported doing business even if it was done illegally and others consciously looked the other way. It all sounds like a disaster not just waiting to happen but one which did happen.

What are some of the key compliance lessons learned from Goldman Sachs in the 1MDB scandal?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018