Hugh O'BrienWyatt Earp died this week. Not the original Wyatt Earp who died in 1929 but the Wyatt Earp of my lifetime, who was actor Hugh O’Brian. O’Brien portrayed Earp in the long running television series Wyatt Earp which ran in the early 1960s and in reruns forever since. Tall and fearless, O’Brian roamed the streets of Tombstone Arizona to keep it safe for all citizens and visitors.

Yet, when I read his obituary in the New York Times (NYT), I discovered that O’Brian was more than just my memory of Wyatt Earp as he founded and ran for over 60 years the entity Hugh O’Brian Youth Leadership. O’Brian came to the attention of Nobel Peace Prize winner Albert Schweitzer who invited him to visit his mission in Africa. According to the NYT, O’Brian was so inspired by Schweitzer’s call to services that he established “a nonprofit organization that presents seminars that prepare high school students to “become positive catalysts for change.”” Since it’s founding the organization claims more than 300,000 alumni.

I thought about a different type of catalyst when I read an article in the Wall Street Journal (WSJ) by Tom Wright and Bradley Hope, entitled “Behind the 1MDB Scandal: Banks That Missed Clues and Bowed to Pressure. In their article they detailed numerous red flags that were presented to banks involved in the transfers of money from the Malaysian Sovereign Wealth fund (1MDB) to the personal accounts of multiple individuals. Moreover, the article detailed how several banks compliance functions were bullied into or stymied from using their authority to stop the illegal flow of funds out of 1MDB into numerous shell companies controlled by family members and friends of the Malaysian Prime Minister.

The article named some of the banks involved in the money transfers and they included Deutsche Bank, Citigroup, J.P. Morgan Chase, Wells Fargo and Standard Chartered. Banks which held accounts for 1MDB included AMBank, the Swiss bank BSI and Standard Chartered. While the 1MDB scandal within the banking industry is generally related to money-laundering, the WSJ article has some interesting points for the anti-corruption compliance practitioner to consider in administering a best practices compliance program under the Foreign Corrupt Practices Act (FCPA).

In one transaction detailed in the WSJ piece, a bank officer at Deutsche Bank wanted to understand why monies contractually obligated to a joint venture (JV) between 1MDB and the Saudi Arabian entity PetroSaudi were being sent to a third entity, unrelated to the JV and located in the well-known money laundering location, the Seychelles Islands. Bank officials also wanted to understand the provenance of the unrelated third party recipient of the funds, a shell company named Good Star Ltd.

The WSJ reported that 1MDB’s executive director told the bank “to push through the payment or face blame if the deal goes off.” According to transcripts reviewed by the WSJ, the banker responded, “Let me just convince the compliance person. It’s a little bit sticky.” Deutsche Bank processed the transaction.

In another transaction, Good Star Ltd. sent funds to a third party, who then sent the money via an intermediary to the Malaysian Prime Minster.

At one point, 1MDB developed a scheme for vouching for monies diverted out of the fund, which were then provided to some of individuals looting the fund, including the Malaysian Prime Minister. In one instance where the Prime Minister was being given $100MM, a letter was provided, allegedly from Saud Abdulaziz Majid al Saud, who was reported to be a “minor Saudi royal.” In this letter al Saud reported that the monies were “a reward for Malaysia’s ‘good work to promote Islam around the world’”.

The letter went on to specify that the gift “should not in any event be construed as an act of corruption.” When a purported letter makes the blanket statement that monies transferred should not be considered as ‘an act of corruption’ that can only mean they are specifically an illegal, corrupt payment. Yet this same language was used in subsequent letters, all involving transfers to the Prime Minister, which eventually totaled nearly $1bn.

In another suspect scheme, the US entity Goldman Sachs “sold $3.5bn in 1MDB bonds in two offerings.” The article reported that half of the monies developed from this bond offering, “went into offshore shell companies overseen” by friends of the Malaysian Prime Minister. In an equally brazen scheme, 1MDB allegedly went into partnership with International Petroleum Investment Co. (IPIC) an Abu Dhabi sovereign wealth fund. 1MDB “told its auditors and bankers that it was sending $1.4bn to IPIC as a ‘refundable deposit’”. However the money was never received by IPIC but sent to a company with a similar name registered in the British Virgin Islands. Finally, the WSJ reported numerous conversations where one of the principals involved in the corrupt money transfer scheme, Mr. Jho Low, had several conversations discussing the need for secrecy and discretion.

How does all of this inform the anti-corruption compliance practitioner? First and foremost, the actions by several of the banks involved revolve around over-riding or work arounds to the compliance function. Companies must make clear when a transaction does not pass regulatory muster, whether that be under the FCPA or under relevant anti-money laundering (AML) strictures, the compliance function must have the authority to stop the transaction, until all red flags have been cleared.

To follow on from the above if the information presented to clear a red flag raises more red flags, the transaction is most probably illegal. When a letter concludes that a transaction “should not in any event be construed as an act of corruption” it usually means the opposite. Moreover, when such language appears in several letters justifying similar transactions and it is signed or sent by the same person it portends a bad omen. From the FCPA enforcement world, one only need consider the BHP Billiton enforcement actions, where one of the failures was the business unit cut and pastes of the same business justification for gifts, travel and entertainment provided to foreign officials around the 2008 Beijing Olympics.

The 1MDB scandal may well become the single largest looting of a sovereign wealth fund by corrupt government official’s to-date. Given the strategic importance of Malaysia and its Prime Minster to the US and its fight against global terrorism, it will be instructive see how the US efforts at forfeiture of funds and any criminal prosecutions move forward. However, with the unambiguous statements recently made by US Secretary of State John Kerry that corruption of public funds is a direct precursor to unrest and terrorism, the day may well be here when US allies must join in this prong of the fight against terrorism.

It might be time for Wyatt Earp to return to us.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

 

Show Notes for Week ending September 2, 2016

  1. The Astra Zenca FCPA settlement with the SEC, on FCPA Blog.
  2. Brazilian President Dilma Rousseff is impeached, as reported in the New York Times.
  3. The new Mexican anti-corruption law, from the FCPA Blog.
  4. Why non-financial institutions need to have anti-money laundering programs in place, from an article in Business Insider.
  5. Hallmarks 6-10 of the Ten Hallmarks of an Effective Compliance Program, as featured in the FCPA Compliance Report.
  6. Preview of Jay’s Weekend Report.

QuestionsWe had an interesting week of anti-corruption enforcement actions last week, both in the US and the UK. We have now had four Foreign Corrupt Practices Act (FCPA) enforcement actions since the announcement of the Depart Of Justice (DOJ) Pilot Program in April. I thought this would be a good time to review some of the recent enforcement actions, to see what lessons they may impart to the compliance practitioner. So this week will be dedicated to blog post dealing with enforcement. I will begin with a troubling report issued by a committee of the US House of Representative over the Department of Justice’s handling of the money laundering enforcement action against the UK bank, HSBC back in 2012.

Of all the things that US Congress criticized former Attorney General (AG) Eric Holder over, one might think his protections of financial institutions might not have been one of them. Yet last week there was a scathing report issued, entitled “Too Big To Jail, by the GOP staff of the House of Representatives Financial Services Committee, which was discussed by Gretchen Morgenson in her New York Times (NYT) Fair Game column entitled “Kid Gloves For a Bank With Clout. The report deals with the DOJ investigation into the UK financial institution HSBC and subsequent resolution of allegations that the bank “laundered nearly $900 million for drug traffickers” and sanctioned countries.

While the report does not deal with the DOJ’s lack of prosecution of individuals from the 2008 financial crisis, it certainly provides insight into how Holder conducted such resolutions with large financial institutions and may well explain how it occurred that there were no individual prosecutions. The piece begins that even with a nearly $2bn fine, it was not “a body blow” to HSBC. Of course, there was the ubiquitous Deferred Prosecution Agreement (DPA) put in place, where the DOJ would “delay or forgo prosecution of a company if promises to change its behavior.”

While I am most generally supportive of the practice of using corporate DPAs to help enhance compliance programs, Morgenson’s article does bring up some troubling questions about how and why HSBC was able to get off with not only an agreement not to prosecute any individuals at the bank going forward, but even have individual incentives removed from the final DPA. The House report found that DOJ leadership, in the form of AG Holder, “overruled an internal recommendation to prosecute HSBC” because of concerns that prosecution of HSBC “could result in a global financial disaster.”

That final line is one we have (unfortunately) heard before. However, the NYT article also reports on how HSBC was able to “soften the deal”. The original agreement with HSBC had language which “provide no protection from prosecution for employees who ‘knowingly and willfully” processed financial transactions with countries under American sanctions”. University of Pennsylvania Law School Professor David A. Skeel, who was quoted in the piece, said, “This is one case where it looks like the government might have been able to prosecute misbehaving executives during the crisis period, yet waived its right to do so.” Not failed to do so, but waived its right to do so.

Even more inextricably, the DPA waived future penalties for bank executives who failed to comply with the DPA. Originally there were sanctions against bank executives who did not meet the compliance obligations set forth in the DPA. These sanctions were financial penalties in the form of loss of bonuses. However, in the final version this language was removed and the House report noted the DPA, “apparently leaves open the possibility for executives to get their bonuses, despite failing to meet compliance standards.”

Another troubling aspect unearthed by the House report was ‘how much influence officials at the Financial Services Authority – Britain’s top financial regulator at the time – had on the Justice Department’s process in the HSBC matter”. Morgenson quoted a Washburn University School of Law professor, Mary Kreiner Ramirez for the following, “It would seem that in making the decision with respect to HSBC, (AG) Holder gave more attention to the concerns expressed by the F.S.A than he did with respect to our own agencies.” Moreover, the FSA got the documents on apparently something close to a real-time basis as “at the time events were unfolding.”

There has been both legal and academic criticism of DPAs. However the article brings up another criticism of the settlement vehicles, which is less discussed, the internal process by which a settlement is reached. Edward J. Kane, a professor of finance at Boston College, noted, “The fact that so many of these cases are settled rather than going to court means we don’t get an airing of facts and challenges of fact.”

The Yates Memo would seem to be one response to pre-emptively address some of the concerns raised by the lack of individual prosecution. For if the DOJ now requires prosecutors to go after culpable individuals in white collar crime cases such as the HSBC money laundering prosecution or cases under the FCPA for that matter, any settlement via a DPA would not exempt out future prosecutions against culpable individuals. Further, it would also seem that the DOJ would strengthen up the compliance program components of any DPA to have appropriate financial disincentives for the lack of compliance program adherence. When you put on top of this the Yates Memo requirement that companies must dig up facts on culpable individuals and turn those facts over to the DOJ, it would seem that individuals would be more in the sights of DOJ for prosecution.

The other factor not fully explored by commentators is that DPAs, Non-prosecution agreements (NPAs) and other settlement mechanisms are the product of negotiations by the parties, i.e. the government and the company involved. In the context of FCPA resolutions with the Securities and Exchange Commission (SEC), no company is going to put facts supporting a criminal indictment or even claim of criminal conduct in a civil based Cease and Desist Order or other form of civil based resolution. To do so would open up the company to a very high degree of liability, which is not required if the DOJ declines to prosecute a company for criminal violations of the FCPA. That explains why there is never evidence of criminal liability in a resolution document if there is no criminal charge.

Yet the House report does point up some troubling questions about not only how the HSBC settlement was reached but also the lack of prosecutions against any financial institutions after the 2008 financial crisis.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Shell GamesOne of the more prescient authors I know is Ryan C. Hubbs, a senior manager of fraud investigation and dispute services at Ernst & Young LLP (EY), who, in 2014, wrote an article for Fraud Magazine entitled “Shell Games”. In this piece, Hubbs wrote about how criminals use shell corporations to launder money and perpetuate frauds such as violations of the Foreign Corrupt Practices Act (FCPA). He explained what shell companies are and how certified fraud examiners could assist companies in internal investigations around these issues. His prescience was foretelling the information that would begin to become available with the release of the Panama Papers. Today I will begin a two-part series, where I describe some of the issues raised by Hubbs back in 2014, reporting on information in the Panama Papers and what you can do with the detect prong of your compliance program.

As Hubbs noted “Unfortunately, the landscape of international crime and fraud has changed dramatically in the last quarter century. Shell companies aren’t just for big tax evaders anymore. If your organization is engaging in any type of transaction in today’s economy, shell companies should be a concern. They’re the financial and deception vehicle of choice for some of the most corrupt, dangerous and ruthless individuals and entities in the world. Arms dealers, drug cartels, corrupt politicians, scammers, terrorists and cybercriminals are just a few of the frequent users of shells.”

Fortunately Hubbs provided his insight into how a Chief Compliance Officer (CCO) or compliance practitioner can investigate companies more thoroughly. All of this is not simply about performing adequate due diligence so that you will know with whom you are doing business. Internal corporate investigators need to be aware of how shell corporations are set up to help detect fraud in their own organizations. In his piece Hubbs cited to a Department of Justice (DOJ) Press Release from then Deputy Assistant Attorney General Bruce Swartz around the resolution of the Hewlett-Packard (HP) FCPA resolution for the following, “Hewlett-Packard subsidiaries created a slush fund for bribe payments, set up an intricate web of shell companies and bank accounts to launder money, employed two sets of books to track bribe recipients, and used anonymous e-mail accounts and prepaid mobile telephones to arrange covert meetings to hand over bags of cash.”

Yet it is not simply one shell company that you will need to investigate in any due diligence process. As noted in the New York Times (NYT) piece by Eric Lipton and Julie Creswell, entitled “Documents Show How Wealthy Hid Millions Abroad, the Panamanian law firm of Mossack Fonseca had an entire service line offering for US citizens who wanted to shelter many outside the country. The article cited to one person, William Ponsoldt, who the law firm set up eight shell companies for, “moving at least $134 million through seven banks in six countries.”

Moreover, it appears the Panamanian firm set up entities to specifically help high net worth individuals, in the US, evade taxes. The piece noted, “In 2006, using a secret email account set up by Mossack Fonseca so his correspondence would not be traced by the authorities, a businessman from Washington State asked a common question from among the firm’s potential American clients: “How does a US citizen legally get funds to Panama without the knowledge of the US government and how can those funds be profitably invested without the US government knowing about them?”” Why else would you want to invest funds “without the US government knowing about them”?

Hubbs pointed to three general areas that you should consider in your investigation. The Panama Papers have certainly borne these out. First is to consider shell companies, shelf companies and incorporators. As noted by the services provided Mossack Fonseca, “In many instances, one shell company isn’t enough — fraudsters need a network. Dozens of shells, nominee directors, addresses and fake shareholders might be required to conceal a scheme or criminal plot. Big-time criminal conspirators will utilize shell incorporators to do the heavy lifting and help create a corporate web of disguise that can perplex and confuse the best of investigators. Shells can come in different shapes and sizes, and the jurisdiction in which they reside can help further the concealment.”

The next step is with what Hubbs terms “shelf companies”. He defines these as one formed but not used for a long period of time. This provides the facade of “appearing legitimate and fooling a novice investigator or basic due diligence mechanisms because it appears to have existed longer than it really has. An older shelf could predate any specific areas of concern, which would allow it to engage in business activities when it otherwise shouldn’t.”

The creation of the entity is only the first step though. As Hubbs noted and the NYT article confirmed, the new shell company will need directors and nominees. Hubbs said, “Fraudsters use nominee directors, and in some instances, other shell companies, to disguise true owners of entities while giving the appearance of legitimacy. Some nominees simply sell their names to fraudsters who use them on company documents. Others actually provide limited services for the shell companies such as processing corporate records, signing for company documents and forwarding mail.”

It is these nominee directors who stand as the “linchpins to linking and disguising” criminal cartels and money laundering schemes. As the Times piece noted, “For many of its American clients, Mossack Fonseca offered a how-to guide of sorts on skirting or evading United States tax and financial disclosure laws. These included locating an individual from a “tax-convenient” jurisdiction to be the straw man owner of an offshore account, concealing the true American owner, or encouraging one client it knew was a United States resident to use his foreign passports to open accounts offshore, again to avoid scrutiny from regulators, the documents show.”

Yet the same technique can be used for an individual. As the NYT article reported, “Marianna Olszewski, the New York City-based author of “Live It, Love It, Earn It: A Woman’s Guide to Financial Freedom,” wanted to shift $1 million held by HSBC in Guernsey to a new overseas account. The catch? She did not want her name to appear anywhere near the transaction. Mr. Owens, the Mossack Fonseca lawyer, again offered a solution. Mossack Fonseca would locate what he called a “natural person nominee” in a “tax-convenient” jurisdiction to stand in for Ms. Olszewski as the owner of the account.”

“The Natural Person Trustee is a service which is very sensitive,” Mr. Owens wrote. “We need to hire the Natural Person Nominee, pay him, make him sign lots of documents to cover us, make him sign resignations, make him get some proofs evidencing that he has the economic capacity to place such amount of moneys, letters of reference, proof of domicile, etc., etc.””

The final area of concern from Hubbs is shell incorporation hot spots. He cited to one such address hot spot from a report called “Grave Secrecy” by Global Witness which was noted to be ““103 Sham Peng Tong Plaza” in Victoria, Seychelles. A simple Google search of this address identifies more than 160,000 hits associated with websites, companies and individuals. Another address identified in unrelated criminal filings and sanctions is PO Box 3444 Road Town, Tortola, BVI. A Google search of this address yields more than 600,000 hits. These addresses represent just a few incorporation hot spots. An entity identified with one of these addresses should be a huge red flag.”

Tomorrow I will review some of the areas you can research to help you in investigating and tracking shell companies.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

7K0A0116Yesterday I began an exploration of the potential individual liability of a Chief Compliance Officer (CCO) based upon the Financial Industry Regulatory Authority (FINRA) enforcement action against Raymond James Inc. and its former CCO, Linda Busby. Today, I will consider the specific deficiencies laid out in the Letter of Acceptance, Waiver and Consent (Letter of Acceptance) and what lessons might be drawn going forward.

It is incumbent to note the basis of liability is FINRA Rule 3310, which requires the company to “develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member’s compliance with the requirements of the Bank Secrecy Act…” The required policies and procedures needed are to detect and report suspicious activity and monitor transactions for specified red flags. If such red flags were detected, additional investigation was required and any clearance of such a red flag required documentation. Some of the specifics of 3310 included appropriate due diligence on both customers and corresponding accounts for foreign financial institutions, a risk-based assessment of new clients and a review of red flags that might be raised in the above. Busby, as CCO, was required to implement the foregoing.

As noted yesterday, Busby was sorely understaffed, underfunded and probably could never have overseen a functioning and effective compliance program, had the company deigned to put one in place. However, the company obviously thought it did not have to do so. As noted in the Letter of Acceptance, the company “did not have a single written procedures manual describing AML procedures; rather to the extent written procedures existed addressing supervision related to AML, they were scattered through various departments.” Moreover, Busby did not have control or even oversight into individuals in other departments handing anti-money laundering (AML) issues. Finally, the company did not have any oversight for monitoring suspicious activity. The Letter of Acceptance noted these shortcomings were failures of both the company and Busby.

FINRA dived deeper into the weeds when it faulted both the company and Busby for not monitoring known high-risk transactions or individuals. The Letter of Acceptance listed high-risk activity as:

  • Transfers of funds to unrelated accounts without any apparent business purpose;
  • Journaling securities and cash between unrelated accounts for no apparent business purpose, particularly internal transfers of cash from customer accounts to employee or employee-related accounts; and
  • Movement of funds, by wire transfer or otherwise, from multiple accounts to the same third party account.
  • The company did not have any procedures “in place to reasonably monitor for high-risk incoming wire activity, such as third-party wires and wires received from known money laundering or high-risk jurisdictions.”

All of this meant that neither the company nor Busby were able to monitor or later investigate suspicious activity. FINRA turned up 513 accounts that engaged in high-risk activity that were never even spotted let alone investigated. There was no overall risk assessment performed which might have allowed Busby to marshal her limited resources and focus on the highest risk transactions. As you would expect there was no technological solution in place that allowed Busby to “conduct any trend or pattern analysis or otherwise combine information generated by the multiple reports to look for patterns”. All of Busby’s analysis had to be done the old fashioned way, through manual review.

While there were some reports generated by the company that might have been of use in an AML analysis, they were either deficient or not tied to similar reports. Even when the information was available there was no overall risk ranking for the company’s customers that would have allowed transaction monitoring on a more proactive basis. Finally, and this one is perhaps the most unbelievable, there was no linking of customer accounts so no pattern of single customer activity could be reviewed.

In addition to these overall AML program deficiencies, the Letter of Acceptance listed failures by Busby when sufficient information was available to her. There were thousands of alerts generated regarding suspicious activities each month that were closed out with no documentation as to the rationale for closing the suspicious activity alert. There was no documented clearance of red flags raised, even in the process the company did have in place.

The customer due diligence report was not even provided to Busby or the AML team but to the company’s credit department, one of those departments that Busby had no visibility into. When there was sufficient information to investigate customers, Busby and her team failed to do so and the Letter of Acceptance listed several instances where Busby failed to document that customers had been sanctioned by the US Department of the Treasury. The Letter of Acceptance laid out some useful indicia of suspicious transactions including (1) rounded dollar amounts; (2) purpose of payment inconsistent with the customer’s prior activities; (3) the domicile of the individual receiving the funds was not the location where the funds were transferred; (4) the Letter of Authorization provided to the company was dated at or near the date of transfer.

Finally, and to no doubt warm the heart of every process analysis and professional out there, FINRA criticized the lack of oversight. Busby was criticized for failing to engage in appropriate oversight of the company’s AML risk. But the company also failed in its oversight role of providing oversight to the CCO and the compliance function. If it had done so perhaps the company would have realized the impossible position Busby was in and the utterly impossible role she had to accomplish.

Fortunately for the Foreign Corrupt Practices Act (FCPA) compliance CCO, the financial services industry has specific rules that require compliance programs. Such regulations do not exist around the FCPA. However the analysis that FINRA used to bring charges against Busby could well bleed over to CCOs and compliance professionals in the future. With the new Department of Justice (DOJ) compliance counsel, the role of the CCO may be given more scrutiny going forward. It is painful to picture an anti-corruption CCO assessed with liability for a corporation which views compliance as poorly as did Raymond James but they are out there.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016