As Tom and Jay mourn the death of cultural icon Stan Lee, they consider that story and look at some of the week’s top compliance and ethics stories.

  1. Why Goldman’s ‘tick the box’ compliance program not good enough. FT editorial board. (sub req’d) What are 4 questions the DOJ is likely to ask and what are 4 areas of inquiry under the FCPA Corporate Enforcement. Tom explores in Part I and Part II. Mike Volkov asks ‘what about respondent superior’?; in his blog Crime, Corruption and Compliance. Richard Bistrong explained what happened during his guilty plea hearing for his FCPA criminal action, in the FCPA Blog.
  2. How can ISO 37001 be fixed? Joe Murphy lists 44 ways on the FCPA Blog.
  3. MoneyGram spanked again as it’s DPA is extended. John Rausch reports in his Dipping Through Geomotries
  4. Tesla names new Board Chair. Will she be able to rein in Elon Musk? Tom Krisher reports in the Washington Post.
  5. Has your company assess the impact of Brexit? If not, the SEC says you should do so. Tatyana Shumsky reports in the WSJ Risk & Compliance Journal.
  6. Why 2019 may well be a challenging year for internal audit. Rafael Go and Leslee McKnight write in Corporate Compliance Insights.
  7. Are companies meeting their human rights requirements? Sam Rubenfeld explores in WSJ Risk & Compliance Journal.
  8. What is the business impact of bribery and corruption in Venezuela? Chevron weighs pulling out. Kejal Vyas and Bradley Olson report in the WSJ.
  9. Chuck Duross says cutting back on compliance programs would be both short-sighted and foolish. Adam Dobrik reports in GIR.
  10. How has GDPR impacted M&A deals? Nina Trentmann reports in the WSJ Risk & Compliance Journal.
  11. In a sponsored podcast, Tom visits with Vin DiCianni and Eric Feldman of Affiliated Monitors on the impact of culture, compliance and monitoring for non-US companies in countries outside the US. Part I-Introduction, Part II-International Enforcement Trends, Part III-Spain, Part IV-Development of Monnitoring in International Enforcement and Part V-International Challenges for Monitors.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at

Yesterday I began a two-part homage to my favorite comic book characters, the Fantastic Four. I began with an explanation of how they got ‘fantastic’. Today, I want to highlight their fantastic powers and a bit about each one. I use this to introduce the four issues that are listed in the FCPA Corporate Enforcement Policy which went into effect just a little under a year ago and ask if Goldman Sachs can fall under them to obtain the benefits of the Policy?

The Fantastic Four starts with Mr. Fantastic, Reed Richards, a scientific genius and the leader of the group. He can stretch his body into incredible lengths and shapes. He is considered to be one of the smartest men on Earth. Reed excelled in mathematics, physics, and mechanics and was enrolled in college by the age of 14. He went to multiple colleges including Massachusetts Institute of Technology, California Institute of Technology, Harvard University, Columbia University, and Empire State University (EMU). While attending EMU he met and became a roommate of Ben Grimm.

Richards is married to the Invisible Girl, Sue Storm, who can render herself invisible. She is able to create invisible force fields of any shape and able to turn herself and anything she is in contact with invisible. In addition to being Richards’ wife , she is the mother of their children, Franklin and Valeria. According to Comic Vine, during the early days of the Fantastic Four, Sue was “somewhat maternal to her teammates. Team leader Reed was the scientist who was always busy in his lab. Team powerhouse Ben Grimm was lonely and depressed over his physical appearance and Johnny Storm acted like the quintessential rebellious teenager – irresponsible and reckless.” She was often presented as a female voice of reason and one that sought to more closely knit the team together.

My favorite of the Four is the Human Torch, Johnny Storm. He is Sue’s younger brother, who can generate flames, surround himself with them and fly. The second most powerful member of the Fantastic Four. While Johnny is known for his impetuous and sometimes reckless nature, he is also a loyal friend and fearless hero. Of course, he also has one of the greatest catch phrases of all-time Flame On!According to Comic Vine, “Still young and rebellious, Johnny was ecstatic to have his new-found powers. Labeled the hot head of the group, Johnny would often make brash decisions and disobey direct orders. Although his sister would try to calm him, Johnny often had issues with following Reed’s orders. He would quit the team early on (and many more times) because of his temper.”

Finally, is the monstrous Thing,  (Ben Grimm), the grumpy but benevolent friend of Richards. Grimm was a college football star and Richards college roommate before becoming a fighter pilot. The cosmic ray saturation gave him a rock-like exterior and superhuman strength, durability, and endurance. The Thing is the original quintessential tough-guy of the Marvel Universe and also its first tragic character. Ben’s exterior gives him a rather gruff disposition but deep down, he has a heart of gold. Ben shows this heart of gold during interactions with his perpetual fiancé Alicia Patterson, who is blind so cannot see his hideous form. Ben’s signature phrase is ““It’s Clobberin’ Time!” – which he often yells when going into battle or at the decisive moment of a fight.”

Yesterday, I considered four questions which the Department of Justice (DOJ) may ask Goldman Sachs. Today I want to consider what the company must show under the FCPA Corporate Enforcement Policy. It has four basic requirements: (1) the company must have “voluntarily self-disclosed misconduct in an FCPA matter”; (2) fully cooperated; (3) timely and appropriately remediated; and (4) “the company is required to pay all disgorgement, forfeiture, and/or restitution resulting from the misconduct at issue.” There is a presumption the company will receive a declination “absent aggravating circumstances, which are defined as “involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; pervasiveness of the misconduct within the company; and criminal recidivism.””

At this point, it is not known if Goldman Sachs self-disclosed any potential Foreign Corrupt Practices Act (FCPA) violations. Given its strident statements that former partner Timothy Leissner, Roger Ng and all the other Goldman Sachs employees directly involved were rogue employees perhaps it did not self-disclose. Obviously, the scandal has long been in the public eye and Leissner’s conduct has been well-known and well-documented. Reuters reported that the US government was investigating 1MDB as far back as October 2015. Leissner was put on leave by Goldman Sachs in January 2016 and he resigned from the firm in February for violation of internal company rules by sending an unauthorized reference letter for Jho Low to a financial institution in Luxemburg. Did Goldman self-disclose to the DOJ before October 2015? If so, they never publicly reported it.

Is Goldman Sachs fully cooperating with the DOJ? Full cooperation means meeting several criteria. First a company must turn over everything it uncovers in its internal investigation, meaning “timely updates on a company’s internal investigation, including but not limited to rolling disclosures of information; all facts related to involvement in the criminal activity by the company’s officers, employees, or agents; and all facts known or that become known to the company regarding potential criminal conduct by all third-party companies (including their officers, employees, or agents).” It also means rolling updates and proactively figuring out what would help the criminal case. It is clear that Leissner is cooperating as demonstrated by the testimony at his guilty plea hearing. Will Goldman Sachs turn over all information about meetings the former Malaysian Prime Minister and Low, including those with former Chief Executive Officer (CEO) Lloyd Blankfein and other company senior executives?

How about full remediation? Given that both Leissner and current Goldman Sachs CEO David Solomon have identified the company’s culture as a factor which led to the scandal, it is fairly clear that the company has a long way to go to meet this requirement, “The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated”. How about the treatment of the compliance function at Goldman Sachs? How many compliance professionals have been promoted to the Partner level? If Leissner and the rest of the Asian group thought they not only could lie to the compliance function about the involvement of Low in 1MDB after he had been rejected as a customer of the firm, how will that be changed? It certainly appears that if there was ever a paper program, consisting of a Check the Boxmentality, it was Goldman Sachs. Finally, can the company meet the requirement of “additional steps that demonstrate recognition of the seriousness of the company’s misconduct, acceptance of responsibility for it, and the implementation of measures to reduce the risk of repetition of such misconduct, including measures to identify future risks.”

The final requirement is that Goldman Sachs must return its ill-gotten gains, which it appears were $600 million. The Star has reported that Malaysia has demanded a full refund of the profits that it generated from the bond sales at issue. Would that be enough to satisfy this prong or would Goldman Sachs be subject to an additional fine or penalty under the FCPA? Even with a 50% discount available under the Policy for a company which self-discloses or 25% discount for extensive cooperation and extensive remediation.

Finally, separate and apart from the FCPA Corporate Enforcement Policy, what about a monitor? The Benczkowski Memo adds several factors prosecutors must consider including, “(a) whether the underlying misconduct involved the manipulation of corporate books and records or the exploitation of an inadequate compliance program or internal control systems; (b) whether the misconduct at issue was pervasive across the business organization or approved or facilitated by senior management; (c) whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal control systems; and (d) whether remedial improvements to the compliance program and internal controls have been tested to demonstrate that they would prevent or detect similar misconduct in the future.” Will Goldman Sachs be able to demonstrate it has overcome these issues and does not need a monitor going forward, given the apparent pervasiveness of its unethical conduct and culture?

I hope you have enjoyed my homage to Stan Lee’s creation of the Fantastic Four and the thought-provoking questions for Goldman Sachs and the firm’s role in the 1MDB scandal.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018

Welcome to the only roundtable podcast in compliance. This week’s episode was is dedicated to considering one article which recently appeared in the New York Times, entitled, “Trump Administration Spares Corporate Wrongdoers Billions in Penalties”. Each panelist considers the piece and its underlying principals from their own perspective.

  1. Jonathan Armstrong considers whether or not the US is losing its role as the global anti-corruption policeman? If it is, will another country step up to take its place? Jonathan rants about UK politicians meddling in UK criminal prosecutions and criminal procedure.
  1. Mike Volkov considers what, if anything does the article tell you about DOJ enforcement priorities? How do priorities change from administration to administration? What does that mean for line and career prosecutors? Mike gives a shout out to US voters who turned out in record numbers in the recent mid-term elections.
  1. Matt Kelly considers the enforcement angle from the SEC or other regulatory bodies notably the Federal Reserve and Office of the Currency. Matt give a very large tip of the hat in his shout out to shareholder activist extraordinaire Evelyn Davis who recently passed away.
  1. Jay Rosen who works as a vendor during in the ethics and compliance space, considers the article from his perspective. He explores such questions as are companies spending less because of enforcement or is corporate compliance is as robust as ever? Jay has a heavy heart this week in remembering the victims of the massacres at the Tree of Life Synagogue in Pittsburg and the Borderline Bar & Grill in Thousand Oaks, CA.

For additional reading see the following from Cordery Compliance:

The members of the Everything Compliance panelist are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at
  • Mike Volkov– One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at
  • Matt Kelly– Founder and CEO of Radical Compliance. Kelly can be reached at
  • Jonathan Armstrong– Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at

The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Compliance Evangelist. Everything Compliance is a part of the Compliance Podcast Network.

In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries. AMI does independent integrity monitoring in multiple countries outside the US and for many non-US organizations. This work has given them a unique vantage point to observe developments. In this Part II, I discuss international enforcement trends with Feldman.

Eric Feldman noted that the US has led most of the enforcement efforts because of the long-standing role of the Foreign Corrupt Practices Act (FCPA) as one of the earliest anti-corruption laws. US enforcement has also been the most aggressive across the globe. However over the past five years or so the Department of Justice (DOJ) and Securities and Exchange Commission (SEC)  have worked to train a cadre of prosecutors in enforcement techniques and tactics to fight the international scourge of bribery and corruption.

This cross-training steered by US prosecutors led to several immediate and longer-term impacts. The most obvious and initial impact was the cooperation by prosecutors and regulators, literally across the globe. One need only review each DOJ or SEC Press Release announcing a FCPA prosecution and the non-US agencies who provided assistance are listed near the bottom. The cooperation began during the Obama Administration but has continued under the Trump Administration and Sessions-led DOJ. Feldman noted that he has seen more cooperation in the investigations and international enforcement front and a sharing of the penalties in several cases. This began as the one Pie model where there would be ‘one pie’ of penalties for an organization. The name has evolved into the anti-piling policy.

The aggressiveness of US prosecutions led to the US penalizing many non-US based companies and keeping the vast lion’s share of the financial penalties. Simply look at the current Top Ten in all time FCPA enforcement cases and you will see that only two of the top ten are US based companies. In addition to the cross training listed above, many countries wanted to get in on the financial penalty action. This has led to many large anti-corruption fines and penalties being shared by multiple countries since 2016. This includes Odebrecht/Braskem, with $2.6bn shared between the US, Switzerland and Brazil; Petrobras with $1.78bn shared between the US and Brazil; Telia Company, with $965MM shared by the US and Sweden; Alstom, with $814MM shared between the US and Switzerland; Rolls-Royce, with $809MM shared between the UK, US and Brazil; VimpelCom, with $795MM shared between the US and The Netherlands; and SocGen, with $585MM shared between the US and France.

Feldman pointed to the specific example of Singapore, where over the last couple of years have had the instance of Keppel Offshore being prosecuted by DOJ for corruption under the FCPA. This was very embarrassing to the government of Singapore because while Singapore always had corruption laws on the books it did not have a big method of enforcing them. Then two years ago, Singapore passed legislation requiring DPAs as an alternative mechanism for settling those types of international corruption cases. Now DPAs are a part of the landscape for anti-corruption prosecutions in Singapore. Just across the straits in Malaysia, the country passed tougher anti-corruption laws as well. All of this means from Feldman’s perspective that both investigations and enforcement are up in a much wider variety of countries combatting bribery and corruption.

As to where all of this enforcement may be heading, Feldman noted the DOJ model of enforcement has been fairly consistent. The basic level of enforcement and theory that the US will continue going forward to enforce the FCPA is fairly high. Feldman believes that the cooperation which began in the earlier part of the decade will continue, particularly between DOJ and the SFO, when it comes to the UK Bribery Act. This may be even more so with the new Director of the SFO, who is a former DOJ prosecutor and has an “American understanding and acceptance of enforcement of these laws, as an accepted way of doing business. I think is going to move the SFO to even more aggressive enforcement going down the road.”

The bottom line is that even if the US somehow or for some reason dialed back its prosecutions under the FCPA, there are multiple international enforcement agencies who stand ready to pick up the slack and reap the benefits in terms of fines and penalties. This also means that companies operating in these countries should have robust compliance to not only detect and prevent legal violations but provide a solid defense if something goes askance.

In the next episode we consider the changes going on in the country of Spain.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at

In this podcast series, I visit with Vin DiCianni, founder and President of Affiliated Monitors, Inc. (AMI) and Eric Feldman, Senior Vice President of AMI. We consider the global view of ethics, compliance and corporate culture of non-US companies, outside the US; in both their home countries and in other countries where they do business. AMI does independent integrity monitoring in multiple countries outside the US and for many non-US organizations. This work has given them a unique vantage point to observe developments. In this Part I, I visit with Vin DiCianni on the trends he sees in the global arena around ethics, compliance and monitoring.

DiCianni noted the single biggest difference for non-US companies and countries is the focus on legal compliance as opposed the US focus on values-based ethics and compliance program. This is partly attributable to the maturity of an intersection of several conditions. The first is the nascence of national anti-compliance legislation. Many countries have only passed such laws within the past five years. Next is the relative youth of many anti-corruption enforcement agencies and prosecutorial services. Finally many countries have Code based legal systems rather than Common Law based legal systems. Such legal systems tend to favor more legalistic compliance as opposed to a more general formula such as the Ten Hallmarks of an Effective Compliance Program that was laid out in 2012 FCPA Guidance.

Obviously, some countries are more advanced along this continuum. The United Kingdom had its Bribery Act come into force in 2010. Brazil had the Clean Companies Act come into force the following year. Prosecutors in both of these countries are farther along in their enforcement actions and both of these countries have issued guidance on the types of best practices compliance programs that companies should put in place. However other countries such as Germany, Spain and France are less further along in both their legal frameworks and their corporate compliance programs.

DiCianni made clear that these countries are all moving forward along the compliance continuum much in the way the US did, beginning 10-15 years ago. In the mid-00’s compliance was largely legal based written by lawyers for lawyers. However this decade we have seen a move to a more values-based system of ethics and compliance. Corporate compliance programs have reflected this evolution as well.

One thing DiCianni has observed, literally across the globe is the desire of compliance practitioners to move the ball forward. This comes in the form of enthusiasm for the compliance profession but also an understanding of the true costs of bribery and corruption in everyday society. This also means there is a great thirst for compliance learning and instruction on how to implement best practices compliance programs.

Many countries have other focus such as corporate social responsibility requirements (CSR) of their corporations which impact the compliance function. DiCianni believes that a CSR function can lead to a more ethical culture within an organization. He noted that many non-US companies have taken the lead on modern slavery, conflict minerals and other issues. He believes this leadership will strengthen a values-based culture within a company and it is something that US companies should more strongly consider taking leadership positions on.

One of the interesting contrasts by non-US companies by DiCianni was what he termed, the failure to enforce their own internal codes. This is true whether it be in a Code of Conduct or policies and procedures. This all ties back into a consistent theme from AMI, which is institutional fairness and a values-based culture. DiCianni stated, “sometimes it’s the most important aspect of a compliance program, what do you do when there’s a violation internally. Do you do anything to enforce your policy?” The problem he noted is that “if you don’t then it’s sort of not worth the paper it’s written on. If you’re going to just have a paper program that doesn’t have any real bite, that’s a concern that I’ve seen globally for those companies that have compliance programs.” If you do not enforce your own compliance requirement, for whatever reason, it creates a very negative impact on your employees.

We concluded by considering some of the enforcement regimes and mechanism outside the US. While US prosecutors and regulators have certainly taken the lead in the international enforcement of anti-corruption laws, countries such as the UK and Brazil are quickly taking up their roles as well.  In the UK, we have seen the first uses of Deferred Prosecution Agreements (DPAs) by the Serious Fraud Office (SFO). The Brazilian prosecutors seem to be moving in that direction, if in a de facto manner.

In Episode II, we consider international enforcement trends.