There are fewer and fewer players who are lifers for one team. When it comes to lifers who were managers the list is even shorter. Tommy Heinsohn was a player, coach and announcer over some 60+ years with the Boston Celtics. Yet Tommy Lasorda was a true baseball lifer for the Dodgers, first the Brooklyn Dodgers and after they moved west, the Los Angeles Dodgers. He began a very short playing career in the Brooklyn Dodgers organization in 1948, making to the majors in 1954 and 1955 for, as noted in his New York Times(NYT) obituary, “a total of 13 innings for Brooklyn in the 1954 and 1955 seasons, with no wins or losses, then was cut in favor of a young left-hander named Sandy Koufax.”

Yet that was only a blip on his time with the Dodgers. “After retiring as a pitcher in 1960 with 14 years in the minors behind him, he was a Dodger scout, managed in the team’s farm system and coached for the Dodgers for four seasons before succeeding [Walter] Alston as manager” in 1976.

He won two World Series with the Dodgers, in 1981 and 1988. “After he retired from managing, with a career record of 1,599 victories and 1,439 losses, Lasorda was named a Dodger vice president. He scouted for the team again, was an interim general manager for the second half of the 1998 season when Fred Claire was fired, and became a senior vice president that September, representing the ball club in good-will appearances. He remained a representative for the franchise in the post of special adviser to the Dodger chairman until his death.” He was known for only talking about baseball and Italian food. As I said a true lifer who bled Dodger Blue.

Lasorda was a link with the fabled Dodger past of Ebbets Field, Jackie Robinson and “wait ‘til next year”. He introduces today’s topic which is the recently resolved Capital One, National Association (CONA) Assessment of Civil Money Penalty (Order), brought by Financial Crimes Enforcement Network (FinCEN). Matt Kelly wrote a comprehensive blog post on the enforcement action in Radical Compliance this week. There were four major components to the enforcement action: (1) poor compliance operationalization; (2) negligent risk management appraisal; (3) trusting but not verifying the business explanations of red flags in their operations of Check Cashing Group (CCG); and (4) massive failures to file Suspicious Activity Reports (SARs). I want to focus on the first two and what they may portend for Foreign Corrupt Practices Act (FCPA) enforcement actions going forward.

As noted by Kelly, the Order discussed that “Capital One failed to implement a sufficiently strong AML compliance program even when the bank knew it had inherited significant problems from the Hibernia and North Fork acquisitions.” However, it was clear from the Order that “Capital One did build up an AML compliance team and even developed policies, procedures, and controls for an enterprise-wide AML compliance program.” Yet, as Kelly stated, “However, these controls and procedures were inadequate to address the money laundering risk associated with the CCG, were inconsistently and ineffectively implemented for CCG customers, were plagued by a number of technical failures that were not promptly addressed, and gave too much credence to dubious explanations from the business line about CCG banking activity, all of which ultimately resulted in a failure to guard against money laundering and other criminal and suspicious activity.”

FinCEN is saying there was too much attention on the “compliance program design, and not enough on program execution.” FinCEN did not say it was a paper program, created so that Capital One could claim some type of compliance defense. The FinCEN Order makes clear there was a lack of operationalization of the compliance program. All of this is just another way of saying the compliance program was not effective. 

The next area was the Capital One risk management program around customer due diligence and reviews. Here the Capital One compliance function “developed a spreadsheet formula that aggregated the credits and debits of a CCG customer under review, and then compared that analysis against a sample of historical transactional data.” However, even when a Red Flag was raised if these transactions were “related to the customer’s business model or could be readily explained away, the compliance team deemed the departure from historical norms “reasonable” and closed the review.” FinCEN found this approach was suboptimal as compliance analysts ended up relying too much on consistency of transactions as the basis for judging suspicious activity, “without taking additional investigative steps or incorporating additional knowledge about the customers.” The Order stated, “In other words, “Capital One improperly used consistency as the primary benchmark for reasonableness, overlooking the nature or apparent lawful purpose of their customer’s underlying activity and the patterns therein.””

This is but another way of say that the Capital One compliance function was substandard in its operation of the risk management program around customers. This is in the face of no examples put forward of this negligence. Once again this is saying the risk management program for customers was not effective. 

Capital One was fined $390 million (with a credit of $100 million for a previously paid fine) so the total penalty under the Order was $290 million. A large part of that fine was for having a compliance program which was not effective. For those compliance professional out there you should look very closely at this Order. If the Department of Justice (DOJ) applies this same standard to anti-corruption compliance programs under the FCPA it would be a very large game-changer. It could certainly lead scrutiny of the actions of Chief Compliance Officer (CCO) in any decisions they might make, which could then lead to subsequent liability.

Just as Tommy Lasorda was a part of and led the Dodgers for many years, the prosecutorial evolution continues. This prosecution involved FinCEN and the financial industry. It may however portend a change by the DOJ in civil prosecutions in commercial operations.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2021

One cannot really say enough about risk assessments in the context of anti-corruption programs. This is because every corporate compliance program should be based upon a risk assessment, to understand your organization’s business from the commercial perspective, how your organization has identified, assessed, and defined its risk profile and, finally, the degree to which the program devotes appropriate scrutiny and resources to this range of risks. Yet the 2020 Update added a new emphasis that Risk Assessments should not be done not less than annually.

As far back as 1999, in the Metcalf & Eddy enforcement action, the DOJ has said that risk assessments that measure the likelihood and severity of possible FCPA violations should direct your resources to manage these risks. The 2012 FCPA Guidance stated it succinctly when it said, “Assessment of risk is fundamental to developing a strong compliance program and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.

There are a number of ways you can slice and dice your basic inquiry. As with almost all FCPA compliance, it is important that your protocol be well thought out. If you use one, some or all of the above as your basic inquiries for your risk analysis, it should be acceptable for your starting point. 

Three key takeaways:

  1. Since at least 1999, the DOJ has pointed to the risk assessment as the start of an effective compliance program.
  2. The DOJ will now consider both your risk assessment methodology for identifying risks and gathered evidence.
  3. You should base your compliance program on your risk assessment.

Companies have finally come to realize that institutional justice and fairness are perhaps the most basic tenet of any successful workplace. If employees believe they will be treated fairly, it will engender a level of trust that can work to not simply motivate employees but lead to a more successful workplace and, at the end of the day, a more profitable company. This encompasses the entire lifecycle of the employment relationship, from hiring through separation. It works in areas as seeming disparate as compensation and incentives, discipline, promotion and internal reporting.

On this final point, Kyle Welch and Stephen Stubben, in their 2019 paper entitled “Evidence on the Use and Efficacy of Internal Whistleblowing Systems”, noted that a robust whistleblower reporting system speaks to a functioning and ethical corporate culture. Employees who can report issues, in a fair manner, without fear of retaliation are more empowered to make the company run more efficiently and more profitably. Yet an equally interesting finding was where there was robust internal reporting, employees were more likely to speak up to improve overall business processes, thereby making the company more profitable.

An often-overlooked role of any CCO or compliance professional is to help provide employees with institutional justice. If your compliance function is seen to be fair in the way it treats employees, in areas as varied as financial incentives, to promotions, to appropriate and consistent discipline meted out across the globe; employees are more likely to inform the compliance department when something goes array. If employees believe they will be treated fairly, it will go a long way to more fully operationalizing your compliance program.

Three key takeaways:

  1. The DOJ and SEC have long called for appropriate and consistent application of both incentives and discipline.
  2. The Fair Process Doctrinewill help set institutional justice as the norm in your organization.
  3. Inconsistent application of discipline will destroy your compliance program credibility.

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

In this episode of Great Women in Compliance, Lisa speaks with Tiffany Archer, Regional Ethics & Compliance Officer and Corporate Counsel for Europe and the Americas at Panasonic Aviation Corporation.  Tiffany talks about the guideposts that have defined her life and her ethics and compliance career.  These pillars are Excellence, Discipline and Integrity, and have led her to undertake challenges and accomplish goals, both personal and professional.

Tiffany provides insight on how these pillars helped her from her time in law firm life to today at Panasonic Aviation.   In particular, she keeps these values in mind while recognizing the importance on building relationships and knowing that there is no “one size fits all” approach to building an ethics and compliance program.  Tiffany also talks about how these pillars impacted how she has addressed COVID-19 as a leader and compliance officer, as well as how she thinks about Black Lives Matter and today’s social justice movement.

Lastly, for all of us who consider ethics and compliance a passion as much as a career, she talks about how her work in the E&C community compliments her full-time job, and her tips as to how she does all of these things she does.

Have you heard that the Great Women in Compliance Book, Sending the Elevator down is now available in an electronic version?  Head to Amazon to get your copy today!

If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?

As always we’re so grateful for all of your support and if you have any feedback or suggestions for our 2021 line up, or would just like to reach out and say hello, we always welcome hearing from our listeners.

Join the Great Women in Compliance community on LinkedIn here.