Let me begin by thanking the Risk Management Association, PWC, Debevoise & Plimpton, and my friend Paul Lee for inviting me to participate in this conference. Of course, I need to give what sometimes sounds like a Miranda warning—my remarks are personal, and do not represent an official position of the Federal Reserve Bank of New York, or any part of the Federal Reserve System.1 There is nothing I will say that can be used against them.
I am going to address three specific compliance problems: economic sanctions, tax evasion, and foreign corrupt practices. I will use these three compliance problems to illustrate a larger point about organizational culture. If organizational values do not support the rules that organizations use to guide the behavior of employees, and worse, if organizational values actually conflict with those rules, the organization is headed for troubled territory. In my remaining time, I will elaborate on this fundamental point.
Let me start with economic sanctions. We have the recent case against BNPP for its conduct in evading U.S. sanctions related to Iran, Sudan and Cuba. The case is noteworthy because the disposition involved pleas to Federal and state criminal violations, and a record fine of nearly $9 billion. The BNPP case is not the only case against a financial institution for economic sanctions violations. There have been a series of others. Every one of this series of cases concerns a foreign bank. Observers ask, “why are all of these economic sanctions cases against foreign banks?”
Before offering my answer, let me start with some “not’s”. In my view, it is not that U.S. financial institutions are so much more compliant than foreign institutions. I will avoid an ugly name-and-shame ritual, where I would identify the U.S. financial institutions that violated U.S. law. It is not that U.S. prosecutors are xenophobic individuals who are bound and determined to target only foreign institutions. I know from personal knowledge that prosecutors have followed the evidence and it has led them to the doors of foreign banks only.
What explains this phenomenon? Some foreign institutions, unlike their American counterparts, did not see the values that motivate and support U.S. economic sanctions rules. At most U.S. financial institutions, and I may be myopic in seeing too much nobility in them, there is a widely accepted understanding that our U.S. sanctions are tailored to accomplish a laudable public purpose. The Sudanese sanctions are designed to coerce a regime to cease certain horrific practices, like genocide. The Iranian sanctions are designed to stifle the Iranian regime’s nuclear ambitions. The Cuban sanctions are intended to hinder the advancement of communism in the Americas and to change an oppressive regime through a trade embargo. For U.S. financial institutions, which operate on the basis of a public charter issued in the United States, the public purposes supporting economic sanctions and the detailed sanctions regulations are in harmony. With respect to rule compliance, the staff will follow those rules not simply because they are required to but also because they want to.
While I am not here to speak for foreign institutions that have committed sanctions evasion, including BNPP, my sense from the evidence is that these institutions looked at economic sanctions very differently. They looked at economic sanctions as technical “American” rules that were not seen as consistent with the organization’s and the home country’s larger value system. In Europe, they found no similar sanctions, and there it was perfectly legal at the time to do business with these sanctioned jurisdictions. Some European bankers almost naturally adopted the view that there was no value system underlying the technical American legal rule. The foreign institutions saw the situation as providing financial services to just another country; not to a country committing genocide; not to a country building a nuclear weapon; and not to a country fostering a dehumanizing ideology.
This failure to correlate the rule with the value is the root of real mischief. It erodes what some commentators call the “culture of compliance”, and it tends to foster an employee population that will be inclined to look for loopholes, to place toes on the edge of the permissible, or even to turn a blind eye to a black letter compliance rule. And, the organization’s compliance staff will also suffer from a stifled motivation and the absence of any meaningful authority—it relegates that staff to a bunch of box checkers, rather than people working toward a safer and better world. Is it a surprise then that foreign institutions have problems with sanctions compliance and U.S. institutions do not? I do not excuse this in any way, but I do understand it.
Let us now turn to tax evasion. On May 19, Credit Suisse pled guilty to conspiring to help certain Americans evade their tax obligations to the Federal government. Credit Suisse agreed to pay a fine of $1.8 billion. Like the criminal disposition concerning BNPP, this was headline news. Credit Suisse had well developed compliance rules addressing what relationship managers could and could not do when travelling into, and through, the United States. But those compliance rules, while cogent, were largely ignored by certain Credit Suisse personnel. Why is that? Here, again, I believe that the answer lies in the organizational value system.
Credit Suisse was not alone in aiding customers to evade taxes. UBS had similar problems although it escaped without a plea to a Federal felony. Would it come as a surprise to anyone in this room that some of the Swiss cantonal banks may also have “issues” with respect to U.S. tax compliance? Switzerland, the home country to the two big Swiss banks and the jurisdiction that charters them, does not have a law that criminalizes tax evasion, meaning the willful failure to report income and to pay the tax due on that income. This may be one of the reasons why Switzerland has earned a reputation as a tax haven, although that reputation may be changing as Switzerland faces external pressure from the international community.
So, is it surprising that personnel from Switzerland, working for an organization that for many years had a business strategy of taking funds from high net worth customers without many questions about taxation at the source, did not turn square corners when visiting New York? Does it shock you that they would meet with U.S. customers and discuss their accounts, even though that was prohibited by the rules imposed by compliance? Once again, when the rules are in conflict with an organizational value system, watch out! People will find a way around them, either by closing their eyes or by whispering in the darkness.
Finally, let me turn to foreign corrupt practices. I have selected this topic because official corruption is a problem that some U.S. financial institutions have found challenging during the last year. And, in my view, there are certain features of U.S. law that might give rise to conflict between organizational values and FCPA compliance.
The Foreign Corrupt Practices Act was enacted in 1977, and it represents a Congressional response to revelations of widespread bribery of foreign officials by U.S. companies. One purpose of this legislation is stopping official corruption. Then, and continuing to the present time, the United States led the world in enacting laws designed to stop official corruption, and perhaps more importantly, in enforcing these laws. Let me say that, as an American lawyer who spends significant time outside the United States, this is a part of our legal infrastructure that I take pride in.
With all of that said, there is one part of the FCPA that makes me uncomfortable. The FCPA’s bribery prohibition, and the compliance officers in the audience will know this well, contains a narrow exception for “facilitating or expediting payments” made in furtherance of routine governmental action. Some of the cynical among you might know this provision as permitting so-called “grease” payments for non-discretionary acts, like processing visas or providing phone service. But, let us face it, this statutory exception permits a certain limited form of governmental corruption. While I understand that the exception is grounded in a practical reality, I feel that zero tolerance for official corruption would have been a better choice. To any public servant with an extended hand, I would say in a loud and clear voice, “pull it back and do your job.” And, let me note the OECD Working Group on Bribery recommends that all countries encourage companies to prohibit or discourage facilitating payments.
The real mischief is what this exception might do to an organizational value system. When an organizational policy allows some types of official corruption (and we have come up with candy coated names for this, like facilitation or expediting payments), this diminishes the efficacy of compliance rules that are directed toward stopping official corruption. Again, the best compliance cultures are formed when the rules and the organizational value system are in perfect harmony. So, for U.S. chartered institutions, perhaps this is a place where your organizational value system should go beyond black-letter U.S. law. If you tolerate a little corruption, watch out!
So, I have used three compliance topics—economic sanctions, tax evasion, and foreign corrupt practices—to make the case for harmonizing organizational value systems and compliance rules. At an absolute minimum, do whatever is practicable to assure that your value systems and compliance rules do not conflict or send irreconcilable messages. In the “New Compliance Landscape”, a failure to do this is a recipe for disaster.
I also would like to make a concluding remark. I do not subscribe to the view that compliance officers or legal counsel should take on the mantle of the missionary. I am of the “old school”—the duties of the management and the board are owed to the company and to the shareholders. I do believe that the best among chief legal officers will see the job as more than just dispensing legal advice, and, as being the “guardian of the corporation’s integrity”.2 But being the guardian of the corporation’s integrity cannot mean that integrity is defined by the chief legal officer’s personal value system and not the organization’s value system. We are not priests or rabbis.
In a world where the consequence of rule breaking can lead to fines in the multiple of billions of dollars, lawyers and compliance officers can accurately claim that, in guarding the corporation’s integrity, they are enhancing shareholder value. When the BNPP case was announced, FBI Director James Comey said: “Until shareholders demand from their boards that those boards choose leaders who understand what it means to create a healthy culture of compliance, the money will keep walking out the door . . . .”3
My remarks today have focused on the organizational value system as distinct from its rule set. Organizations should adopt and nurture organizational value systems because they are healthy for the company and its shareholders. The personnel in the organization will feel better about the work that they do, and they will do better work and more of it. It is good business to refuse to finance a jurisdiction that is sponsoring genocide. It is good business to say “no” to the customer who wants help in evading taxes. And it is good business not to corrupt government officials.
Companies with a reputation for a sound culture of compliance tend to do well at harmonizing their organizational value system and their compliance rules. If you look at those companies, you see success.
Thanks for listening.
*Revised July 29, 2014