Recent weeks have highlighted the value of effective corporate compliance programs in deflecting enforcement activity against companies. At the same time, they have raised new questions about when companies will be held responsible for the actions of their employees, and when such actions will be viewed as “rogue” conduct. Below we contrast the enforcement position in two recent cases: the Morgan Stanley/Garth Peterson matter, involving a corporate declination, and the Noble Corporation/Noble executives matter, including a corporate non-prosecution agreement (NPA).
Morgan Stanley Gets a Pass, Former Managing Director May Get Jail Time
The US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) announced on April 25, 2012 parallel enforcement actions against Garth Peterson, a former Morgan Stanley Managing Director, who had been in charge of that firm’s real estate investment business in Shanghai, China. The DOJ announced that Peterson had pleaded guilty to one count of conspiracy to circumvent Morgan Stanley’s internal controls, which Morgan Stanley was required to implement under the FCPA. The SEC filed a settled enforcement action alleging Peterson had violated the FCPA’s anti-bribery provisions, circumvented Morgan Stanley’s internal controls in violation of Section 13(b)(5) of the Exchange Act, and aided and abetted violations of the anti-fraud provisions of the Investment Advisors Act of 1940 in connection with the same conduct.
The charging documents allege that Peterson had engaged in a pattern of conduct through which he allowed a prominent local government official from a Shanghai district government-owned and controlled property management and development company (a state-owned enterprise) to personally invest in transactions in which Morgan Stanley was involved, in return for that official’s steering investment opportunities to Morgan Stanley, and providing or securing the necessary Chinese government approvals. In addition to allowing the official to personally invest in Morgan Stanley’s investment transactions, Peterson himself also co-invested in the transactions with the Shanghai-based government official, and a Hong Kong-based Canadian attorney. Both DOJ’s and SEC’s charging documents detail Peterson’s, the official’s, and the Canadian attorney’s significant – and initially successful - efforts to circumvent Morgan Stanley’s internal control mechanisms, which evidently had identified the company’s investment transactions with the Shanghai district government-owned property development company as presenting some risk under the FCPA. They detail how these individuals deliberately misled Morgan Stanley’s internal compliance personnel responsible for conducting due diligence and administering other aspects of Morgan Stanley’s compliance program as it related to its Shanghai-based real estate investment business.
In detailing Peterson’s conduct, the DOJ and SEC settlements contain extensive descriptions of Morgan Stanley’s compliance program, and how it applied to Peterson and the activities that were the subject of the enforcement actions in particular. These settlements represent the first time that either DOJ or SEC has publicly declined to bring enforcement actions against a company on the basis of an oft-suggested “rogue” employee action. They also represent the first time that either agency has specifically and publicly enumerated the FCPA compliance steps that they deemed sufficient to warrant a declination.
For his part, Peterson agreed with the DOJ to plead guilty to criminal conspiracy to circumvent Morgan Stanley’s internal controls, and agreed to SEC’s filing of a settled enforcement action requiring that he be permanently barred from the US securities industry, pay more than $250,000 in disgorgement, and forfeit his interest in approximately $3.4 million in corruptly-acquired Chinese real estate holdings. He is scheduled for criminal sentencing on July 17, 2012. Morgan Stanley’s declination, on the other hand, allows the Company to retain all of the financial benefits of Peterson’s conduct, which were non-trivial.
Morgan Stanley’s Compliance Program
DOJ and SEC identified the following elements of Morgan Stanley’s compliance program, implicitly suggesting their importance to their decisions not to charge the company in connection with Peterson’ conduct:
- Policies and procedures: Morgan Stanley had implemented an (apparently robust) FCPA/anti-corruption compliance policy that prohibited bribery generally, and maintained issue-specific policies and procedures relating to topics such as political contributions, gifts and entertainment, and other areas.
- Compliance resources: The agencies cited Morgan Stanley’s extensive compliance infrastructure to implement and administer its policies and procedures, including maintaining over 500 compliance officers worldwide, which included regional and dedicated anti-corruption compliance officers expert in risks prevalent in the company’s various geographic locations. Those compliance personnel were responsible for providing training to company employees, and advising personnel in the field on particular transactions such as the retention of third party agents, due diligence reviews on specific deals, and pre-review of business expenses.
- Training: Employees were routinely trained on FCPA/anti-corruption issues in person, electronically and through written materials that were subsequently included in the employees’ personnel files.
- Ongoing communication efforts: To reinforce messages delivered in its training sessions, Morgan Stanley issued reminders about compliance with its policies and procedures to Peterson and the rest of its personnel on multiple occasions (including 35 times to Peterson during his tenure with the company), and included reminders about specific local or regional issues, such as the Beijing Olympics in 2008.
- Transaction-specific controls: Morgan Stanley conducted extensive due diligence on its new business partners in general, and in particular in connection with the transactions in which Peterson, the Chinese official, and the Hong Kong-based Canadian attorney were involved. Those due diligence efforts included interviewing outside parties including the Canadian attorney (who made false representations to Morgan Stanley), making “pretextual phone calls” to the offices of prospective business partners in order to establish the party’s existence, obtaining written assurances from potential counterparties about legal entities’ existence, and other activities. Morgan Stanley also maintained a strict protocol for approving payments made to business partners, which required financial controllers not otherwise involved in the transactions to approve before a payment was made.
Notwithstanding these and other controls, Peterson managed to channel significant interests in Morgan Stanley’s transactions – and direct cash compensation through distributions from their illicit investments – to the Chinese official, the Canadian attorney, and himself through a series of misrepresentations and corrupt arrangements.
Evolving Compliance Program Standards – Or Just a Particularly Egregious Set of Facts?
The SEC’s and DOJ’s decisions to issue declinations to Morgan Stanley contrast with other recent enforcement decisions where companies as well as their employees were either prosecuted or subjected to some type of sanction for conduct in a foreign operation.
In what has up to now been a highly unusual occurrence, on February 24, 2012 the SEC brought unsettled enforcement actions in the Southern District of Texas against three management-level officials of Noble Corporation -- the former CEO, the former Controller, and the current Nigeria Country Manager -- in connection with their alleged roles in payments made to Nigerian freight forwarders which these individuals allegedly knew would be passed on to Nigerian customs officials. The payments to the Nigerian Customs Service personnel allegedly were made in order to secure temporary importation permits, and extensions to those permits, which were required for Noble’s oil rigs operating in that country.
Noble Corp. had reached settlements with the DOJ and SEC in connection with the same underlying conduct in November 2010, in connection with the so-called Panalpina settlements. Similar to the Peterson/Morgan Stanley case, the criminal information attached by the DOJ to Noble’s NPA alleged circumvention of Noble’s internal control mechanisms: it alleged that Noble had maintained an FCPA compliance program, and that certain Noble employees had circumvented Noble’s Audit Committee’s direction to remediate the temporary importation permit-related problems in Nigeria, by representing that they had done so, to both internal auditors and the Board of Directors itself, when in fact they had not. In contrast to the Peterson/Morgan Stanley resolutions, however, the circumvention of the company’s internal controls – and, indeed, seemingly deliberate misrepresentations to the board of directors by management – did not result in Noble’s receiving a complete declination. However, in contrast to the other voluntary disclosing companies in the Panalpina cases, who received deferred prosecution agreements, Noble received an NPA. In contrast to Morgan Stanley, on the other hand, Noble had to pay criminal penalties and disgorge benefits.
How can these differences be explained? Both companies made voluntary disclosures, both cooperated with the government, both had existing compliance programs, both conducted extensive internal investigations, and both engaged in remediation. In both cases as well, the compliance program seemed to have identified issues with the subject conduct, and in both cases, the conduct at issue involved only a single foreign operation. To our eye, a few factors stand out as potentially influencing the different outcome of the two cases:
- First, the differential treatment may reflect a judgment by DOJ and SEC as to the extent and effectiveness of the two companies’ FCPA compliance programs. The above recitation makes clear that Morgan Stanley’s program was particularly robust. Noble’s was, far from undeveloped, and both programs identified issues with the conduct in question, but the elements highlighted in the Peterson case seem designed to underscore just how extensive Morgan Stanley’s efforts were. (They also, incidentally, negate the oft-expressed concern of companies that any improper conduct by an employee will ipso facto demonstrate the ineffectiveness of a company’s program and controls.) It appears, only a fully developed (in terms of elements) and fully implemented (and therefore resourced) program could hope to qualify under the Morgan Stanley standard.
- Second, the element of personal benefit derived by Peterson from his conduct is likely significant. No such benefits are alleged in the Noble Corp. executives’ case. Such benefits call into question whether Peterson was really acting for the benefit of his employer, a key requirement for corporate vicarious liability. Moreover, it seems clear that the government believes Morgan Stanley was ultimately duped by its employee and entered into transactions in good faith, without knowledge of the personal benefits being derived, despite their controls.
- Third, the level of personnel involved may be significant. While Peterson was a relatively senior Morgan Stanley executive in China, he did not occupy a senior management or gatekeeper position, as did Mark Jackson, Noble Corp.’s former CEO, or Thomas O’Rourke, the former Corporate Controller, two of the three executives currently subject to SEC’s unsettled enforcement action.
- The final possibility is that the declination was motivated by the enforcement agencies’ desire to respond to entreaties from companies and business groups to demonstrate the value of compliance efforts. The Peterson case comes as the DOJ and SEC are drafting long-awaited public guidance on the statute, in the wake of concerns that the implementing regulations for the Dodd-Frank whistleblower provisions gave short shift to corporate compliance efforts. Whether ultimately the Peterson/Morgan Stanley resolution will be looked back on as part of a larger effort by the agencies to demonstrate they have credited companies for their compliance efforts – even when they benefit (albeit unknowingly at the time) from a “rogue employee’s” conduct – remains to be seen. The case and the questions it raises in relation to other recent enforcement actions reinforce the importance of the Guidelines’ addressing this critical issue.