Today, I consider Commissario Guido Brunetti, the lead character in Donna Leon’s murder-mystery series set in Venice. My wife and I took a tour of Brunetti’s Venice with Dr. Toni Sepeda who leads the only Leon authorized tour of the local areas where these great stories take place. Dr. Sepeda is a good friend of the author and intersperses her walking tours with incidents from various stories and quotations which bring to life the soul of the Commissario and the allure of this most beautiful and unique city. I highly recommend both the Leon’s books and Dr. Sepeda’s tour.

I want to use a scene from the Brunetti adventure Death and Judgment where Brunetti investigates a case involving sex trafficking. He determines the identity of the bad guy (or more appropriately bad girl) when she loses her glasses, which find their way to him. He recognizes they are from Carroro eyewear. Signore Carroro keeps scrupulous records and is able to identify the owner and this puts the good Commissario on the road to solving the case.

This leads into my continued exploration of the JP Morgan Chase (JPM) and its subsidiary, JPMorgan Securities (Asia Pacific) Limited (JPM-APAC) resolution its Foreign Corrupt Practices Act (FCPA) matter last week. In doing so JPM, secured a Non-Prosecution Agreement (NPA) from the Department of Justice (DOJ) with a penalty of $72MM, agreed to a Cease and Desist Order (Order) from the Securities and Exchange Commission (SEC), with a penalty consisting of profit disgorgement and interest of $135MM, and reached an agreement with the Federal Reserve Bank (Fed) for a Consent Cease and Desist Order (Fed Order) to put in place a best practices compliance program and pay a penalty of $61MM.

Today I will consider the superior result achieved by JPM in its FCPA resolution. Not only did it receive a 25% discount off the bottom of the US Sentencing Guidelines fine range but it received a NPA and not even a Deferred Prosecution Agreement (DPA) and no outside monitor was required of the company going forward. While some of this result is due to having excellent defense counsel, a large part is due to the cooperation by JPM and the remediation engaged in by the company.

While the fines and penalties are higher in this matter than most cases resolved in 2016, the resolution follows the pattern laid out by the FCPA Pilot Program, announced by the DOJ back in April. To recap, a company can receive up to a 50% discount off the bottom end of lowest range under the US Sentencing Guidelines if it (1) self-discloses to the DOJ, (2) provides significant cooperation with the government, (3) extensively remediates the underlying issues which led to the violation and (4) disgorges all profits from its ill-gotten gains. The NPA, Order and Fed Order all lay out how the penalties under this matter follow this framework, even though the case arose far before the implementation of the Pilot Program.

First and foremost, under this Pilot Program framework, the company did not self-disclose the matter to the DOJ or SEC. It was not stated in the NPA or Order how the matter came to the attention of US authorities. However, once the government’s investigation began the NPA noted “the Company received full credit for its… cooperation with the Offices’ investigation, including conducting a thorough internal investigation, making regular factual presentations to the Offices, voluntarily making foreign-based employees available for interviews in the United States, producing documents to the Offices from foreign countries in ways that did not implicate foreign data privacy laws, and collecting, analyzing, and organizing voluminous evidence and information for the Offices.” By the end of the investigation, the company had provided “all relevant facts known to it, including information about the individuals involved” to government authorities. These actions met Prong II of the FCPA Pilot Program.

One can only say that the company engaged in extensive remediation during the pendency of the investigation. According to the NPA the company took the following steps:

• ended the employment relations with five employees who participated in the misconduct;
• fired another employee “who failed to identify issues with referral hiring and failed to take appropriate steps to mitigate risks”;
• disciplined an additional 23 “employees who failed to detect the misconduct, failed to supervise effectively those who were engaged in the misconduct, failed to take appropriate steps to mitigate corruption and compliance risks, and/or who were lower-level employees engaged in the misconduct at the direction of supervisors”;
• “imposed more than $18.3 million in financial sanctions on former or current employees”;
• conducted individualized training for remaining employees;
• adopted “heightened controls related to their hiring programs, including standardizing hiring programs and requiring that every application for a hire be routed through a centralized human resources application process”;
• more than doubled company resources devoted to compliance, particularly in the Asia-Pacific region; and
• requiring improved FCPA training;

The SEC Order specifies additional remedial conduct engaged in by the company more geared towards internal controls, specifically around HR and the role of compliance in high risk hires. These remediation actions included:

• Enhancing its anticorruption compliance program and hiring practices on a global basis,

making changes to its Anti-Corruption Policy to further address the hiring of government

officials’ relatives;

• Requiring that every hire with the company, including Referral Hires, be routed through a centralized human resources application process;
• Establishing a control function role for human resources with respect to hiring;
• Requiring that company’s anticorruption office reviews and approves each hire of a candidate referred by a client, potential client, or government official; and
• Instituting procedures and practices for the monitoring and auditing of referral hiring.

Although not a part of the DOJ or SEC resolution, but certainly in concert with those two settlements, the Fed Order also had some interesting points about the company’s conduct going forward which certainly contributed to the favorable result achieved by JPM. There would be senior management oversight which would “ensure that senior management periodically reassesses risks associated with the Firm’s Referral Hiring Practices to proactively identify practices vulnerable to legal and reputational risks”; and ensure senior management’s effective oversight of Firm’s Referral Hiring Practices.

There would be a compliance management risk program which would create and implement “written policies and procedures governing the appropriate evaluation of, and processes for, vetting referred candidates consistent with the Firm’s anti-bribery policies and procedures” tying FCPA compliance to Human Resources (HR). Within the HR function itself, there would written policies and procedures designed to ensure compliance with applicable anti-bribery laws and policies within all business lines; and training “regarding appropriate hiring practices and compliance with applicable anti-bribery laws and policies.”

Internal audit was also assigned an enhanced role going forward. It was designated to conduct audits on a regular basis, business of line controls and compliance detection and monitoring processes, “designed to identify and prevent potential misconduct in connection with the Firm’s Referral Hiring Practices”. Moreover, such audits are to be conducted by “qualified parties who are independent of the Firm’s business lines and compliance functions”. There are to be “enhanced escalation procedures for the timely resolution of material audit exceptions and recommendations in connection with the Firm’s Referral Hiring Practices”. Finally, and sounding right out of the COSO 2013 Framework for internal controls, there is to be a “periodic review of risk assessments to ensure emerging risks associated with the Firm’s Referral Hiring Practices”.

Tomorrow I will review the lessons learned from the JPM enforcement action.

[View source.]