Didn't comply?

Then fully cooperate

By Dick Carozza, CFE

The new U.S. assistant attorney general for the DOJ's Criminal Division, of course, encourages companies that conduct business in the U.S. to prevent and deter fraud and comply with all regulations. But if they discover possible crimes within their walls, then total cooperation will greatly ease their treatment.

Consider this sad scenario. The U.S. conglomerate you work for, Ontoron Inc., is making large amounts of cash and would like to add to its portfolio of subsidiaries. So, it buys a couple of medium-sized foreign firms that seem to fit well into its plans. However, one of its plans wasn't to run afoul of the U.S. Foreign Corrupt Practices Act.

Before Ontoron bought them, the foreign subsidiaries had no reason, of course, to abide by the FCPA. But after they were in the Ontoron fold, the corporation wrote detailed compliance policies for them. Unfortunately, the handsome three-ringed binders packed with guidelines gathered dust, and the corporation didn't spend the money to police the subsidiaries.

After a hotline tip, Ontoron self-reported a serious infraction to the U.S. Department of Justice. However, it then began to add to its list of blunders. When the DOJ's Criminal Division came calling, Ontoron withheld some information, didn't give investigators details about culpable executives and tried to obfuscate the facts.

Ultimately, no one went to prison, but Ontoron Inc. had to pay millions of dollars in fines and sanctions because it was less than forthcoming. As a fraud examiner, you had encouraged management to spend more on compliance operations and fraud deterrence, but they didn't listen, and now it has a reputation as a dishonest player in the global market.

The case is fictional, but the circumstances aren't. Leslie R. Caldwell, assistant attorney general for the DOJ's Criminal Division, sees numerous cases like this.

"We encourage companies, particularly public companies, if they discover a significant compliance problem that also is a significant criminal issue to self-report to the Department of Justice," Caldwell says during a recent Fraud Magazine interview. "We encourage them to cooperate with us in our investigation. And they should be prepared to give us the relevant facts, documents and evidence in a timely fashion. They should include who is responsible for what went wrong and what these individuals did in the form of facts, not in the form of opinions or privileged attorney-client information. It's very important for companies to understand that they tell us which employees did what — even if it's senior executives."

Caldwell, who will be a keynoter at the 26th Annual ACFE Global Fraud Conference, June 14-19 in Baltimore, says U.S. companies aren't obligated to report compliance issues to the DOJ, but their futures would be brighter if they did.

"We don't want a company to wait until they've completed their own investigation before they come to us," Caldwell says. "We'll give them room to do that, but there may be investigative steps that we want to take that maybe the company is not even capable of taking. We definitely don't want to send a message that the company should complete its own investigation and then come to us. However, we obviously don't expect a company to report to us as soon as it receives a hotline report that it hasn't even checked into yet."

Caldwell, confirmed to her post on May 15, 2014, is a veteran prosecutor, investigator and defense counsel of federal criminal cases. From 2002 to 2004, as director of the DOJ's Enron Task Force, she confronted firsthand the convoluted dealings of the infamous and seminal Enron case.

The ACFE, during the 26th Annual ACFE Global Fraud Conference, will present her with The Cressey Award for a lifetime of achievement in the detection and deterrence of fraud. The award is named after one of the world's foremost experts on fraud and a founding father of the ACFE, Dr. Donald R. Cressey (1919-1987).

Caldwell spoke to Fraud Magazine from her office in Washington, D.C.

What are some ways offending businesses can receive full cooperation credit from the DOJ following a self-report?
LC: We have a document, called Principles of Federal Prosecution of Business Organizations, that describes the kinds of things that we expect from a company that wants to get cooperation credit. We'll ask how timely the self-report was, how prompt it was, how thorough it was. Did the company provide factual details about the culpable individuals? Did the company give us prompt access to the relevant facts? Were they forthcoming? And on the negative side, did they hide things? Did they spin things too much? Did they falsely say they couldn't give us some things because of an over-broad interpretation of say, for example, a data privacy law? Did they tell us some things and purposely withhold other things? All of these things will count against them.

And companies should understand that we're not dependent on their internal investigations. Sometimes a company doesn't know we're doing investigations. Other times they know we're investigating and they refuse to cooperate. If they discover a criminal problem, the responsible thing is to come in and report it to us.

What have you found to be some of the best elements of robust compliance programs?
LC: One of the most important elements is Tone at the Top. Management should make sure that everyone understands that the company is serious about compliance. And it's very important to put resources into the compliance program and to empower it within the company. Those two things often are not given enough priority.

Companies have been focused on having all the right language in their compliance programs, but less focused on making sure that everyone understands that the programs are taken very seriously at the highest levels of the company.

It's also very important to consistently reinforce the importance of compliance. We have a document, "Hallmarks of Effective Compliance Programs" [contained in chapter 5 of the "Resource Guide to the U.S. Foreign Corrupt Practices Act"] that describes in more granular detail the type of elements we expect. Everyone from the CEO, the regional director of sales or an individual sales person has to adhere to these compliance standards. If they don't, there will be consequences within the company.

As the first director of the federal government's Enron Task, what were some of the notable investigative lessons you learned that you've been able to apply now as you lead the Criminal Division?
LC: That was an extremely complicated case, and Enron was an extremely complicated company. The most complicated I've ever seen. And we very quickly realized that if we tried to "boil the ocean" to get to the bottom of everything they were doing, it would take years and years. So, we decided to focus on relatively straightforward things. So when the transactions themselves were very complicated — and people at Enron were lying about what the transactions were — it was much easier to focus on the lying part than it was to unravel the entire transaction. And it gets you to the same place at the end of the day.

I try to apply that in the Criminal Division so that our people can keep their focus in very complicated cases. No easy thing.

Can you tell some stories about your work with the Enron Task Force?
LC: We were being parachuted into a district that had been recused from the case and wasn't particularly happy about it. We immediately got the message from a local newspaper that we weren't necessarily welcome when it wrote an article that referred to the Enron Task Force as "East Coast, Ivy League-educated, Evian-swilling carpetbaggers." That said it all about the attitude toward us. Although it did change over time. We had to earn our stripes down there.

You work with 93 U.S. Attorneys and oversee another 600 attorneys who prosecute federal crimes. How do you and your team members, of course in conjunction with the Fraud Section, decide which fraud cases to investigate?
LC: We want to prosecute cases that have nationwide and international impact. We try to deploy our resources to the most significant cases that we can. Unlike a U.S. Attorney's office, which generally has to handle the cases that arise in its geography, we have the luxury of being able to pick and choose those cases we want to handle.

The Criminal Division has several different white-collar components including fraud, asset forfeiture, money laundering, computer crime and intellectual property. And they each have their own portfolio of cases. Sometimes they'll work those cases themselves, but the business model is usually to try to pair up the most logical U.S. Attorney's office to work the case together. We find that helps some of the U.S. Attorneys to leverage scarce resources, and it also gives us what we didn't have in the Enron case — a local member of our team — so we're not called "Evian-swilling carpetbaggers."

Are there some cases that you just can't prosecute that you feel bad that you can't tackle yourself?
LC: There are a lot of cases the districts can't prosecute because they don't either have the resources or they don't have the expertise. So, one of the things that we do is bring our expertise and resources. There might be a district that doesn't have a large white-collar section. It might be one person's desk or the corner of one person's desk. We go in there and help that office bring that case. Or we work together as partners.

On Feb. 17, U.S. Attorney General Eric Holder gave U.S. Attorneys a 90-day deadline "over whether they think they are going to successfully bring criminal cases against" any individuals for their roles in the 2008 financial crisis. The Justice Department has reached multibillion-dollar settlements with big banks for misleading investors about the quality of residential mortgage-backed bonds. What has been the DOJ's reasoning for not yet pursuing major criminal trials?
LC: I can't speak to particular cases because most of the work was done before I got here. The department has actually prosecuted a lot of people in connection with the financial crisis. We've prosecuted thousands of individuals at various levels including people at banks. We've done JPMorgan, the "London Whale," we've prosecuted a lot of individuals in connection with mortgage fraud. So we have prosecuted a lot of individuals —more than 4,000 people involved at one level or another. When I say we, I mean both the Criminal Division and the U.S. Attorneys. So it has been an area of attention. Our continuing emphasis in the Criminal Division is to focus on individuals when the evidence is there and when the evidence leads to an individual. And if the individual is a CEO of a large bank and we have evidence, we'll prosecute that person. We did it with Enron's CEO. Sometimes the evidence isn't there, and we're not going to prosecute people if they are not guilty of a crime.

And, of course, the public has been concerned with the impression that the DOJ hasn't gone after some of the big banks at least in criminal trials, and that's been the bone of contention.
LC: And I understand that's been frustrating. But I can tell you it's not for lack of trying. There have been investigations before my time, very thorough investigations into a lot of different aspects of the financial collapse, and I can tell you that it's the strong position of the department that nobody is above the law. And if there's criminal behavior by a CEO or a prominent bank, we won't hesitate to bring that case.

A lot of times I think the public assumes that because something bad happened there must have been a crime. If a financial institution collapsed or has to be propped up by the government, the public might think that somebody must have engaged in criminal behavior. And that's just not always the case. And sometimes even if that is the case, you don't have the evidence. Sometimes decisions are made by committee in corporations. There's a lot of diffuse responsibility for various things that happen, and it's not always obvious or easy, and it's not always possible, to lay that criminal misconduct at the feet of any one individual.

I wonder if anything will crop up before the Attorney General's deadline?
LC: I can't say, but I can tell you that the statute of limitations for a lot of the activity that occurred in 2008, and beforehand, has expired. For most crimes it's five years. So I don't think you're going to see major prosecutions arising from the financial crisis other than the very significant ones that we've already done.

Since 1988, Dr. Joseph T. Wells, CFE, CPA, founder and Chairman of the ACFE, has emphasized not just detection but, even more importantly, prevention and deterrence of fraud. Before your present position, you were honored with the Attorney General's Award for Fraud Prevention. What are some ways you now preach prevention?
LC: One of the best ways — and it's obvious, but it can't be emphasized enough — is to have a very strong compliance program. As I've said before, to have a very strong Tone at the Top. Again, make sure the compliance program has adequate resources to meet whatever needs the company may have. 

It's important to have the compliance program located in whatever geographic regions the company may be working in. I'm not saying you have to have a compliance program in every single country in which the corporation may be operating but you certainly must at least have regional programs if you're a big company.

I think companies have to tailor their compliance programs and their investigative mechanisms to their businesses. There's no one-size-fits-all compliance program. Different businesses have different risks. And a company needs to do an assessment that's very tailored to their risks and game out what could go wrong and figure out how to prevent that from happening.

Employees need to see that fraud is not tolerated at any form whether it's some low-level expense embezzlement or some large bribery of foreign government officials. So, the company needs to send a strong message that it's not tolerated if it occurs. There will be swift discipline that will be even-handed. And the CEO is not treated differently than the low-level sales person.

I've read that you've been called "a prosecutor's prosecutor." You've been called tough but fair when you're dealing with the accused or those who you're considering indicting. How does that carry into your job now? Do you have a particular philosophy when you're going after possible wrongdoers?
LC: Our job as prosecutors is to follow the facts and the evidence, and bring charges when appropriate. Federal prosecutors also have to exercise prosecutorial discretion. So we don't bring every case just because we could. We don't get the highest possible fine just because we could. I think we always have to maintain a level of making sure that what we're doing is fair. We have to operate with integrity, obviously. But I think one of the mistakes that some prosecutors make is that we shouldn't approach our cases as if we're judging somebody. That's not our job. The job is to build facts, mount the evidence, build the case. And a judge will make the decision on what the appropriate punishment is for somebody.

Can you talk about any notable fraud cases that are on your plate right now?
LC: One case your members can look at that shows what happens when you don't follow the compliance playbook is one involving a company called Alstom, a multinational corporation, that pleaded guilty in December of last year. This company knew it was under investigation. They refused to cooperate, and as a result they ended up being in a much worse place than they would have been, including having to pay the largest FCPA fine in history.

Another example is the case against BNP Paribas, one of the world's largest banks. That was another situation where at first they didn't cooperate. Then they sort of cooperated but very slowly and did things like make overly broad assertions about why they couldn't get us certain things because of data privacy laws. As a result of dragging their feet, the statute of limitations expired regarding any individuals we might have been able to prosecute. In our view, that was a bit of a calculated plan, and they ended up paying the largest fine in a sanctions case — possibly the largest fine ever in any criminal case.

One mistake I see companies make is they pinch pennies when it comes to compliance and because of that they might not have the capability of investigating fraud promptly enough or thoroughly enough. So they do a half-way investigation and then something happens and whatever they've done is brought to the attention of the government. It turns out they have to go back and do a whole new investigation, and they have to do it right. So they end up paying much, much more in terms of the investigation and in whatever sanctions or penalties they might have to pay. If they just had devoted some more resources up front for compliance and fraud investigation teams they would have been in better shape.

What is the most enjoyable part of your position and how do you juggle all your many duties?
LC: The most interesting part is the variety of things that come across my desk. One minute I'm learning about a Mexican drug cartel, and the next I'm learning about a major data breach. It's a never-ending parade of really different and interesting things. So that's fun. The other fun thing is I feel like I'm at the point where I have a lot of experience in criminal law both as a prosecutor and a defense lawyer and I feel like, at least I hope that, I'm at a position where I can add value to the great work already done by all the sections. And that's very satisfying to hopefully give them the kind of advice that helps make their cases move faster and better.

What motivates you?
LC: I'm fascinated by the kinds of schemes that people can devise and the kinds of ways people can hide their tracks. Just the human nature involved. Being a white-collar lawyer has a much more human drama element to it. It's much different than being a commercial litigator — deciding which bank owes which bank how much money. It's much more interesting to see what people do when they're under pressure — the decisions people make and the consequences that can come from all of that.

Dick Carozza, CFE, is the editor-in-chief of Fraud Magazine.

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or www.ACFE.com. ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be emailed to FraudMagazine@ACFE.com.