Resolving Securities Enforcement Investigations

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

At every stage of an investigation, companies should focus on positioning themselves to secure a timely and advantageous resolution. This is particularly true in cross-border investigations, where the failure to ensure that different regulators are coordinated and progressing through their investigations at similar paces can delay a resolution and result in materially worse outcomes. This section discusses three components of securing a favourable resolution in cross-border securities matters: (1) coordinating with interested regulators, both foreign and domestic; (2) vehicles for structuring a resolution; and (3) practical considerations attendant to these different structures, including remedial obligations.

Coordinating global resolutions

Negotiating a favourable resolution with a single regulator is oftentimes difficult; doing so with multiple international regulators, however, adds far greater complexity and nuance – and the stakes for the company under investigation are correspondingly higher. Failing to coordinate with foreign regulators in the early stages of an investigation may significantly delay a resolution as different regulators catch up to each other, and may result in the company being forced to enter into piecemeal resolutions. If foreign regulators with jurisdiction over the conduct at issue are not involved in the resolution, on the other hand, those regulators may nonetheless seek duplicative penalties after learning of the US resolution, potentially resulting in significantly higher overall expenditures. For these reasons, companies need to consider carefully the likelihood of foreign regulatory interest in US investigations involving cross-border conduct and proactively manage those regulators where appropriate.

The ultimate goal of coordinating with foreign regulators is to secure a global resolution that offers full closure for the relevant conduct. Global resolutions are nearly always preferable to piecemeal settlements, as they can speed up the overall timing of a resolution, reduce the defence costs associated with responding to overlapping investigations and, most importantly, help avoid duplicative sanctions. Indeed, regulators will often ‘credit’ payments made to other regulators when they are part of a global resolution. The US Department of Justice (DOJ) policy, for example, states that prosecutors should ‘consider the amount of fines, penalties, and/or forfeiture paid to other . . . foreign enforcement authorities’ when crafting a resolution of their investigation.^[2] Many companies have received significant credit for penalties paid to foreign enforcement authorities pursuant to this policy.^[3] Further, if the resolutions are approved at the same time, companies may be able to limit bad press to one day or a limited number of days, thus reducing the reputational risks of the individual investigations. If a company determines that a global settlement is in its best interest, it should accordingly assist authorities in coordinating their investigations and the resolution of those investigations.

US and foreign enforcement authorities will oftentimes coordinate without prompting. Indeed, they are oftentimes required by policy to do so. For example, DOJ policy dictates that US prosecutors should ‘coordinate with . . . foreign enforcement authorities that are seeking to resolve a case with a company for the same misconduct’.^[4] The UK Serious Fraud Office (SFO) guidance similarly requires that the SFO take into account ‘where there is a parallel investigation by an overseas . . . agency’.^[5]

Where regulators fail to coordinate on their own, companies should taking proactive steps to ensure that each interested regulator is in a position to resolve at an appropriate time. One way to do this is to share relevant information with different regulators – including, for example, sharing the findings of internal investigations or updating regulators on their peers’ progress. Under the right circumstances, sharing information in this manner can facilitate more efficient investigations, resolutions and outcomes. Companies should be aware, however, that different jurisdictions value cooperation differently. For example, a company need not waive its attorney–client or work-product privileges to receive cooperation credit from US regulators,^[6] but it may be required to do so to receive cooperation credit from the SFO, at least with respect to witness accounts, notes and transcripts obtained during the course of a company’s internal investigation.^[7] Communicating with the enforcement authorities in different jurisdictions is key to understanding and resolving the intricacies of potentially conflicting requirements.

The full extent of the resolution’s benefits, however, will depend upon the form that the resolution takes, as discussed below.

Resolution mechanisms

Global resolutions can take different forms, some of which are more favourable than others. Negotiated resolutions of civil investigations may include civil injunctions or cease-and-desist orders; termination notices (which are essentially declinations), non-prosecution agreements (NPAs) and deferred prosecution agreements (DPAs) are also available but less common. Negotiated resolutions of criminal investigations generally involve declinations, NPAs, DPAs or, in some instances, guilty pleas.^[8] Understanding the implications of each of these resolution vehicles is key to developing a successful strategy to resolve cross-border investigations.

Civil resolution vehicles

The majority of cases in which the US Securities and Exchange Commission (SEC) determines to initiate an enforcement action settle prior to trial. The SEC often settles enforcement actions through one of the two following avenues.

The SEC may institute a civil administrative cease-and-desist proceeding based upon an offer of settlement submitted by the company. In that offer, the company consents to the SEC’s entry of an order finding that the company violated certain provisions of the federal securities laws, requiring it to cease and desist from violating the particular provisions of the federal securities laws at issue in the investigation and imposing other remedial sanctions. The SEC then issues an administrative order imposing the cease-and-desist order and other remedial sanctions.^[9]

Alternatively, the SEC may file a complaint in federal district court.^[10] If so, the company consents to the court issuing a final judgment imposing a civil injunction that prohibits the company from violating the particular provisions of the federal securities laws at issue in the investigation, imposes financial sanctions (e.g., disgorgement, a civil monetary penalty) and, at times, orders the company to comply with certain remedial undertakings.^[11] A company that violates the civil injunction may be held in contempt.

Notably, under either procedure, the company is typically not required to admit the SEC’s allegations or findings.^[12] On occasion, the SEC has resolved investigations through the use of NPAs or DPAs.^[13]

Criminal resolution vehicles

Prosecutors consider a variety of factors when deciding whether to file criminal charges against a company. US prosecutors are required to consider a well-publicised set of factors colloquially called the ‘Filip Factors’ that include the nature of the underlying offence, the pervasiveness of wrongdoing within the company, the company’s cooperation in the investigation and a series of other related factors.^[14] Prosecutors may decline to file criminal charges altogether based upon their assessment of those factors, and may similarly decline prosecution even if a company agrees to a negotiated criminal resolution with another jurisdiction.^[15]

Where prosecutors refuse a declination, they may instead seek an NPA or a DPA with a company. In the United States, prosecutors traditionally offer DPAs where ‘the collateral consequences of a corporate conviction for innocent third parties would be significant.’^[16]

In an NPA, prosecutors agree to refrain from bringing criminal charges against the company so long as the company satisfies enumerated obligations in the agreement, which generally include payment of a fine, cooperation in future governmental investigations and remedial undertakings. Criminal charges are never lodged in any manner. In a DPA, by contrast, prosecutors actually file a charging document but agree to defer prosecution under that document for a specified period of time (typically three years) in exchange for similar enumerated obligations. If prosecutors determine that the company complied with its obligations under the DPA, they will move to dismiss the filed charges, without the company ever being subject to trial or a criminal conviction. If prosecutors determine that the company breached its obligations under the DPA, however, they may commence prosecution. Unlike an NPA, which does not require judicial intervention, a DPA requires court approval.

Other countries around the world, notably the United Kingdom and France, have implemented DPAs or DPA-like regimes.^[17] Key differences exist between the United States and international regimes, however, especially regarding the amount of judicial oversight^[18] and the types of investigations that may be resolved through DPAs.^[19] Companies negotiating global resolutions should pay special attention to these differences.

Practical considerations

Numerous considerations come into play when negotiating the resolution of a cross-border matter. Below are some practical considerations that a company may wish to consider as it seeks a negotiated resolution.

Covered entities

There are different outcomes depending upon the entity or entities covered by the resolution; a resolution covering a parent-level entity, for example, may be more harmful than one covering only a subsidiary. For that reason, it may be advantageous for the parent entity to enter into one type of resolution (e.g., a civil cease-and-desist proceeding) while a subsidiary enters into another (e.g., an NPA or a DPA). Further, the entities that are covered by the resolution often impact the collateral consequences or continuing obligations that flow from the resolution. For example, a parent entity may be able to reduce the collateral consequences or continuing obligations of a resolution if the resolution covers only the subsidiary. A company should consider what collateral consequences and continuing obligations could result from the resolution and seek to limit those consequences and obligations as best it can.

Covered violations

A company should also consider what collateral consequences and continuing obligations could result from the resolution in determining which violations will be covered by the resolution. Certain violations may directly lead to particular collateral consequences or continuing obligations that may be quite onerous for the company. For example, charges premised upon intentional fraud often lead to more onerous collateral consequences and remedial obligations than negligence-based fraud charges. If a company is able to settle for a lesser charge, it may be able to reduce – or even eliminate – certain collateral consequences or continuing obligations that may flow from the resolution.

Admissions

Factual admissions of misconduct carry significant risk, especially when the admitted misconduct relates to intentional misconduct. Negotiated resolutions with the SEC are often, although not always, on a neither-admit-nor-deny basis.^[20] Nevertheless, the SEC’s findings could still result in reputational harm, so a company may wish to scrutinise the SEC’s proposed findings to ensure the accuracy and completeness of those findings. Criminal NPAs and DPAs, on the other hand, often require a company to admit that the facts set forth in the agreement are true and accurate, or at the very least admit its responsibility for the acts of its officers, directors, employees and agents as set forth in the agreement.^[21] A company should take great care in reviewing and negotiating the specific language in these agreements to reduce the reputational risk caused by required admissions as much as possible.

Collateral litigation

Factual admissions of misconduct also create significant collateral litigation risks. Plaintiffs may seek to use admissions against the company in future civil litigation, and generally have the right to do so.^[22] The risk that admissions will be used against a company in collateral litigation is significantly reduced if a company is able to enter into an agreement without any admissions, although in some matters that may not be possible.

Non-denial and non-contradiction clauses

Settled negotiations often lead to publicity, especially when the investigation relates to conduct that may grab the public’s attention. As part of a negotiated settlement, a company is frequently prohibited from denying the SEC’s allegations contained in a complaint or findings contained in a cease-and-desist order, or from contradicting in any public statement the facts and the company’s acceptance of responsibility laid out in an NPA or a DPA. Without the ability to deny the SEC’s allegations or findings, or the facts contained in an NPA or a DPA, companies often face collateral estoppel issues in related subsequent litigation. Not only that but violations of these clauses could provide a basis for a determination that the company breached the settlement agreement. For that reason, a company should ensure that the agreement contains a provision allowing it to cure any potential breach. In any event, a company should carefully review all public statements that in any way touch on the resolution (e.g., press releases, client communications, statements to investors, even witness testimony in collateral litigation) to ensure that those statements in no way inadvertently deny or contradict the allegations, findings or facts contained in the agreement.

Breach

It goes without saying that a company should not breach a negotiated resolution. That said, a company may wish to consider the following when negotiating the resolution. First, what conduct on the company’s part constitutes a breach of the agreement? Second, who has the authority to determine whether the company breached the agreement? Often, in the United States, either the DOJ or the SEC has sole authority to determine whether the company breached the agreement. In the United Kingdom, however, prosecutors must request a finding from the court that the company breached the agreement.^[23] Finally, what are the consequences of the breach? In some instances, the enforcement authority may extend the company’s obligations under the agreement.^[24] In other instances, however, the enforcement authority may terminate the agreement and prosecute the company.^[25]

Continuing cooperation and disclosure

Negotiated settlements typically have continuing obligations. NPAs and DPAs typically last three years, during which the company is often subject to extensive continuing obligations. Some obligations may relate to enhancing the company’s compliance programme, as discussed in the following section. Other obligations likely relate to cooperation, including, but not limited to: fully cooperating with the enforcement authority (including foreign law enforcement and regulatory entities) in any and all matters relating to the conduct described in the agreement at any point during the term of the agreement; fully cooperating with the enforcement authority in any and all matters relating to other conduct under investigation by the enforcement authority at any point during the term of the agreement; and fully disclosing all factual information about which the company has knowledge or about which the enforcement authority may inquire. Further, a company is typically required to report evidence or allegations of conduct that may constitute a violation of law, although agreements differ with respect to the breadth of this disclosure obligation. Companies should be aware of these provisions during the settlement discussions and consider the need to self-report potential misconduct.

In arriving at a negotiated resolution, regulators will also often require companies to review their existing internal controls and, where necessary, adopt new compliance programmes or enhance existing programmes. Evaluating a compliance programme is difficult, as standards differ by industry and have changed rapidly in the past several years. In June 2020, however, the DOJ issued updated guidance regarding how it evaluates compliance programmes.^[26] That guidance highlighted three ‘fundamental questions’ it considers when conducting such an evaluation:

Is the corporation’s compliance programme well designed?
Is the programme being applied earnestly and in good faith? In other words, is the programme adequately resourced and empowered to function effectively?
Does the corporation’s compliance programme work in practice?^[27]

This guidance accords with guidance from other enforcement authorities, including the SFO. In January 2020, the SFO issued its own internal guidance regarding how it assesses the effectiveness of an organisation’s compliance programme.^[28] The guidance highlights the following six principles that the SFO believes ‘represent a good general framework for assessing compliance programmes’: proportionate procedures, top-level commitment, risk assessments, due diligence, communication (including training), and monitoring and review.

Because the strength of a company’s compliance programme is relevant to charging decisions, companies should consider improving their compliance programme, or at least working to identify any gaps or shortcomings that led to the conduct at issue, during the course of the investigation. Specifically, a company should consider implementing a code of conduct and other appropriate policies and procedures, periodically training its employees on those policies and procedures, implementing a reporting structure to enable the anonymous or confidential reporting of misconduct and conducting due diligence of its third-party vendor relationships and any acquisition targets, if applicable.^[29] Additionally, a company should consider ensuring that its senior and middle management set an ethical ‘tone at the top’ and implement a culture of compliance throughout the company and clear disciplinary procedures to address non-compliance with laws, rules and regulations, or the company’s policies and procedures.^[30] With respect to the resourcing of its compliance programme, a company should consider the seniority, stature, experience, qualifications, resources and autonomy of its compliance personnel to ensure that the compliance programme functions effectively. With respect to whether its compliance programme works in practice, a company may wish to continuously review and improve the programme through (1) periodic testing and risk assessments, (2) investigating allegations of misconduct in a timely and thorough manner, (3) documenting the company’s findings and response, and (4) conducting root cause analyses of identified misconduct and remediating those root causes in a timely manner.^[31]

Another reason why companies may wish to take to heart the aforementioned guidance is that enforcement authorities sometimes require, as part of a negotiated resolution, that a company engage a monitor to assess the company’s compliance programme and detect any ongoing misconduct. Monitors are independent third parties tasked with independently evaluating ‘whether a corporation has both adopted and effectively implemented ethics and compliance programs to address and reduce the risk of recurrence of the corporation’s misconduct’.^[32] The company is generally required to retain the monitor and pays its fees and expenses.

Not every negotiated resolution requires a company to engage a monitor.^[33] In determining whether to impose one, US prosecutors weigh ‘the potential benefits that employing a monitor may have for the corporation and the public’ and ‘the cost of a monitor and its impact on the operations of a corporation’.^[34] These costs can be significant, in terms of both the expenses of the monitorship (which can be in the tens of millions of dollars) and disruption to the business. For these reasons, companies often seek to avoid the imposition of a monitor, if possible. To be in the best position to do so, a company should seek to significantly improve its compliance programme as soon as possible upon discovering the underlying misconduct.

Some companies have been successful in negotiating self-monitoring and reporting arrangements in lieu of monitorships.^[35] These arrangements allow the enforcement authority to receive periodic updates regarding the company’s remediation and implementation of its compliance programme and internal controls, policies and procedures, without imposing on the company the full costs of an external monitorship.

A company should fully cooperate with a monitor, should one be imposed. This cooperation typically includes, but is not limited to, providing the monitor access to information, documents, records, facilities and employees, and using best efforts to provide the monitor with access to former employees and its third-party vendors, agents and consultants. Because an attorney–client relationship does not exist between the monitor and the company, companies may withhold information or access to employees on the basis of the attorney–client privilege or attorney work-product doctrine, provided that the company works cooperatively with the monitor to resolve the matter to the monitor’s satisfaction.

A company should take the monitor’s recommendations seriously and follow them if possible, but companies are not required to follow recommendations that are unduly burdensome, inconsistent with applicable law or regulation, impractical, excessively expensive or otherwise inadvisable.^[36] If such a situation occurs, the company should propose an alternative recommendation designed to achieve the same objective or purpose and attempt to reach an agreement with the monitor. The enforcement authority may consider the monitor’s recommendation and the company’s reasons for not adopting it in determining whether the company breached the settlement agreement.

Conclusion

A company facing potential criminal or civil exposure due to cross-border investigations may be able to negotiate a resolution of those investigations in a way that mitigates reputational harm, business interruption and financial expense. Achieving these goals requires the company to fully understand the facts of the matter but also to identify various resolution vehicles that may be available, consider the implications and consequences of those resolution vehicles, and develop a plan to implement potential remedial measures that they may impose.

Footnotes

¹ Bob Allen, Daniel T Chaudoin, Sunil Shenoi and Erica Williams are partners at Kirkland & Ellis LLP. The authors wish to acknowledge with thanks the input of Zach Brez and Asheesh Goel, both partners in the government, regulatory and internal investigations group, to this chapter.

² U.S. Dep’t of Justice, Just. Manual, § 1-12.100 (2018).

³ See, e.g., Deferred Prosecution Agreement, United States of America v. TechnipFMC plc, Case No. 19-CR-278 (E.D.N.Y. June 25, 2019) (‘The Fraud Section, the Office and the Company further agree that the Fraud Section and the Office will credit towards satisfaction of payment of the Total Criminal Fine the amount the Company pays to Brazilian authorities, pursuant to the Company’s resolution in Brazil, up to a maximum of $214,331,033.17.’); In re Telia Company AB, Securities Exchange Act Release No. 81669 (Sept. 21, 2017) (crediting confiscation or forfeiture payments made in related proceedings by Dutch and Swedish authorities).

⁴ U.S. Dep’t of Justice, Just. Manual, § 1-12.100 (2018).

⁵ Serious Fraud Office, Deferred Prosecution Agreements (Oct. 2020), https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements-2/.

⁶ U.S. Dep’t of Justice, Just. Manual § 9-28.700 (2018); Office of Chief Counsel, U.S. Securities and Exchange Commission Enforcement Manual 4.3 (Nov. 28, 2017).

⁷ See, e.g., Serious Fraud Office, Corporate Co-operation Guidance (Aug. 2019), https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/corporate-co-operation-guidance/.

⁸ Although not highlighted in this chapter, many criminal investigations resolve when a company pleads guilty to certain specified criminal charges prior to proceeding to trial.

⁹ See, e.g., In re Mobile TeleSystems PJSC, Securities Exchange Act Release No. 85261 (Mar. 6, 2019).

¹⁰ See, e.g., Compl., SEC v. Braskem, S.A., Case No. 1:16-cv-02488 (D.D.C. Dec. 21, 2016).

¹¹ See, e.g., Consent (Ex. 2 to Compl.), Braskem, Case No. 1:16-cv-02488 (D.D.C., Dec. 21, 2016).

¹² See, e.g., Giovanni Patti and Peter Robau, Admissions of Guilt to the SEC under Chair Jay Clayton, NYU School of Law Program on Corp. Compliance and Enf’t, Jan. 19, 2021.

¹³ See, e.g., SEC Announces Two Non-Prosecution Agreements in FCPA Cases, Press Release 2016-109 (June 7, 2016); Tenaris to Pay $5.4 Million in SEC’s First-Ever Deferred Prosecution Agreement, Press Release 2011-112 (May 17, 2011).

¹⁴ U.S. Dep’t of Justice, Just. Manual § 9-28.300 (2020). Prosecutors in the United Kingdom consider similar public interest factors when determining whether to initiate prosecution. See, e.g., Crown Prosecution Service, The Code for Crown Prosecutors (Oct. 26, 2018), https://www.cps.gov.uk/publication/code-crown-prosecutors.

¹⁵ See, e.g., Deputy Assistant Attorney General Matt Miner, Remarks at the American Bar Association, Criminal Justice Section Third Global White Collar Crime Institute Conference (June 27, 2019), https://www.justice.gov/opa/speech/deputy-assistant-attorney-general-matt-miner-delivers-remarks-american-bar-association (noting that the DOJ declined to prosecute Guralp Systems Limited, which later entered into a DPA with the SFO). Prosecutors may also decline prosecution even if a company agrees to a negotiated civil resolution. See, e.g., Letter from Robert Zink, Department of Justice, to Counsel for World Acceptance Corporation (Aug. 5, 2020), https://www.justice.gov/criminal-fraud/file/1301826/download (declining prosecution of World Acceptance Corporation); In re World Acceptance Corporation, Securities Exchange Act Release No. 89489 (Aug. 6, 2020) (finding that World Acceptance Corporation violated various provisions of the federal securities laws). U.S. prosecutors may also decline to file criminal charges against a company but require it to pay all disgorgement, forfeiture, and/or restitution resulting from the underlying misconduct. See, e.g., U.S. Dep’t of Justice, Just. Manual § 9-47.120 (2019).

¹⁶ U.S. Dep’t of Justice, Just. Manual § 9-28.1100 (2020).

¹⁷ The United Kingdom has implemented DPAs. See, e.g., Serious Fraud Office, Deferred Prosecution Agreements Code of Practice, https://www.cps.gov.uk/sites/default/files/documents/publications/DPA-COP.pdf; Serious Fraud Office, Deferred Prosecution Agreements (Oct. 2020), https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements-2/. France has implemented a DPA-like regime, known as the Convention Judiciaire d’Intérêt Public. See Loi 2016-1691 du 9 décembre 2016 relative à la modernization de la vie économique [Law No. 2016-1691 of December 9, 2016 on the modernization of economic life, Journal Officiel de la République Française [J.O.] [Official Gazette of France], Dec. 9, 2016, Art. 22; C. pén, Art. 41-1-2.

¹⁸ While DPAs in the United States are subject to limited judicial approval, DPAs in the United Kingdom are subject to significantly more judicial oversight. For examples, a UK court must declare that not only would entering into the DPA likely be ‘in the interests of justice’ but also the proposed terms of the DPA are ‘fair, reasonable, and proportionate’. Serious Fraud Office, Deferred Prosecution Agreements (Oct. 2020), https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements-2/. Not so in the United States. See, e.g., United States v. Fokker Services, B.V., 818 F.3d 733 (D.C. Cir. 2016).

¹⁹ Both companies and individuals may enter into a DPA in the United States to resolve investigations into a wide variety of potential crimes. On the other hand, only companies (not individuals) may enter into a DPA in the United Kingdom and only for certain limited potential crimes (e.g., conspiracy to defraud, money laundering, fraud, bribery). Serious Fraud Office, Deferred Prosecution Agreements (Oct. 2020), https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements-2/.

²⁰ Official SEC policy provides that a company found guilty or that admitted wrongdoing in a criminal case may settle a parallel civil action only if it agrees to admit the allegations for which it was found guilty or which it previously admitted. See Robert Khuzami, Director, Div. of Enforcement, U.S. Sec. & Exch. Comm’n, Public Statement by SEC Staff: Recent Policy Change (Jan. 7, 2012), http://www.sec.gov/News/PublicStmt/Detail/PublicStmt/1365171489600.

²¹ See, e.g., Deferred Prosecution Agreement, United States of America v. The Goldman Sachs Group, Inc., Case No. 20-437 (MKB) (E.D.N.Y. Oct. 21, 2020) [hereinafter Goldman Sachs DPA].

²² See, e.g., Davis v. Beazer Homes, U.S.A. Inc., No. 1:08CV247, 2009 WL 3855935 (M.D.N.C. Nov. 17, 2009) (denying motion to dismiss and stating that the fact that defendant admitted to ‘some level of misconduct’ in DPA was a ‘significant factor’ in assessing the plausibility of private plaintiff’s claim).

²³ Serious Fraud Office, Deferred Prosecution Agreements (Oct. 2020), https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/deferred-prosecution-agreements-2/ (‘[T]he prosecutor may apply to court seeking a finding that the Company is in breach of the DPA and an appropriate remedy. The remedy sought will depend on the circumstances of the case. The question of whether or not there has been a breach is determined on the balance of probabilities and the successful party to the application may seek costs from the other party.’).

²⁴ For example, Odebrecht SA agreed to a nine-month extension of the monitorship imposed as part of its guilty plea after the DOJ found that it had failed to adopt the monitor’s recommendations and implement a compliance and ethics programme designed to prevent and detect certain violations of law. Mengqi Sun, Brazil’s Odebrecht Agrees to Extend Monitorship for Another Nine Months, Wall Street Journal (Feb. 4, 2020), https://www.wsj.com/articles/brazils-odebrecht-agrees-to-extend-monitorship-for-another-nine-months-11580859505.

²⁵ This is exactly what happened to UBS AG in May 2015, when it agreed to plead guilty and pay a US$203 million criminal penalty for violating a December 2012 NPA. Department of Justice, Press Release, Five Major Banks Agree to Parent-Level Guilty Pleas (May 20, 2015), https://www.justice.gov/opa/pr/five-major-banks-agree-parent-level-guilty-pleas.

²⁶ U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (updated June 2020), https://www.justice.gov/criminal-fraud/page/file/937501/download.

²⁷ id. (internal quotation marks removed).

²⁸ Serious Fraud Office, Evaluating a Compliance Programme (January 2020), https://www.sfo.gov.uk/publications/guidance-policy-and-protocols/guidance-for-corporates/evaluating-a-compliance-programme/.

²⁹ id.

³⁰ id.

³¹ id.

³² Memorandum from Craig S. Morford, Acting Deputy Attorney General, U.S. Department of Justice, Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporation, at 5 (March 7, 2008) (‘Morford Memorandum’).

³³ See, e.g., In re Telia Company AB, Securities Exchange Act Release No. 81669 (Sept. 21, 2017); Deferred Prosecution Agreement, United States v. Telia Company AB, Case No. 17-CR-581 (S.D.N.Y. Sept. 21, 2017) (noting that, ‘based on the Company’s remediation and the state of its compliance program, the Fraud Section and the Office determined that an independent compliance monitor was unnecessary’).

³⁴ Morford Memorandum, at 2. In considering the ‘potential benefits’ of imposing a monitor, prosecutors consider:

(a) whether the underlying misconduct involved the manipulation of corporate books and records or the exploitation of an inadequate compliance program or internal control systems; (b) whether the misconduct at issue was pervasive across the business organization or approved or facilitated by senior management; (c) whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal control systems; and (d) whether remedial improvements to the compliance program and internal controls have been tested to demonstrate that they would prevent or detect similar misconduct in the future.

Memorandum from Brian A. Benczkowski, Assistant Attorney General, U.S. Department of Justice, Selection of Monitors in Criminal Division Matters, at 2 (October 11, 2008) (‘Benczkowski Memorandum’). Prosecutors also consider ‘whether the changes in corporate culture and/or leadership are adequate to safeguard against a recurrence of misconduct’, ‘whether adequate remedial measures were taken to address problem behavior by employees, management, or third-party agents’, and ‘the unique risks and compliance challenges the company faces’. id.

³⁵ Other companies have been successful in negotiating ‘hybrid’ arrangements, whereby an external monitor serves for the first half of the agreed-upon duration, with the company self-monitoring and reporting for the second half. See, e.g., Press Release, Securities and Exchange Commission, SEC Charges Weatherford International with FCPA Violations (Nov. 26, 2013), https://www.sec.gov/news/press-release/2013-252 (‘The company also must comply with certain undertakings, including the retention of an independent compliance monitor for 18 months and self-reporting to the SEC staff for an additional 18 months.’).

³⁶ See, e.g., Memorandum from Gary G. Grindler, Acting Deputy Attorney General, Additional Guidance on the Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations (May 25, 2010), https://www.justice.gov/archives/jm/criminal-resource-manual-166-additional-guidance-use-monitors-dpas-and-npas. ;