Resolving Securities Enforcement Investigations

At every stage of an investigation, companies should focus on positioning themselves to secure a timely and advantageous resolution. This is particularly true in cross-border investigations, where the failure to ensure that different regulators are coordinated and progressing through their investigations at similar paces can delay a resolution and result in materially worse outcomes. This chapter discusses three components of securing a favourable resolution in cross-border securities matters: (1) coordinating with interested regulators, both foreign and domestic; (2) vehicles for structuring a resolution; and (3) practical considerations attendant to these different structures, including remedial obligations.

Coordinating global resolutions

Negotiating a favourable resolution with a single regulator is often difficult; doing so with multiple international regulators, however, adds far greater complexity and nuance – and the stakes for the company under investigation are correspondingly higher. Failing to coordinate with interested foreign regulators in the early stages of an investigation may significantly delay a resolution as different regulators catch up to each other, and may result in the company being forced to enter into piecemeal resolutions. If foreign regulators with jurisdiction over the conduct at issue are not involved in the resolution, on the other hand, those regulators may nonetheless seek duplicative penalties after learning of the US resolution, potentially resulting in significantly higher overall expenditures. For these reasons, companies need to consider carefully the likelihood of foreign regulatory interest in US investigations involving cross-border conduct and proactively manage those regulators where appropriate.

The ultimate goal of coordinating with foreign regulators is to secure a global resolution that offers full closure for the relevant conduct. Global resolutions are nearly always preferable to piecemeal settlements, as they can speed up the overall timing of a resolution, reduce the defence costs associated with responding to overlapping investigations and, most importantly, help avoid duplicative sanctions and negative media attention. Indeed, regulators will often ‘credit’ payments made to other regulators when they are part of a global resolution. The US Department of Justice (DOJ) policy, for example, states that prosecutors should ‘consider the amount of fines, penalties, and/or forfeiture paid to other . . . foreign enforcement authorities’ when crafting a resolution of their investigation.[2] Many companies have received significant credit for penalties paid to foreign enforcement authorities pursuant to this policy.[3] Further, if the resolutions are approved at the same time, companies may be able to limit bad press, thus reducing reputational damage to the company. If a company determines that a global settlement is in its best interest, it should accordingly assist authorities in coordinating their investigations and the resolution of those investigations.

US and foreign enforcement authorities will often coordinate without prompting. Indeed, they are often required by policy to do so. For example, DOJ policy dictates that US prosecutors should ‘coordinate with . . . foreign enforcement authorities that are seeking to resolve a case with a company for the same misconduct’.[4] The UK Serious Fraud Office (SFO) guidance similarly requires that the SFO take into account ‘where there is a parallel investigation by an overseas . . . agency’.[5]

Where regulators fail to coordinate on their own, companies should take proactive steps to ensure that each interested regulator is in a position to resolve at an appropriate time. One way to do this is to share relevant information with different regulators – including, for example, sharing the findings of internal investigations or updating regulators on their peers’ progress. Under the right circumstances, sharing information in this manner can facilitate more efficient investigations, resolutions and outcomes. Companies should be aware, however, that different jurisdictions value cooperation differently. For example, a company need not waive its attorney–client or work-product privileges to receive cooperation credit from US regulators,[6] but it may be required to do so to receive cooperation credit from the SFO, at least with respect to witness accounts, notes and transcripts obtained during the course of a company’s internal investigation.[7] Communicating directly with the enforcement authorities in different jurisdictions is key to understanding and resolving the intricacies of potentially conflicting requirements.

The full extent of a resolution’s benefits, however, will depend upon the form that the resolution takes, as discussed below.

Resolution mechanisms

Global resolutions can take different forms, some of which are more favourable than others. Negotiated resolutions of civil investigations may include civil injunctions or cease-and-desist orders; termination notices (which are essentially declinations), non-prosecution agreements (NPAs) and deferred prosecution agreements (DPAs) are also available but less common. Negotiated resolutions of criminal investigations generally involve declinations, NPAs, DPAs or, in some instances, guilty pleas.[8] Understanding the implications of each of these resolution vehicles is key to developing a successful strategy to resolve cross-border investigations.

Civil resolution vehicles

The vast majority of cases in which the US Securities and Exchange Commission (SEC) determines to initiate an enforcement action settle prior to trial. The SEC often settles enforcement actions through one of the following two avenues.

  • The SEC may institute a civil administrative cease-and-desist proceeding based upon an offer of settlement submitted by the company. In that offer, the company consents to the SEC’s entry of an order finding that the company violated certain provisions of the federal securities laws, requiring it to cease and desist from violating the particular provisions of the federal securities laws at issue in the investigation and imposing other remedial sanctions. The SEC then issues an administrative order imposing the cease-and-desist order and other remedial sanctions.[9]
  • Alternatively, the SEC may file a complaint in federal district court.[10] If so, the company consents to the court issuing a final judgment imposing a civil injunction that prohibits the company from violating the particular provisions of the federal securities laws at issue in the investigation, imposing financial sanctions (e.g., disgorgement, a civil monetary penalty) and, at times, ordering the company to comply with certain remedial undertakings.[11] A company that violates the civil injunction may be held in contempt.

Notably, under either procedure, the company is typically not required to admit to the SEC’s allegations or findings.[12]

On occasion, the SEC has also resolved investigations through the use of NPAs or DPAs.[13] These resolutions, however, are far less common than alternatives.

Criminal resolution vehicles

Prosecutors consider a variety of factors when deciding whether to file criminal charges against a company. US prosecutors are required to consider a well-publicised set of factors colloquially called the ‘Filip Factors’, which include the nature of the underlying offence, the pervasiveness of wrongdoing within the company, the company’s cooperation in the investigation and a series of other related factors.[14] Prosecutors may decline to file criminal charges altogether based upon their assessment of those factors, and may similarly decline prosecution even if a company agrees to a negotiated criminal resolution with another jurisdiction.[15]

Where prosecutors refuse a declination, they may instead seek an NPA or a DPA with a company. In the United States, prosecutors traditionally offer NPAs and DPAs where ‘the collateral consequences of a corporate conviction for innocent third parties would be significant’, although other factors are also relevant.[16]

In an NPA, prosecutors agree to refrain from bringing criminal charges against the company so long as the company satisfies enumerated obligations in the agreement, which generally include payment of a fine, cooperation in future governmental investigations and remedial undertakings. Criminal charges are never lodged in any manner. In a DPA, by contrast, prosecutors actually file a charging document but agree to defer prosecution under that document for a specified period of time (typically three years) in exchange for similar enumerated obligations. If prosecutors determine that the company complied with its obligations under the DPA, they will move to dismiss the filed charges, without the company ever being subject to trial or a criminal conviction. If prosecutors determine that the company breached its obligations under the DPA, however, they may commence prosecution. Unlike an NPA, which does not require judicial intervention, a DPA requires court approval.

Other countries around the world, notably the United Kingdom and France, have implemented DPAs or DPA-like regimes.[17] Key differences exist between the United States and international regimes, however, especially regarding the amount of judicial oversight[18] and the types of investigations that may be resolved through DPAs.[19] Companies negotiating global resolutions should pay special attention to these differences.

Finally, criminal authorities may resolve a matter by seeking a guilty plea from a corporate entity. In this instance, the parties will generally have some ability to negotiate penalties and continuing obligations through plea agreements. That said, matters resolved through plea agreements tend to have the greatest cost, both financially and reputationally, for the involved entities. Corporate pleas may also have significant collateral consequences for a company’s business and may make it harder to defend related litigation.

Practical considerations

Numerous considerations come into play when negotiating the resolution of a cross-border matter. Below are some practical considerations that a company may wish to consider as it seeks a negotiated resolution.

Covered entities

There are different outcomes depending upon the entity or entities covered by the resolution; a resolution covering a parent-level entity, for example, may be more harmful than one covering only a subsidiary. For that reason, it may be advantageous for the parent entity to enter into one type of resolution (e.g., a civil cease-and-desist proceeding) while a subsidiary enters into another (e.g., an NPA or DPA). Further, the entities that are covered by the resolution often impact the collateral consequences or continuing obligations that flow from the resolution. For example, a parent entity may be able to reduce the collateral consequences or continuing obligations of a resolution if the resolution covers only the subsidiary. A company should consider what collateral consequences and continuing obligations could result from the resolution and seek to limit those consequences and obligations as best it can.

Covered violations

A company should also consider what collateral consequences and continuing obligations could result from the resolution in determining which violations will be covered by the resolution. Certain violations may directly lead to particular collateral consequences or continuing obligations that may be quite onerous for the company. For example, charges premised upon intentional fraud often lead to more onerous collateral consequences and remedial obligations than negligence-based fraud charges. If a company is able to settle for a lesser charge, it may be able to reduce – or even eliminate – certain collateral consequences or continuing obligations that may flow from the resolution.


Factual admissions of misconduct carry significant risk, especially when the admitted misconduct relates to intentional misconduct. Negotiated resolutions with the SEC are typically, although not always, on a neither-admit-nor-deny basis.[20] Nevertheless, the SEC’s findings – even when articulated on a neither-admit-nor-deny basis – could still result in reputational harm, and a company should scrutinise the SEC’s proposed findings to ensure the accuracy and completeness of those findings. Criminal NPAs and DPAs, on the other hand, often require a company to admit that the facts set forth in the agreement are true and accurate, or at the very least admit its responsibility for the acts of its officers, directors, employees and agents as set forth in the agreement.[21] A company should take great care in reviewing and negotiating the specific language in these agreements to reduce the reputational risk caused by required admissions as much as possible.

Collateral litigation

Factual admissions of misconduct also create significant collateral litigation risks. Plaintiffs may seek to use admissions against the company in future civil litigation, and generally have the right to do so.[22] The risk that admissions will be used against a company in collateral litigation is significantly reduced if a company is able to enter into an agreement without any admissions, although in some matters that may not be possible.

Non-denial and non-contradiction clauses

Settled negotiations often lead to publicity, especially when the investigation relates to conduct that may grab the public’s attention. As part of a negotiated settlement, a company is generally prohibited from denying the SEC’s allegations contained in a complaint or findings contained in a cease-and-desist order, or from contradicting in any public statement the facts and the company’s acceptance of responsibility laid out in an NPA or a DPA. Without the ability to deny the SEC’s allegations or findings, or the facts contained in an NPA or a DPA, companies often face collateral estoppel issues in related subsequent litigation. Even beyond that, violations of these clauses could provide a basis for a determination that the company breached the settlement agreement. For that reason, a company should ensure that the agreement contains a provision allowing it to cure any potential breach. In any event, a company should carefully review all public statements that in any way touch on the resolution (e.g., press releases, client communications, statements to investors, even witness testimony in collateral litigation) to ensure that those statements in no way inadvertently deny or contradict the allegations, findings or facts contained in the agreement.


It should go without saying that a company should not breach a negotiated resolution. That said, a company may wish to consider the following when negotiating the resolution. First, what conduct on the company’s part constitutes a breach of the agreement? Second, who has the authority to determine whether the company breached the agreement? Often, in the United States, either the DOJ or the SEC has sole authority to determine whether the company breached the agreement. In the United Kingdom, however, prosecutors must request a finding from the court that the company breached the agreement.[23] Finally, what are the consequences of the breach? In some instances, the enforcement authority may extend the company’s obligations under the agreement.[24] In other instances, however, the enforcement authority may terminate the agreement and prosecute the company.[25]

Continuing cooperation and disclosure

Negotiated settlements typically have continuing obligations. NPAs and DPAs typically last three years, during which the company is often subject to extensive continuing obligations. Some obligations may relate to enhancing the company’s compliance programme, as discussed in the following section. Other obligations likely relate to cooperation, including, but not limited to:

  • fully cooperating with the enforcement authority (including foreign law enforcement and regulatory entities) in any and all matters relating to the conduct described in the agreement at any point during the term of the agreement;
  • fully cooperating with the enforcement authority in any and all matters relating to other conduct under investigation by the enforcement authority at any point during the term of the agreement; and
  • fully disclosing all factual information about which the company has knowledge or about which the enforcement authority may inquire.

Further, a company is typically required to report evidence or allegations of conduct that may constitute a violation of law, although agreements differ with respect to the breadth of this disclosure obligation. Companies should be aware of these provisions during the settlement discussions and consider the need to self-report potential misconduct.

In arriving at a negotiated resolution, regulators will also often require companies to review their existing internal controls and, where necessary, adopt new compliance programmes or enhance existing programmes. Evaluating a compliance programme is difficult, as standards differ by industry and have changed rapidly in the past several years. In June 2020, however, the DOJ issued updated guidance regarding how it evaluates compliance programmes.[26] That guidance highlighted three ‘fundamental questions’ it considers when conducting such an evaluation:

  • Is the corporation’s compliance programme well designed?
  • Is the programme being applied earnestly and in good faith? In other words, is the programme adequately resourced and empowered to function effectively?
  • Does the corporation’s compliance programme work in practice?[27]

This guidance accords with guidance from other enforcement authorities, including the SFO. In January 2020, the SFO issued its own internal guidance regarding how it assesses the effectiveness of an organisation’s compliance programme.[28] The guidance highlights the following six principles that the SFO believes ‘represent a good general framework for assessing compliance programmes’: proportionate procedures, top-level commitment, risk assessments, due diligence, communication (including training), and monitoring and review.

Because the strength of a company’s compliance programme is relevant to charging decisions, companies should consider improving their compliance programme, or at least working to identify any gaps or shortcomings that led to the conduct at issue, during the course of the investigation. Specifically, a company should consider implementing a code of conduct and other appropriate policies and procedures, periodically training its employees on those policies and procedures, implementing a reporting structure to enable the anonymous or confidential reporting of misconduct and conducting due diligence of its third-party vendor relationships and any acquisition targets, if applicable.[29] Additionally, a company should consider ensuring that its senior and middle management set an ethical ‘tone at the top’ and implement a culture of compliance throughout the company and clear disciplinary procedures to address non-compliance with laws, rules and regulations, or the company’s policies and procedures.[30] With respect to the resourcing of its compliance programme, a company should consider the seniority, stature, experience, qualifications, resources and autonomy of its compliance personnel to ensure that the compliance programme functions effectively. With respect to whether its compliance programme works in practice, a company may wish to continuously review and improve the programme through (1) periodic testing and risk assessments, (2) investigating allegations of misconduct in a timely and thorough manner, (3) documenting the company’s findings and response, and (4) conducting root cause analyses of identified misconduct and remediating those root causes in a timely manner.[31]

Another reason why companies may wish to take to heart the aforementioned guidance is that enforcement authorities sometimes require, as part of a negotiated resolution, that a company engage a monitor to assess the company’s compliance programme and detect any ongoing misconduct. Monitors are independent third parties tasked with independently evaluating ‘whether a corporation has both adopted and effectively implemented ethics and compliance programs to address and reduce the risk of recurrence of the corporation’s misconduct’.[32] The company is generally required to retain the monitor and pays its fees and expenses. In addition, when the SEC requires an independent compliance consultant (as opposed to when the company voluntarily engages in remediation acceptable to the SEC) there is the potential for additional collateral consequences that can prohibit the company from conducting certain businesses often unrelated to the conduct at issue.[33]

Not every negotiated resolution requires a company to engage a monitor.[34] In determining whether to impose one, US prosecutors weigh ‘the potential benefits that employing a monitor may have for the corporation and the public’ and ‘the cost of a monitor and its impact on the operations of a corporation’.[35] These costs can be significant, in terms of both the expenses of the monitorship (which can be in the tens of millions of dollars) and disruption to the business. For these reasons, companies often seek to avoid the imposition of a monitor, if possible, or tailor the scope of monitors’ responsibilities. To be in the best position to do so, a company should seek to significantly improve its compliance programme as soon as possible upon discovering the underlying misconduct.

Some companies have been successful in negotiating self-monitoring and reporting arrangements in lieu of monitorships.[36] These arrangements allow the enforcement authority to receive periodic updates regarding the company’s remediation and implementation of its compliance programme and internal controls, policies and procedures, without imposing on the company the full costs of an external monitorship.

A company should fully cooperate with a monitor, should one be imposed. This cooperation typically includes, but is not limited to, providing the monitor access to information, documents, records, facilities and employees, and using best efforts to provide the monitor with access to former employees and its third-party vendors, agents and consultants. Because an attorney–client relationship does not exist between the monitor and the company, companies may withhold information or access to employees on the basis of the attorney–client privilege or attorney work-product doctrine, provided that the company works cooperatively with the monitor to resolve the matter to the monitor’s satisfaction.

A company should take the monitor’s recommendations seriously and follow them if possible, but companies are not required to follow recommendations that are unduly burdensome, inconsistent with applicable law or regulation, impractical, excessively expensive or otherwise inadvisable.[37] If such a situation occurs, the company should propose an alternative recommendation designed to achieve the same objective or purpose and attempt to reach an agreement with the monitor. The enforcement authority may consider the monitor’s recommendation and the company’s reasons for not adopting it in determining whether the company breached the settlement agreement.


A company facing potential criminal or civil exposure due to cross-border investigations may be able to negotiate a resolution of those investigations in a way that mitigates reputational harm, business interruption and financial expense. Achieving these goals requires the company to fully and quickly understand the facts of the matter but also to identify various resolution vehicles that may be available, consider the implications and consequences of those resolution vehicles, and develop a plan to implement potential remedial measures that they may impose.


1 Nader Salehi, Jacquelyn Kasulis, Bob Allen and Lee Mayberry are partners at Kirkland & Ellis LLP. The authors wish to acknowledge with thanks the input of Zach Brez, Asheesh Goel, Dan Chaudoin and Sunil Shenoi, partners in the government, regulatory and internal investigations group.

2 US Department of Justice (DOJ), Justice Manual, § 1-12.100 (2018).

3 See, e.g., Deferred Prosecution Agreement, United States of America v. TechnipFMC plc, Case No. 19-CR-278 (E.D.N.Y. 25 June 2019) (‘The Fraud Section, the Office and the Company further agree that the Fraud Section and the Office will credit towards satisfaction of payment of the Total Criminal Fine the amount the Company pays to Brazilian authorities, pursuant to the Company’s resolution in Brazil, up to a maximum of $214,331,033.17.’); In re Telia Company AB, Securities Exchange Act Release No. 81669 (21 September 2017) (crediting confiscation or forfeiture payments made in related proceedings by Dutch and Swedish authorities).

4 DOJ, Justice Manual, § 1-12.100 (2018).

5 Serious Fraud Office (SFO), Deferred Prosecution Agreements (October 2020),

6 DOJ, Justice Manual § 9-28.700 (2018); Office of Chief Counsel, US Securities and Exchange Commission (SEC) Enforcement Manual 4.3 (28 November 2017).

7 See, e.g., SFO, Corporate Co-operation Guidance (August 2019),

8 Although not highlighted in this chapter, many criminal investigations resolve when a company pleads guilty to certain specified criminal charges prior to proceeding to trial.

9 See, e.g., In re Mobile TeleSystems PJSC, Securities Exchange Act Release No. 85261 (6 March 2019).

10 See, e.g., Complaint, SEC v. Braskem, S.A., Case No. 1:16-cv-02488 (D.D.C. 21 December 2016).

11 See, e.g., Consent (Ex. 2 to Complaint), at 2–3, Braskem, Case No. 1:16-cv-02488 (D.D.C. 21 December 2016).

12 See, e.g., Giovanni Patti and Peter Robau, 'Admissions of Guilt to the SEC under Chair Jay Clayton', NYU School of Law Program on Corporate Compliance and Enforcement, 19 January 2021.

13 See, e.g., SEC Press release 2016-109, ‘SEC Announces Two Non-Prosecution Agreements in FCPA Cases’ (7 June 2016); SEC Press release 2011-112, ‘Tenaris to Pay $5.4 Million in SEC’s First-Ever Deferred Prosecution Agreement’ (17 May 2011).

14 DOJ, Justice Manual § 9-28.300 (2020). Prosecutors in the United Kingdom consider similar public interest factors when determining whether to initiate prosecution. See, e.g., Crown Prosecution Service, The Code for Crown Prosecutors (26 October 2018), §§ 4.9–4.14,

15 See, e.g., Deputy Assistant Attorney General Matt Miner, Remarks at the American Bar Association, Criminal Justice Section Third Global White Collar Crime Institute Conference (27 June 2019), (noting that the DOJ declined to prosecute Guralp Systems Limited, which later entered into a deferred prosecution agreement (DPA) with the SFO). Prosecutors may also decline prosecution even if a company agrees to a negotiated civil resolution. See, e.g., Letter from Robert Zink, DOJ, to Counsel for World Acceptance Corporation (5 August 2020), (declining prosecution of World Acceptance Corporation); In re World Acceptance Corporation, Securities Exchange Act Release No. 89489 (6 August 2020) (finding that World Acceptance Corporation violated various provisions of the federal securities laws). US prosecutors may also decline to file criminal charges against a company but require it to pay all disgorgement, forfeiture or restitution resulting from the underlying misconduct. See, e.g., DOJ, Justice Manual § 9-47.120 (2019).

16 DOJ, Justice Manual § 9-28.1100 (2020).

17 The United Kingdom has implemented DPAs. See, e.g., SFO, Deferred Prosecution Agreements Code of Practice,; SFO, Deferred Prosecution Agreements (October 2020), footnote 5. France has implemented a DPA-like regime, known as the Convention Judiciaire d’Intérêt Public. See Law No. 2016-1691 of 9 December 2016 on the modernisation of economic life, Official Gazette of France, 9 December 2016, Article 22; Penal Code, Article 41-1-2.

18 While DPAs in the United States are subject to limited judicial approval, DPAs in the United Kingdom are subject to significantly more judicial oversight. For example, a UK court must declare that not only would entering into the DPA likely be ‘in the interests of justice’ but also that the proposed terms of the DPA are ‘fair, reasonable and proportionate’. SFO, Deferred Prosecution Agreements (October 2020), footnote 5. Not so in the United States. See, e.g., United States v. Fokker Servs., B.V., 818 F.3d 733 (D.C. Cir. 2016).

19 Both companies and individuals may enter into a DPA in the United States to resolve investigations into a wide variety of potential crimes. On the other hand, only companies (not individuals) may enter into a DPA in the United Kingdom and only for certain limited potential crimes (e.g., conspiracy to defraud, money laundering, fraud, bribery). SFO, Deferred Prosecution Agreements (October 2020), footnote 5.

20 Official SEC policy provides that a company found guilty or that admitted wrongdoing in a criminal case may settle a parallel civil action only if it agrees to admit the allegations for which it was found guilty or which it previously admitted. See Robert Khuzami, Director, Division of Enforcement, SEC, Public Statement by SEC Staff: Recent Policy Change (7 January 2012),

21 See, e.g., Deferred Prosecution Agreement, United States of America v. The Goldman Sachs Group, Inc., Case No. 20-437 (MKB) (E.D.N.Y. 21 October 2020), ¶ 2.

22 See, e.g., Davis v. Beazer Homes, U.S.A. Inc., No. 1:08CV247, 2009 WL 3855935, *7 (M.D.N.C. 17 November 2009) (denying motion to dismiss and stating that the fact that the defendant admitted to ‘some level of misconduct’ in the DPA was a ‘significant factor’ in assessing the plausibility of the private plaintiff’s claim).

23 SFO, Deferred Prosecution Agreements (October 2020), footnote 5 (‘[T]he prosecutor may apply to court seeking a finding that the Company is in breach of the DPA and an appropriate remedy. The remedy sought will depend on the circumstances of the case. The question of whether or not there has been a breach is determined on the balance of probabilities and the successful party to the application may seek costs from the other party.’).

24 For example, Deutsche Bank agreed to extend a compliance monitorship until February 2023 after the DOJ found it failed to timely disclose a misconduct complaint in violation of a DPA. Patricia Kowsmann and Dave Michaels, ‘Deutsche Bank Violates DOJ Settlement, Agrees to Extend Outside Monitor’, Wall Street Journal (11 March 2022), In another example, Odebrecht SA agreed to a nine-month extension of the monitorship imposed as part of its guilty plea after the DOJ found that it had failed to adopt the monitor’s recommendations and implement a compliance and ethics programme designed to prevent and detect certain violations of law. Mengqi Sun, 'Brazil’s Odebrecht Agrees to Extend Monitorship for Another Nine Months', Wall Street Journal (4 February 2020),

25 This is exactly what happened to NatWest Markets Plc in December 2021, when it agreed to plead guilty and pay a US$35 million criminal penalty for breaching an October 2017 non-prosecution agreement (NPA). DOJ, press release, ‘NatWest Markets Pleads Guilty to Fraud in U.S. Treasury Markets’ (21 December 2021), Similarly, in May 2015, UBS AG agreed to plead guilty and pay a US$203 million criminal penalty for violating a December 2012 NPA. DOJ, press release, ‘Five Major Banks Agree to Parent-Level Guilty Pleas’ (20 May 2015),

26 DOJ, Criminal Division, Evaluation of Corporate Compliance Programs (updated June 2020),

27 id., at 2 (internal quotation marks removed).

28 SFO, Evaluating a Compliance Programme (January 2020),

29 ibid.

30 ibid.

31 ibid.

32 Memorandum from Craig S Morford, Acting Deputy Attorney General, DOJ, Selection and Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporation, at 5 (7 March 2008) (Morford Memorandum).

33 Under the federal securities laws, collateral consequences include: (1) loss of well-known seasoned issuer status for the purposes of securities offerings; (2) loss of statutory safe harbours under the Securities Act of 1933 (the Securities Act), and the Securities Exchange Act of 1934 for forward-looking statements; (3) loss of private offering exemptions provided by Regulations A, D and Crowdfunding under the Securities Act; (4) loss of the exemption from registration under the Securities Act for securities issued by certain small business investment companies and business development companies provided by Regulation E; and (5) the prohibition on a registered investment adviser from receiving cash fees for solicitation under Rule 206(4)-3 of the Investment Advisers Act of 1940.

34 See, e.g., In re Telia Company AB, Securities Exchange Act Release No. 81669 (21 September 2017); Deferred Prosecution Agreement, United States v. Telia Company AB, Case No. 17-CR-581 (S.D.N.Y. 21 September 2017) (noting that, ‘based on the Company’s remediation and the state of its compliance program, the Fraud Section and the Office determined that an independent compliance monitor was unnecessary’).

35 Morford Memorandum, at 2. In weighing these costs and benefits, prosecutors ‘should favor the imposition of a monitor where there is a demonstrated need for, and clear benefit to be derived from, a monitorship’, Memorandum from Lisa Monaco, Deputy Attorney General, DOJ, Memorandum re Corporate Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies (28 October 2021), at 4. Prosecutors will likely favour imposing a monitor ‘[w]here a corporation’s compliance program and controls are untested, ineffective, inadequately resourced, or not fully implemented at the time of a resolution’, especially if the underlying investigation found that the compliance programme was deficient in numerous ways. It follows that a monitor may not be necessary ‘where a corporation’s compliance program and controls are demonstrated to be tested, effective, adequately resourced, and fully implemented at the time of a resolution’. ibid.

36 Other companies have been successful in negotiating ‘hybrid’ arrangements, whereby an external monitor serves for the first half of the agreed-upon duration, with the company self-monitoring and reporting for the second half. See, e.g., SEC Press release 2013-252, ‘SEC Charges Weatherford International with FCPA Violations’ (26 November 2013), (‘The company also must comply with certain undertakings, including the retention of an independent compliance monitor for 18 months and self-reporting to the SEC staff for an additional 18 months.’).

37 See, e.g., Memorandum from Gary G Grindler, Acting Deputy Attorney General, Additional Guidance on the Use of Monitors in Deferred Prosecution Agreements and Non-Prosecution Agreements with Corporations (25 May 2010),

Unlock unlimited access to all Global Investigations Review content