|
Multinational Monitor: KPMG recently entered into a deferred prosecution
agreement with the Justice Department, with KPMG admitting it committed
fraud, but the department agreeing to drop charges against the firm if it
fulfills promises, including to maintain an effective compliance and
ethics program. It is a case where there was egregious criminal
wrongdoing, the company admits to it, there is alleged obstruction of
justice, there are reports that the U.S. Attorney in Manhattan actually
wants to pursue the prosecution to conviction, but is overruled by the
Department of Justice. Instead, it gets a deferred prosecution agreement.
Was that a legitimate use of a deferred prosecution agreement?
Win Swenson: I don’t have enough facts to have a definite opinion on it.
But there is a legitimate question as to whether this was an appropriate
use of a deferred prosecution. And I would look to the Department of
Justice’s own charging criteria in what is commonly referred to as the
Thompson memo.
And if you run through those criteria — pervasiveness of the misconduct,
past history and so on — there are a number of factors that would point
strongly toward prosecution. And there are also some factors that point
the other way. The most notable Thompson memo factor supporting
prosecution is that there is no indication that KPMG had an effective
compliance program.
In fact, based on my experience there, it is pretty clear that KPMG would
have a tough time making the case that it did have such a compliance
program.
And to me, this factor is as important as any in deciding whether to
prosecute. Why? Because a key question to resolve in making the
prosecution/no prosecution decision is whether the offense was, on the
one hand, aberrational — in other words, it happened despite the firm’s
best efforts to prevent and detect these kinds of things — or whether the
offense actually reflected the way things were really done there, with a
cavalier attitude toward preventing and detecting misconduct.
If you are going to prosecute and thereby impact employees and owners of
an entity, partners in partnerships and shareholders in companies,
gauging whether the offense accurately reflected the core of the company
is highly material. Bad things do happen at good companies.
But bad things also happen because the company didn’t seriously care. And
the quality of the company’s or firm’s compliance program is the best way
to measure how seriously it did care.
MM: You headed up the compliance consulting practice at KPMG for four
years. Was the reason you left because they weren’t taking it seriously
enough?
Swenson: That was a consideration. It would be unfair to say that that was
the reason, but it was something that did bother me. In my view, KPMG did
not have a compliance program that could possibly meet the standards set
by the Department of Justice in the Thompson memo or in the federal
sentencing guidelines. I didn’t feel comfortable advising other companies
to adopt such programs when my firm hadn’t.
I am told that KPMG has, to their credit, accomplished considerably more
in the compliance arena since then. But at the time, it was clear that it
was not doing what it should have been doing.
MM: What was missing?
Swenson: Work at the Big Five or Final Four accounting firms had evolved
from pure audit practices into broad consulting practices. Within the
audit profession before the consulting services were added to their
portfolios, my sense is that there were pretty tight standards for conduct
within the profession.
But as you started bringing in consulting practices, and also started
leaning on audit partners to sell these additional consulting services,
you began introducing a whole range of new risks which KPMG and its
competitors had not particularly accounted for.
So, the first thing that was missing was a risk assessment, which is
required in the sentencing guidelines, as a predicate to determine what
kinds of compliance and ethics systems they needed.
If they didn’t know what the risks were, they certainly weren’t training
people on how to avoid the risks, auditing to detect misconduct in those
risk areas or providing mechanisms by which people could get answers to
questions relating to those risks. These are the very basics of a
compliance program.
MM: Most federal prosecutors say that evidence of obstruction of justice
will tilt a close case from no prosecution to prosecution. But then again,
you also hear that you can’t convict a company the size of KPMG, because
you will drive it out of business, thus injuring so-called innocent
shareholders, employees and other third parties. If you drive KPMG out of
business, you go from the Big Four to the Big Three. And pretty soon,
there is only one major accounting firm left in the country.
Swenson: I don’t think it is a small issue. This is why I said initially I
can’t say whether or not they should have been prosecuted. One of the
criteria in the Thompson memo that is cited as pointing against
prosecution is this notion of collateral consequences to innocent people.
In the instance where you might put a company or a firm out of business,
the collateral consequences are high. The impact on so-called innocent
third parties — employees, partners or shareholders — should be
considered.
On the other hand, if the Department of Justice fails to follow through
with its policy to prosecute when the Thompson memo criteria favor
prosecution, the impression is given that once a company makes a mistake,
if they throw a few people under the bus and otherwise cooperate, they
get a free pass.
It is sort of a slap on the wrist, except for the people who are thrown
over the side, and the Thompson memo is in danger of being seen as policy
on paper only. Only after misconduct is discovered by the government does
the company have to take its compliance and ethics program seriously.
Again, I agree that the so-called innocent third party argument is
something that should be considered, just as the Thompson memo states.
But — and I think this is critical — it generally should not be
determinative.
Here is why. We need to get to a place where investors in capital markets
and employees deciding for whom to work ask — and are given probative
answers to — these kinds of questions: what kind of company is this; does
it have strong commitment to compliance; does it report externally on its
program’s activities and results; does it embrace internal whistleblowers
or retaliate against them?
In the wake of Andersen and Enron, it was powerful to see employees of
those firms who said they just wanted to work somewhere that cared about
ethics. There was a famous picture of a displaced Enron employee outside
of Enron headquarters after the bottom fell out holding a sign saying,
“Wanted: A Company with Integrity.”
When the Department of Justice follows through on these prosecutions,
future employees, shareholders, partners will begin to ask the question,
“Do I want to cast my lot with this company? Do they have a strong
commitment to compliance and ethics and what is the proof of that?” That,
in turn, will impact on how these big firms are run.
MM: You were deputy general counsel of the Sentencing Commission at the
time of the creation of the organizational sentencing guidelines. The
Thompson and Holder memos seem to parallel the organizational sentencing
guidelines.
Swenson: I headed up the staff unit at the Commission that developed the
organizational sentencing guidelines. Under the broad reach of vicarious
corporate criminal liability, very different kinds of corporations can be
convicted of a crime. We wanted the guidelines to determine — what kind of
a company do we have here?
The guidelines set up criteria for imposing penalties based upon whether
a company tends to be toward the good end of the spectrum, where this is
an aberrational kind of thing, but basically the company is trying to do
things the right way, or whether, on the other end of the spectrum, the
company is not trying to do the right thing. The criteria include
compliance programs, voluntary disclosure, cooperation, and how serious
is the offense, measured in a variety of ways, importantly including the
seniority of the people involved in the offense.
Initially, when the guidelines came out, the Justice Department seemed
concerned that companies would get a slap on the wrist after essentially
hoodwinking the sentencing court into believing that the company had a
good compliance program and the penalties would be light.
Over time, however, the Department of Justice seemed to embrace the
theory of the sentencing guidelines — this notion that different kinds of
companies can be susceptible to criminal prosecution and that it is
important to disentangle what kind of a company you have in front of you
before you make that decision — when it adopted the Holder memo and
subsequently the Thompson memo.
Both the Holder and Thompson memos parallel the criteria of the
sentencing guidelines. The same factors that drive the decision on
whether to prosecute or not, also drive the severity of the penalty that
is going to ultimately be imposed if there is a prosecution.
MM: There is a fear that if you convict one of these big companies,
corporate death will result. That is what is driving many of these
deferred and non prosecution agreements. The conventional wisdom is that
the criminal prosecution of Arthur Andersen drove the firm out of
business. But Columbia Law School Professor John Coffee says that Andersen
killed itself. Prosecution or not, it would have gone out of business
because no one wanted to be audited by a firm that was the accountant to
Enron.
Swenson: Coffee is probably right. Andersen would have had a very tough
time staying in business whether or not criminal charges were brought
based upon the conduct it had engaged in and how it was being understood
by the public.
Companies didn’t want their auditor to be the audit firm that helped take
down one of the largest corporations in America by being complicit in
misconduct that directly related to the integrity of the audit process
itself.
In answer to the first part of your question, though, I don’t think the
corporate death penalty typically results from the conviction of a crime.
In fact, it is unfortunate that when corporations are prosecuted and
convicted, the markets will often shrug it off to a fair degree. It’s not
always that big of a deal, unless there is some secondary impact, as
where you also have a huge misstatement of earnings.
MM: Often the stock price goes up, because people feel that the global
settlement puts the company’s problem behind them.
Swenson: True.
Getting back to the Department, I want to make clear that the Justice
Department deserves a lot of credit for coming up with the criteria in
the Thompson memo.
The policy itself is an excellent one, and it may be that the
Department’s application of the Thompson memo is far more rigorous and
consistent than those of us outside the Department know. But the problem
is that it is not clear from the public statements that the Department of
Justice makes when they announce these settlements.
It is hard to overstate this: It would be enormously helpful if the
Department of Justice would talk more directly about how the Thompson
memo’s criteria applied and led to the outcome of each case.
Prosecutors are reluctant to create any sense of discretion-limiting
accountability, but I think they owe the public more of this kind of
analysis if the system is to be seen as comprehensible and fair.
MM: Often they do cite the factors of the Thompson memo and say — this is
why we have decided to reach a deferred prosecution agreement.
Swenson: But — and this is critically important — they virtually never
talk about the company’s compliance program. References to this Thompson
memo criterion are almost non-existent.
They don’t say, “We have analyzed the compliance program of this company,
and it is understandable how this happened, because the program was poor,
it was not supported by management, there was no training, there was no
risk assessment, a large number of people knew about the offense but
didn’t report it to management or the board of directors because there
were no systems in place to address these concerns.”
This is not difficult to do — prosecutors can even ask an outside expert
to help with this evaluation if necessary. I have done these type of
evaluations. It would be profoundly valuable if the Department did talk
about this criterion.
And here’s why. While many companies have stellar, committed compliance
programs, there is a dirty little secret going on inside of many others.
Inside of many companies today, people who are responsible for
spearheading compliance programs are, truth be told, marginalized.
The message they hear is, “If you want to get along, you better go along.
Don’t push too hard.”
Unfortunately and sadly, I’m aware of a number of cases where compliance
officers seek to become the diligent, independent professionals they are
supposed to be to protect the company from misconduct, and are told by
senior management to cool it. The rules don’t apply to the brass, or we
aren’t really interested in providing the needed resources to make this
work effectively — resources that are typically small compared to any
other corporate function. So the compliance officer is caught in the
middle of a constant battle between his conscience and a practical desire
not to blow up his or her career by taking the needed stand.
How does what the Department of Justice does matter here? The degree to
which the Department demonstrates the importance of compliance programs
in making real prosecution/non-prosecution decisions, the greater the
clout of compliance officers who are slugging it out every day in the
corporate trenches.
They can tell their management and board, this is what happens to
companies that don’t do this by the book. Managements and boards need to
know how seriously to take all this compliance stuff. Real cases provide
the answer.
MM: Sarbanes Oxley — the major reform after the recent wave of criminality
— is now a couple of years old. Are things getting better or worse?
Swenson: It is getting better but it is not good enough or getting better
fast enough. I work with a lot of companies that are coming from a place
of good faith. I am present in management meetings and board meetings. We
have serious discussions about these topics. A lot of companies want to do
this the right way. I see more of that.
That is why I’m arguing for the Department of Justice to apply the
Thompson memo in a transparent way — so that the companies that are
trying to do this the right way get the benefit and the free riders don’t
get the benefit. I also am aware of companies where these kind of things
are not taken as seriously as they should be.
MM: Maybe because you are representing companies that have compliance
officers who want to do the right thing, you are looking at too narrow of
a sample. Do you ever get the sense that companies who want to do the
right thing will hire you and companies that don’t won’t hire you?
Swenson: I do. But along the way, we also get hired by companies that
press us to say only good things and are resistant when we don’t, even
though we understand the complexities of all this and try to make our
advice practical and achievable.
We are also asked to do work for companies who try and negotiate up front
the outcome of our review, which signals that they are not very serious
about it. We don’t do work for those companies. We have declined work for
companies where we think the management is trying to put its thumb on the
scale of objectivity.
MM: How does it work? What kinds of things are said by a company that’s
not serious?
Swenson: The company will say — we are doing the following things and we
assume that you will tell us that those are the right things to do. We
don’t really want you talking with our employees. We don’t want you to go
out and probe too much. We want to screen what you are going to say before
it is presented to anybody important within the company. It is something
you get a feel for. And there have been occasions where we either have
said we won’t do the work, or more typically, we have helped the company
conclude that we are not the ones for the job.
MM: Isn’t there a pervasive double standard with prosecutions, where
corporations simply are not prosecuted for inflicting harm on others, when
similar actions by individuals would result in prosecution?
Swenson: That is a problem. I am arguing that the Thompson memo should be
applied transparently, rigorously and across the board. But assuming they
make these decisions according to the Thompson memo and shareholders get
hurt as the result of a prosecution, what is going to happen?
Shareholders in the future will look to invest in companies that are a
lower risk of having these kinds of problems. That’s a good thing. Market
forces will support good citizen corporations.
Today we have a lot of corporate responsibility investment funds, which
are all over the board and overall do a poor job of evaluating compliance
programs. Yet, many companies are becoming much more transparent in terms
of their compliance and ethics programs in annual reports and elsewhere.
Why not ask that companies do more of this kind of thing?
Why shouldn’t investors get information about how companies manage
compliance and ethics? BP for example has recently adopted a program that
ties a significant chunk of the incentive compensation of its top 600
leaders to their tangible support for compliance within the company.
If I am a potential investor, that’s relevant to me because it means
management is actively engaged in trying to keep the company out of
trouble.
If shareholders are asked to bear the burden of corporate malfeasance to
some degree, in cases where the victims are outside the company, for
example, then shareholders are going to press the companies in which they
own stock to take compliance more seriously.
MM: The United States is one of the few western countries that has
corporate criminal liability. And many legal scholars and defense
attorneys don’t like it at all. They believe only individuals can commit
crimes, institutions can’t. Is corporate criminal liability defensible?
Swenson: Yes. Corporate cultures do create an environment in which
individuals engage in misconduct. People with generally good ethics can go
to work for a company where there is a tremendous amount of pressure to
cut corners. And they will cut corners. People who might be a little more
inclined to take risks and do things the wrong way — if they work inside a
company where there is a strong contrary signal from management — then
they are far less apt to.
We now know that there are formal management systems that companies can
employ that will yield a good outcome. It’s important that public policy
support the companies that adopt these systems — and punish those that
don’t.
| 