Among corporate compliance professionals, Morgan Stanley is held up again and again as the best-case scenario of worst-case scenarios. A Morgan Stanley managing director ended up in prison for committing substantial Foreign Corrupt Practices Act (FCPA) violations, but the strength of the company's compliance program helped it avoid enforcement actions from the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). The circumstances behind the 2012 Morgan Stanley declination were included among the real-life case studies highlighted in the FCPA guidance the DOJ and SEC published last year.

In court documents, the government outlined Morgan Stanley's anti-corruption compliance efforts. These efforts included: strong internal policies periodically updated to reflect regulatory developments and specific risks; regular monitoring, including random and unannounced audits; frequent employee training (the employee who committed the violations had been trained on the FCPA seven times and reminded of FCPA compliance at least 35 times); and extensive due diligence and stringent controls on all business partners. Morgan Stanley discovered the violations, self-reported them to authorities and cooperated extensively in the government's investigation.

“Show regulators you're proactive and actively trying to do everything you can to ensure you're compliant, and that goes a long way if they find a violation,” advises Thomas Zielinski, a partner at Morgan Lewis. As the former general counsel of Coventry Health Care Inc., Zielinski is familiar with operating in a heavily regulated space.