Correction: A previous version of this article wrongly referred to the country where UBS is located. The bank is based in Switzerland.

A memorable ad used to say it's not nice to fool Mother Nature. And good lawyers know it's not smart to try to fool federal prosecutors, either. Numerous corporations and their general counsel have learned that lesson the hard way.

The tough lesson usually evolves from a breached deal. Deferred and non-prosecution agreements as well as sanctions settlements have become a standard way for the federal government to resolve a wide range of cases involving corporate misconduct. Since the year 2000 the latest figures from Gibson, Dunn & Crutcher's annual update of DPAs and NPAs show that companies have signed at least 507 agreements to avoid U.S. prosecution.

On occasion a company fails to live up to its agreement. No exact figure on the number of breaches could be found, but experts estimate perhaps a dozen have occurred in the past 20 years. The U.S. Department of Justice, shorthanded due to the government shutdown at the time, did not respond to this story.

When a breach does occur, there is no guideline for what happens next. The government reaction can range from a barely noticeable slap on the wrist, to a gut-punch that brings a company to its knees. Or anything in between.

Some experts criticize that discretion. Brandon Garrett, the L. Neil William professor of law at the Duke University School of Law, has been studying these deals for years. “The Department of Justice still has not developed any rules regarding what happens if a DPA or NPA is breached,” Garrett says.

“We also have recidivist companies that have negotiated two, three, even four prosecution agreements, sometimes overlapping in time, without any particular consequences,” he added. “We urgently need real rules for violations.”

The discretion also allows DOJ to be harsher on some companies than others. That fact has led some foreign companies to claim DOJ has been tougher on foreign companies and banks than on U.S. ones. Corporate Counsel examined 2018's three apparent breach cases to better understand how the government responded, and perhaps why. The “why” part proved to be the toughest. Here's what we found:

England's Standard Chartered Bank

StanChart, as it is called at its home base in London, is a multinational bank with offices in New York among other places. The bank originally signed a two-year DPA in 2012 with the Justice Department and with the state of New York for illegally moving millions dollars through the U.S. financial system on behalf of sanctioned countries, including Iran. It agreed to forfeit $227 million.

But in 2014, before the agreement could expire, prosecutors reopened their investigation to determine whether the bank had breached the deal by failing to fully disclose the extent of its wrongdoing by continuing its misconduct. The consequences were brutal.

The bank agreed to a three-year extension of the agreement, which was a two-year deal to begin with. It also agreed to pay another $667 million. And it promised to “work closely with the authorities to make additional substantial improvements to its U.S. economic sanctions program to reach the standard required” by the agreements.

With StanChart, the government has shown patience. Just before the three-year extension was set to expire in late 2017, DOJ extended the agreement and its monitor yet again to July 2018. Then it was extended another five months to the end of 2018. The bank said at the time that it had made much progress, but “the program has not yet reached the standard required by the DPA. . .[and] additional time is needed to complete the investigation.”

StanChart's monitor was released last Dec. 31, but other terms of the agreement remained in place into 2019. The Wall Street Journal reported that StanChart's CEO told its staff that the bank is still working on an acceptable resolution with U.S. authorities and that final penalties could reach more than $1 billion.

So why did the U.S. keep extending StanChart's DPA rather than just take the bank to trial? No outside observer knows for sure, because as attorney Joan Meyer says, “Those dialogues are unavailable in the public domain.”

Meyer, a former federal prosecutor and now a partner at Baker & McKenzie in Washington D.C., says DOJ generally “is not eager to breach” an agreement, especially with a regulated industry like banking where a criminal conviction could have collateral consequences.

Instead prosecutors “generally will be looking at ways they can get the company to come into compliance,” explains Meyer, who served as senior counsel to the deputy attorney general at DOJ for two years. “Where there is concern about the speed in which a company or financial institution is rectifying a bad internal control situation, they [prosecutors] could be more punitive.”

Dallas' MoneyGram International Inc.

Lack of speed and failure to comply were at work in the numerous extensions of MoneyGram's DPA. The company was under a 2009 order from the Federal Trade Commission and a 2012 DPA over anti-money laundering and wire fraud violations. It forfeited $100 million at the time.

Because MoneyGram's reform efforts were lagging, DOJ extended the five-year DPA for another year into 2017. In 2017 it was extended again into 2018, and last year it was extended numerous times while DOJ investigated its compliance reforms. Finally last November MoneyGram agreed to pay another $125 million to settle allegations that it failed to fulfill nearly all of its compliance requirements.

The company also agreed to meet rigorous new compliance requirements and to extend its DPA for 30 more months—including continued oversight by a corporate monitor

In a statement, Alex Holmes, the company's chairman and CEO, said, “Over the past several years, we have taken significant steps to improve our compliance program and have remediated many of the issues noted in the agreements. Currently, our consumer fraud reports are at a 7-year low … We will continue to bolster our compliance program to ensure it meets the highest industry standards.”

Attorney Julie Myers Wood, CEO of Guidepost Solutions, an international investigation and compliance firm, calls $125 million penalty “quite significant. Not only is there a sizable penalty involved, but the FTC has issued a modified order that greatly broadens the compliance cooperation required from MoneyGram and expands the ability of the FTC to monitor MoneyGram's behavior.”

“The key lesson for general counsel is that deferred prosecution agreements do not equal deferred compliance,” Wood notes.

Jason de Bretteville, a former U.S. attorney in the Central District of California, notes, “It's pretty remarkable that a company could breach a deferred prosecution agreement to the tune of $125 million fine and still avoid prosecution.” De Bretteville is now a shareholder with California law firm Stradling Yocca Carlson & Rauth.

“The MoneyGram response speaks to the willingness of the Department of Justice to continue to work with ­companies to take corrective action, even where a breach results in a substantial fine,” De Bretteville says. Even where there is a substantial breach, DOJ is still willing to work with a company to craft remedial action and to avoid or defer prosecution.”

China's ZTE Corp.

It wasn't lack of speed in making reforms that cost China-based ZTE Corp.; it was lack of honesty. ZTE had reached a plea deal with DOJ in March 2017 over charges that the company illegally sold U.S. telecom parts and products to Iran and North Korea, violating a U.S. ban on sales to those countries. The deal included a court-imposed monitor.

Then ZTE broke one part of the agreement. The deal required it to punish employees involved in the sales, but instead it gave them year-end bonuses. In April 2018, the U.S. discovered the breach and slapped ZTE with an order denying it access to U.S. telecom parts. The order all but closed the company.

The U.S. hit ZTE with some of the most severe punishment in history. The U.S. Commerce Department negotiated a new agreement lifting the ban, but ZTE had to pay a total of $1.9 billion in penalties, plus another $4 million in escrow. The company also agreed to embed a team of U.S. appointed compliance coordinators to answer to the U.S. for 10 years; and to replace its entire board of directors and senior ­leadership.

ZTE did not comment on its new agreement. But De Bretteville, the California lawyer, says he understands why ZTE was treated so harshly.

“ZTE was in direct non-compliance with an affirmative obligation in the agreement itself,” De Bretteville explains. “Prosecutors are incensed when that happens. It's one thing for unrelated misconduct to occur, but another to not do what you specifically promised to do in the agreement.”

He says any DPA or NPA is based on trust. “A violation of an affirmative obligation is almost the worst thing you can do,” he adds.

The Bottom-line

While breaches of corporate agreements with the federal government are rare, the three breaches in 2018 received different responses. All three received extended agreements with increased requirements from the federal government. And all three faced significantly increased financial penalties.

Experts say those responses may have been shaped by certain factors present in each case. The study and the expert interviews suggest that when assessing a breach, among other things, the government will consider:

* The severity of the breach.

* How much damage was done to the government's trust in the company.

* The type of misconduct – whether the company continued its original misconduct after signing the deal, or some new wrongdoing arose.

* Whether the company made a good faith effort to fulfill the requirements of the agreement.

Perhaps the three companies should have listened when, in 2015, DOJ announced it was revoking a non-prosecution agreement with the Swiss bank UBS over manipulation of interest rates. UBS ultimately pled guilty to the conduct the NPA had otherwise immunized from prosecution.

Then U.S. Attorney General Loretta Lynch sounded an ominous note for all companies in the future when she said: “This represents the first time in recent history that the Department of Justice has found that a company breached an NPA over the objection of the company. Banks that cannot or will not clean up their act need to understand that non-prosecution agreements and deferred prosecution agreements carry very real consequences and will be enforced.”