Criminal Liability Risks for Compliance Officers: a Multi-Jurisdictional Perspective—Part I
Amid ever-increasing regulatory complexity and diversification, it's important to stay on top of the current criminal enforcement risks for companies and their compliance departments. Part I of this two-part series homes in on the U.S., France and the Netherlands.
July 14, 2020 at 11:11 AM
9 minute read
In facing anti-bribery and anti-corruption (ABC) challenges, with new layers of ABC legislation being introduced globally, compliance teams—especially those working with international companies—are dealing with ever-increasing regulatory complexity and diversification. Intensifying enforcement focus on corporate wrongdoing in a growing number of jurisdictions means that compliance officers are facing increased levels of scrutiny from regulators and criminal enforcement authorities. In light of this new environment, as well as recent enforcement actions against senior compliance officers, part I of this article provides a brief overview of the state of play of the criminal enforcement risks for compliance officers as well as some of the implications—both practical and legal—for companies and their compliance departments in the U.S., France and the Netherlands. Part II will follow up with the UK, Germany and Ukraine, finishing off with takeaways based on the developments discussed in relation to all six jurisdictions.
U.S.: Continued Action Against Compliance Officers, Particularly in the Financial Sector
There have been no resolved Foreign Corrupt Practices Act-related enforcement actions against compliance officers to date, although the U.S. Department of Justice and Securities and Exchange Commission, the enforcement agencies tasked with enforcing the FCPA, began official proceedings in February 2019 against Steven Schwartz, former executive vice president, chief legal and corporate affairs officer of Cognizant, who was "responsible for overseeing and managing Cognizant's compliance functions." Schwartz was indicted for bribery, books and records, and internal controls violations. Other enforcement agencies, such as the Financial Industry Regulatory Authority and the Financial Crimes Enforcement Network, also known as FinCEN, have taken civil action against compliance officers in money laundering and other financial crimes-related cases as well.
The DOJ and SEC have provided some limited guidance on enforcement against compliance officers. The DOJ's 2015 Individual Accountability for Corporate Wrongdoing memorandum, also known as the Yates Memorandum, identified holding individuals accountable for their wrongdoing as a key priority for both criminal and civil DOJ attorneys. In the memorandum, the DOJ made no distinction as to compliance officers, but later in 2015, then-SEC director of the Division of Enforcement Andrew Ceresney outlined three circumstances in which the SEC had generally brought actions against chief compliance officers:
- When a chief compliance officer is "affirmatively involved in misconduct unrelated to their compliance function";
- When a chief compliance officer "engage[s] in efforts to obstruct or mislead the [SEC] staff"; and,
- When the chief compliance officer has "exhibited a wholesale failure to carry out his or her responsibilities."
The SEC has broadly adopted this position, stating that, although liability determinations are situation-specific, there are situations where liability is clear: "when a CCO engages in wrongdoing, attempts to cover up wrongdoing, crosses a clearly established line, or fails meaningfully to implement compliance programs, policies, and procedures for which he or she has direct responsibility." At the same time, the SEC has also emphasized that enforcement actions against chief compliance officers "generally should not be based on an isolated circumstance where a CCO, using good faith judgment makes a decision, after reasonable inquiry, that with hindsight, proves to be problematic."
Particularly in the financial sector, U.S. authorities have prosecuted a number of compliance officers in the last decade, and, in February, the New York City Bar Association released a report entitled "Chief Compliance Officer Liability in the Financial Sector." The report recommended more guidance on enforcement discretion and argued that the increase in investigations of and enforcement actions against compliance officers can "discourage appropriate activity by compliance officers, isolate compliance officers from other business processes, or, at the extreme, lead individuals to leave compliance roles for fear of bearing liability for the misconduct of others."
As enforcement agencies in the U.S. continue to focus on the prosecution of individuals, compliance officers at U.S. companies or international companies with a U.S. nexus should ensure that they personally and the compliance processes they oversee are living up to enforcement authorities' expectations.
France: Increasingly Exposed, if not Criminally
The absence of a specific regime in French law for holding compliance officers criminally liable for offenses committed on their watch does not stop members of the compliance community from feeling exposed. This widespread concern likely led the French anti-corruption agency (l'Agence Française Anticorruption, or AFA)—which is, albeit, not a prosecuting authority—to issue guidance clarifying that "the sole failure by a compliance officer to discharge his professional obligations" will not lead to criminal liability for corruption which is "in practice … highly unlikely if he limited himself to acting (or omitted to act) within his area of responsibility."
This clarification in reality merely applies the principle in the French penal code that criminal liability, principal as well as accessory, generally presupposes active and knowing involvement in offending. The AFA was nevertheless wise not to exclude completely the possibility of a compliance officer being criminally liable for failings on the job. There are a few examples of successful prosecutions of company directors as accessories for failing to stop offenses of which they were aware and had the power (and responsibility) to prevent. It is not unthinkable that senior compliance officers could be prosecuted on this basis, although no such a case has yet been brought.
Another principle of general French criminal law is worth highlighting because it emphasizes the importance of the institutional independence of the compliance function: Employer instructions are not a defense to a criminal charge. So, for instance, a compliance officer could not escape criminal liability on the grounds that (s)he acted under management instructions.
Prosecutions of compliance officers in relation to offenses by those they supervise will likely remain rare. However, as a recent judgment in an employment matter from the Paris Court of Appeal confirms, incompetence by a compliance officer leading to significant risk exposure for their company is grounds for termination. This is noteworthy because regardless of the low risk of criminal exposure, compliance officers and how they carried out their responsibilities will almost inevitably be a main focus in most corporate criminal investigations. Moreover, although compliance officers do not fall within the AFA's personal regulatory remit, the AFA's regular audits of companies' anti-corruption compliance frameworks subject their work to intense scrutiny. In addition, the AFA is obliged to report suspected criminal activity that it becomes aware of to prosecutors.
So, as French corporate criminal enforcement and regulatory oversight intensify, the likelihood of compliance failings coming to light increases, and those failings are increasingly likely to have consequences, even if not often criminal.
The Netherlands: Increased Focus on Individual Accountability for Corporate Crime
To date, there have not been any criminal convictions of compliance officers for their involvement in misconduct within their company. However, during recent years there has been an increased focus on prosecuting individuals presumed responsible for misconduct in the Netherlands. Under Dutch law, whether or not criminal liability can be attributed to a legal entity depends upon whether the offense can "reasonably" be imputed to the legal entity. This may be the case if the criminal conduct took place within the scope of the legal entity (e.g., if the criminal conduct was committed by an employee or if the conduct fits within the normal business operations of the company).
If criminal liability is attributable to a company, any person who can be considered to have "directed" the criminal conduct as a de facto manager may be held criminally liable as well. Prosecution of the company concerned is not required for the prosecution of such individuals.
To be held criminally liable for a criminal offense attributable to a company, the de facto manager must have had a certain level of knowledge and responsibility to act as well as an awareness of the relevant misconduct, or an appreciation that this conduct could occur without taking appropriate measures to prevent such an occurrence. Given the nature of a compliance officer's activities and responsibilities, it is fair to say that she or he seems particularly exposed to being held liable in the event of allegations against a company.
In 2018, following controversy over a settlement with a major Dutch bank in which it was agreed that individuals involved in the facts concerning the settlement would not be prosecuted, the Dutch Public Prosecution Service announced that such guarantees would not feature in future settlements. In 2019, a legislative amendment was announced (which is likely to be implemented) that would introduce judicial oversight of major (multimillion euro) settlements. In response, the DPPS announced that settlements will in principle only be offered to companies and no longer to natural persons against whom a prosecution will be launched or a penalty order will be issued in case of sufficient proof of misconduct.
As a result, in the near future, it seems unlikely that members of the management board or individuals employed by a company will be able to settle charges against them. Compliance officers operating within the Netherlands will therefore likely be even more exposed to prosecution or receiving a penalty order for their alleged involvement in corporate misconduct.
Preliminary Takeaways
None of the jurisdictions canvassed in part I of this article have a specific regime for holding compliance officers criminally liable for offenses committed on their watch. In part II of this article, which will focus on recent trends in the UK, Germany and Ukraine, it will become clear that compliance officers are more and more likely to find themselves in the front line—if not as a suspect, then as key witnesses to assessing the company's compliance program as well as in relation to the (potential) criminal conduct.
Ann Sultan is a member at Miller & Chevalier in Washington, D.C.; Shula de Jersey is a partner at BCL Solicitors in London; Daniel Travers is a counsel at Freshfields Bruckhaus Deringer in Düsseldorf, Germany; Robin Lööf is an international counsel at Debevoise & Plimpton in London and Paris; Ariane Fleuriot is an associate at Debevoise & Plimpton in Paris; Ario Dehghani is a counsel at Sayenko Kharenko in Kyiv, Ukraine; and Maarten 't Sas is a managing associate and Georgianna Verhage is an associate at Simmons & Simmons in Amsterdam.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllSteward Health CEO Saga Signals Escalation of Coercive Congressional Oversight Against Private Parties
6 minute readTen Best Practices to Protect Your Organization Against Cyber Threats
7 minute readA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readLaw Firms Mentioned
Trending Stories
- 1Legal Speak at General Counsel Conference East 2024: Virginia Griffith, Director of Business Development at OutsideGC
- 2Legal Speak at General Counsel Conference East 2024: Bill Tanenbaum, Partner & Chair, AI & Data Law Practice Group at Moses Singer
- 3Morgan & Morgan Looks to Grow Into Complex Litigation While Still Keeping its Billboards Up
- 4Thursday Newspaper
- 5Public Notices/Calendars
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250