I want to circle back to that FCPA enforcement action against Credit Suisse a final time, because we have one more detail of this case that hasn’t yet been discussed much. We haven’t talked about the restrictions that Swiss regulators have imposed on Credit Suisse’s future business activities.
To recap, last month Credit Suisse settled corruption charges with U.S., British, and Swiss regulators, including payment of $457 million in disgorgement and penalties. We already looked at the internal control issues cited by U.S. and British regulators; they talked at length about how Credit Suisse had pockets of compliance activities, but lacked a broader anti-corruption strategy to leverage those activities for maximum effect. The Justice Department also imposed its own sanction, including a hefty monetary penalty.
That leaves us with the Swiss financial regulator, FINMA, which didn’t levy a monetary fine on Credit Suisse. Rather, the agency will appoint an independent party to review Credit Suisse’s progress on reforms to its compliance program; and impose restrictions and reviews on future transactions Credit Suisse will be allowed to undertake in high-risk markets, until all those compliance program reforms are proven successful.
Here’s how FINMA itself described that second part, in a settlement order published by the agency last month:
FINMA will arrange for Credit Suisse’s existing credit transactions with financially weak and corruption-prone states or companies with guarantees from such states to be reviewed by an independent third party… FINMA is also imposing temporary conditions for new loans to financially weak countries and countries with a high risk of corruption. Until all of the remedial measures have been taken, Credit Suisse will only be permitted to enter into such new transactions if Credit Suisse or the borrower concerned informs the public transparently about the purpose, amount, term and any guarantors of the loan.
Why does this catch my eye? Because in the United States, the Justice Department is planning to expand its use of outside compliance monitors, and to revisit the wisdom of offering deferred- and non-prosecution agreements to recidivist corporate offenders.
I’m still uncertain about the wisdom of denying DPAs and NPAs to recidivist offenders entirely, but clearly those offenders need some sort of harsher penalty. Perhaps FINMA’s oversight arrangement for Credit Suisse is a model for that.
More Than a Monitor?
What intrigues me most is that this Swiss sanction seems stronger than a typical compliance monitor, but stops short of the draconian consequences that can befall a corporation indicted or convicted of criminal misconduct.
For example, FINMA’s settlement seems to read like the agency (or the independent party acting on its behalf) can specifically say, “Nope, you’re not conducting any transactions in these high-risk countries anytime soon,” or “If you want to conduct business with these high-risk parties here, we want to see much more documentation and then we’ll decide whether to let you proceed.”
That strikes me as considerable interventionary power that FINMA is reserving for itself. Now, I know that compliance monitors in the United States can demand to see extensive documentation, and even sometimes forbid companies from doing business with certain third parties. But I’ve never heard of a compliance monitor intervening in strategic decisions, such as whether to enter or leave a foreign market or whether to pursue a merger. (If you have, drop me a line at [email protected] to set me straight. I’d love a confidential conversation.)
But if FINMA is reserving the right to intervene at those deeper, more strategic levels — well, that might be an idea worth exporting to the U.S. Justice Department. An ability to intercede more directly in a company’s future conduct, and to steer the business away from possibly corrupt situations until its compliance program is fully embedded and operational, might be the best way to thread the needle between yet another feckless DPA and the ride-or-die gamble of a criminal indictment and trial.
While we’re on the subject, we should note that John Carlin, a senior Justice Department official working to implement the department’s crackdown on corporate crime, said in an interview this week that “you’ll see cases in the weeks to come” demonstrating just how serious the Justice Department is about enforcing those higher standards.
I keep wondering whether one of those cases will be telecom giant Ericsson. The department recently accused Ericsson of violating a DPA the company reached in 2019 (including $1.06 billion in penalties and disgorgement) to settle FCPA violations. So if Carlin wants to show the compliance community the way forward in this sterner new world of corporate enforcement, Ericsson is his big chance. Maybe a souped up monitor or some similar FINMA style of oversight will be on the table.