US and UK Regulators Provide Guidance on Anti-Corruption Controls

US and UK Regulators Provide Guidance on Anti-Corruption Controls




In recent weeks, each of the DOJ, SEC and UK's FSA have provided detailed guidance on the elements of an effective anti-corruption compliance program. In the case of DOJ and the SEC, the guidance was issued in conjunction with a public announcement that they had declined to prosecute Morgan Stanley for violations of the FCPA due to, among other things, its robust anti-corruption compliance program. These pronouncements provide a benchmark for companies to evaluate their anti-corruption compliance programs.

In recent years, companies around the globe have launched efforts to implement or improve anti-corruption compliance policies and procedures in order to prevent or mitigate violations of the FCPA and, more recently, the UK Bribery Act. For most of this period, these efforts were largely undertaken without the benefit of detailed guidance from the US and UK regulatory authorities as to what, in their view, constitutes an adequate anti-corruption compliance program. In recent weeks, however, each of the DOJ, SEC and UK's FSA has provided such guidance and, in the case of DOJ and the SEC, have for the first time publicly declined to prosecute a company—Morgan Stanley—in light of the effectiveness of its compliance program. In the case of DOJ and the SEC, the guidance came in the form of a guilty plea by a former Morgan Stanley managing director who was accused of making improper payments to a Chinese government official. The FSA's guidance was not issued in the context of a specific case; rather, the FSA published the results of its recent review of the anti-corruption compliance systems at 15 major financial institutions. Taken together, these financial industry developments shed light on what US and UK regulators expect of companies—financial institution or otherwise—regarding the adequacy of their anti-corruption efforts.

Morgan Stanley/Garth Peterson

On April 25, 2012, a former Morgan Stanley managing director, Garth Peterson, pleaded guilty in United States District Court to knowingly violating Morgan Stanley's FCPA internal controls, and simultaneously settled a civil case brought by the SEC alleging knowing circumvention, bribery, and a violation of the Investment Advisers Act of 1940. Contemporaneous with the resolution of the Peterson cases, DOJ and the SEC also publicly announced that they were declining to prosecute Morgan Stanley in connection with Peterson's conduct, citing Morgan Stanley's robust anti-corruption compliance program, as well as its voluntary disclosure and cooperation with the governmental investigations.


Peterson had, prior to being fired in 2008, served as the head of Morgan Stanley's real estate investing business in Shanghai. According to DOJ and the SEC charging documents, Peterson engaged in a series of schemes to provide things of value to a Shanghai-based Chinese government official, including secretly selling at a below market price an undisclosed equity interest in a Morgan Stanley real estate investment, in exchange for that official's assistance in connection with Morgan Stanley's investments in Shanghai; Peterson was also accused of stealing undisclosed equity interests for himself and another non-government official (and non-Morgan Stanley) co-conspirator. The DOJ charges stemmed from Peterson's efforts to hide these schemes from Morgan Stanley; the SEC made similar allegations, and also charged a substantive antibribery violation relating to the payments themselves, as well as a violation of the Investment Advisers Act relating to Peterson's personal theft.


The Peterson matter is significant in at least two respects. First, it is the first time that DOJ has, in an FCPA matter, publicly announced its decision to decline prosecution of a particular corporation. In recent years, DOJ has faced increasing pressure from the defense bar and business community to articulate publicly the standards it applies when deciding whether to prosecute a corporation for violations by its employees of the FCPA. While it is impossible to know with certainty, DOJ's public announcement of its declination in this case may signal an effort by DOJ to respond to those concerns, and an attempt by DOJ to begin to outline those standards. The case is somewhat unusual in that it involved a matter in which there had been substantial publicity about the investigation of Morgan Stanley prior to the decision by DOJ to decline prosecution. Whether or not DOJ (and companies under investigation) would want similar public pronouncements in future cases will likely depend on the particular facts and circumstances of those cases.

Second, and relatedly, both the charging documents and the accompanying DOJ and the SEC press releases cited Morgan Stanley's robust anti-corruption compliance program as a basis for the declinations, and described in detail the specific elements of that program that supported their decision not to prosecute Morgan Stanley. In particular, DOJ and the SEC cited the fact that Morgan Stanley:

General Policy and Reminders

  • Implemented a robust anti-corruption policy that addressed the FCPA generally, as well as specific issues such as gifts, business entertainment, travel, meals and other relevant topics;
  • Issued regular compliance reminders on anti-corruption policies and procedures, as well as specific issues that presented anti-corruption risks (e.g., a 2008 reminder in China in connection with the Beijing Olympics);
  • Required regular certifications of compliance with applicable policies and requirements; and
  • Continually updated and improved its policies and procedures to reflect regulatory developments and specific risks.


  • Regularly trained employees, including in-person training by senior members of the legal and compliance department; and
  • Provided written training material for employees to maintain in their files.


  • Established an extensive compliance infrastructure, including 500+ dedicated compliance officers, as well as global and regional dedicated anti-corruption compliance officers who drafted and maintained policies, provided training, coordinated with the businesses to provide advisory services, evaluated the retention of agents, pre-cleared relevant expenses, and worked with outside counsel to conduct due diligence on potential business partners.

Due Diligence and Payment Approvals

  • Conducted extensive due diligence into potential new business partners, including conducting interviews with key executives and outside counsel; reviewing relevant records; contacting key references; and obtaining explicit written representations about ownership of corporate entities; and
  • Employed a multi-person approval process for payments made to third parties, including review by personnel from both the business and controller function.


  • Regularly monitored transactions, including testing by compliance; and
  • Conducted FCPA audits based on location and business-line risk.


  • Provided direct reporting by the compliance department to both the Board and the Chief Executive Officer and Chief Legal Officer, as well as various senior management committees; and
  • Established a toll-free compliance hotline in every major language, open 24/7.

While DOJ and the SEC have routinely described in settlement documents the basic elements of an adequate anti-corruption compliance program, the Peterson cases are interesting in that they describe an actual corporate compliance program that was deemed effective by DOJ and the SEC. While every company must tailor its compliance program to its unique corporate culture and relevant corruption risks, the descriptions by DOJ and the SEC of the key elements of the Morgan Stanley compliance program should be examined by any company attempting to assess the adequacy of its program.

UK FSA Review

On March 29, 2012, the FSA published the findings of its recent thematic review into antibribery and corruption systems and controls in investment banks. The main purpose of the review was to assess how effectively a sample of 15 financial institutions are addressing the risk of becoming involved in bribery and corruption.

Although the FSA does not enforce the Bribery Act, addressing the risk of bribery and corruption is relevant to its statutory objectives under the Financial Services and Markets Act 2000, in particular the maintaining of market confidence and the reduction of financial crime. The FSA therefore seeks to ensure that regulated firms adequately address this risk in accordance with the relevant FSA rules and principles. While the FSA does not prescribe how firms should comply with those rules and principles, firms will be expected to demonstrate that they can identify and assess the risk of bribery and corruption and take reasonable steps to prevent it. Such steps may of course also be relevant to the "adequate procedures" defense, in the event that a firm is facing allegations of failing to prevent bribery under section 7 of the Bribery Act.

The FSA's thematic review focused on the following topics in relation to bribery and corruption: governance and management information; assessing bribery and corruption risk; policies and procedures; third-party relationships and due diligence; payment controls; gifts and hospitality; staff recruitment and vetting; training and awareness; remuneration structures; and incident reporting. It found that, although some banks had completed significant work to implement effective antibribery and corruption controls, most had more work to do. The report's key findings are as follows:

  • Most firms had not properly taken account of FSA rules covering bribery and corruption, either before the Bribery Act or after;
  • Nearly half of the 15 firms visited did not have an adequate antibribery and corruption risk assessment, although progress had been made since the coming into force of the Bribery Act in July 2011;
  • Management information on antibribery and corruption provided to senior management was poor;
  • The majority of firms had not yet thought about how to monitor the effectiveness of their antibribery and corruption controls;
  • Firms' understanding of bribery and corruption was often very limited;
  • There were significant weaknesses in firms' dealings with third parties used to win or retain business, including in relation to compliance approval; due diligence; politically exposed persons screening; ensuring and documenting a clear business rationale; risk assessment; and regular review;
  • Many firms had recently tightened up their gifts, hospitality and expenses policies by prohibiting facilitation payments, increasing senior management oversight of expenses and introducing or revising limits. However, few had processes to produce adequate management information; for example, to ensure that gifts and expenses in relation to particular clients or projects were reasonable on a cumulative basis;
  • Firms had well-established vetting processes in place when staff were recruited, but bribery and corruption risk had not usually been a factor in identifying high-risk roles which should be subject to enhanced vetting; and
  • Since the implementation of the Bribery Act, firms had generally provided adequate basic training to staff. However, most were still developing training for staff in higher-risk roles and had no processes in place to assess the effectiveness of existing training.

In response to its findings, the FSA has launched a four-week consultation on proposed amendments to the FSA's regulatory guidance: Financial Crime: A Guide for Firms.

FSA as the main anti-corruption enforcer?

While the coming into force of the Bribery Act last year has focused attention on these issues, the FSA's determination to address systems and controls failings in this area is nothing new. In January 2009, Aon Limited was fined £5.25m by the FSA for failing to take reasonable care to establish and maintain effective systems and controls to counter bribery and corruption risk, in breach of principle 3 of the Principles for Business (a firm's duty to take reasonable care to organize and control its affairs responsibly and effectively, with adequate risk management systems). The involvement of financial institutions in corrupt or potentially corrupt practices undermines the integrity of the financial services sector and will be high on the FSA's agenda even where there is no clear evidence of criminal conduct. The impact of the Bribery Act in terms of prosecutorial activity remains to be seen. However, it may be that, for authorized firms at least, the risk of enforcement action for regulatory breaches is significantly greater than the risk of criminal sanctions for Bribery Act offenses. Indeed, the FSA is apparently currently considering enforcement action in relation to certain of the firms involved in the thematic review.