FCPA risks faced by financial institutions


Financier Worldwide Magazine

February 2018 Issue

In his 29 November 2017 remarks at the 34th Annual International Conference on the Foreign Corrupt Practices Act (FCPA), deputy attorney general (DAG) Rod Rosenstein advised that “[c]ompanies can protect themselves by exercising caution in choosing their business associates and by ensuring appropriate oversight of their activities”. The DAG’s remarks that day, and the new FCPA Corporate Enforcement Policy he announced, made it clear that rigorous FCPA enforcement continues to be a priority for the US Department of Justice (DOJ). Consequently, companies operating in foreign jurisdictions must be selective in their associations and vigilant in their compliance oversight.

This is particularly true for financial institutions, which typically conduct complex and varied business and financial activities with government agencies and foreign officials across many jurisdictions. While financial services has not historically been considered a high-risk industry for FCPA purposes, like the energy or extractives industries, recent enforcement actions make it clear that financial institutions are squarely in the FCPA crosshairs of the DOJ and US Securities and Exchange Commission (SEC). In addition to facing the general FCPA-related risks applicable to all companies interacting with foreign governments and their officials, financial institutions must also navigate risks specific to their particular business activities.

Perhaps the best known recent FCPA enforcement actions against financial institutions stemmed from an activity universal to every business: hiring. These cases involved financial institutions awarding employment opportunities to relatives and friends of foreign officials (including officials of state-owned enterprises (SOEs)), in an effort to win business. The FCPA-related risks associated with a company’s hiring practices may not be unique to financial institutions, but, especially when acting as an intermediary between governments and investors – or with governments acting as investors – they are particularly acute.

The most notable of these enforcement actions involved JPMorgan Securities (Asia Pacific) Limited (JPMorgan APAC), a Hong Kong-based subsidiary of JPMorgan Chase & Co., and its so-called ‘Sons and Daughters Program’. According to the settlement papers, over the course of a seven-year period, JPMorgan APAC hired approximately 100 interns and full-time employees who typically were less qualified for their positions than those hired through JPMorgan APAC’s standard hiring programme. JPMorgan APAC made those job offers at the request of government officials in order to win or retain business – including roles in IPOs, bond issuances, advisory services and other investment banking activities – that resulted in more than $100m in revenues to JPMorgan. JPMorgan APAC agreed to pay a combined approximately $264.5m to the DOJ, the SEC and the Federal Reserve.

The JPMorgan APAC matter followed on the heels of SEC actions involving similar conduct against BNY Mellon and Qualcomm, which paid the SEC $14.8m and $7.5m, respectively. Numerous other financial institutions have publicly disclosed similar ongoing FCPA investigations related to foreign government referral hiring practices in the Asia-Pacific region. While these enforcement actions have thus far focused on the Asia-Pacific region, financial institutions operating outside the US – particularly those dealing with foreign governments and SOEs in emerging markets – would be wise to take care in their hiring practices across all jurisdictions.

Another general FCPA-related risk faced by companies operating in foreign jurisdictions, although one that increasingly and disproportionately affects financial institutions, involves business dealings with sovereign wealth funds (SWFs). With the proliferation of state-owned investment vehicles and their increased impact as investors on an international scale – as of September 2017, SWFs represented approximately $7.4 trillion in assets under management – the DOJ has made clear that the FCPA’s prohibition on bribery of foreign officials extends to employees of SWFs, who are considered foreign officials under the FCPA. As a result, financial institutions conducting business with SWFs must exercise the same degree of caution as if they were dealing with foreign governments themselves.

A more recent enforcement action shows that the failure to take such precautions can lead to severe FCPA-related consequences. Bribery of SWF officials resulted in Och-Ziff Capital Management Group LLC (Och-Ziff) paying the DOJ and the SEC a combined approximately $412.1m for criminal and civil FCPA violations. In one instance cited in the SEC’s order, in order to secure an investment by the Libyan Investment Authority (Libya’s SWF) of $300m into Och-Ziff funds in 2007, Och-Ziff paid bribes of more than $3m to Libyan government officials. The SEC’s order and DOJ’s parallel deferred prosecution agreement highlighted how Och-Ziff used intermediaries, agents and business partners to bribe high-ranking government officials in multiple African countries, including Libya, Chad, Niger and the Democratic Republic of the Congo (DRC), in order to obtain or retain business for Och-Ziff and its partners, including investment opportunities in the DRC’s diamond and mining sectors and a property development project in Libya. In addition to the monetary penalties resulting from this conduct, Och-Ziff’s wholly-owned subsidiary, OZ Management GP LLC (OZ Africa), pleaded guilty to conspiracy to violate the FCPA and, as part of its government resolutions, Och-Ziff was required to retain an independent compliance monitor for a period of three years.

Along with the actions against Och-Ziff and guilty plea for OZ Africa, the SEC charged Och-Ziff’s sitting CEO and chief financial officer (CFO) with violations of the FCPA’s accounting fraud provisions. Both Daniel Och, Och-Ziff’s CEO and chairman of the board of directors, and Joel Frank, Och-Ziff’s CFO, consented to the SEC’s order against them, with the SEC ordering Och to pay approximately $2.2m in fines. The SEC also charged two former Och-Ziff executives with violations of the FCPA: Michael Cohen, the former head of Och-Ziff’s European office, and Vanja Baros, an investment executive on Africa-related transactions. Subsequently, in January 2018, Cohen was indicted by the DOJ on various criminal charges, including obstruction of justice. The DOJ’s indictment of Cohen follows its prosecution of Samuel Mebiane, the son of a former prime minister of Gabon, who pleaded guilty and was sentenced to two years in prison for his role in the Och-Ziff matter, including having bribed government officials in Chad and Niger in exchange for uranium concessions for an Och-Ziff joint venture.

The Och-Ziff prosecution demonstrates the DOJ’s continuing efforts to identify individual wrongdoers in corporate FCPA prosecutions, presenting a risk not just for financial institutions themselves, but also for their executives. One way to mitigate this risk is for financial institutions to maintain robust FCPA-related compliance policies and procedures, a factor the DOJ cited in declining to prosecute Morgan Stanley for FCPA violations by a former managing director, Garth Peterson, who pleaded guilty for his role in a scheme to conspire to evade internal accounting controls that Morgan Stanley was required to maintain under the FCPA. Financial institutions also need to ensure that all employees interacting with foreign officials receive rigorous FCPA-specific training. Because FCPA was not considered a core risk area for financial institutions in the past, achieving an effective FCPA compliance programme may require substantial enhancements.

In addition to considering the risks posed by their interactions with SWFs, in mitigating FCPA-related risks, financial institutions also must be cognisant that the same set of concerns applies to business with certain public international organisations – such as the World Bank or International Monetary Fund – and their employees, who also are considered foreign officials under the FCPA. As with SWFs, the frequency and extent of financial institutions’ interactions with these organisations puts them at increased FCPA risk.

Neither FCPA-related risks associated with hiring practices and conducting business with SWFs and international public organisations, nor the wisdom of maintaining relevant compliance policies and procedures, are unique to financial institutions, though they may face those risks more acutely due to the global reach of their operations and extent of their interactions with SWFs and international public organisations. However, in addition to these, financial institutions also face FCPA-related risks that flow more directly from their core businesses.

In particular, financial institutions must be mindful of the corruption risk in processing transactions for their customers, as money laundering charges in FCPA-related prosecutions have increased in recent years. This makes sense as a practical matter – laundering the proceeds of bribery is the next logical step in the criminal chain of events – and from an enforcement perspective, as financial institutions have numerous reporting and compliance requirements related to the detection, reporting and prevention of money laundering. Tying money laundering and FCPA violations together also allows the government access to a greater range of penalties and the ability to bring criminal charges against foreign officials themselves (who cannot be prosecuted under the FCPA). Given their extensive anti-money laundering (AML) obligations and in light of the potential severity of any penalty, financial institutions also need to manage money laundering risk from an FCPA perspective. As with crimes financial institutions may have been more historically focused on combating – such as narcotics or terrorist financing – corruption-related money laundering has increased in complexity and global breadth. Financial institutions that are not equipped to prevent and detect FCPA-related laundering may find themselves vulnerable from an FCPA, as well as an AML, perspective.

In sum, financial institutions face both general FCPA risks and risks specific to their business activities. Such institutions should exercise an enhanced degree of caution in carrying out standard business activities, like hiring, and in their business dealings with foreign officials (including SOE and public international organisation employees). Financial institutions also must be cognisant of risks associated with standard banking activities, particularly AML compliance and reporting requirements with respect to potential corruption-related money laundering, which also can form the basis of an FCPA-related enforcement action.


Aisling O’Shea is special counsel and Jacob Gutwillig is an associate at Sullivan & Cromwell. Ms O’Shea can be contacted on +1 (202) 956 7595 or by email: Mr Gutwillig can be contacted on +1 (212) 558 4760 or by email:

© Financier Worldwide

©2001-2019 Financier Worldwide Ltd. All rights reserved.