Skip to main content

Principal Associate Deputy Attorney General Marshall Miller Delivers Remarks at the American Bankers Association Financial Crimes Enforcement Conference


Washington, DC
United States

Remarks as Prepared for Delivery

Good afternoon. Thank you for that very kind introduction.

In my time with you this afternoon, I’ll talk about recent and ongoing changes to the department’s policies regarding corporate criminal enforcement and the department’s activity in, and approach to, the cryptocurrency and digital assets space.

In September, the Deputy Attorney General announced significant changes to the department’s corporate crime enforcement program, stemming from a year-long, top-to-bottom review that involved significant input from outside the Justice Department.

These policy changes incentivize corporate responsibility and promote individual accountability – by clarifying, rethinking and standardizing policies on voluntary self-disclosure and corporate cooperation and encouraging companies to rethink and potentially retool their compensation systems to promote compliance.

Through these reforms, we hope to assist general counsels, chief compliance officers and outside counsel in making the business case for investing in compliance and an ethical corporate culture.

We know that today’s economy requires corporate leaders to make tough choices about where to direct resources and how to set priorities. We want to make it easier for those leaders to make the right choices.

These policy changes have triggered significant public discourse. And that’s all to the good. The best ideas — the most important ideas — cause people to think deeply, to raise concerns, to engage.

We embrace that engagement, particularly since our efforts continue, and they will be enhanced by continued dialogue with experts like you here at the ABA.

So let’s dive in, and I’d like to start with voluntary self-disclosure.

The most important message here is the simplest one, and let me repeat it for emphasis: the department is placing a new and enhanced premium on voluntary self-disclosure.

When misconduct occurs, we want companies to step up and own up. When companies do, they can expect to fare better in a clear and predictable way.

For the first time, this is now true across the department. All components that prosecute corporate crime cases are in the process of preparing or updating voluntary self-disclosure policies that will be clear, public and feature the same core tenet: Any company that self-discloses misconduct promptly will not be required to enter a guilty plea — absent aggravating factors — and will not be assessed a monitor, if it has fully cooperated, remediated and implemented and tested an effective compliance program.

The message every corporation should hear is that the best way to avoid a guilty plea — for some companies, the only way to do so — is by immediately self-reporting and cooperating when misconduct is discovered.

Now, when policy changes occur, we understand that — regardless of their wording or content — practitioners are keenly interested in how these policies will be applied in practice. We’ve heard questions about whether the department might apply these policies technically, with an eye towards disqualification, rather than in the spirit they are intended.

Put simply, that is not the case. And while these are early days, let me provide some assurance by way of recent, real-life examples.

Let’s start with the ABB foreign bribery case that resolved on Friday. ABB Ltd. is a Swiss-based, multinational engineering company listed on the New York Stock Exchange.

On Friday, two of ABB’s subsidiaries pleaded guilty to conspiracy to violate the Foreign Corrupt Practices Act (FCPA), and the parent company entered into a deferred prosecution agreement requiring payments of over $315 million in penalties, in connection with bribery conduct in South Africa.

There’s a lot to say about this case, including the way it highlights the expanding global network of countries fighting international corruption, with the ABB case representing the department’s first coordinated resolution with authorities in South Africa.

I know that Criminal Division Assistant Attorney General Kenneth Polite, Jr. will discuss ABB later this week at the International Anti-Corruption Conference in Washington.

For today’s purposes, I want to focus on what the case says about voluntary self-disclosure. ABB entered into prior FCPA resolutions with the department way back in 2004 and then in 2010 — twelve years ago — when the company had a completely different management team.

In the wake of its prior misconduct, ABB implemented a compliance program that detected the FCPA misconduct in South Africa, and the company took active steps to self-disclose the wrongdoing to the department and the SEC.

But before the self-disclosure was complete, a media report drew public attention to the misconduct.

Now, because the company could demonstrate intent and actual efforts to self-disclose prior to and without any knowledge of the media report, the department weighed both the early detection of the misconduct and the intent to self-disclose it significantly in ABB’s favor.

And that was critically important here, because, as the DAG has stated, successive NPAs and DPAs for the same company are strongly disfavored.

Of course, other factors also were important to the department’s resolution decision.

As I noted, the prior misconduct was dated, having occurred over a decade before. ABB provided A+ cooperation, including the production to authorities of significant materials located overseas.

The company made overseas employees available for interviews, engaged in extensive remediation and upgraded and tested its compliance program.

Those who are tracking whether the department will walk the walk when it comes to rewarding voluntary self-disclosure should look very carefully at the ABB case — because far from taking a narrow, technical approach, the department assigned significant weight to ABB’s documented efforts to self-disclose in arriving at the ultimate result.

Another corporate resolution that highlights the department’s practical approach to self-disclosure is the Uber resolution from earlier this year.

Now, Uber did not immediately disclose its wrongdoing — just the opposite. Initially, its chief security officer actively covered up a cyber incident and obstructed the FTC’s ongoing investigation.

But when Uber’s new CEO came on board and learned of the CSO’s conduct, the company made the decision to self-disclose all the facts regarding the cyber incident and the CSO’s obstructive conduct to the government.

In response, the department entered into a non-prosecution agreement with Uber, providing appropriate credit to the company for its decision to self-disclose, cooperate and remediate.

While we’re discussing Uber, I’d like to address concerns expressed by some in compliance circles about the recent conviction of the Uber CSO as somehow suggesting that compliance officers may be in the Department’s crosshairs even if they make honest mistakes — for example, if they make a good-faith effort to disclose something, but unintentionally provide inaccurate information.

That couldn’t be farther from the truth. The prosecution of the Uber CSO stemmed from an extreme set of actions that represent an acute outlier from regular compliance practice.

As a California jury ultimately determined, the Uber CSO deliberately and criminally obstructed justice by hiding and falsifying evidence and trying to cover his tracks.

No one should take away from this case that good faith compliance decisions will be the subject of criminal prosecution; rather, the message to CSOs and compliance officers is a simple one — don’t obstruct a government investigation through hush payments and cover-up actions, because that will not be tolerated.

But the true top-line message from the Uber case is related to the corporate resolution: when Uber’s new management came in and learned what had happened, they didn’t hide the ball; they did what good companies should do — they stepped up and owned up.

As a result, the department successfully prosecuted the culpable corporate executive and entered into a no-penalty non-prosecution agreement with the company.

All very much in line with the DAG’s recent announcement about the benefits of voluntary self-disclosure and the paramount importance of individual accountability.

Bottom line: the department’s view is that voluntary self-disclosures not only alert DOJ to misconduct and assist in individual prosecutions, but such disclosures also can serve as indicators of strong compliance programs and responsible corporate leadership. And we will reward that.

Let me shift gears and discuss how the department is encouraging corporate compensation systems that incentivize ethical behavior. As this audience knows, there’s nothing like having a personal stake in something to ensure it grabs your attention.

And perhaps as a result, the idea of linking personal financial incentives to compliance is far from new. Twenty years ago, the Sarbanes-Oxley Act provided for the clawback of executive compensation for top executives of public companies — though that provision’s force and scope are limited to the context of financial restatements.

The Dodd-Frank Act of 2010 included broader clawback provisions for public companies, a subject of SEC rulemaking that was just recently finalized.

And the financial industry has been at the tip of the spear in beginning to enforce clawbacks, with multiple U.S. banks clawing back tens of millions of dollars from offending executives.

But more needs to be done. Companies should review how their compensation policies, including as to clawbacks, are structured to incentivize compliant behavior and deter misconduct.

Companies that don’t have such policies should reassess. Companies that do have policies should ensure they are deployed regularly.

All too often we see companies scramble to dust off and implement dormant clawback policies once they are in the crosshairs of an investigation. A paper policy not acted upon will not move the needle — it is no better than having no policy at all.

To up the ante, the Deputy Attorney General directed the Criminal Division to examine how to reward corporations that develop and apply compensation clawback policies, with particular attention to how a company’s policies could shift the burden of corporate financial penalties away from shareholders — who frequently play no role in misconduct — onto those who bear responsibility. That effort is underway as we speak.

Recently, companies with global operations have identified concerns about executing clawbacks overseas due to foreign laws and employee protections.

Here, it is important to remember that using compensation systems to promote compliance isn’t just about clawbacks. It’s also about positively rewarding compliance-promoting behavior.

We expect companies to find innovative, effective and targeted ways to use compensation to incentivize good corporate behavior and deter misconduct, using their own mix of carrots and sticks.

For years, companies have designed and fine-tuned sophisticated incentive compensation systems that reward behavior that enhances profits. Companies must make the same level of investment in calibrating compensation systems to reward employees who promote an ethical corporate culture and mitigate compliance risk.

To put it bluntly, companies must ensure that their employees have skin in the compliance game.

Our work on corporate crime enforcement policy remains ongoing. At the Deputy Attorney General’s direction, the Criminal Division is reviewing best corporate practices to address use of personal devices and third-party messaging applications, including ephemeral messaging platforms.

The department is also reviewing the debarment and suspension process, including how to streamline information sharing between agencies.

We’re also looking at how the department can encourage corporate responsibility by taking care not to deter companies with strong compliance programs from acquiring companies with histories of misconduct.

As a starting point, acquiring companies should be rewarded — rather than penalized — when they engage in careful pre-acquisition diligence and post-acquisition integration to detect and remediate misconduct at the acquired company’s business. Stay tuned for more on acquisitions.

As we move forward, we welcome your views on what’s working, what isn’t and how we can more effectively deter misconduct and reward ethical behavior.

Now let me turn to the topic of digital assets, including cryptocurrency.

The growing use of digital assets in the global financial system has profound implications for investors, consumers, businesses, and governments. Digital assets offer the potential for new ways to transact and store value in a rapid and decentralized manner.

At the Department of Justice, we support the responsible and lawful use of cryptocurrency and digital assets.

However, with rapid innovation in the digital-asset and distributed- ledger-technology space, there has been a spike in the illicit use of these assets and technologies by adverse nation-states, terrorists, hackers, thieves, and fraudsters.

These malicious actors are exploiting some of the central features of these technologies — including decentralized operation, anonymity and the facilitation of financial transactions without intermediaries — in ways that pose significant risks to the public and to our financial system.

Criminals and national security threat actors are using these technologies to engage in thefts and frauds of all sorts – ranging from thefts of customer funds, exploits of decentralized finance (DeFi) platforms, pump-and-dump and other market manipulation schemes, ransomware and other digital extortion plots, to narcotics trafficking, distribution of contraband, terrorist financing, sanctions evasion and money laundering.

As digital-assets technology and innovation evolve, so too then must the Department of Justice, such that we are poised to root out abuse and ensure the confidence of legitimate digital-asset users and investors. The cryptocurrency and digital-asset market will only thrive if the public can depend on effective and reliable law enforcement and market regulation.

To meet that enforcement imperative, the department has invested in human capital and in the development of a multi-level, multi-faceted investigative and prosecutorial approach that harnesses all of the Department’s assets and authorities.

Within the last year, the department has invested in the creation of the National Cryptocurrency Enforcement Team (NCET) at DOJ headquarters, and the Digital Assets Coordinators (DAC) Network in all 94 U.S. Attorney’s Offices.

These two groups — our digital assets-related strike forces — have drawn on the Department’s pre-existing cyber, money laundering and forfeiture expertise to strengthen our capacity to dismantle the entities that enable criminal actors to flourish and profit in this space.

Next month, NCET’s expertise will be further enhanced when it welcomes two new interagency attorneys detailed from the Securities and Exchange Commission.

At the investigator level, the FBI has launched a Virtual Asset Unit (VAU), to work hand-in-hand with the NCET and the DAC (Network to investigate illicit use of virtual assets across all FBI investigative programs.

This across-the-department investment in digital-asset expertise is already driving operational success in our efforts not only to solve and prosecute crypto-related crimes, but to disrupt and deter crimes in the digital-asset space before they happen.

We carry out these disruptions through an all-tools, whole-of- government approach that harnesses all instruments of national power, integrating the department’s legal authorities with those of our U.S. government and international partners, as well as the capabilities and expertise of the private sector.

This approach includes information-sharing to empower network defenders and compliance personnel in the private sector; arrests and prosecutions; takedowns of online malign infrastructure; imposition of sanctions on malicious cyber actors and illicit money service providers; the recovery of billions of dollars’ worth of ill-gotten assets and the return of those assets to consumers, investors and other victims; and most recently the deployment of our bankruptcy-related capabilities.

The department has executed several major cryptocurrency-related law enforcement disruptions over the last year that demonstrate the fruits of this approach.

Just a few weeks ago, at the department’s request, Estonian officials arrested two fraudsters alleged to have used the allure of cryptocurrency to induce hundreds of thousands of victims to part ways with $575 million, purportedly to purchase cryptocurrency mining contracts and invest in a virtual currency bank, but in reality to abscond with the proceeds to purchase real estate and luxury cars.

A month before that, after years of cyber-sleuthing, the department initiated proceedings to forfeit $3.36 billion in cryptocurrency that had been looted from the now defunct Silk Road darknet market.

And over the past year, the department has enabled the seizure of assets from the world’s longest-running darknet market; seized and moved to forfeit cryptocurrency payments extorted from U.S. hospitals by North Korean hackers; and led an international and private sector coalition that enabled the arrest and extradition of ransomware actors from the notorious REvil, Netwalker, and LockBit cybercrime groups.

Finally, I would be remiss if I didn’t mention that the department is closely tracking the extreme volatility in the digital assets market over the past year. Warren Buffet famously said that “when the tide goes out, you find out who’s swimming naked.”

For now, all I’ll say is those who have been swimming naked have a lot to be concerned about, because the department is taking note.

Using the expertise, authorities, tools and partnerships that I have just described for you, including our responsibilities to counter bankruptcy fraud and abuse, the department is locked in on the illicit conduct that has been exposed. So stay tuned.

In sum, the department is committed to working with our domestic and international partners, at the operational and institutional level, inside and outside of government, to champion a legitimate, responsible digital assets ecosystem and to disrupt and deter those who would threaten or otherwise abuse that ecosystem.

We expect that other champions of digital assets, including many of you here today, will serve as trusted partners in the department’s efforts in this space.

Indeed, we welcome your partnership and the partnership of the entire corporate community in rooting out corporate misconduct, wherever it may be found.

Effective corporate crime enforcement will remain one of the highest priorities for the department, and you can expect more on the policy and enforcement fronts in the coming months.

Thank you for the honor of speaking to you this afternoon. I look forward to taking some questions.

Financial Fraud
Updated December 6, 2022