Thank you very much for that kind introduction.
Following Mary Jo White has been the story of my life, first as U.S. Attorney and now as a speaker at this conference. Her leadership of the Southern District of New York continues to be an inspiration to all who serve there.
It is an honor and a pleasure to be here at the SIFMA Conference. Over the years, I have come to appreciate and respect more and more the work that you all do, as compliance and legal professionals in the securities and finance industry. You do not have an easy job. And my guess is, we are not making it any easier on you.
Notwithstanding that, I have always found SIFMA and this conference to be a very welcoming forum—even if I sometimes say things that you may not welcome—and I thank you for that.
Without a doubt, it has been an eventful year. Out of my office alone, we have seen charges in connection with the so-called London Whale; more insider trading convictions at trial, including that of Mathew Martoma; a jury verdict against Bank of America for reckless mortgage lending practices; the filing of deferred criminal charges against JP Morgan Chase in connection with the Madoff matter; and the indictment and subsequent guilty plea of SAC Capital for engaging in insider trading on a scale without any known precedent. In just the last 12 days alone, we filed deferred charges against Toyota Motor Corporation, imposing a monitor and a $1.2 billion penalty; convicted on all counts five of Bernard Madoff’s cohorts in the world’s largest Ponzi scheme; and saw the affirmance of Rajat Gupta’s insider trading conviction.
We also, by the way, convicted Usama bin Laden’s son-in-law of terrorism charges, but that is perhaps a topic for a different conference.
What I thought I would do today, four years into my tenure as U.S. Attorney, and speaking at my fourth SIFMA conference, is offer four brief observations about corporate compliance.
All relate to how I and we in my office think about corporate accountability; specifically, how, based on more than four and a half years in office, I see the current and future landscape for big-ticket white collar criminal enforcement actions.
My first observation is this: When appropriate, it is essential to hold institutions, not just individuals, accountable for misconduct. Some commentators have questioned the advisability and effectiveness of pursuing criminal cases against institutions, arguing that the focus should remain solely and exclusively on the prosecution of individuals.
Of course, it is critical to prosecute individuals who have committed crimes. That is the bread and butter of what prosecutors do; that is what we do every day we come to work. And it is our main mission. But individual liability is not the whole of our mission. It should not be one or the other; prosecute individuals or institutions.
To effectively deter criminal conduct and to do justice, we need to do both. Individuals must be held accountable for criminal conduct, but sometimes blameworthy institutions need to be held accountable too.
When I say we need to “hold institutions accountable,” I am not speaking narrowly or prejudging an outcome in any particular case. Investigating and prosecuting institutions—like individuals—is a serious business and can have devastating consequences. It must be done with great care and appropriate seriousness of purpose—just as we do in making sober decisions about the liberty of flesh-and-blood people.
And there are many ways in which institutions can be held to account. We should—and my Office does—consider and use all of them as appropriate, based on the unique facts of each case.
At one end of the spectrum, institutions can be prosecuted criminally and be convicted of federal crimes either by guilty plea or after trial, as our Office did last year with SAC Capital, a hedge fund where seven different employees have been charged and convicted of insider trading.
At the other end of the spectrum, we can and have brought civil actions and sought civil monetary fines from companies, and take them to trial if necessary, as we did with Bank of America.
And in between a civil action and a criminal conviction are other criminal resolutions, including deferred prosecution agreements where criminal charges are filed, corporations make admissions of facts, pay penalties, and charges are held in abeyance during the pendency of the agreement, as with Toyota and JPMC regarding the Madoff matter.
All of these tools—prosecutions, deferred prosecutions, non-prosecution agreements, and civil enforcement actions—sit in our toolbox. And we should use all of them in holding institutions accountable for misconduct and for failings that can, and should, appropriately be put on institutions themselves.
Effective deterrence sometimes requires that institutions be punished, because sometimes it is the institution that has failed. A breakdown in a system requires an overhaul of the system.
And so, sometimes only institutional reform can usher in real and meaningful change. And that is often best promoted through institutional accountability. Why? Because a required overhaul in favor of reform often requires significant structural change, which cannot be accomplished by any single individual, especially in a large company.
It may take the creation of new infrastructure or the purchase of new technology or the reorganization of entire business divisions. It may take, more fundamentally, a reordering of priorities or a recommitment to firm-wide ethics or a revamping of hiring, promotion, and training policies. It may take, in the end, an overhaul of the culture.
Those are institutional responsibilities—they fall to management, to boards of directors, to legal and business advisors, and to shareholders. And they fall to people like you in this room.
When institutions are held to account for institutional failures, then responsible institutions will and do respond. And no one knows that better that you all. In fact, I hope that this is a point of discussion at the conference this week: ask the general counsels and the chiefs of compliance whether or not an enforcement action against a similarly-situated company has an effect on how they do business, on how they handle compliance, on how they try to ferret out wrongdoing.
In my view, anyone who blithely opines that there is no deterrent—or other—value in holding institutions, as well as individuals, accountable is just plain wrong and may not fully understand how the world works. It makes a difference, and we have seen it make a difference.
Observation two has to do with what can stand in the way of holding an institution accountable in the most severe way under the criminal law—by criminal indictment.
The public has questioned whether excessive concern over the collateral consequences of taking criminal action—particularly against financial institutions—has led to a conclusion that some institutions are simply too big to prosecute, that some companies are just “too big to jail.”
My view on this is simple and always has been: “No one should receive a get-out-of-jail-free card based on size. There may be, at the end of the day, extremely compelling reasons why for the sake of innocent third parties a disposition short of a criminal charge is appropriate in some particular case, but there should never be a presumption of immunity based on size. That is a dangerous thing. We should not be adding a presumption of prosecutorial immunity to the mix of moral hazards.”
In my view, after Arthur Andersen, the pendulum has swung too far and needs to swing back a bit. And so you can expect that before too long a significant financial institution will be charged with a felony or be made to plead guilty to a felony, where the conduct warrants it.
That being said, both the Justice of Department’s internal guidelines and the responsible exercise of prosecutorial discretion generally require prosecutors to carefully consider the potential collateral consequences of our actions. It may be that a financial institution is blameworthy but its conduct was not so severe and pervasive that it should receive the corporate death penalty.
But often the greatest existential threat to the company comes not from the prosecutor who has the power to file an indictment, but from the regulator who has the power to revoke a charter.
In this context, it has been my experience that banking regulators with whom the revocation decision ultimately rests are often loathe to commit to a decision before or even at the same time as the prosecutor—even when all the relevant facts are known. This uncertainty created by the unwillingness or inability to provide assurances (even when the actual likelihood of revocation is extremely remote) can skew the decision-making process, can effectively tie a prosecutor’s hands, and can potentially let a bad company off the hook.
If the relevant regulator cannot rule out the possibility of a revocation of the banking charter, then prosecutors must continue to consider that as a possibility. And inevitably—because not all corporate criminal misconduct is deserving of a death sentence—prosecutors cannot be as aggressive as they perhaps should be. That, in my view, is not a healthy dynamic.
Prosecutors and regulators have to work in concert. When they don’t, they create a gaping liability loophole that blameworthy companies are only too willing to exploit. The good news is that this dynamic is changing for the better, and I expect you will see hard proof of that in the future.
Observation number three: a related concern in holding institutions accountable, separate and apart from the whims of a regulator, is the possibility of other collateral consequences that might effectively shut down a firm.
Companies, especially financial institutions, will do almost anything to avoid a tough enforcement action and therefore have a natural and powerful incentive to make prosecutors believe that death or dire consequences await on the other side of such an action – to dissuade the prosecutor from taking the fateful step of filing a criminal charge, even a deferred charge. And in that dynamic also lies a powerful incentive to exaggerate.
In meetings with senior executives and their counsel—and in written submissions also—I have heard assertions made with great force and passion that if we take any criminal action, the skies will darken; the oceans will rise; nuclear winter will be upon us; and the world as we know it will end.
They predict that the stigma and reputational damage from any criminal action—even a deferred prosecution—will be too much to bear: the stock price will plummet; clients will vanish; customers will flee; key employees will quit; and senior executives will be so ashamed to be associated with a criminal resolution that they themselves may have to consider whether they can even stay on as leaders.
They make these claims, of course, without an explanation for why the possibility of such potential devastation had not led them to take compliance more seriously in the first place. And that is duly noted, believe me.
When these arguments are made to me and my staff, we take them seriously—like we take all arguments and submissions. But we also take them, increasingly, with grains of salt, and make our own independent judgment about what actually is likely to happen. What I have found typically is that, in reality, as we had suspected, the sky does not fall.
In fact, sometimes the sky brightens: stock prices remain steady, or go up, as the company is viewed as putting problems “behind it;” clients and customers and key employees don’t even bat an eye; and sometimes, the CEO even gets a raise.
And so, this repeated Chicken Little routine, I will tell you, begins to wear thin. And the result is that we view with more and more skepticism and with more and more doubt all the breathless claims of catastrophic consequences made by companies both large and small.
I have seen this enough now that I have instructed prosecutors in my office to follow up after resolutions to check and document whether any of the misfortunes that companies and their counsel predicted would befall them have in fact materialized. And I have started to send letters myself to those who have made these types of arguments directly to me. Why?
To keep those companies honest and to keep other similarly-situated institutions and their counsel from making the same overstated and overwrought assertions in the future.
And so, when you make a pitch, please make it count and always throw straight.
My fourth and final observation is that results matter. In business, as in life, results matter. Results matter a lot. Companies and executives keep track of and follow obsessively all sorts of numbers and metrics of success: the company’s stock price, the quarterly profit and loss figures, and perhaps most closely, bonus numbers.
And I have found that they take action based on these metrics, these measurements of success or failure. If a business division does not meet its expected revenues, it gets eliminated or downsized. If a trader loses enough money trading, he gets fired. If an investment banker fails to generate enough fees, his bonus suffers.
If a company fails to meet its revenue targets quarter after quarter, or if its stock price lags that of its peers month after month, the board will not hesitate to fire and replace the CEO. But if a company suffers compliance failure after compliance failure and faces one criminal investigation after another, the CEO might yet get a raise.
This double standard has consequences; it sends a clear and unequivocal message.
If people are rewarded—and rewarded handsomely—for making money, and punished, often swiftly, for losing money, then people will do everything in their power to make money, and not lose money.
On the other hand, if compliance failures are tolerated year after year and are viewed simply as a cost of doing business, then compliance failures will just as surely pervade and persist. This is not rocket science. It is simple common sense.
Last month, I spoke at Harvard Business School, and over a faculty lunch a professor there asked me: in connection with criminal resolutions, why not claw back bonuses? Why not demand the departure of executives? The longer I do this job and the more I think about deterrence, the more I think those are excellent questions. And we need to be thinking about those possibilities, while always of course being mindful of our proper role as criminal prosecutors.
As I often say, we are all in this together. And I am greatly encouraged and heartened to see, as I look around this room, that we are not alone in this important fight.
At the end of the day, prosecutors cannot be everywhere, and by the time prosecutors get involved, it is really too late. Bad things have already happened. Long before an office like mine ever sends a subpoena or makes an approach, good people like you can keep it from ever getting to that point. And that is precisely why you are here, and why I am glad I am here.
Some people question whether this is a battle that can be won. With the size, scope, and complexity of today’s financial institutions, can we really expect big global institutions to keep track of what is going on in its far flung operations? Can we really expect the left hand to always know what the right hand is doing?
Is effective compliance just a fantasy?
I submit it is not. It just takes will and application of the same ingenuity and innovation that those institutions bring to the business of making money. This should not be that hard ultimately.
Today’s global financial institutions are indeed incredibly complex and sophisticated. They trade and deal in all sorts of products and services, with all kinds of counterparties and customers, in every corner of world.
And despite all of this complexity, I guarantee you that every second of every minute, these huge global institutions know exactly how much money is owed to them, to the penny, and how to get it. They know and they keep track—no matter how difficult and how complicated—because it is their job and because they care about it and because it affects the bottom line.
But they should care about compliance too. Based on my experience, business people need to lean on you more; they need to respect your work more; they need to heed your counsel more.
It is just a matter of will.
And gatherings like this one, with people like you who have dedicated your professional lives to making sure that our companies and financial institutions comply with their legal obligations and do not become conduits for fraud, give me great hope and optimism that we will find a way.
It gives me confidence that together we can usher in a new age of institutional accountability and responsibility. And that together, we can ensure that our companies set a global standard for operating ethically and with integrity.