Top Menu

Goldman – What Should Happen When Compliance Is Decent (And Often Good), But Not Great?

question marks2

The recent Foreign Corrupt Practices Act enforcement action against Goldman Sachs was the largest in FCPA history in terms of actual settlement amount ($1.66 billion).

Yes, the conduct at issue involved large bribe payments (according to the DOJ approximately $1.6 billion). Yes, the conduct at issue resulted in (according to the DOJ) Goldman obtaining “in excess of $600 million in fees and revenue across its divisions, and increased Goldman’s stature in SE Asia.” Yes, the conduct of the culpable Goldman employees criminally charged (Tim Leissner and Roger Ng) was egregious.

Viewed through the strict lens of respondeant superior, perhaps the record-setting FCPA enforcement action was justified. In this regard, the Goldman press release nicely stated in plain English: “We all share in the benefits when our colleagues perform well for our clients. The opposite must be true as well.  When a colleague knowingly violates a firm policy, or much worse, the law, we – as a firm – have to accept responsibility and recognize the broader failure that individual behavior represents for our firm.”

However, based on the DOJ’s (and SEC’s) allegations, the Goldman enforcement action was much different than certain other top ten FCPA enforcement actions.

For instance, in the Siemens enforcement action the DOJ stated that “for much of its operations across the globe, bribery was nothing less than standard operating procedure for Siemens,” and “compliance, legal, internal audit, and corporate finance departments were areas of the company that played a significant role in the conduct at issue.”

Likewise, in the MTS enforcement action the improper conduct allegedly garnered the company $2.4 billion in revenues and involved numerous allegations concerning executive management at the parent company.

In further contrast, in the Goldman enforcement action the DOJ (and SEC) alleged that certain of Goldman’s pre-existing compliance policies and procedures worked.

This salient point raises the question of what should happen in a company with 38,000 employees when compliance – even narrowly viewed in the context of a few employees – is decent (and often good), but not great.

For starters, the terms “decent,” “good,” or “great” are not found in the FCPA’s internal controls provisions.

Rather, the statutory standard is:

“devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that

(i) transactions are executed in accordance with management’s general or specific authorization;

(ii) transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;

(iii) access to assets is permitted only in accordance with management’s general or specific authorization; and

(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.”

The FCPA then defines “reasonable assurances” and “reasonable detail” to “mean such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”

With this actual statutory standard in mind, the DOJ as follows (the SEC’s findings are substantively similar).

According to the DOJ, Leissner and Ng “attempted to onboard Low as a Goldman client, or otherwise work with Low, on numerous occasions in or about and between 2009 and 2013.” However, the DOJ alleged that BIG (Goldman’s Business Intelligence Group) “rejected Low as a Goldman client because of his inability to satisfactorily answer questions raised by Goldman’s control functions, as well as negative news coverage about Low’s lavish spending.”

Stated differently, Goldman’s internal controls were decent – in fact good.

Thereafter, according to the DOJ, “Leissner tried to onboard two of Low’s companies as clients of Goldman but was unable to do so due to compliance’s continued objections to Low.”

Stated differently, Goldman’s internal controls were once again decent – in fact good.

Thereafter, according to the DOJ, “Leissner made an additional attempt to bring Low on as a PWM (Private Wealth Management) client through Goldman’s Singapore office, without referencing the prior attempt.” Yet again, the DOJ alleged: “Low was again denied due to, among other things, his questionable source of wealth.”

Stated differently, Goldman’s internal controls were once again decent – in fact good.

Thereafter, in reference to the “Project Magnolia” deal, the DOJ alleged that a “high-ranking employee in BIG and MD voiced suspicions that Low was involved in Project Magnolia.” However, “Leissner denied that Low was involved.” Thereafter, the DOJ alleged that during a FWCC (Firmwide Capital Committee) meeting “Leissner was asked whether Low was involved in Project Magnolia and Leissner said that, other arranging a meeting between Leissner and IPIC Official 1, Low was not involved.” According to the DOJ, “Ng was also present during this meeting and did not correct Leissner’s false statement about Low’s involvement.”

Stated differently, Goldman’s internal controls were once again decent – if not good.

Thereafter, in reference to the “Project Maximus” deal, the DOJ alleged that “a member of Goldman’s control functions asked members of the deal team, “is Jho Low involved in this transaction?” Please also keep us posted if there are any other politically exposed person involved in this transaction in a non-official capacity.” According to the DOJ, a “deal team member responded “no.” In addition, the DOJ alleged that “in response to committee questions, Leissner told a firmwide committee that neither Low nor any intermediary was involved in Project Maximus.”

Stated differently, Goldman’s internal controls were once again decent – if not good.

Thereafter, in reference to the “Project Catalyze” deal, the DOJ alleged that “a senior Goldman executive who was a member of Goldman’s approval committee located in New York, New York, e-mailed Leissner” essentially asking if there was intermediary on the deal. According to the DOJ, Leissner responded, “not that I am aware of … There definitely was no intermediary on any of the trades.”

State differently, Goldman’s internal controls were once again decent – if not good.

More broadly, the SEC found:

“Goldman Sachs had a general anti-corruption policy (including both a written Statement of Principles Regarding Anti-Bribery and related policies and procedures, collectively the “Anti-Bribery Policy”) applicable to all employees that expressly prohibited improper payments to government officials intended to obtain or retain business for the company. Goldman Sachs’s Anti-Bribery Policy was overseen and enforced by its compliance function (the “Compliance Group”) and its Business Intelligence Group (the “Intelligence Group”).

In addition to the Anti-Bribery Policy aspects of Goldman Sachs’s system of internal accounting controls, including the committee review process, were intended to help ensure that transactions were executed in accordance with management’s wishes. The Compliance Group and the Intelligence Group worked with, and as part of, various Goldman Sachs committees (“GS Committees”) in reviewing transactions.

Goldman Sachs’s role as underwriter for the Bond Deals meant that the firm would be using its own capital to fund the initial purchase of the 1MDB bonds. Accordingly, the transactions were formally reviewed and approved by multiple GS Committees including the Firmwide Capital Committee (“GS Capital Committee”). The GS Capital Committee’s charter states as follows:

The Committee provides approval and oversight globally of debt-related transactions, including principal commitments of the Firm’s capital. The Committee aims to ensure that business, reputational and suitability standards for underwritings and capital commitments are maintained on a global basis.”

You can bet that farm that if Goldman did not do any of the above things the DOJ alleged it did do, Goldman would have been found to be in violation of the FCPA’s internal controls provisions.

However, Goldman did all of these things and still the DOJ found FCPA violations. According to the DOJ:

“Although employees within Goldman’s control functions suspected that Low may be involved in the [Project Magnolia] deal, the only step taken by the control functions to investigate that suspicion was to ask members of the deal team whether Low was involved and to accept their denials without reasonable confirmation.”

Elsewhere, the DOJ alleged:

“Goldman’s control functions accepted the statements of the deal team members about Low’s involvement at face value, rather than taking additional steps that Goldman’s control functions took in other deals, such as reviewing the electronic communications of members of the deal team to look for evidence of Low’s involvement (e.g., searching for references to Low). For example, had Goldman conducted a review of Leissner’s electronic communications at this time, it would have discovered multiple messages linking Low to, among others, the bond deal, 1MDB officials, Malaysian Official 1 and Abu Dhabi Official 1, as well as the use of personal email addresses by Leissner and Ng to discuss Goldman business.”

Elsewhere, the DOJ alleged as to Project Maximus:

“Once again, Goldman’s control functions simply accepted at face value the representations of the deal team members and failed to further investigate Low’s suspected involvement in this bond deal.


“Despite their continued concern, as evidenced by their repeated questions, Goldman’s control functions did not engage in electronic surveillance of Leissner’s correspondence or activities to determine whether Low was involved in the deal.

Goldman’s continued control failures were further compounded when Goldman ignored additional red flags raised by Project Maximus, including that 1MDB was seeking to raise additional funds within a few months of raising $1.75 billion via Project Magnolia without having utilized the full amount from that deal, and was also seeking to raise far more than was needed to acquire Malaysian Energy Company B. Goldman’s control functions also failed to verify how Project Magnolia’s proceeds were used.”

As to Project Catalyze, the DOJ alleged:

“Goldman’s control functions had continued suspicions that Low was working on the third bond deal. Once again, however, the control functions relied solely on the deal team members’ denials of Low’s involvement without any further scrutiny.”


There was no follow-up by Goldman’s control functions about Low.

“Goldman also failed to address the other red flags that were raised by the proposed $3 billion transaction, including, once again, 1MDB raising large sums of money with no identified use of proceeds within months of Project Magnolia and Project Maximus, and Goldman’s failure to verify use of past bond proceeds. Adding to the transaction’s risks was the upcoming Malaysian general election, which directly affected the political future of Malaysian Official 1.”

Stated differently, Goldman’s internal controls were not great – or at the very least did not satisfy the statutory standards of “reasonable assurances” in the eyes of the DOJ/SEC.

But then again the FCPA does not specifically define what “reasonable assurances” is and most certainly does not mandate that issuers engage in electronic surveillance of employees.

Perhaps it was the “additional failures of Goldman’s controls functions” that tipped the scale. According to the DOJ:

“After the bond deals were completed, in or about and between March 2013 and February 2016, additional red flags were raised in the press and on internal phone calls among Goldman’s employees and executives about Low’s involvement in the deals and the possible payment of bribes in connection with the deals. Goldman failed to investigate these red flags or to perform an internal review of its role in the bond deals despite the clear implication that the deals had involved criminal wrongdoing. Further, high ranking employees of Goldman failed to escalate concerns about bribery and other criminal conduct related to the bond deals pursuant to Goldman’s escalation policy, which required that any Goldman employee who became aware of any conduct that could raise, among others, “a legal, compliance, reputational, ethical, accounting, [or] internal accounting control” issue to report such conduct immediately to a supervisor and Goldman’s control functions.”

Yet , then again, such “woulda, coulda, shoulda” allegations could be made in many instances of employee misconduct.

The above information and analysis is not meant to excuse Goldman’s conduct, but merely to highlight the point that the conduct at issue in the Goldman matter was much different than certain other top ten FCPA enforcement actions and that the enforcement action raises the question of what should happen when compliance is decent (and often good), but not great.

Unlike other legal violations, there are not first degree FCPA violations, second degree FCPA violations, etc. But perhaps that distinction is worth exploring.

FCPA Institute - Zoom (April 23-25)

Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.

Learn More and Register

Powered by WordPress. Designed by WooThemes