This recent post highlighted the whistleblower complaint filed by a former employee of JPMorgan (Shaquala Williams) in connection with the 2016 Foreign Corrupt Practices Act enforcement action against the company.
As described in the prior post, the JPMorgan enforcement action was based on alleged improper hiring and internship practices that the U.S. government labeled bribery and corruption. The DOJ portion was resolved through a three year non-prosecution agreement involving JPMorgan Securities (Asia Pacific) Limited (“JPMorgan-APAC), a wholly subsidiary of JP Morgan, which involved a variety of requirements and undertakings imposed upon the company – as is typical in resolving FCPA enforcement actions.
In pertinent part, the complaint alleges:
“During Williams’s tenure, she repeatedly tried to address material misconduct at the Bank that she reasonably believed broke the laws, regulations, and rules designed to prevent fraud against shareholders, to ensure that shareholders and the Securities and Exchange Commission (the “SEC”) have an accurate picture of a company’s finances, and to avoid corruption. Williams raised concerns that the Bank’s conduct violated, inter alia, a non-prosecution agreement with the United States Department of Justice (the “DOJ”); an SEC Cease and Desist order; provisions of Federal law relating to fraud against shareholders; and SEC rules and regulations, including those mandating adequate internal controls to prevent and detect material misrepresentations and fraud and those requiring accurate and reasonably detailed books and records.”
My first thought upon reading this paragraph is that if you are going to allege legal violations one must accurately allege the relevant legal standards. As has been highlighted numerous times on these pages, there simply is no standard in the FCPA’s internal controls provisions remotely suggesting or implying a “prevent and detect” standard.
Rather, the internal controls provisions state that an issuer shall “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that” certain financial objectives are met. The FCPA then defines “reasonable assurances” to “mean such level of detail and degree of assurance as would satisfy prudent officials in the conduct of their own affairs.”
More broadly, when reading the Williams complaint the following thought kept occurring: the failure to adhere to so-called “best practices” (even if required pursuant to a non-prosecution agreement or some other resolution document) is not necessarily a legal violation. (See here).
The JPMorgan NPA contains a host of compliance obligations and for starters the failure to adhere to any of these compliance obligations (whether specifically required by any law or not) would provide the DOJ (and no other party) the ability to assert a breach of the NPA in which case the DOJ could “resurrect” the alleged legal violations not prosecuted pursuant to the non-prosecution agreement.
This is much different than a private civil plaintiff alleging that a breach of an NPA (to which the civil plaintiff is not even a party) necessarily constitutes a legal violation.
The Williams complaint contains a long list of alleged “legal violations.”
For instance the complaint alleges:
“Williams also raised concerns about the lack of independent oversight within Compliance. For example, employee Compliance Control Officers were responsible for overseeing GACC. The Monitoring and Testing (“M&T”) team was responsible for monitoring and testing the business units’ compliance with internal GACC policies and procedures. However, GACC, the Employee Compliance Control Officers, and the M&T team all reported to the same managers. Williams raised concerns that due to the lack of independence, the Employee Compliance Control officers and the M&T team were less likely to raise concerns about GACC’s reporting to regulators, adherence to policies and procedures and, ultimately, the applicable legal requirements.”
While the above allegation might allege “best practice” deficiencies, there is certainly nothing in the internal controls provisions which specifically mention the standards Williams alleges.
The complaint likewise alleges:
“Williams raised concerns that there were multiple versions of the risk ranking calculator, that there was no identifiable or documented rationale or methodology justifying the risk ranking scores, and that, as a result, JPMorgan assigned inconsistent rankings to third party intermediaries.”
Again, while the above allegation might allege “best practice” deficiencies, there is certainly nothing in the internal controls provisions which specifically mention the standards Williams alleges.
The complaint likewise alleges:
“Williams uncovered that the Bank’s due diligence review process of third-party intermediaries was deficient. The Bank did not search government economic sanctions lists, other government lists, and JPMorgan’s “do not do business with” list to determine if third-party intermediaries and persons related to them were on those lists before retaining them or at later points during the relationship.”
Again, while the above allegation might allege “best practice” deficiencies, there is certainly nothing in the internal controls provisions which specifically mention the standards Williams alleges.
The complaint likewise alleges:
“The Bank provides mandatory training courses for third-party intermediaries and JPMorgan personnel that hire those third parties. Williams raised concerns that there were no controls in place to prevent hiring third parties who had not completed the training course. Williams also raised concerns because there were no consequences for JPMorgan personnel that failed to complete the required training on time.
JPMorgan required Relationship Managers to attach contracts (both drafts and final versions) with third-party intermediaries to their TPI records. Williams raised concerns that there were no controls in place to ensure that there was a contract at all or to review the contracts to ensure that they contained the required information, including terms regarding the proper scope of the assignment and pay structure.”
Again, while the above allegation might allege “best practice” deficiencies, there is certainly nothing in the internal controls provisions which specifically mention the standards Williams alleges.
The complaint alleges:
“Williams raised concerns about the TPI program’s failure to keep track of the overall number of third-party intermediaries. Such information was important for purposes of managing risk and disclosing information to regulators including the number of TPIs that the Bank had terminated due to corruption concerns.”
By now, you know the pattern.
FCPA Institute Online
The most comprehensive online FCPA training course available. Over 12 hours of narrated instruction from Professor Koehler allowing professionals to elevate their FCPA knowledge and practical skills at their own pace.
Purchase
