Corporate Monitors

Corporate Monitors

By Pamela A. MacLean. She was a contributing writer for California Lawyer.

Dan W. Ray turns over corporate rocks for a living, looking for anything illegal that might slither out. A forensic accountant with Hemming Morse in San Francisco, Ray is also a rare bird: He’s spent eight years as an FBI agent, and served twice as an independent monitor overseeing companies that negotiated Deferred Prosecution Agreements (DPAs) with federal prosecutors in lieu of indictment and trial.

“The Department of Justice is interested in whether a company’s internal controls and compliance program are robust,” Ray says. “A lot of companies have a policy manual. Do they use it, or is it a nice book sitting on the shelf?”

DPAs and nonprosecution agreements (NPAs) have become the federal government’s bread-and-butter enforcement tool since its 2002 indictment of accounting giant Arthur Andersen for allegedly obstructing justice led the firm to implode, eventually costing 20,000 jobs.

The Bush administration’s Justice Department then took up DPAs as a form of pretrial diversion, giving prosecutors a middle-ground alternative to the stark choice of whether or not to indict a corporation.

By offering to put off prosecution, the government can command changes in corporate training and reporting programs, limit executive compensation, curb aggressive marketing, force the hiring of compliance officers – and require the company itself to fund an independent monitor.

For companies facing criminal charges, a DPA was a way to avoid trial and damaging publicity. The trade-off: hefty fines and a promise to permanently reform corporate practices.

From 1993 through 2003, the Department of Justice had entered into just 17 such agreements. By contrast, in the decade since 2004 prosecutors have arranged 278 DPAs. They have become a cash cow for the government, generating $12 billion in fines and penalties from 66 DPAs in the past two years alone. In its 2014 midyear update on DPAs and NPAs, Gibson, Dunn & Crutcher reports that the arrangements have led to “monetary penalties totaling more than $42 billion, equivalent to the annual GDP of Latvia.”

Without naming the subjects of his monitoring, Dan Ray talked generally about the highly secretive world of government-appointed corporate monitors, where progress reports are confidential, judges rarely get involved, and the DOJ alone determines whether corporations have complied with terms of the agreements. Monitors are not government employees or agents, and they do not contract with or receive payment from the government. Fees generally are negotiated between the corporation and the monitor.

During Ray’s first appointment, in 2005, the mission of DPAs was still evolving. The Justice Department offered no specific instructions for the prosecutors in its 93 U.S. Attorney’s offices, and corporate monitors often had unfettered authority.

The board members at the company involved interviewed Ray and submitted his name to the DOJ as their choice for monitor. In those days, nominees not deemed “unacceptable” by the department were simply approved.
“I wasn’t interviewed by the Department of Justice or the Securities and Exchange Commission,” Ray says. “That was standard then.”

By 2012, when Ray got his second appointment, things had changed dramatically. After a series of scandals over particularly lucrative appointments, the DOJ imposed guidelines in 2008. The complaints included then-New Jersey U.S. Attorney Chris Christie’s appointment of his former boss, Attorney General John Ashcroft, to monitor Zimmer Holdings for a potential $52 million fee to Ashcroft’s firm, paid by the medical-device company. (In another DPA with Bristol-Myers Squibb in 2005, Christie had required the pharmaceutical giant to pay $5 million to fund a business ethics chair at Christie’s alma mater, Seton Hall University School of Law.)

“The [selection] process became more formal and rigid,” Ray says of his second appointment. This time around, the company’s in-house and outside counsel vetted his nomination before it was submitted with a slate of candidates to the government, which made the final choice. “I flew to D.C. and was interviewed by DOJ and the SEC,” he says. As a finalist, he was asked to submit a proposal outlining how he would approach monitoring. He identified staff, checked for conflict-of-interest issues, roughed out a budget, and partnered with a law firm to cover legal questions.

Nowadays, the problem is not that corporate monitors have gone awry – it’s that they are going away. The appointments peaked in 2008, when monitors were a component of 40 percent of all DPAs and NPAs. Since then, the rate has dropped to just 25 percent of such agreements. In the first half of this year, only three of twelve agreements included monitors.

Even when monitors are deployed, it is unclear whether anyone at DOJ checks on the progress of compliance. The Government Accountability Office reported in 2009 that the DOJ had lost twelve of the periodic reports from seven monitors they were expected to review, and in two instances it could not even find copies of the agreements.
Consider the case of UBS AG, the Swiss banking giant that signed a DPA in 2009 regarding tax-fraud allegations, and then entered an NPA in 2011 after a bid-rigging scandal on municipal investment contracts. In 2012 the bank’s Japanese subsidiary pleaded guilty to wire fraud in a U.S. investigation of interest manipulation of the London InterBank Offered Rate (LIBOR). Federal prosecutors and British and Swiss regulators secured about $1.5 billion in fines. Despite these repeat offenses, last February UBS sought U.S. and European immunity from prosecution in a probe of the manipulation of currency markets.

Then in April, Hewlett-Packard Co. won a dubious trifecta by resolving three federal complaints accusing its subsidiaries – in Mexico, Poland, and Russia – of conspiring to bribe foreign officials in exchange for lucrative contracts. HP’s Mexican unit entered into an NPA, its Polish unit agreed to a DPA, and its Russian unit took a plea deal for violating the Foreign Corrupt Practices Act. The three HP entities paid $77 million in criminal penalties, and in a related matter settled with the SEC for an additional $31 million in disgorgement. What HP managed to avoid was getting a corporate monitor to oversee the company’s future conduct.

“The elephant in the room is lack of monitoring,” says Brandon L. Garrett, a criminal procedure specialist at the University of Virginia’s law school. “But when prosecutors do pick them, they pick from among their own. They pick former prosecutors. Monitors should be picked with a judge,” Garrett says.

Monitors “don’t report to court,” he continues. “We don’t know what they do. Not even a portion of the reports is public. It is entirely a black box.”

Neither Fish nor Fowl
Dan Ray’s career opens a window on what corporate monitors actually do. As a monitor, Ray says, “I met with the company’s highest-level executives, [and] from the chairman of the board down to the lowest member on the sales staff, to learn if corporate compliance messages made it to the street.” In both of his appointments, he toured overseas plants in Europe, Asia, the Middle East, and South America with a team of up to four accountants and lawyers, looking for evidence of changed corporate attitude. Though he may not have been welcomed with open arms, he says, neither was he treated like a pariah.

“The companies had the good sense to know the emphasis of the DPA was on ‘deferred’ prosecution,” he says. “If they didn’t satisfy the monitor, they had a potential [criminal trial] hanging over their head.”
In both 2005 and 2012, Ray says, “there was very little pushback to my work plans and requests.” The companies assigned someone to smooth the way for site visits by identifying relevant documents and arranging interviews.
Despite his FBI roots, Ray adds, he was careful not to expand his inquiry – what is sometimes called mission creep. “I saw my role as a monitor, not an investigator,” he says. In both assignments, he encountered transactions that raised new concerns, but Ray states: “[A]s a monitor I was interested in the company’s response. If the company didn’t investigate properly or take it seriously, I would raise the question, ‘What are you going to do about this?’ ”

In his first appointment Ray filed reports with the Department of Justice’s Foreign Corrupt Practices Act unit every six months for three years, and annually with the SEC. He rarely got feedback. But by 2012, he says, “It was clear DOJ was reviewing reports and they offered comments. I met with them in D.C. on several occasions. There was much more involvement.”

By 2012 the DOJ also had begun approving hybrid plans. The company he was assigned to had to submit to an independent monitor for the first 18 months; if Ray was satisfied with its progress, the company could self-monitor for the remaining term of the agreement.

Ray said he shared drafts of his reports with the company before filing them with DOJ. “If I was describing internal controls, [seeing a draft] gave the company the ability to review and propose edits to make it factually correct,” he says. “The big thing was recommendations. We had a lot of dialog about that.” Ray said he did not feel pressured to soft-pedal advice, but acknowledged it was a “fine line.”

“I’m not an agent of the government, nor an employee of the company,” he says.

The companies were fervent about the confidentiality of his reports, Ray says, out of fear they might fall into the hands of stockholders. “If [a monitor] identified internal-control deficiencies, can a lawsuit be initiated by class action counsel? Companies don’t want that information used against them in court.”

Playing Keep-Away
Corporate fears about disclosure of the terms, conditions, and progress of a DPA or an NPA are not unfounded. Factual admissions might be used under Federal Rule of Evidence 801(d)(2), and have been used successfully by plaintiffs lawyers against pretrial motions to dismiss. In 2009, for instance, U.S. District Judge Jeffrey S. White in San Francisco relied on Stryker Orthopaedics’ 2006 NPA to deny a motion to dismiss. (Somerville v. Stryker Orthopaedics, 2009 WL 2901591 (N.D. Cal.).)

A North Carolina case followed Judge White’s tack, relying on developer Beazer Homes’ acceptance of responsibility for criminal acts in a prior DPA to keep alive a civil complaint with similar allegations. (See Davis v. Beazer Homes, USA Inc., 2009 WL 3855935 (M.D. N.C.).)

In 2012, however, a federal judge in Louisiana presiding over the multidistrict Deepwater Horizon litigation against BP prevented a jury from receiving evidence about a DPA that resolved an earlier accident at a BP oil refinery in Texas. (See In re Oil Spill by Oil Rig “Deepwater Horizon,” 2012 WL 413860 (E.D. La.).)

But even if a court can consider a DPA or an NPA, keeping a private cause of action alive is not the same as holding a company liable. In one of the few appellate assessments on this question, the Ninth Circuit reversed a summary judgment that favored a plaintiff in 2010. The appeals panel held that the admissions in a DPA proved the defendant defrauded the United States, but did not prove that the fraud caused the plaintiff’s injury. (See Renzer v. Bayerische Hypo-Und Vereinsbank AG, 630 F.3d 873 (9th Cir. 2010).)

Debra Wong Yang, a partner at Gibson Dunn’s Los Angeles office, was appointed in September 2007 to monitor DePuy Orthopaedics as part of a DPA reached with four medical-device companies charged with conspiring to violate the federal antikickback statute. In July a federal judge in Texas ordered Yang to give a deposition as part of trial preparation for the first of more than 6,000 cases against DePuy and its parent, Johnson & Johnson, over design of the Pinnacle hip implant. (Herlihy-Paoli v. DePuy Orthopaedics Inc., 12-CV-04975, which is part of In re DePuy Orthopaedics Inc., Pinnacle Hip Implant Prod. Liab. Litig., 11-MD-2244 (N.D. Texas ).) In late October jurors found no liability for the defendants.

In the course of researching his newly released book, Too Big to Jail: How Prosecutors Compromise with Corporations (Harvard University Press), the University of Virginia’s Garrett had to file suit under the Freedom of Information Act to get access to one sealed DPA involving a Texas tree service. After the government finally turned the document over, Garrett says, he found himself scratching his head about why anyone would care about keeping it secret. Now Garrett, and the law school’s First Amendment Clinic, have another 30 pending FOIA requests to unseal DPA deals.

At least one federal judge has made clear his distaste for the entire nonprosecution approach. U.S. District Judge Jed S. Rakoff of the Southern District of New York, in a January 2014 article in The New York Review of Books, suggested that “the future deterrent value of successfully prosecuting individuals far outweighs the prophylactic benefits of imposing internal compliance measures that are often little more than window-dressing.”

Suite Deals
Indeed, lack of public access to the monitors’ reports – and of judicial review when monitors can’t compel compliance with the terms of DPAs – make it difficult to defend the continued use of corporate monitors. Consider the American International Group Inc. matter.

AIG entered a consent decree with the Justice Department and the SEC over alleged securities violations in November 2004, and two months later it accepted appointment of James M. Cole, then a lawyer in the Washington, D.C., office of Bryan Cave, to monitor reforms at its AIG Financial Products subsidiary. Cole was specifically charged with reviewing certain structured financial transactions. He was reappointed in February 2006 pursuant to a second agreement, this time monitoring financial reporting and corporate governance. Cole was filing periodic reports during a four-year period leading up to the financial crash of 2008. Yet it took a $182.5 billion taxpayer bailout – since repaid – to help AIG recover from the effects of the transfers Cole was supposed to be tracking.

When Congress learned of Cole’s presence inside the company – for which AIG paid his law firm some $20 million – it demanded access to his monitor reports. Although the district court granted a joint motion in 2006 prohibiting public dissemination of the reports, at the request of the SEC and AIG the court granted release of reports to the congressional Office of Thrift Supervision, and to the House Committee on Oversight and Government Reform. But the releases stopped there.

When Sue Reisinger, a reporter for Corporate Counsel, requested public access to Cole’s reports in 2011, the SEC and AIG opposed disclosure. Reisinger argued that the documents are analogous to those supporting a plea agreement in a criminal trial, and are therefore entitled to a presumption of access under the First Amendment. She also argued that the reports should be publicly available under the common law right of access to judicial records.
In an interview, Reisinger comments, “Cole was appointed to oversee the very unit that almost caused AIG to go bankrupt. If this case, with the strong public interest and clear implications of what AIG did to our economy, isn’t important enough to trigger a right of public access, I don’t know what is.”

Reisinger’s lawyer, J. Joshua Wheeler, director of the Thomas Jefferson Center for the Protection of Free Expression in Charlottesville, Virginia, contends, “What’s important is the public’s right to know … what the DPA requirements are. We may think they are insufficient. Are these decisions the public would be comfortable with? We don’t know. The government is just saying, trust us.”

In April 2012 U.S. District Judge Gladys Kessler denied access on First Amendment grounds, noting that the SEC had brought a civil, not criminal, action against AIG, and that Reisinger had not made the requisite showing that access “has historically been available.” (SEC v. Amer. Int’l Group, 854 F. Supp. 2d 75, 79 (D.D.C. 2012).) But Kessler did grant a common law right of access, holding that the monitor’s reports are properly considered judicial records and “may prove critical to this Court’s assessment of conformity to the Consent Order.” (854 F. Supp. 2d at 81.)

A year later, however, the D.C. Circuit Court of Appeals reversed. Writing for a three-judge panel, Judge Janice Rogers Brown held that Cole’s reports were “neither judicial records nor public records.” Brown added, “Indeed, the independent consultant had no relationship with the court. The court did not select or supervise the consultant and had no authority to extend the consultant’s tenure or modify his authority. … Unfortunately for Reisinger, the value of the reports for proper oversight of the Executive does not itself justify disclosure under the judicial records doctrine.” (SEC v. Amer. Int’l Group, 712 F.3d 1, 4-5 (D.C. Cir. 2013).)

Calls for Reform
Efforts by Congress to reform DPAs – initially set in motion following exposure of Christie’s appointment of John Ashcroft as a monitor in 2007 – have gone nowhere.

Congress first proposed uniform national standards for DPAs and NPAs in 2008. The legislation was deferred in March of that year when the Justice Department issued guidelines to U.S. Attorneys. Known as the Morford Memorandum – after Craig S. Morford, the former acting U.S. deputy attorney general – the nine enumerated “Principles” were intended to avoid the perception that monitor jobs were political plums for insiders. The principles emphasized the monitors’ independent role, the limited scope of their work, and the need for them to communicate progress through periodic reports. They required that monitoring contracts be approved by the Department of Justice’s chief of the criminal division and the second-ranking department official – currently former AIG monitor James Cole.

In 2010 the DOJ set more restrictions on the selection of monitors in a memo issued by acting Deputy Attorney General Gary G. Grindler. The Grindler Memo required prosecutors using a DPA or NPA to spell out the role the DOJ would play in resolving any disputes between the monitor and the company over compliance with terms of the agreement.

That memo coincided with the start of a precipitous decline in the use of monitors. By 2014 even the biggest DPAs frequently omitted oversight. The granddaddy of them all came in January, when JPMorgan Chase, the nation’s largest bank, signed a DPA based on two felony violations of the Bank Secrecy Act for its role as a cash depository for Bernie Madoff’s Ponzi investment scheme. JPMorgan would pay the government $1.7 billion, accept responsibility, and cooperate for two years. Though the deal calls for “significant remedial changes,” no monitor was appointed to supervise the process.

Current legislative calls for reform and clear guidelines from the Department Of Justice have been largely ignored. The Truth in Settlements Act (S. 1898), introduced in January by Sen. Elizabeth Warren (D-Mass.) and Sen. Tom Coburn (R-Okla.), would require transparency about the terms of deals between federal regulators, the Department of Justice, and companies accused of wrongdoing. It passed one Senate committee in September and stalled.

A second bill introduced in May by Rep. Bill Pascrell (D-N.J.) would require the attorney general to issue guidelines for DPAs and NPAs, and make the agreements publicly available online. The Accountability in Deferred Prosecution Act of 2014 (H.R. 4540) is awaiting committee action.

In contrast, the United Kingdom published a DPA Code of Practice in February 2014 governing the use of DPAs by crown prosecutors. It establishes clear judicial roles, limits prosecutorial discretion, and allows broad public access. U.K. authorities may offer a DPA only if it includes a statement of facts related to the alleged offense, “which may include admissions made by” the person or company involved. After nonpublic negotiations begin, the prosecutor must ask the Crown Court judge to declare that the proposed terms are “in the interest of justice” and are “fair, reasonable and proportionate.” (See U.K. Crime and Courts Act 2013, Ch. 22, at pp. 295-306.)

In the United Kingdom, a proposed DPA is not binding on the court, and if rejected it would subject the company to potential prosecution for the original allegations. The final DPA will be published and approved in open court, and the ruling is nonappealable. Unlike in the United States, prosecutorial decisions pursuant to the DPA Code can be challenged through judicial review.

Pushback
The strongest pressure regarding DPA policy in the United States is coming from business lobbyists and corporations. “It’s good when a company feels it can fight back,” says James R. Copland, a senior fellow at the conservative Manhattan Institute policy center in New York.

“The entire process is an affront to the rule of law,” Copland continues. “I do think monitors are a problem – but the bigger problem is the ability prosecutors wield to change business models, change management, and effectively appropriate levies as they see fit for purposes not closely tethered to the alleged misconduct. Ultimately, they are just playing judge and jury in most of these cases. It is an enormous regulatory power grab.”

But Copland adds, “At the end of the day, I don’t think DPAs do much. They tax shareholders with corporate misdeeds by levying a tax on misdeeds of the past without testing the theory.”

This year the veil of secrecy shrouding monitors’ reports lifted partially when Apple Inc. challenged provisions of a court judgment that included a monitorship. After a civil bench trial in June 2013, U.S. District Judge Denise Cote in New York found that Apple had violated Section 1 of the Sherman Act by conspiring with five e-book publishers to fix prices. (See United States v. Apple Inc., 2013 WL 4774755 (S.D.N.Y. Sept. 5, 2013).) A month later the court appointed Michael R. Bromwich, a former DOJ inspector general, as monitor to review and suggest improvements to Apple’s internal antitrust training and compliance programs. Bromwich, a partner at Goodwin Proctor in Washington, D.C., had two decades of oversight work in both government and the private sector, including as monitor of “one of the largest companies in the world.”

Apple appealed the judgment to the Second Circuit, contending that Judge Cote’s monitoring provision exceeds the district court’s authority and violates the separation of powers. Nevertheless, this year Bromwich’s reports, partially redacted, were filed publicly.

Bromwich’s first report, filed in April, complained of Apple’s lack of cooperation. Judge Cote fumed, charging that Apple was “doing its best to slow down the process, if not stonewall.”

Bromwich’s second report, in October, noted a “more productive and constructive” relationship, but he described continued “attempts to limit and delay access to relevant personnel and materials.” In his summary, Bromwich stated that some requests were rejected, others ignored, and the company “inappropriately limited” the team’s live monitoring of antitrust compliance training sessions and other relevant activities.

After initially being denied interviews with top officials, Bromwich did meet with Apple CEO Tim Cook and other executives. He also noted that the company’s failure to supply its board of directors with his first compliance report was “surprising and disappointing,” given the Apple board’s oversight role.

Meanwhile, Apple’s lawyers at Gibson Dunn were attacking Bromwich’s appointment from every angle. In a January letter to Judge Cote three months into the monitoring arrangement, Gibson Dunn partner Theodore J. Boutrous Jr. asked that Bromwich be removed, alleging he had a personal bias against the company, collaborated with plaintiffs to expand his mandate beyond the terms of the final judgment, made excessive financial demands on the company, and evinced “adversarial, inquisitorial, and prosecutorial communications and activities toward Apple since his appointment.”

Boutrous reiterated those charges in an appellate brief, arguing in May that Bromwich’s demands to “crawl into the company” vastly exceed the scope of the final judgment and his “unprecedented” fees create a financial incentive that violates Apple’s due process rights. If allowed to stand, Boutrous contended, the ruling “will stifle innovation, chill competition, and harm consumers.” Oral arguments on Apple’s appeal are scheduled this month. (United States v. Apple Inc., No. 13-3741 (2nd Cir.).)

“A Game of Chicken”
To plaintiffs lawyers, federal prosecutors’ secret agreements with huge corporations – even when they include limited oversight from company-paid monitors – allow the firms to buy their way out of criminal prosecution.
“The problem with the DPA is that it is an easy cop-out for the Justice Department,” says plaintiffs lawyer Richard Greenfield of Greenfield & Goodman in New York. “In so many cases [the prosecutors] don’t have the resources to go to trial – and the SEC goes through the same thing. So they issue a DPA.”

Greenfield says deferred prosecution agreements could really have “teeth” if the government appointed tougher monitors, citing the example of oversight in union prosecutions in the 1990s. “It cleaned up the Teamsters by having a strong monitor in place,” he says.

According to Greenfield, the greatest chance for success comes with a judge-appointed monitor. And public disclosure of the monitor’s subsequent reports also serves the interest of shareholders in answering the basic question: “Is the company complying, and what are they doing?”.

But prosecutors’ leverage depends on the industry, according to Kathleen M. Boozang, a Seton Hall law professor at the Center for Health and Pharmaceutical Law and Policy. Prior DPAs entered with medical-device, military-equipment, and financial companies carried an implicit threat of debarment from contracting programs or loss of banking licenses for noncompliance. Consumer technology companies like Apple don’t face those risks.

“It’s like a game of chicken,” Boozang says. Prosecutors don’t necessarily want to use their “nuclear option” in some sectors if it would reach outcomes like the demise of Arthur Andersen.

Boozang says the government may need to introduce new enforcement tools, and there are early glimmers of change. A few DPAs with health companies, for example, now include requirements for personal accountability – certification by officers and directors that specific conduct has been achieved – and provide for the clawback of executive compensation if violations are found. “The shift to holding individuals to account has been significant,” she says. “It has gotten people’s attention.”