With Goldman Sachs’ $3.3 billion settlement, we see the failure of a sophisticated and influential financial institution to maintain strong internal controls. How did it happen? Here are the five biggest takeaways every company in any industry can benefit from.
A company’s compliance and control functions must be prioritized and executed. On a daily basis, compliance teams have to insist on the proper inspections before onboarding of third parties, raise red flags, follow up to ensure recommendations are carried out, and withstand occasional pressure from sales functions to close deals at any cost. In the Goldman Sachs case, for example, the unexplained presence of Jho Low (who turned out to be the alleged ringleader) emerged as a problem in the early stages of planning the Malaysian mega deals and bond offerings. Still, the compliance and legal departments didn’t for Goldman Sachs to cut ties with him, or receive satisfactory explanations of how these transactions could be carried out without his significant involvement.
Like in poker, if you can’t spot the fool around the table, it’s probably you. To avoid being that fool, compliance officers and their teams should think outside the box and assume that some company personnel are interested in circumventing the route outlined by the control functions. The compliance officers should also build alliances with senior and mid-level management to nurture the right ethical atmosphere and intercept such circumventions. Otherwise, they may find themselves (as demonstrated in the current case) isolated from relevant company news that is known to everyone in the corridor but them.
Building compliance controls that aim to hedge against FCPA violations is not enough. In my Airbus post, I stressed the need for the 2020 compliance officers to be acquainted with all regulatory perils relevant to their companies. The 1MDB case, in which Goldman Sachs and other parties were seriously involved in money laundering and civil forfeiture procedures, demonstrates that feeling safe about FCPA risks is not enough for itself. The compliance team should adopt a “360” approach about the entire regulatory surroundings, including money laundering, trade sanctions, the False Claims Act, wire fraud, and more. As it tends to be, some risks are coupled with other ones, e.g., money laundering charges follow bribe charges. After all, one has to somehow wash the dirty money.
Any activity involving offshore and tax-sheltered companies should raise red flags until a satisfactory explanation about the deal structure is obtained. Any company purchasing a service from an individual who has no reason to work through a network of shell companies should thoroughly check all surrounding circumstances and backgrounds of those involved. Such “payment chains” are an open door to covert money transfers and related hazards.
Third-party compliance does not end with onboarding. According to the DOJ’s fact statement of the case, suspicions regarding Jho Low, the focal point of bribes and covert payments, were raised inside Goldman Sachs after it became deeply involved with 1MDB and its financial ventures. However, the company’s control functions did not act upon these suspicions to try and learn more about the evolution of the deals and the roles of third parties working with 1MDB or Goldman or receiving payment through various and complex arrangements. Again, acting upon such suspicions may have prevented the compliance headache the company experienced.
– – – – –
As in other cases where companies have paid huge FCPA settlements, this won’t destroy Goldman Sachs, but it may seriously disrupt its ongoing and anticipated business worldwide and cause profound changes across its management and operations.
In light of strong voices calling for greater corporate social responsibility amid the Covid-19 crisis, companies should take it upon themselves to reform their organizational culture, strongly tackle unpleasant issues, and resolve compliance and control concerns before authorities come knocking on their door.