Developments in the Defense of Financial Institutions – Calculating the Financial Exposure

January 18, 2019

Click for PDF

Our financial institution clients frequently inquire about how best to address their regulatory and financial exposure in inquiries by the U.S. Department of Justice (“DOJ”) and regulators in the United States.[1]  With corporate entities[2] being held criminally liable under the U.S. legal doctrine of respondeat superior for the actions of even non-executive relationship managers and other employees, it is essential for boards of directors and senior management to have a clear understanding of the ways in which U.S. enforcers determine penalties for organizations, particularly regulated financial institutions.

This alert is part of a series of regular analyses of the unique impact of white collar issues on financial institutions.  In this edition, we examine the frameworks that DOJ and other U.S. enforcers have used in their corporate penalty calculations involving financial institutions.[3]  We begin in Section 1 by providing a general overview of the potential components of financial penalties imposed by DOJ and other U.S. enforcers.  Section 2 includes an analysis of DOJ resolutions involving financial institutions over a 10-year period and outliers within that same 10-year period.  Section 3 reviews the enforcement resolutions of certain other U.S. enforcers in order to highlight differences in the imposition of financial penalties (as discussed below) between those enforcers and DOJ.  Section 4 analyzes recent guidance and public statements for a preview of how corporate penalties may be calculated in the near future.  The alert concludes by presenting a series of key observations, which a financial institution should bear in mind if it finds itself forced to negotiate with DOJ or other U.S. enforcers in connection with a criminal or civil enforcement action.

1.      Potential Components of Financial Penalties

Financial penalties generally consist of some combination of the following three potential components:  monetary fines; restitution; and disgorgement.[4]  In calculating financial exposure, it is useful to understand the policy objectives and legal underpinnings of each component.  This section discusses those objectives and legal underpinnings, and details how DOJ calculates the first component (i.e., monetary fines) as part of a criminal resolution.

a.       Fines

Many federal statutes contain their own fine provisions, including a maximum fine amount.  For example, the Bank Fraud statute provides for fines of up to $1 million per violation.[5]  Similarly, the mail and wire fraud statutes provide for a $1 million fine per occurrence.[6]

It would be a mistake, however, to focus solely on the upper bounds contained in a specific federal statute in determining potential financial exposure, as those ranges often bear little resemblance to the penalty amount being sought in an enforcement action.  That is because federal law allows DOJ to calculate maximum fines as a multiple of the total amount of gross gain or loss attributable to an offense.[7]  Even relying on the statutory penalties, an aggressive U.S. enforcer may be able to augment a specific statutory range or cap by asserting that there are multiple discrete violations and aggregating those individual instances together to increase the potential penalty.

The practical reality is that U.S. enforcers have broad discretion in assessing the ultimate fine amount.  That discretion is generally guided by a set of factors these enforcers consider when settling on a monetary penalty.  Each U.S. enforcer has its own set of factors, the application of which is sometimes difficult to discern in individual enforcement actions.

DOJ’s determination of an appropriate fine or monetary penalty in a federal criminal investigation is driven by the concepts and principles codified in the U.S. Sentencing Guidelines (“Guidelines”), the most recent edition of which took effect on November 1, 2018.[8]  Chapter 8 of the Guidelines describes the principles used in calculating appropriate criminal fines for organizational or corporate defendants, which may be imposed instead of, or in addition to, restitution and/or disgorgement.  As described in further detail below, Chapter 8 of the Guidelines includes a number of aggravating or mitigating factors that can have a significant impact on the final fine amount.

A number of U.S. enforcers also publish policies applicable to violations of particular statutory provisions.  These policies often offer reductions in the amount of a penalty if and when a corporate entity fulfills certain specific criteria.

One recently promulgated policy is DOJ’s FCPA Corporate Enforcement Policy (the “FCPA Policy”), which was established as a pilot program in 2016 and formalized in DOJ’s Justice Manual in November 2017.[9]  The FCPA Policy incentivizes organizations to voluntarily self-disclose FCPA violations to DOJ.[10]  Under the FCPA Policy’s terms, a company’s voluntary self-disclosure, full cooperation, and timely efforts to remediate alleged misconduct are factors considered when determining whether the company qualifies for a mitigated penalty, which can range from a declination (i.e., a decision not to impose a fine at all), to a flat 50-percent reduction off the low end of the potential fines imposed where “aggravating factors” are present (e.g., the involvement of executive management).[11]  Not all factors need be present for a company to qualify for mitigation of the ultimate penalty.  For example, a company that fails to self-disclose, but which otherwise cooperates fully and makes remediation efforts, may still qualify to receive a fine reduction of up to 25 percent.  The FCPA Policy includes a set of detailed standards that specifically set forth what constitutes voluntary self-disclosure and full cooperation, and describe the basic requirements for a company to receive full credit for timely and appropriate remediation.  We discussed voluntary self-disclosure by financial institutions in greater detail in our July 2018 Defense of Financial Institutions Client Alert.

b.      Restitution

Restitution is an equitable remedy in criminal actions brought by U.S. enforcers.  Restitution is intended to compensate alleged victims based on the amount of their loss.[12]  In civil and administrative actions, restitution is available when a defendant is alleged to have violated a statute that provides for equitable remedies.  In these types of actions, a court looks to the statutory system under which a remedy is sought and determines its authority to order equitable relief.  Many state and federal statutes—such as the 1933 Securities Act and the 1934 Exchange Act—expressly confer equity jurisdiction on the courts.  Even when a statute is unclear regarding the scope of the grant of authority to issue equitable relief, courts have taken an expansive view of their implied powers to provide equitable relief.[13]

As discussed in greater detail below, in the criminal context, DOJ will use the Guidelines to calculate restitution amounts.  The Guidelines mandate restitution for all federal offenses, except under certain circumstances.

c.       Disgorgement

Disgorgement is also an equitable remedy, but, unlike restitution, disgorgement focuses on the defendant (not the alleged victim) in an enforcement action.[14]  Specifically, disgorgement is intended to deprive the defendant of its profits or other gain associated with the alleged conduct that is the subject of the enforcement action.

As with restitution, in the criminal context, the Guidelines expressly address disgorgement as a component of the sentencing process.[15]  Generally, however, restitution takes precedence over disgorgement, such that disgorgement may appropriately be viewed as a supplemental penalty imposed if and when a defendant retains any gains after restitution has been imposed.[16]

Although disgorgement has traditionally been secondary to restitution in criminal proceedings, DOJ recently has sought disgorgement through its FCPA Policy as a primary remedy in FCPA enforcement actions.  In particular, DOJ has taken this novel approach by issuing resolutions involving declinations with disgorgement.[17]

DOJ appears poised to extend this new approach in seeking declination-with-disgorgement resolutions beyond the FCPA context, potentially increasing the number of DOJ resolutions seeking disgorgement as the sole remedy.  In September 2018, DOJ reached a declination-with-disgorgement resolution with Barclays Bank PLC after an investigation involving fraud and market manipulation allegations.  In publicly discussing this resolution, the Principal Deputy Assistant Attorney General of the DOJ’s Criminal Division and the then Chief of DOJ’s Securities and Financial Fraud Unit stated that DOJ would consider declination-with-disgorgement resolutions in cases involving federal laws other than the FCPA, including the False Claims Act, the Dodd-Frank Act, and the Sarbanes-Oxley Act.[18]

d.      Calculating the Fine under the Guidelines

The Guidelines contain aggravating and mitigating factors that are used to determine a fine range.  These factors present opportunities for principled advocacy to explain why a particular enhancement is not warranted or, conversely, why a mitigating factor should be applied that would decrease the fine.

In advocating for how specific factors contribute to a given fine calculation, financial institutions can rely on a number of sources, including:

• the text of the Guidelines themselves and the interpretive guidance contained in their application notes;
• case law, which is fairly limited given how infrequently organizations choose to litigate criminal cases; and
• the precedent established by prior criminal resolutions.

Of these, prior resolutions can be very significant.  For that reason, financial institutions should seek to demonstrate that the application of relevant factors within the Guidelines is consistent with how similarly-situated organizations have been treated by DOJ.  Alternatively, financial institutions should seek to demonstrate that the result sought by the U.S. enforcer is inconsistent with prior cases, particularly when negotiating with government attorneys responsible for a wider range of enforcement matters, such as with one of the U.S. Attorney’s Offices most active in the corporate enforcement arena.

We begin with an overview of the framework for calculating organizational fines under Chapter 8 of the Guidelines and then include a more detailed analysis of three of the most commonly used variables—prior history, the role of management, and placement within the resulting Guidelines range—that feed into the final fine calculation.  The overview and detailed analysis of each variable concludes with a discussion of potential advocacy points that financial institutions can utilize in negotiating DOJ resolutions.

 i.      Overview of Criminal Fine Calculations under Chapter 8 of the Guidelines

The determination of an appropriate criminal fine begins with the calculation of the base fine.  The base fine represents the greatest of:

• the amount correlating to the offense level calculated under the relevant section the Guidelines;[19]
• the pecuniary gain to the organization; or
• the pecuniary loss caused by the organization, to the extent it was caused intentionally, knowingly, or recklessly.[20]

Section 8C2.4(d) contains a fine table with base fines ranging from $8,500 to $150,000,000 depending on the offense level calculated under the Chapter 2 of the Guidelines.  However, the pecuniary gain or loss involved in the alleged misconduct at hand often will exceed that number and will therefore serve as the base fine.

To determine the applicable fine range, the base fine will be multiplied by a figure determined based on the “culpability score.”  The culpability score begins at a base level of five,[21] and can be increased or decreased based on certain “aggravating” or “mitigating” factors.[22]  The resulting culpability score determines the multiplier applicable to the base fine in order to determine the fine range, which can vary from as low as a multiplier of 0.05 for a culpability score of zero or below, to as high as a multiplier of 4.0 for a culpability score of 10 or above.[23]

As the broad range of available multipliers suggests, even a modest change in culpability score can drastically affect the resulting penalty amount.  For example, in a matter with a $100 million base fine, a single point culpability score increase from five to six raises the top-end fine by $40 million, from $200 million to $240 million.  This fine amount is independent of the restitution, disgorgement, and any other financial components of the contemplated resolution.  Given the significant effect of the culpability score on the resulting penalty, financial institutions should arm themselves with principled arguments to explain why a particular culpability score factor should (or should not) be applied.

There are three aspects of the fine calculation that often are relevant to financial institutions:  the organization’s prior history of allegedly similar misconduct; the extent to which a sentence can be enhanced or reduced based on the role of management; and the placement of the fine amount within the applicable fine range.

    ii.      Prior History Enhancement

Chapter 8 of the Guidelines provides a two-point enhancement in culpability score if “the organization (or a separately managed line of business) committed any part of the instant offense less than 5 years after (A) a criminal adjudication based on similar misconduct; or (B) civil or administrative adjudication(s) based on two or more separate instances of similar misconduct.”[24]  An organization can be subject to a one-point enhancement if either of these conditions occurred within the last 10 years prior to the alleged misconduct.[25]

As financial institutions—particularly large, diversified organizations with several different business lines—may be subject to a wide range of regulatory or enforcement actions, it is important to understand the nuances of this enhancement to make arguments against its imposition.  The most salient aspects of this enhancement and the advocacy points most relevant for each are as follows:

• Policy Justification:  The organizational Guidelines do not specify the rationale for the prior history enhancement, but the guidance underlying analogous sections of the individual Guidelines roots this enhancement in the principles that recidivists are more culpable than first offenders and that stronger enforcement for repeat offenses acts as a general deterrent.[26]  Based on this yardstick, financial institutions can argue that recidivism concerns are misplaced if the government is relying on prior regulatory actions or findings—those regulatory actions serve different purposes than enforcement actions and should not properly be considered prior criminal history.
• “Adjudication:”  The Guidelines do not define what types of regulatory actions qualify as a prior “civil or administrative adjudication.”[27]  Other sources suggest the most salient characteristic of an adjudication is its adversarial nature.[28]  Based on this principle, financial institutions can potentially argue that administrative consent decrees (in which a party negotiates with the enforcer on how it will address a prior compliance deficiency or potential violation) and regulatory audits (which by their nature identify areas of improvement) should not serve as the basis of a sentencing enhancement, particularly where the organization has complied with the terms of the consent order or remediated the issues identified in the audit.  The specific and nuanced wording of individual consent decrees and audits can often aid with advancing this argument.
• Timing of Prior History:  Given the lengthy time span and multi-agency aspect of many enforcement inquiries involving financial institutions, any regulatory action involving similar misconduct must be issued prior to the instant alleged misconduct to justify the imposition of this enhancement.[29]  As such, the conduct underlying a prior regulatory adjudication should not both be part of the alleged misconduct forming the basis for the resolution and the basis for a prior history enhancement.
• Similar Misconduct:  For the prior history enhancement to be applied, the prior criminal, civil, and/or administrative adjudication(s) must be based on “similar misconduct” to the alleged misconduct in the instant case.[30]  The Guidelines define “similar misconduct” broadly to mean “prior conduct that is similar in nature to the conduct underlying the instant offense,” giving the example of Medicare fraud and another type of fraud,[31] and case law supports this broad interpretation.[32]  Nonetheless, organizations should be prepared to substantively distinguish the alleged misconduct from the conduct forming the basis of the alleged “prior adjudication(s).”
• “Separately Managed Lines of Business:”  The prior history enhancement applies if “an organization (or separately managed line of business)” was subject to a prior adjudication based on similar misconduct.[33]  The Guidelines indicate that a “separately managed line of business” may include a corporate subsidiary or division,[34] and that in determining the prior history of a separately managed line of business, the enforcer should only consider the history of that separately managed line of business.[35]  Thus, financial institutions could seek to demonstrate that a prior action involved a different subsidiary or unit than the component(s) involved in the current matter.

In addition to the specific terms of this provision of the Guidelines, organizations may advocate against the application of the prior history enhancement based on its infrequent historical application in prior corporate criminal resolutions.  According to aggregate annual statistics published by the U.S. Sentencing Commission, the prior history enhancement has been applied in a mere 1.39 percent (12 of 865) cases involving detailed organizational sentencing calculations between 2006 and 2017.[36]  To go beyond data available at sentencing, we have reviewed 119 major corporate resolutions (including guilty pleas, deferred prosecution agreements (“DPAs”), and non-prosecution agreements (“NPAs”)) since the beginning of 2008,[37] and have identified only four resolutions in which a one- or two-point enhancement for prior history was applied.[38]  The circumstances of these resolutions suggest that DOJ will generally apply this enhancement only for cases involving clear instances of recidivism in breach of a prior resolution arising from the same type of misconduct.

iii.      Sentencing Enhancements or Reductions Based on Management’s Role

In recent years, U.S. enforcers have emphasized the importance of “corporate culture,” particularly as it relates to the “tone at the top” set by an organization’s senior management.  In the compliance context, the theory is that if an organization’s top management demonstrates a firm commitment to ensuring that the company complies with its legal and regulatory obligations—which must go beyond simply establishing written policies and procedures on paper—this emphasis will filter down to rank-and-file employees, ensuring a higher level of overall compliance.  Conversely, DOJ takes the view that if management fails to adequately invest in compliance and emphasizes profitability above all else, line employees throughout the organization will see compliance as an obstacle rather than as a point of emphasis.

The alleged role of management is one of the largest drivers of an organization’s culpability score.  Organizations may be subject to a culpability score enhancement of up to five points if either “(i) high-level personnel of the organization [or unit] participated in, condoned, or was willfully ignorant of the offense; or (ii) tolerance of the offense by substantial authority personnel was pervasive throughout the organization [or organizational unit].”[39]  According to the Guidelines, the magnitude of the enhancement is based on the total headcount of the culpable organization (or unit) because the larger the organization, the more significant the consequences of management’s complicity or willful ignorance of misconduct, and the more substantial the risk that misconduct in one area will spread to the rest of the organization.[40]  Based on the significant impact that the role of management can play in the calculation of a monetary fine, financial institutions should consider the following advocacy points.

• Determining the Relevant Organization or Unit:  The biggest driver of the culpability score enhancement for management involvement is the size of the organization or unit implicated in the alleged misconduct.  Therefore, financial institutions should seek to precisely define what unit(s) or division(s) were implicated in the conduct at issue and which were not, and consequently should argue for an enhancement based on that more limited scope (if it is appropriate to impose one at all).  Recent corporate criminal resolutions involving only specific units or subsidiaries of large, multinational companies suggest that DOJ is receptive to these arguments and will resolve a matter with only the culpable unit(s) if doing so is warranted by the facts.[41]
• “Willful Ignorance:”  This enhancement may be applied if a high-level manager “participated in, condoned, or was willfully ignorant of the offense.”[42]  The Guidelines definition indicates that an individual is willfully ignorant if “the individual did not investigate the possible occurrence of unlawful conduct despite knowledge of circumstances that would lead a reasonable person to investigate whether unlawful conduct had occurred.”[43]  This fairly flexible definition—suggesting that mere failure to investigate the reasonable possibility of unlawful conduct will suffice—is in tension with recent Supreme Court precedent defining willful ignorance as characterized by employees’ efforts to “deliberately shield[] themselves from clear evidence of critical facts that are strongly suggested by the circumstances.”[44]  Given the non-mandatory nature of the Guidelines following the Supreme Court’s decision in United States v. Booker,[45] organizations should advocate that the Supreme Court’s more exacting standard be applied.
• Definition of an “Effective Compliance and Ethics Program:”  The Guidelines call for a three-point reduction in an organization’s culpability score if the organization had an “effective compliance and ethics program” in place at the time the offense occurred.[46]  This is a credit that is generally unavailable to organizations subject to the enhancement for management involvement.[47]  The Guidelines define this program by reference to seven “minimal” features needed to show that the organization “exercise[s] due diligence to prevent and detect criminal conduct” and “promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”[48]  The Guidelines further indicate that an ethics and compliance program must be “generally effective” at detecting and preventing criminal conduct, based on applicable industry and regulatory standards, the size and sophistication of the organization, and the organization’s history of prior misconduct.[49]
• Precedential Application of the Compliance and Ethics Program Reduction:  A review of all corporate sentencings between 2006 and 2017 indicates that a mere 5 of 860 (0.58 percent) of corporate defendants received this three-point credit.[50]  Given the emphasis over the last twenty years on corporate compliance, the paucity of companies qualifying for an effective compliance program is discouraging.  The infrequency with which organizations receive this credit at sentencing should not, however, prevent financial institutions from advocating for this credit in a pre-charge resolution, particularly since arguments about the state of a company’s compliance controls are relevant to placement in the fine range and may have implications for other civil or administrative proceedings.

   iv.      Placement of the Penalty Within the Fine Range

Even after DOJ calculates and establishes the key inputs of a financial penalty under the Guidelines (i.e., the base fine and culpability score), DOJ retains a potentially significant degree of discretion in situating a penalty within the resulting fine range.

The Guidelines identify 11 factors that DOJ should consider in determining the appropriate placement of a penalty in the fine range.[51]  The Guidelines further indicate that DOJ may consider “the relative importance of any factor used to determine the range,” including the amount of pecuniary loss or gain, specific offense characteristics, or the aggravating or mitigating factors used to calculate the culpability score.[52]  Thus, DOJ has significant latitude in advocating for the placement of the fine relative to the range.

Despite the seeming flexibility DOJ has in setting an appropriate fine relative to the applicable range, in practice, most fines are situated at or in some cases substantially below the lower end of the fine range.[53]  In some cases, companies were fined at or below the low end of the range as part of an articulated enforcement program that leads to different results than those suggested by Guidelines § 8C2.8.

For one example, the DPA for the DOJ Tax Division’s recent Swiss Bank Program $98 million resolution with Zürcher Kantonalbank (“ZKB”), filed in August 2018, highlighted that the bank’s cooperation credit was reduced because it discouraged two indicted, separately represented bankers from cooperating with U.S. authorities, contributing to the employees’ decision to resist cooperating with the government’s investigation for about two years.[54]  Notwithstanding this seemingly imperfect cooperation, ZKB’s $35 million penalty represented a 50 percent discount below the bottom of the applicable fine range in recognition of its “substantial cooperation” with the investigation.[55]  For that reason, advocacy regarding the fine calculation should focus on the underlying basis for the base fine and the principles that feed into the culpability score, since those inputs will determine the range, and there will be ample precedent supporting a bottom-range or below-range fine.

2.      How DOJ Utilizes the Financial Penalty Components in Practice

To understand how the three potential components—fine, restitution, and disgorgement—play out in practice, we analyzed 10-years’ worth of DOJ resolutions involving financial institutions.  In addition, we make reference to DOJ’s most notable resolutions in 2018 involving financial institutions.  Finally, to illuminate how DOJ can exercise complete discretion in calculating the penalties for a particular case in a manner that is either higher or lower than those penalties imposed in similar cases, we review DOJ resolutions where the financial penalties assessed were outliers in comparison to the majority of DOJ resolutions over the last 10 years.

a.       10-Year Review of DOJ Resolutions Involving Financial Institutions

We have identified 143 resolutions where DOJ assessed a penalty to a financial institution between 2008 to 2018.[56]  The findings below relate only to the penalties assessed by DOJ—not other U.S. enforcers.  It is not uncommon, however, particularly in larger resolutions, for financial institutions to enter into a global structure that includes resolutions with multiple U.S. agencies—both at the federal and state levels—and even foreign regulatory enforcement agencies.  The data and analysis in this subsection is limited to the penalty assessed by DOJ itself since that amount tends to be the largest single driver of financial exposure.

Chart 1 below illustrates how frequently DOJ uses restitution, disgorgement/forfeiture, fines, or a mix of these penalties in resolutions with financial institutions.

Chart 1

Chart 1 illustrates that approximately 68 percent of the resolutions that DOJ has entered into with financial institutions in the past decade have involved only a fine, without any disgorgement or restitution component.  Part of the explanation for this high percentage is that there were approximately 80 NPAs between DOJ and certain Swiss banks as part of a special DOJ program.  These resolutions only involved a fine.  However, fine-only resolutions are not limited to the Swiss bank context.  Resolutions between DOJ and financial institutions in matters resolving allegations of fraud or manipulation of the London Inter-bank Offered Rate (“LIBOR”), for instance, often involve only a fine component.  As such, resolutions involving only a fine are quite common.

By contrast, resolutions involving only restitution are incredibly rare, occurring just 1.4 percent of the time.  Meanwhile, resolutions involving only disgorgement—which occur 14 percent of the time—are somewhat more common but still relatively rare.  The data also demonstrates that it is not uncommon for DOJ resolutions with financial institutions to involve multiple penalty components.  Approximately 16 percent of DOJ resolutions involve more than one penalty component.[57]

If we analyze the amount of the penalties that DOJ assessed using each of these components, the importance of disgorgement and forfeiture as a penalty component becomes clearer.  Chart 2 illustrates the total amount of financial penalties DOJ has assessed to financial institutions using each penalty component between 2008 and 2018.

Chart 2

As the data in Chart 2 shows, forfeiture and disgorgement account for nearly 61 percent of the dollars DOJ has assessed in penalties to financial institutions in the past decade, nearly twice as much as through fines alone.  A key factor that helps explain this data is that forfeiture has been the only, if not the predominant, penalty component in many of the largest resolutions between DOJ and financial institutions in the past decade.  Indeed, of the seven largest resolutions with DOJ in the past 10 years, disgorgement or forfeiture accounted for the majority of the financial penalty amounts.  For example, forfeiture comprised $8,833,600,000 of the $8,973,600,000 penalty in BNP Paribas’ 2014 sanctions resolution, and the entire penalty in HSBC’s $1.256 billion 2012 sanctions resolution, JP Morgan’s 2014 $1.7 billion BSA resolution, and Société Générale S.A.’s 2018 $717 million sanctions resolution.

b.      Notable 2018 Resolutions

In 2018, there were 13 resolutions between DOJ and financial institutions in which the overall financial penalty was more than $5 million.[58]  Five of the 13 involved penalties over $100 million, including the second largest penalty ever imposed on a financial institution for alleged violations of U.S. economic sanctions.  Gibson  Dunn’s 2018 Year-End NPA/DPA update offers a detailed analysis of these resolutions.

c.       Outlier Resolutions

When assessing how U.S. enforcers might assess penalties in a particular case, it is worth analyzing penalties that fall outside of the norm in order to understand whether the conduct at issue in a particular matter might carry significantly more or less financial exposure.  This subsection discusses two notable outliers, which illuminate how U.S. enforcers can exercise discretion in calculating the penalties for a particular case in a manner that is either higher or lower than those penalties imposed in similar cases.  At the high end, DOJ’s $8.9 billion resolution with BNP Paribas remains the largest criminal penalty assessed to date against a financial institution.  This DOJ resolution was notable not only in terms of the overall size of the penalty, but also in the way that it was calculated.  At the low end, DOJ resolutions with “Category Two” banks as part of DOJ’s Swiss Bank Program (as further discussed in the subsection below) were significantly less aggressive in terms of the way in which DOJ calculated financial penalties.

    i.      On the High End – BNP Paribas

In June 2014, BNP Paribas pled guilty to violating U.S. sanctions laws, agreeing to pay total financial penalties of $8.9 billion.[59]  This remains the largest criminal penalty that the United States has ever imposed on a financial institution or any other organization.  Of that $8.9 billion, BNP Paribas agreed to forfeit $8.8336 billion and pay a fine of $140 million.[60]  In addition to the sheer magnitude of the penalty, the way in which DOJ calculated the penalty was notable in two respects.  First, the forfeiture amount represented “the amount of proceeds traceable to the violations” set forth in the charging document.[61]  In other words, BNP Paribas was required to forfeit one dollar for every dollar that it cleared in a transaction violating U.S. sanctions laws, even though the bank only received a very small commission for clearing that dollar.  Second, the $140 million fine that DOJ assessed against BNP Paribas represented “twice the amount of pecuniary gain to [BNP Paribas] as a result of the offense conduct.”[62]  Thus, BNP Paribas’s fine was two times the amount of profits it received from this activity.

It is quite rare for a penalty to include both a one-to-one forfeiture ratio (particularly in cases involving the violation of economic sanctions) and a two-to-one disgorgement ratio.  This extreme penalty may have reflected DOJ’s perception of the egregiousness of BNP Paribas’s alleged conduct and its level of cooperation.  Regarding its conduct, the bank cleared over $8.8 billion through the U.S. financial system that allegedly violated U.S. sanctions laws.[63]  It also continued to clear U.S. dollar transactions allegedly in violation of the Cuba embargo, according to DOJ, “long after it was clear that such business was illegal.”[64]  Moreover, the bank continued clearing transactions allegedly in violation of U.S. sanctions on Iran “nearly two years after the bank had commenced an internal investigation into its sanctions compliance and pledged to cooperate with the [g]overnment.”[65]  Ultimately, as the Assistant Attorney General for DOJ’s Criminal Division explained, “BNP Paribas flouted U.S. sanctions laws to an unprecedented extreme, concealed its tracks, and then chose not to fully cooperate with U.S. law enforcement, leading to a criminal guilty plea and nearly $9 billion penalty.”[66]

    ii.      On the Low End – Swiss Bank Program

In contrast to the BNP Paribas resolution, the total penalties that DOJ assessed in enforcement resolutions under its Swiss Bank Program with “Category Two” banks were on average less than five percent of the undeclared U.S. assets that these banks maintained.

As noted above, DOJ’s Swiss Bank Program allowed Swiss banks to resolve potential criminal liabilities in the United States by voluntarily disclosing undeclared U.S. accounts held at their banks.[67]  There were four categories of banks covered under the Swiss Bank Program.  Category One banks were under active criminal investigation and thus ineligible for the program.[68]  Category Two banks were those that had “reason to believe” that they may have committed tax-related offenses under U.S. law.[69]

Since the program began, DOJ has entered into 81 NPAs with Swiss banks.[70]  The vast majority of these NPAs were with Category Two banks.  In NPAs with Category Two banks, DOJ agreed to significantly more modest penalty calculations.  The NPAs generally disclose in the statement of facts the aggregate value of the U.S.-related accounts that the bank maintained and did not disclose.  The average penalty assessed in NPAs with Category Two banks was approximately three percent of the aggregate value of the undisclosed accounts.

3.      Other U.S. Enforcers

In addition to DOJ, other U.S. enforcers impose monetary fines against financial institutions and other organizations for violations of relevant federal laws and regulations.  These other U.S. enforcers’ frameworks for calculating financial penalties, however, are not as well-defined as DOJ’s framework under the Guidelines.  In the subsections below, we highlight 2018 resolutions imposed by the OCC and the FRB.  What becomes most apparent in analyzing these resolutions is that certain U.S. enforcers only impose fines (and not restitution or disgorgement penalties).

a.       2018 OCC Resolutions

In 2018, the OCC entered into seven resolutions with financial institutions where involving a settlement amount of $10 million or greater.  In addition to the penalties that the OCC assessed to U.S. Bank (discussed in the 2018 DPA/NPA mid-year alert) and Rabobank NA, it also assessed two other notable penalties over $50 million in 2018.  First, Wells Fargo, National Association, entered into an order with the OCC, which included a $500 million in civil money penalties to resolve matters regarding the bank’s compliance risk management program and past practices.[71]  This penalty matched the largest penalty that the OCC has ever issued.  In addition, the bank submitted a plan for the management of remediation activities conducted by the bank.  Second, in October 2018, the OCC issued a consent order against Capital One Bank (U.S.A.), N.A., in which it assessed a $100 million civil penalty.[72]  This consent order was issued for BSA/AML violations, including violating a 2015 Consent Order.[73]  The fines in these OCC resolutions only included fines (i.e., the OCC did not include restitution or disgorgement).

b.      2018 Federal Reserve Board Resolutions

In 2018, the FRB issued five cease-and-desist orders, 12 civil monetary penalties, and three resolutions that included both a cease-and-desist order and a civil monetary penalty to financial institutions.  These three resolutions were the SocGen sanctions resolution, the U.S. Bank BSA/AML resolution (both referenced above), and a $54.75 million settlement with The Goldman Sachs Group, Inc. resolving allegations surrounding the bank’s foreign exchange trading business.[74]  All of these financial penalties were composed entirely of fines.

4.      Forward-Looking Guidance from Enforcers

Recent guidance by U.S. enforcers provides helpful clues as to how they will approach financial penalties for corporations.  In particular, enforcers have been focused on enhancing inter-agency coordination in order to avoid imposing duplicative penalties.

a.       Recent Guidance

One example of a written policy is DOJ’s Justice Manual, which contains guidance with respect to the bringing of criminal actions against organizations and penalties associated with those actions.  The Justice Manual lists factors DOJ should consider in determining whether and how to charge a corporate entity, such as the nature of the offense, the “pervasiveness of the wrongdoing,” the “history of similar misconduct,” the “adequacy and effectiveness of the corporation’s compliance program,” among others.[75]  The Justice Manual also specifically outlines how voluntary self-disclosure and cooperation may affect the outcome of a criminal action against a legal entity, much like we discussed earlier in the context of the FCPA Policy.[76]

In another example, the OCC issues written policies and guidance with respect to civil monetary penalties in its Policies and Procedures Manual (“PPM”), most recently updated on November 13, 2018.[77]  In the PPM, the OCC lays out the factors it considers in determining penalty amounts, including:  “(1) the size of financial resources and good faith of the institution . . .  charged; (2) the gravity of the violation; (3) the history of previous violations; and (4) such other matters as justice may require,” as well as 13 additional factors set forth in an Interagency Policy issued by the Federal Financial Institutions Examination Council (“FFIEC”) in 1998.[78]  The OCC includes matrices as appendices to the PPM, which apply “factor scores” to the different factors considered in determining an appropriate penalty.  Although these matrices “are only guidance” and “do not reduce the [penalty] process to a mathematical equation and are not a substitute for sound supervisory judgment,” they provide guidance and may give financial institutions a sense of how the factors are weighed when the OCC considers a monetary penalty.[79]

The FDIC publishes a similar matrix and issues guidance on the factors it considers when imposing penalties.  These factors are essentially the same as those considered by the OCC, which is unsurprising due to the coordination of the federal banking regulators through the FFIEC.[80]

Further guidance—although nonbinding—regularly comes in the form of speeches at conferences and events by DOJ and other officials.  Given the flexibility and judgment calls involved in each decision, however, any review or estimate of financial exposure must include a review of the enforcement actions brought by these agencies in order to glean which factors will be applied and how they will be weighted.

b.      Recent Guidance Focused on Inter-Agency Coordination

Although many different U.S. enforcers have the authority to impose financial penalties, there have been efforts to coordinate resolutions between these agencies and, in some cases, to attempt to avoid duplicative fines.  For example, in May 2018, Deputy Attorney General Rod Rosenstein announced a new DOJ Policy on Coordination of Corporate Resolution Penalties, which was then incorporated into the Justice Manual.[81]  This policy—commonly referred to as the “Anti-Piling On Policy”—seeks to avoid the unnecessary “piling on” of duplicative criminal and civil penalties and to encourage cooperation among enforcement agencies both within DOJ as well as between DOJ and other domestic and foreign enforcers.  The new Anti-Piling On Policy encourages DOJ to coordinate with other enforcers when considering appropriate penalties, listing specific factors that may lead to the imposition of multiple penalties, including:  (1) “the egregiousness of a company’s misconduct;” (2) “statutory mandates regarding penalties, fines, and/or forfeitures;” (3) “the risk of unwarranted delay in achieving a final resolution;” and (4) “the timeliness of a company’s disclosures and its cooperation” with DOJ.[82]

In Rosenstein’s May 9, 2018 speech announcing the policy, he explicitly referred to coordination with the SEC, the CFTC, the FRB, the FDIC, the OCC, and OFAC, and stressed that “[b]y working with other agencies . . . our Department is better able to detect sophisticated financial fraud schemes and deploy adequate penalties and remedies to ensure market integrity.”[83]  In practice, the Anti-Piling On Policy does not reflect a major shift in DOJ’s approach, as DOJ had already been coordinating with other U.S. enforcers on many matters.  However, this new official policy does formalize and reduce to writing DOJ’s commitment to coordination.

We have seen DOJ’s new Anti-Piling On Policy play out in a number of resolutions over the past year.  For example, in recent resolutions involving U.S. Bank and Rabobank NA (both referenced above), the various U.S. enforcers acknowledged and credited fines imposed by others.  While the Rabobank NA and U.S. Bank resolutions occurred before the official announcement of the Anti-Piling On Policy, they reflect the same coordination principles and appeared consistent with Rosenstein’s November 2017 remarks indicating that DOJ had intended to apply those principles going forward.  More recently, in the June 2018 SocGen FCPA and LIBOR DPA discussed above, DOJ credited the penalty paid to a foreign regulator—the Parquet National Financier—reducing its imposed fine by 50 percent on that basis.[84]

Other U.S. enforcers have not yet officially announced parallel policies but many have demonstrated the same crediting of fines imposed by other agencies.  For example, the SEC in recent speeches has addressed its desire to work with other enforcers and to take into consideration other enforcement actions.  On May 11, 2018, just two days after the announcement of DOJ’s Anti-Piling On Policy, SEC Commissioner Hester Peirce remarked at a conference that “[a]nother way to conserve resources for matters most in need of our enforcement attention is to work with other regulators and the criminal authorities” and that “[i]n deciding whether to pursue a matter, the Enforcement Division . . . can take into consideration whether other regulatory or criminal authorities are looking at the same conduct.”[85]  This plays out in the amount of penalties imposed in addition to the decision to bring an action in the first place.  For example, in a July 2018 FCPA resolution with CSHK (discussed above), the SEC imposed disgorgement and accrued interest amounts totaling approximately $30 million, but did not require a separate fine, crediting the $47 million criminal penalty paid to DOJ.[86]

Along the same lines, in June 2018, the FFIEC rescinded a previous policy statement from 1997 and replaced it with a new inter-agency policy reflecting coordination in enforcement actions against financial institutions by the OCC, the FRB, and the FDIC.[87]  This new policy reflects the same goal of coordinating actions and resolutions in order to avoid the piling on of duplicative monetary fines.

Despite the efforts of agencies to coordinate and credit penalties imposed by others, the SocGen sanctions-related enforcement action discussed above does not appear to have involved credits by the settling agencies for fines paid to others.  In reaching the global resolution of $1.4 billion, DOJ did not credit payments to other U.S. enforcers and in fact referred to “separate agreements” under which SocGen “shall pay additional penalties.”[88]  Similarly, the OFAC Enforcement Information referred to the global settlement involving resolutions with DOJ, the FRB, the New York County District Attorney’s Office, the U.S. Attorney’s Office for the Southern District of New York, and the New York Department of Financial Services, but did not credit any of the other fines in assessing its penalty of nearly $54 million.[89]  OFAC has not publicly stated whether it is moving away from the crediting of payment to other enforcers or whether the SocGen resolution is an outlier.[90]  In any event, it is still too soon to know whether the trends toward cooperation and the avoiding of duplicative penalties will reduce the total penalty paid by an organization facing a multi-agency enforcement action.

5.      Conclusion

Although most financial penalties in civil and criminal matters may contain the same potential components (i.e., fines, restitution, and/or disgorgement) as seen in the majority of DOJ corporate resolutions over a 10-year period, there can be significant variance in how these components are calculated.

Additionally, although the determination of any base fine or penalty is driven by specific principles and elements for the sentencing of organizations in the Guidelines, these principles and elements will be informed by the facts that are the subject of any government investigation.  Often conduct can be viewed as implicating different statutes and violations.  For example, most alleged violations can be viewed according to the underlying problem (e.g., sanctions) as well as AML.  When negotiating with U.S. enforcers, financial institutions, and their counsel should consider how best to shape the narrative around the scope of the alleged misconduct and how those enforcers view different statutory violations.  By advocating effectively in this regard, a financial institution can position itself to reduce its potential financial penalty or even take advantage of a program designed to encourage cooperation (e.g., FCPA Policy).

Financial institutions should also consider that fine calculations can be adjusted up or down based on culpability scores, prior history enhancements, and the role of management in the alleged misconduct.  Financial institutions should accordingly be prepared to make principled arguments rooted in the facts of the instant case and be familiar with the outcomes of other analogous cases in order to appeal to relevant organizational precedent.  Nonetheless, although the Guidelines’ principles are helpful in determining an organization’s exposure to a potential criminal penalty, financial institutions should be mindful of the significant discretion prosecutors wield in determining whether to apply a given enhancement or reduction and in situating the penalty amount within the applicable fine range.

Finally, financial institutions should also keep in mind these criminal sentencing principles when negotiating civil or administrative resolutions.  For example, by negotiating for language explicitly disclaiming that a cease-and-desist order or consent decree should be regarded as a “civil or administrative adjudication,” a financial institution may limit its exposure to the prior history aggravating factor in potential future criminal actions.

We believe that it is essential for our financial institution clients to understand their potential financial exposure when assessing matters involving DOJ or other U.S. enforcers.  We hope this publication serves as a helpful primer on this issue, and look forward to addressing other topics that raise unique issues for financial institutions in this rapidly-evolving area in future editions.

The following Gibson Dunn attorneys assisted in preparing this client update:  M. Kendall Day, Stephanie L. Brooker, F. Joseph Warin, Carl Kennedy, Chris Jones, Jaclyn Neely, Chantalle Carles Schropp, and Alexander Moss.

Gibson Dunn has deep experience with issues relating to the defense of financial institutions, and we have recently increased our financial institutions defense and AML capabilities with the addition to our partnership of M. Kendall Day. Kendall joined Gibson Dunn in May 2018, having spent 15 years as a white collar prosecutor, most recently as an Acting Deputy Assistant Attorney General, the highest level of career official in DOJ’s Criminal Division. For his last three years at DOJ, Kendall exercised nationwide supervisory authority over every BSA and money-laundering charge, DPA and NPA involving every type of financial institution. Kendall joined Stephanie Brooker, a former Director of the Enforcement Division at FinCEN and a former federal prosecutor and Chief of the Asset Forfeiture and Money Laundering Section for the U.S. Attorney’s Office for the District of Columbia, who serves as Co-Chair of the Financial Institutions Practice Group and a member of White Collar Defense and Investigations Practice Group. Kendall and Stephanie practice with a Gibson Dunn network of more than 50 former federal prosecutors in domestic and international offices around the globe.

For assistance navigating white collar or regulatory enforcement issues involving financial institutions, please contact any Gibson Dunn attorney with whom you work, or any of the following leaders and members of the firm’s White Collar Defense and Investigations and Financial Institutions practice groups:

Washington, D.C.
F. Joseph Warin (+1 202-887-3609, [email protected])
Richard W. Grime (+1 202-955-8219, [email protected])
Patrick F. Stokes (+1 202-955-8504, [email protected])
Judith A. Lee (+1 202-887-3591, [email protected])
Stephanie Brooker (+1 202-887-3502, [email protected])
John W.F. Chesley (+1 202-887-3788, [email protected])
Daniel P. Chung (+1 202-887-3729, [email protected])
M. Kendall Day (+1 202-955-8220, [email protected])
David Debold (+1 202-955-8551, [email protected])
Stuart F. Delery (+1 202-887-3650, [email protected])
Michael S. Diamant (+1 202-887-3604, [email protected])
Adam M. Smith (+1 202-887-3547, [email protected])
Linda Noonan (+1 202-887-3595, [email protected])
Oleh Vretsona (+1 202-887-3779, [email protected])
Christopher W.H. Sullivan (+1 202-887-3625, [email protected])
Courtney M. Brown (+1 202-955-8685, [email protected])
Jason H. Smith (+1 202-887-3576, [email protected])
Ella Alves Capone (+1 202-887-3511, [email protected])
Pedro G. Soto (+1 202-955-8661, [email protected])

New York
Reed Brodsky (+1 212-351-5334, [email protected])
Joel M. Cohen (+1 212-351-2664, [email protected])
Lee G. Dunst (+1 212-351-3824, [email protected])
Mark A. Kirsch (+1 212-351-2662, [email protected])
Arthur S. Long (+1 212-351-2426, [email protected])
Alexander H. Southwell (+1 212-351-3981, [email protected])
Lawrence J. Zweifach (+1 212-351-2625, [email protected])
Daniel P. Harris (+1 212-351-2632, [email protected])

Denver
Robert C. Blume (+1 303-298-5758, [email protected])
John D.W. Partridge (+1 303-298-5931, [email protected])
Ryan T. Bergsieker (+1 303-298-5774, [email protected])
Laura M. Sturges (+1 303-298-5929, [email protected])

Los Angeles
Debra Wong Yang (+1 213-229-7472, [email protected])
Marcellus McRae (+1 213-229-7675, [email protected])
Michael M. Farhang (+1 213-229-7005, [email protected])
Douglas Fuchs (+1 213-229-7605, [email protected])

San Francisco
Winston Y. Chan (+1 415-393-8362, [email protected])
Thad A. Davis (+1 415-393-8251, [email protected])
Marc J. Fagel (+1 415-393-8332, [email protected])
Charles J. Stevens – Co-Chair (+1 415-393-8391, [email protected])
Michael Li-Ming Wong (+1 415-393-8333, [email protected])

Palo Alto
Benjamin Wagner (+1 650-849-5395, [email protected])

London
Patrick Doris (+44 20 7071 4276, [email protected])
Charlie Falconer (+44 20 7071 4270, [email protected])
Sacha Harber-Kelly (+44 20 7071 4205, [email protected])
Philip Rocher (+44 20 7071 4202, [email protected])
Steve Melrose (+44 (0)20 7071 4219, [email protected])

Paris
Benoît Fleury (+33 1 56 43 13 00, [email protected])
Bernard Grinspan (+33 1 56 43 13 00, [email protected])
Jean-Philippe Robé (+33 1 56 43 13 00, [email protected])
Audrey Obadia-Zerbib (+33 1 56 43 13 00, [email protected])

Munich
Benno Schwarz (+49 89 189 33-110, [email protected])
Michael Walther (+49 89 189 33-180, [email protected])
Mark Zimmer (+49 89 189 33-130, [email protected])

Hong Kong
Kelly Austin (+852 2214 3788, [email protected])
Oliver D. Welch (+852 2214 3716, [email protected])

São Paulo
Lisa A. Alfaro (+55 (11) 3521-7160, [email protected])
Fernando Almeida (+55 (11) 3521-7095, [email protected])

© 2019 Gibson, Dunn & Crutcher LLP, 333 South Grand Avenue, Los Angeles, CA 90071

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.