United States: US And UK Regulators Provide Guidance On Anti-Corruption Controls

Last Updated: May 10 2012
Article by Roger M. Witten , Kimberley A. Parker , Jay Holtmeier , Stephen Pollard , Klaus Schubert and Bridget Petherbridge


In recent weeks, each of the DOJ, SEC and UK's FSA have provided detailed guidance on the elements of an effective anti-corruption compliance program. In the case of DOJ and the SEC, the guidance was issued in conjunction with a public announcement that they had declined to prosecute Morgan Stanley for violations of the FCPA due to, among other things, its robust anti-corruption compliance program. These pronouncements provide a benchmark for companies to evaluate their anti-corruption compliance programs.

In recent years, companies around the globe have launched efforts to implement or improve anti-corruption compliance policies and procedures in order to prevent or mitigate violations of the FCPA and, more recently, the UK Bribery Act. For most of this period, these efforts were largely undertaken without the benefit of detailed guidance from the US and UK regulatory authorities as to what, in their view, constitutes an adequate anti-corruption compliance program. In recent weeks, however, each of the DOJ, SEC and UK's FSA has provided such guidance and, in the case of DOJ and the SEC, have for the first time publicly declined to prosecute a company—Morgan Stanley—in light of the effectiveness of its compliance program. In the case of DOJ and the SEC, the guidance came in the form of a guilty plea by a former Morgan Stanley managing director who was accused of making improper payments to a Chinese government official. The FSA's guidance was not issued in the context of a specific case; rather, the FSA published the results of its recent review of the anti-corruption compliance systems at 15 major financial institutions. Taken together, these financial industry developments shed light on what US and UK regulators expect of companies—financial institution or otherwise—regarding the adequacy of their anti-corruption efforts.

Morgan Stanley/Garth Peterson

On April 25, 2012, a former Morgan Stanley managing director, Garth Peterson, pleaded guilty in United States District Court to knowingly violating Morgan Stanley's FCPA internal controls, and simultaneously settled a civil case brought by the SEC alleging knowing circumvention, bribery, and a violation of the Investment Advisers Act of 1940. Contemporaneous with the resolution of the Peterson cases, DOJ and the SEC also publicly announced that they were declining to prosecute Morgan Stanley in connection with Peterson's conduct, citing Morgan Stanley's robust anti-corruption compliance program, as well as its voluntary disclosure and cooperation with the governmental investigations.


Peterson had, prior to being fired in 2008, served as the head of Morgan Stanley's real estate investing business in Shanghai. According to DOJ and the SEC charging documents, Peterson engaged in a series of schemes to provide things of value to a Shanghai-based Chinese government official, including secretly selling at a below market price an undisclosed equity interest in a Morgan Stanley real estate investment, in exchange for that official's assistance in connection with Morgan Stanley's investments in Shanghai; Peterson was also accused of stealing undisclosed equity interests for himself and another non-government official (and non-Morgan Stanley) co-conspirator. The DOJ charges stemmed from Peterson's efforts to hide these schemes from Morgan Stanley; the SEC made similar allegations, and also charged a substantive antibribery violation relating to the payments themselves, as well as a violation of the Investment Advisers Act relating to Peterson's personal theft.


The Peterson matter is significant in at least two respects. First, it is the first time that DOJ has, in an FCPA matter, publicly announced its decision to decline prosecution of a particular corporation. In recent years, DOJ has faced increasing pressure from the defense bar and business community to articulate publicly the standards it applies when deciding whether to prosecute a corporation for violations by its employees of the FCPA. While it is impossible to know with certainty, DOJ's public announcement of its declination in this case may signal an effort by DOJ to respond to those concerns, and an attempt by DOJ to begin to outline those standards. The case is somewhat unusual in that it involved a matter in which there had been substantial publicity about the investigation of Morgan Stanley prior to the decision by DOJ to decline prosecution. Whether or not DOJ (and companies under investigation) would want similar public pronouncements in future cases will likely depend on the particular facts and circumstances of those cases.

Second, and relatedly, both the charging documents and the accompanying DOJ and the SEC press releases cited Morgan Stanley's robust anti-corruption compliance program as a basis for the declinations, and described in detail the specific elements of that program that supported their decision not to prosecute Morgan Stanley. In particular, DOJ and the SEC cited the fact that Morgan Stanley:

General Policy and Reminders

  • Implemented a robust anti-corruption policy that addressed the FCPA generally, as well as specific issues such as gifts, business entertainment, travel, meals and other relevant topics;
  • Issued regular compliance reminders on anti-corruption policies and procedures, as well as specific issues that presented anti-corruption risks (e.g., a 2008 reminder in China in connection with the Beijing Olympics);
  • Required regular certifications of compliance with applicable policies and requirements; and
  • Continually updated and improved its policies and procedures to reflect regulatory developments and specific risks.


  • Regularly trained employees, including in-person training by senior members of the legal and compliance department; and
  • Provided written training material for employees to maintain in their files.


  • Established an extensive compliance infrastructure, including 500+ dedicated compliance officers, as well as global and regional dedicated anti-corruption compliance officers who drafted and maintained policies, provided training, coordinated with the businesses to provide advisory services, evaluated the retention of agents, pre-cleared relevant expenses, and worked with outside counsel to conduct due diligence on potential business partners.

Due Diligence and Payment Approvals

  • Conducted extensive due diligence into potential new business partners, including conducting interviews with key executives and outside counsel; reviewing relevant records; contacting key references; and obtaining explicit written representations about ownership of corporate entities; and
  • Employed a multi-person approval process for payments made to third parties, including review by personnel from both the business and controller function.


  • Regularly monitored transactions, including testing by compliance; and
  • Conducted FCPA audits based on location and business-line risk.


  • Provided direct reporting by the compliance department to both the Board and the Chief Executive Officer and Chief Legal Officer, as well as various senior management committees; and
  • Established a toll-free compliance hotline in every major language, open 24/7.

While DOJ and the SEC have routinely described in settlement documents the basic elements of an adequate anti-corruption compliance program, the Peterson cases are interesting in that they describe an actual corporate compliance program that was deemed effective by DOJ and the SEC. While every company must tailor its compliance program to its unique corporate culture and relevant corruption risks, the descriptions by DOJ and the SEC of the key elements of the Morgan Stanley compliance program should be examined by any company attempting to assess the adequacy of its program.

UK FSA Review

On March 29, 2012, the FSA published the findings of its recent thematic review into antibribery and corruption systems and controls in investment banks. The main purpose of the review was to assess how effectively a sample of 15 financial institutions are addressing the risk of becoming involved in bribery and corruption.

Although the FSA does not enforce the Bribery Act, addressing the risk of bribery and corruption is relevant to its statutory objectives under the Financial Services and Markets Act 2000, in particular the maintaining of market confidence and the reduction of financial crime. The FSA therefore seeks to ensure that regulated firms adequately address this risk in accordance with the relevant FSA rules and principles. While the FSA does not prescribe how firms should comply with those rules and principles, firms will be expected to demonstrate that they can identify and assess the risk of bribery and corruption and take reasonable steps to prevent it. Such steps may of course also be relevant to the "adequate procedures" defense, in the event that a firm is facing allegations of failing to prevent bribery under section 7 of the Bribery Act.

The FSA's thematic review focused on the following topics in relation to bribery and corruption: governance and management information; assessing bribery and corruption risk; policies and procedures; third-party relationships and due diligence; payment controls; gifts and hospitality; staff recruitment and vetting; training and awareness; remuneration structures; and incident reporting. It found that, although some banks had completed significant work to implement effective antibribery and corruption controls, most had more work to do. The report's key findings are as follows:

  • Most firms had not properly taken account of FSA rules covering bribery and corruption, either before the Bribery Act or after;
  • Nearly half of the 15 firms visited did not have an adequate antibribery and corruption risk assessment, although progress had been made since the coming into force of the Bribery Act in July 2011;
  • Management information on antibribery and corruption provided to senior management was poor;
  • The majority of firms had not yet thought about how to monitor the effectiveness of their antibribery and corruption controls;
  • Firms' understanding of bribery and corruption was often very limited;
  • There were significant weaknesses in firms' dealings with third parties used to win or retain business, including in relation to compliance approval; due diligence; politically exposed persons screening; ensuring and documenting a clear business rationale; risk assessment; and regular review;
  • Many firms had recently tightened up their gifts, hospitality and expenses policies by prohibiting facilitation payments, increasing senior management oversight of expenses and introducing or revising limits. However, few had processes to produce adequate management information; for example, to ensure that gifts and expenses in relation to particular clients or projects were reasonable on a cumulative basis;
  • Firms had well-established vetting processes in place when staff were recruited, but bribery and corruption risk had not usually been a factor in identifying high-risk roles which should be subject to enhanced vetting; and
  • Since the implementation of the Bribery Act, firms had generally provided adequate basic training to staff. However, most were still developing training for staff in higher-risk roles and had no processes in place to assess the effectiveness of existing training.

In response to its findings, the FSA has launched a four-week consultation on proposed amendments to the FSA's regulatory guidance: Financial Crime: A Guide for Firms.

FSA as the main anti-corruption enforcer?

While the coming into force of the Bribery Act last year has focused attention on these issues, the FSA's determination to address systems and controls failings in this area is nothing new. In January 2009, Aon Limited was fined Ł5.25m by the FSA for failing to take reasonable care to establish and maintain effective systems and controls to counter bribery and corruption risk, in breach of principle 3 of the Principles for Business (a firm's duty to take reasonable care to organize and control its affairs responsibly and effectively, with adequate risk management systems). The involvement of financial institutions in corrupt or potentially corrupt practices undermines the integrity of the financial services sector and will be high on the FSA's agenda even where there is no clear evidence of criminal conduct. The impact of the Bribery Act in terms of prosecutorial activity remains to be seen. However, it may be that, for authorized firms at least, the risk of enforcement action for regulatory breaches is significantly greater than the risk of criminal sanctions for Bribery Act offenses. Indeed, the FSA is apparently currently considering enforcement action in relation to certain of the firms involved in the thematic review.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.