US monitorships: the Swiss perspective
24 May 2019 By Simone Nadelhofer, Jonathon E. BoroskiThis article appeared in the IBA Litigation Committee’s May Newsletter
Over the last decade, Switzerland has hosted several United States monitorships involving large international banks. With other countries adopting comparable enforcement mechanisms in cases of corporate wrongdoing, the number of foreign monitors conducting investigations in Switzerland could increase in the coming years and expand to other industries beyond the banking sector. While the high costs and extended duration commonly associated with US monitorships are often criticised, monitorships can result in positive shifts in corporate compliance culture and management systems after the associated fines have been settled.
As the Swiss legal landscape evolves, foreign monitors should understand the current framework and recent changes when performing their duties in Switzerland.
General framework of US monitorships
Monitors are usually imposed as part of settlements with the US federal or state agencies or regulators and the entity involved in corporate misconduct. These settlements may take the form of deferred prosecution agreements (DPAs), non-prosecution agreements (NPAs) or consent orders, and involve suspended proceedings subject to certain conditions. In the case of DPAs, the prosecutor has the discretion to file the charges or offer the agreement, which must be filed with the court for final approval by the judge. By contrast, NPAs do not involve formal charges and are only concluded between the company and the responsible agency. In addition to the disgorgement of ill-gotten gains and penalties, these agreements stipulate a review period during which the company must demonstrate good conduct and remediation of its compliance- management systems.
Monitors are not a compulsory element of DPAs or NPAs, but may be imposed depending on the specific circumstances and extent of the wrongdoing. Prosecutors should consider a number of factors, such as whether the company possesses a sufficient compliance management system, the potential benefits and whether the entity can bear the substantial costs often associated with corporate monitorships [1].
A monitor will be tasked with the oversight of the company’s compliance and remediation measures. The regulatory authorities will ensure that the remediation requirements imposed under the agreement are followed by granting broad authority to the monitor appointed as the company’s ‘watchdog’, who will provide periodic reports on the company’s progress.
In the US, the federal entities most active in imposing monitorships with an international reach have been the US Department of Justice (DOJ) and Securities and Exchange Commission (SEC). State regulatory agencies are also empowered to appoint monitors in some cases, for example the New York State Department of Financial Services (DFS) for financial institutions regulated in New York.
Depending on the terms of the agreement, the company may propose potential candidates to the DOJ, who will appoint the monitor. By contrast, the New York DFS selects the monitor, with the company having limited input in the selection process. Critics of monitorships frequently cite the high costs and the lack of transparency and clarity to the selection process, including around the qualifications required, and the repetition of the same firms/individuals appointed, including former employees of the supervisory bodies. While the monitor is formally appointed by the company who pays the associated costs, the monitor is also mandated to periodically report to the supervisory authority.
Starting in 2008 with the Morford Memorandum, the DOJ has issued several memoranda over the last decade, providing guidance on tailoring the selection criteria and considerations of the potential benefits of imposing monitors in relation to the associated costs. The most recent Benczkowski Memorandum, issued in October 2018, outlines the measures companies can take to avoid monitorships. In a speech following the release of the memorandum, Assistant Attorney General Benczkowski noted that, in the previous five years, only about one third of corporate resolutions involving the DOJ’s Fraud Section included monitorships [2]. As a result, mandated monitorships may decline under the Trump Administration and beyond.
DPAs and monitorships in other countries
Other countries have recently adopted DPAs and the accompanying possibility of corporate monitorships. For example, the United Kingdom has instituted DPAs under the provisions of Schedule 17 of the Crime and Courts Act 2013 and France introduced both DPAs and accompanying monitorships with the adoption of Sapin II. Singapore and Canada have also recently included the concept of DPAs in their law, which may allow for the appointment of monitors. Australia is currently considering the implementation of its own DPA scheme.
Other than the recent developments in France, many continental European countries, on the other hand, have not introduced this concept into their criminal law. However, discussions are currently underway in some countries, including Switzerland, about the introduction of DPAs and possible accompanying monitorships.
Monitorships in Switzerland
Although the concept of DPAs (and monitorships) does not currently exist under Swiss criminal law, a monitor as defined under US law is arguably comparable to audit or investigative agents (or mandataries, as designated by the Swiss Financial Market Supervisory Authority, or FINMA) provided for by Articles 24a and 36 of the Swiss Financial Market Supervision Act (FINMASA). FINMA may appoint such mandataries as financial intermediaries, to monitor the implementation of supervisory requirements as part of enforcement proceedings against institutions.
This took place, for instance, in the cases of Coutts & Co. [3], J.P. Morgan (Suisse) [4] and Rothschild Bank in connection with the 1MDB scandal and PKB Privat Bank SA, following the corruption probe into Petrobras and Odebrecht [5]. The selection process for these so-called mandataries is conducted by FINMA unilaterally and would benefit from more transparency and input from the institution concerned.
While not explicitly regulated under Swiss law, foreign monitors operating in Switzerland must comply with local law. Thus far, the Swiss authorities and courts have only dealt with this issue in passing and seemingly consider monitorships to be a private matter between the foreign regulator and the Swiss company.
Swiss blocking statute (Article 271 SCC)
Foreign monitors will inevitably be privy to extensive amounts of data and sensitive information pertaining to the company and individuals, which will be reported to a foreign authority party to the agreement. Article 271 of the Swiss Criminal Code (SCC) preserves Swiss sovereignty by forbidding acts on behalf of a foreign state on Swiss territory without authorisation, if such acts are: (1) committed by a foreign authority or an official; or (2) encouraged by a foreign state. This provision applies to monitors operating in Switzerland and reporting to foreign regulators. In the US Tax Program for Swiss Banks, Swiss financial institutions were required to disclose extensive client data (including names and account details) to US authorities, outside of legal and administrative assistance channels. In part to avoid issues in connection with Article 271 of the SCC, the Federal Council and the Federal Department of Finance granted specific authorisations to the banks to transfer information to the US authorities.
While this has been criticised in practice, the courts have not provided guidance on this issue and it is unclear whether the Federal Council would approve future authorisations. Thus, monitors reporting to a foreign supervisory authority should carefully consider any possible Article 271 SCC issues and obtain the proper authorisations before carrying out any activities on Swiss soil.
Monitorships of FINMA supervised institutions
While FINMA has not expressly clarified its characterisation of foreign monitors, in FINMA’s view the activities of monitors appointed by a foreign financial market supervisory authority may arguably qualify as on-site supervisory reviews, as defined in the Article 43 of FINMASA. Prior to 1 January 2016, foreign financial market supervisory authorities could only obtain information about supervised banks (including Swiss branches of foreign banks regulated by FINMA) domiciled in Switzerland via administrative assistance from FINMA, pursuant to Article 42 of FINMASA.
Currently, under Article 43 of FINMASA, FINMA has a legal basis to authorise foreign supervisory authorities to carry out direct audits at supervised Swiss banks. According to recent FINMA guidelines, on-site supervisory reviews involving auditing activities would include reviews conducted by third parties, appointed by or at the request of foreign financial market supervisors [6]. Most importantly for monitors, who FINMA may argue fall under this category, all non-public information provided by the supervised institution could not be taken away or transferred to the foreign authority by the monitor.
In our view, it is arguable whether a monitor could be considered a foreign regulator within the meaning of Article 43 of FINMASA, which expressly defines financial market supervisory authorities as ‘authorities responsible for the supervision of the audited bank’, such as the New York DFS and the SEC. Given the scope of authority, duration and investigative nature of monitorships, even those imposed by a foreign financial market supervisory authority, classifying monitors as auditors with a limited scope of review seems tenuous. The monitor is independent of any authority, is mandated and paid by the company and performs its duties autonomously, meaning that it should not be considered a foreign financial market supervisory authority. Indeed, while monitors are obligated to report to the appointing regulator, they remain independent of the authorities and are both commissioned and paid for by the company.
Should FINMA choose to view monitors as third parties appointed by foreign supervisory authorities to perform on-site reviews on its behalf, future monitoring of Swiss financial institutions would only be permissible under the framework of administrative assistance under Article 42(2) of FINMASA.
Confidentiality, data protection and banking secrecy
While independent monitors, who are nonetheless formally commissioned by the company, are not subject to attorney-client privilege, they must observe the strict confidentiality requirements under Swiss law. As the company’s agent, the monitor can inspect personal and bank client data and must adhere to the same provisions on the protection of employee, customer and bank data as well as business secrets of the company. Article 271 authorisations do not exempt the monitor from compliance with these laws, in particular Article 47 of the Swiss Banking Act and Article 6 of the Swiss Federal Data Protection Act (FDPA).
Since Switzerland does not consider the data protection laws of the US be equivalent to Swiss standards, transfers of personal or bank client data are only permissible when meeting certain requirements. Under Article 6 of the FDPA, personal data may only be transferred outside of Switzerland in limited cases, for instance when such protections are voluntarily waived by the data subject. Such waivers should be signed before the data is processed and must be in written form and expressly state the purpose and use of the data. Otherwise the monitor cannot disclose the data to the foreign authority and must redact this information accordingly.
Monitors engaged by foreign supervisory authorities to conduct investigations of financial institutions in Switzerland should bear in mind that entities, individuals and agents are prohibited from disclosing bank client data to third parties under Article 47 of the Swiss Federal Banking Act. Bank client data can only be transferred abroad to third parties if sufficiently anonymised or with proper legal justification.
Employment law considerations
Technically a third party, the monitor lacks a direct contractual duty of loyalty towards the employees of the monitored entity. Nonetheless, monitors operating in Switzerland should comply with local employee protection laws and best practice standards during their reviews, including properly informing employees of the reason for and scope of their engagement and activities before interviews. In addition, employees should be advised of the purpose, use and method of data collection as well as of their right to legal representation. Prior to conducting the interview, monitors should obtain voluntary waivers in writing that advise the interviewee of the purpose of the interview as well as of how the interview notes will be used and transferred of the outside of Switzerland. While existing employees may be obligated to cooperate with the monitor, former employees are not required to do so.
Outlook: Swiss criminal law monitorships?
From experience, many trends from the US, including DPAs and monitors, will be eventually adopted in Switzerland. In March 2018, the Swiss Office of the Attorney General (OAG) published a proposal for the introduction of deferred prosecution agreements in criminal proceedings against companies pursuant to Article 102 of the SCC, modelled after the DPAs available in common law systems [7]. Under this proposal, such agreements would include: (1) an acknowledgement of the facts; (2) the amount of fines and disgorgement to be paid; (3) measures to remediate organisational failures; (4) the appointment of an independent auditor to periodically review and report to the OAG on these measures; (5) a probationary period of two to five years; and (6) the payment of all associated costs and compensation.
Such DPAs would offer Swiss companies who self-declare and fully cooperate in the investigation an opportunity to mitigate the negative consequences following criminal convictions. Companies would still be forced to disgorge profits and pay damages resulting from the wrongdoing. In addition to monetary restoration, the OAG has emphasised the importance of sustained remediation of organisational deficiencies in order to prevent future criminal offences. To that end, monitorships can help ensure that the company remediates its compliance processes and demonstrates the implementation of sustainable, effective compliance programs.
According to the OAG, the company convicted of the underlying misconduct would be responsible for paying the associated costs of the independent auditor. Thus, Swiss monitors would be a consideration for companies (and their counsel) who conclude DPAs with the OAG in the future. Whether or not such monitorships could be extended to American companies operating in Switzerland remains to be seen, but the Swiss Government is expected to have considered this proposal by mid-2019.
Notes
[1] Memorandum from Craig Morford, Deputy Attorney General, to All Component Heads and US Attorneys, Selection and Use of Monitors in Deferred Prosecution Agreements (7 March 2008).
[2] Assistant Attorney General Brian Benczkowski Delivers Remarks at NYU School of Law Program on Corporate Compliance and Enforcement Conference on Achieving Effective Compliance (12 October 2018) available at: : www.justice.gov/opa/speech/assistant-attorney-general-brian-benczkowski-delivers-remarks-nyu-school-law-program.
[3] Swiss Financial Market Supervisory Authority, FINMA sanctions Coutts for 1MDB breaches (2 February 2017) available at: www.finma.ch/en/news/2017/02/20170202-mm-coutts/.
[4] Swiss Financial Market Supervisory Authority, Update on 1MDB proceedings against JP Morgan (21 December 2017): www.finma.ch/en/news/2017/12/20171221-mm-jpm/.
[5] Swiss Financial Market Supervisory Authority, Money laundering prevention: FINMA concludes proceedings against PKB (1 February 2018): www.finma.ch/en/news/2018/02/20180201-mm-pkb/.
[6] Accessible on the website of the Swiss Financial Market Supervisory Authority at: https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/3durchsetzung/20170228-wegleitung-vok.pdf?la=en.
[7] Specifically, the OAG proposed the concept of DPAs under a new Article 318bis SCPC for companies pursuant to Article 102(4) SCC. The subject of such a DPA are criminal offences according to Article 102(2), subsidiary Article102(1) SCC.