Julie DiMauro: Let's keep the compliance monitor’s report confidential
By Julie DiMauro | Thursday, January 21, 2016 at 3:18AM
The use of corporate monitors by judicial and regulatory government agencies to verify an organization’s compliance with settlement agreements and orders resolving corporate accountability continues to rise. The growing use of monitors has raised questions about the privacy of their reports and the public’s access to their findings.
To support and protect important and sensitive data-collection efforts and the level of trust monitors require to perform their jobs, these reports to the government and courts should remain completely off-limits to the general public, including litigants to separate causes of action.
In July 2013, Eastern District of New York Judge John Gleeson approved a five-year Deferred Prosecution Agreement (DPA) with HSBC Bank USA N.A. and HSBC Holdings plc, after the companies were found to be in violation of the Bank Secrecy Act for failing to maintain an effective anti-money laundering (AML) program.
In so doing, Judge Gleeson held that a district court has the authority to approve or reject a DPA and to supervise its implementation. The HSBC DPA requires the bank to retain an independent compliance monitor to ensure that it fulfills the terms of the DPA and implements recommended remedial measures.
The monitor completed its first annual report and submitted it to the Department of Justice (DOJ), which the DOJ summarized in a quarterly report and gave to Judge Gleeson. The judge requested the full copy of the monitor’s 1,000-page report, which the bank and the DOJ requested be submitted under seal. The monitor and his team have nearly completed the second annual report and are on target to deliver it to the DOJ on January 20.
In November 2015, a private individual, Hubert Dean Moore, who used to have a mortgage with HSBC, sued to have the monitor’s first annual report unsealed by the court. He sent a letter to Judge Gleeson, arguing that he should be provided access to the monitor’s report to help support a complaint he had filed with the Consumer Financial Protection Bureau (CFPB).
This action prompted the DOJ to file its opposition to the court on December 11, arguing that the report was not a “judicial document” to which the public should have access.
The DOJ noted that the DPA contained language regarding the parties’ intent to keep the monitor reports non-public and described how the Department believes such a public disclosure would impede the monitor’s ability to fulfill his responsibilities.
HSBC said publishing the monitor’s report would undermine the purpose of the monitoring by compromising the monitor’s and government’s ability to assess HSBC’s progress in improving its anti-money laundering and sanctions compliance programs.
The bank said publication would “negatively affect the ability of HSBC’s financial regulators to fully discharge their supervisory responsibilities over HSBC,” and would provide criminals seeking to engage in activities such as money laundering or terrorist financing a road map for exploiting current weakness in the anti-money laundering and sanctions programs at the institution.
The corporate monitor’s role is to ensure that the company not only meets the financial terms of its settlement agreement, but, more importantly, to make sure the company enhances its compliance and ethics program, policies, procedures and processes to prevent these issues from occurring again.
The corporate monitor begins executing his or her duties by developing a work plan that will include a timeline for reaching certain milestones.
Inherent in the corporate monitor’s work plan is the ability to learn about and get to know the company, its employees and its clients or customers. This allows the corporate monitor to understand the culture and risk tolerance of the company in a way that goes beyond examining documents.
For a compliance monitor to be effective, his or her candid discussions with those inside the company and others rests on a level of trust and privacy that would be compromised if their reports were made public. It is also a disincentive to those who would want to serve as a compliance monitor that their work product could be dissected by other litigants or any other member of the public, undercutting their independence.
Let's hope the monitor’s report stays sealed and that the terms of the agreement among the parties are honored.
_____
Julie DiMauro is a contributing editor of the FCPA Blog. She works in the Regulatory Intelligence group at Thomson Reuters in New York. Follow Julie on Twitter @Julie_DiMauro and email her at julie.dimauro@thomsonreuters.com.
De meldplicht datalekken in vogelvlucht
Eindelijk een meldplicht van datalekken
Kabinet voert meldplicht datalekken in