Among corporate compliance professionals, Morgan Stanley is held up again and again as the best-case scenario of worst-case scenarios. A Morgan Stanley managing director ended up in prison for committing substantial Foreign Corrupt Practices Act (FCPA) violations, but the strength of the company’s compliance program helped it avoid enforcement actions from the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC). The circumstances behind the 2012 Morgan Stanley declination were included among the real-life case studies highlighted in the FCPA guidance the DOJ and SEC published last year.
In court documents, the government outlined Morgan Stanley’s anti-corruption compliance efforts. These efforts included: strong internal policies periodically updated to reflect regulatory developments and specific risks; regular monitoring, including random and unannounced audits; frequent employee training (the employee who committed the violations had been trained on the FCPA seven times and reminded of FCPA compliance at least 35 times); and extensive due diligence and stringent controls on all business partners. Morgan Stanley discovered the violations, self-reported them to authorities and cooperated extensively in the government’s investigation.
Mistake: Establish a program and then let it do its job.
Reality: Compliance programs require constant monitoring.
Mistake: Focus on punitive measures.
Reality: A carrot can be just as meaningful as the stick.