Over the past 40 years, Richard Girgenti has seen corporate crime up close. From the government side and from the defense side.

Now he has co-authored – with Timothy Hedley — a comprehensive new book – The New Era of Regulatory Enforcement: A Comprehensive Guide for Raising the Bar to Manage Risk. (McGraw Hill 2016).

Can Girgenti look at a company, its compliance program, its leadership and make a judgment as to whether or not they are going to get in trouble with law enforcement?

“I don’t think you can make a prediction,” Girgenti told Corporate Crime Reporter in an interview last week. “But I do think you can help our client assess the maturity of the their program and whether the program is adequately addressing the risks that that company and that industry faces.”

“We spend a good deal of time on enterprise assessment. Companies need to understand what risks they face. And those risks are emerging risks. There are new regulations which create new risks. It’s an ongoing process. We will help them determine whether or not their program is effective. We can provide them with tools to help them manage their compliance function. The compliance function today has become very sophisticated. It requires data from all parts of the organization.”

“You take all of that information, put it together in a concise way — a dashboard if you will — to help them manage that function and also help them to report to management and to the board and where necessary, even to regulators, to explain what they are doing and — this is the ultimate question — why they believe their program is effective.”

“Not all problems are avoidable,” Girgenti says. “It is almost inevitable that large companies with a global footprint are going to have rogue employees, they are going to have problems from different regions of the world which are high risk. They need to be able to explain to the government and regulators that these were isolated activities and not systemic. If they don’t have effective compliance programs to explain to the government and regulators that these were isolated activities and not systemic, if they don’t have effective compliance programs, they are not going to pass that test.”

You talk about rogue employees. But what about rogue corporations? If management of one of these rogue corporations comes to you and says — we keep getting into trouble — what do you say to them?

“We say to them — we can help you. We ask questions. We want to understand what they are doing. We want to understand what the root causes are of the problems. They vary tremendously. Sometimes, it’s that management was more focused on earnings than they were on how those earnings were obtained — in which case you have a management problem.”

“Where was the board? Was the board actively involved in understanding and holding management responsible and accountable? Sometimes it’s an oversight problem. Sometimes they miss the risks and it could be they have inadequate risk assessment. Sometimes it’s the design of their programs — they tended to do the right thing, but the internal controls they had were not effective. We can help them with their internal controls. If it was the design of the program, we can help them redesign the program and then evaluate it. Part of knowing whether you have an effective program is a continual process of evaluation and monitoring. We can come in and help them do that as well.”

Is the Justice Department looking to bring more guilty pleas?

“If they are looking for guilty pleas, it’s probably in the most extreme situation, where a company has not only had a problem, but either chose to ignore it or had a culture that fostered that problem where they weren’t cooperating with the government, they weren’t properly disclosing when it was appropriate to disclose. And when you see a confluence of extreme factors, those are the situations where you are more likely to see a guilty plea.”“Most companies are not at that extreme. Most companies that have problems either have ineffective or not sufficiently effective compliance programs, but they have the desire and intent to do the right thing. If they can make the case to the government that they have done everything they could prevent, protect and respond, they conducted a thorough investigation, they have remediated the problem they had, they disclosed what was necessary in order to comply with the government request — those companies, which I think are the more frequent cases — are going to find themselves eligible for some degree of leniency, including a non prosecution agreement or a deferred prosecution agreement, depending upon the specific circumstances.”

Thirty years ago, it was either plead guilty or go to trial — or the Justice Department didn’t bring the case. Now, deferred and non prosecution agreements dominate. Is the pendulum moving back toward guilty pleas?

“It’s more of a wait and see situation now. We have heard that there is a change in the way government might be settling its matters. There is not a sufficient amount of time to determine whether it’s just a new tool in trying to deter bad activity. The degree to which it will be used is to be determined.”

Let’s say KPMG gets into trouble. Does KPMG become a client?

“KPMG has its own compliance function that does its own investigative work, that does what it needs to do be an effective compliance program. Because of our expertise, we will get called upon from time to time to assist in those efforts. But the compliance function is apart from our client service function.”

We hear that increasingly, public companies are not self reporting. They find that they are better off to wait to see if they get caught and if they do, explain. Are more public companies not self reporting?

“In order to be eligible for cooperation credit, we know that voluntary disclosure is an important piece. In every situation, what we see are the attorneys asking the very questions you are asking — is this the right situation to report? Is this something where we just fix the problem and there is nothing to report?”

“It’s a constant question in every situation in which we are called to assist. But we don’t make that judgment.”

How important is the compliance defense?

“The Justice Department has put the proverbial corporate feet to the fire in the hiring of a new compliance counsel. They are going to ask a lot of questions — questions like — did you make business decisions even though you knew that those business decisions would create higher risks for you? When somebody at a high level of your organization gets into trouble, are they sufficiently disciplined? Or because they are high earners, do you turn a blind eye to that activity? Are there deals that you didn’t do because you realized that the deals created undue risk to your company?”

“You can ask some hard questions. And counsel is going to the SEC and the Justice Department or any of the numerous other regulators and counsel is going to have to explain why the company felt it had an effective compliance program. It will be a high bar that they will have to get over.”

You serve as a monitor. Should monitor reports be made public?

“I don’t have a specific point of view on that. That’s something the regulators have to determine on a case by case basis. Some of the Public Company Accounting Oversight Board (PCAOB) reports are meant to allow companies to correct behavior and would not be of a more general interest. On the other hand, if there are endemic issues, things that shareholders ought to be aware of, those reports ought to be public. But I don’t have a point of view as to which reports and under what circumstances they should be made available. Sometimes they should be more confidential so monitors can delve more deeply into areas that can be remediated.”

“There is also a public interest for certain information to be disclosed. That is a decision that regulators have to decide where the balance lies.”

How does a corporate monitor differ from a probation officer?

“The monitorships that I have been involved with are just to make sure that whatever agreements have been made with the government are being abided by. In other instances, the monitor assures that the company has the right controls in place. And it may be very specific.”

“There are monitors appointed just for anti-bribery and corruption. And they focus on that area and not other areas. And then there are more broad based monitorships. They are looking at enterprise based compliance programs, evaluating their effectiveness, making recommendations on what companies should do and reporting to the government on the progress being made. There is no one size fits all.”

If you look at the database of deferred and non prosecution agreements, there are relatively few monitors. Why is that?

“The government makes decisions after negotiations with the companies as to what is needed to be done. We are probably going to see more of whether a company has the wherewithal to be able to fix the problem itself without a monitor. That will be a consideration. Is the compliance functioning well?”

“I’ve seen recently shorter term monitorships. Eighteen months as opposed to three to five years. The government is saying — we are going to appoint the monitor for eighteen months and see how things are going. If they are going well, we won’t extend it.”

“Companies are more sophisticated today. There have been enough billion dollar fines and penalty cases. There has been enough reputational damage. What I’ve seen in this new era, which I did not see in the 1990s after the corporate sentencing guidelines were first put in place, is that companies for the most part get it, they know they have to do something, they are focused on building out compliance programs, they want to know what works and what doesn’t work, and the compliance function has become a much more serious part of an organization.”

“And it has been incorporated as part of the operation and strategy of a company. It’s no longer just an isolated function. The government may have a bit more comfort today with some of the larger companies — companies that have been focused on building out their compliance function, adding resources. Some of the financial institutions have hired hundreds if not thousands of new people in their compliance departments.”

Are you saying that major public companies in the United States today are more law abiding than they were ten or fifteen years ago?

“They are trying to be,” Girgenti says.

But given all the law enforcement and deterrence and money being spent on compliance, are companies more law abiding today?

“I don’t think that’s a question that anybody, not even someone who has spent the last forty years working in this area, would feel confident giving you an answer to.”

There are some indications that they are not. More law enforcement actions, bigger fines, statements of facts indicating systemic corruption, systemic wrongdoing, systemic corporate crime. Despite all the compliance programs and money and focus on it, we are still seeing these major cases.

“We are more sophisticated today and we may be finding it more. We are better at it than we were before, not necessarily because it’s happening more. You can’t answer the question. No one can answer the question — whether there is more or less misconduct or whether we are better at finding it.”

You have laid out a number of subject areas in your book. In your own practice, are you seeing more of one kind of corporate crime over another?

“For global companies, bribery and corruption is the number one issue. I just came back from Brazil last week, it’s really a drama down there — from the impeachment of the President to the number of political figures who have been indicted. I applaud the prosecutors down there in their effort and society’s pressure to get at corruption. It wouldn’t have happened five years ago. We are seeing more enforcement in China that we have never seen before. Some of it may have been politically motivated, but regardless there is certainly an effort underway. We are seeing it in other parts of the globe as well.”

“Bribery and corruption, without a doubt, is the number one issue for a global company. We have gotten better on the financial reporting side of things.”

“We’ve just come out of a period where we took a hard look at lending institutions. We are at the tail end of that. I don’t think we are going to see the same focus in enforcement in that area.”

“As long as there is terrorism, anti-money laundering and trade sanctions will be a major focus of the regulators. I would have thought that by the mid-2000s, we would have seen a downturn in that area, but we haven’t. That’s going to continue in the same way that bribery and corruption enforcement will continue.”

“Offshore tax evasion has been a focus over the last four to five years. The Panama Papers have opened that can of worms again. Regulators across the globe will be asking questions about how the accounts were set up and who the beneficial owners are.”

“We are seeing a look at beneficial owners of real estate transactions as perhaps a source of onshore tax evasion. That’s being looked at very carefully.”

“The important issue for companies today is compliance. They have to be prepared to identify and respond to the new risk — whatever it may be. We don’t know what it is. Even if they aren’t able to avoid some level of misconduct, they will be better able to respond to it.”

[For the complete q/a format Interview with Richard Girgenti, see 30 Corporate Crime Reporter 22(11), May 30, 2016, print edition only.]