Sentencing guidelines spotlight good compliance.

For years, compliance officers have tried to demonstrate their worth to senior management. Now they have an ally-none other than the federal government. Last Nov.1, the first-ever set of general guidelines for federal courts to follow in sentencing corporations and other organizations convicted

The complicated guidelines put a premium on corporate efforts to prevent and detect criminal activity. A bank with a serious-and active-compliance program can reduce the criminal penalties assessed under the guidelines.

"You're always going to have bad apples," says Edward R. Leahy, a partner in the Washington law office of Thacher Proffitt & Wood. Preventative measures can contain the damage they do to the bank in court.

Basics of guidelines. The new corporate sentencing guidelines, approved by Congress last year, come from the United States Sentencing Commission. The commission, an independent agency in the federal government's judicial branch, was created in 1984 to devise uniform sentencing standards for federal judges and prosecutors. The commission was created in the belief that federal judges had too much individual leeway.

Broadly, the guidelines cover penalties assessed when an organization is convicted of felonies and certain misdemeanors committed after the effective date (Nov. 1).

However, the matter isn't that cut and dried. An offense that began before Nov. 1, 1991, that continued after that date would be covered, for instance. Further, "most sentencing judges will consider these guidelines at least as advisories" in pending cases, says Samuel J. Buffone, a partner in the Washington office of the Ropes & Gray law firm.

Note that the guidelines only concern organizations. Separate guidelines pertaining to sentencing of individuals, even when they are part of the same prosecution, were implemented several years ago.

Calculating the fines. The guidelines are designed to take account of two main factors. The following is only an overview of a complex process.

The first factor is the seriousness of the crime. The guidelines require judges to order companies to make restitution for losses or otherwise remedy the harm done, where practical. Beyond that, judges are required to come up with a "base fine." The base fine is determined by selecting the highest of three factors: the net gain obtained through the crime; the net loss caused; or a base amount taken from tables of fines included in the guidelines themselves. The tables include fines ranging from $5,000 to $72.5 million.

The second factor taken into account is the degree of blame that can be placed at the company's doorstep-in legal parlance, the company's "culpability."

The judge is required to look at numerous factors in determining culpability. There are both negative elements of the organization's behavior that will raise the total score and positive elements that win lower it.

Impact of other laws. The guidelines cross-reference various other statutes and become quite detailed. As bankers know the Financial Institutions Reform Recover and Enforcement Act, parts of which are cross-referenced by the guidelines, includes criminal sanctions.

The sentencing guidelines interface with such laws in different ways; some, such as those pertaining to money laundering and insider trading, have their own guidelines, according to a staff attorney at the Sentencing Commission.

Attorney Sam Buffone says the statutes themselves can be considered as setting the maximum fine that could be imposed. However, "maximum fine levels can be illusory," Buffone says. For example, he points out, each violation of a criminal statute can be considered a separate count. The maximum fine ceiling can then be applied to each count. Convictions on multiple counts can result in fines beyond the supposed maximum.

Culpability factors. A number of negative factors can increase a company's "culpability score."

One negative factor is the involvement in or tolerance of an offense by high-level employees.

Obviously, if the CEO is involved in the offense, or proven to have had knowledge of it and done nothing, the institution is headed for big trouble. But banks' historical use of impressive titles may work against them, according to E. Lawrence Barcella, Jr., a partner at Katten Muchin Zavis & Dombroff, Washington, D.C. Bankers may know that a vice-presidency may not mean all that much, says Barcella, but "people outside the industry think it means something." In court, he says, a vice-president may be considered a senior official when fines are being set.

Another factor to consider is that the guidelines ratchet fines up if the organization has a record of past offenses. However, "it's not just prior convictions" that count, according to Barcella. He says past regulatory actions, such as cease-and-desist orders issued to a bank, could be used to demonstrate that an institution is a repeat offender.

A related risk may arise when a bank acquires or merges with another institution. Though the bank may have a clean history, its target or partner may not.

"You may end up buying a problem," Barcella says. "Successor liability is a potential issue."

Attorney Sam Buffone suspects the risk of inheriting a record is higher when acquiring a whole institution than when acquiring parts of a failed institution from a government agency such as FDIC. The government, he suggests, "wouldn't want to build in that kind of disincentive." Buffone thinks the Sentencing Commission will address this and other question marks in the future.

Reducing culpability. Taking affirmative action to prevent and detect wrongdoing can pay off, as can cooperating with the government when offenses are found.

A legal backgrounder put together by Rogers & Wells, a New York law firm, gives some examples. It points out that the culpability score for a corporation liable for criminal conduct by a low-level employee can be trimmed to as low as 40% of the base fine if it established a compliance program beforehand. If the same company detected the crime itself and reported it to the authorities, it could reduce its fine to 5% of the base fine.

In this regard, banks may reap an unexpected dividend from the mounds of red tape they have to deal with. Banks already have many of the procedures in place" that can ease penalties, says Larry Barcella of Katten Muchin Zavis & Dombroff.

However, Barcella hastens to add that to reap the advantages of a compliance program, it must be a legitimate effort, not something that is routinely bypassed or ignored. As an example, he points out that two institutions may have an identical policy on filing currency transaction reports. The one that strictly enforces it will benefit from that policy. The one that is lax will be tagged for its negligence.

Laxity can be demonstrated in various ways. Ed Leahy of Thacher Proffitt & Wood says it will be presumed that a compliance program is not an effective one if a high-level official was involved in the offense or intentionally ignored it. Likewise, participation in the offense, or ignorance of it, by the bank's compliance officer torpedoes the benefit of having a compliance program in place.

Measuring up. Institutions that want to make sure their compliance efforts meet the spirit of the guidelines are advised by Ropes & Gray's Sam Buffone to consult the guidelines themselves, much as a checklist. (The guidelines, in the form approved by Congress, appeared in the Nov. 5, 1990, Federal Register. They can also be located in the United States Code at 28 USC Sect. 991-998.)

However, Leahy sets out seven general due diligence factors from the guidelines that should be kept in mind, paraphrased here:

(1) Efforts must be reasonably capable of reducing the possibility of criminal conduct.

(2) The compliance officer should be a high-level official with overall responsibility for compliance.

"Every bank today needs a visible cop on the beat," says Leahy, "and that cop is the compliance officer."

(3) The institution must take precautions to be sure it hasn't handed over significant authority to a potential criminal. This could include screening certain employees.

(4) The organization must communicate its standards and procedures to staff.

Leahy is a big believer in corporate codes of conduct that are tailored to the institution. He says they should be read and signed once or twice a year by all employees. Reading and signing the code should be built into new employee orientation. Periodic refreshers on compliance topics, when documented, can also help protect the bank.

(5) The bank must follow through with such traditional steps as auditing and monitoring.

(6) Follow through requires discipline when appropriate.

(7) The organization should have procedures in place in advance so it can respond properly to a detected offense.

Further, institutions that want to ensure the highest level of protection will find it necessary to keep their compliance efforts on the leading edge of the discipline, says Barcella of Katten Muchin Zavis & Dombroff. He says institutions that reach settlements with the authorities-the guidelines even provide for corporate probation when a court wants to make sure efforts are improved-already typically install state-of-the-art systems in the questioned function. Barcella thinks this will set a baseline other convicted corporations will have to have met just to demonstrate that their effort was adequate.

On the other hand, Barcella and others note that the guidelines also make allowances for organizations of different sizes. Smaller institutions wouldn't be expected to implement systems of the same sophistication as megabanks. Still, it would be important to keep up to date with new developments, such as new techniques of money launderers.