How inadequate compliance methods compromised one of the world’s biggest banks and what to do about it
By Isaac Kohen, Published in Wall Street Lawyer
It’s been nearly a decade since Najib Razak, the former prime minister of Malaysia, launched the 1MDB state investment fund intended to facilitate growth for Malaysia’s middle class.
However, an unprecedented level of greed, corruption, bribery, and theft has transformed this investment fund into one of the most controversial examples of financial mismanagement in history, implicating politicians and financial institutions in a multi-billion dollar heist that is playing out in front page headlines.
Most recently, Malaysian authorities filed criminal charges against Goldman Sachs, accusing the bank of knowingly defrauding the Malaysian public of more than $6 billion. It’s the most recent iteration of the many legal implications that Goldman faces.
As The New York Times concluded, “Goldman recently received subpoenas from New York regulators, held talks with federal prosecutors and is likely to incur billions of dollars in penalties. It is one of the most serious crises in the bank’s 149-year history.”
The consequences have been steep. Goldman’s stock has plummeted 27% since November 2018, and both the bank’s financial liability and internal integrity are being questioned.
Goldman took some steps to extricate itself from the scandal. For instance, the bank terminated Tim Leissner, the senior banker for the 1MDB project who personally netted millions in fees, but the move seems trite amidst a diatribe of accusations aimed at the bank.
Of course, a scandal of this magnitude at a prestigious financial institution like Goldman Sachs raises a lot of questions. Most prominently, how could something like this happen?
The answer, it turns out, is startlingly simple and frustratingly avoidable.
Financial institutions live within a highly regulated environment, and Goldman invests heavily in its human-based compliance measures. According to former Goldman Sachs CEO Lloyd Blankfein, the bank has increased compliance staff by more than 3,000 employees since 2012 to support heightened compliance efforts.
These employees monitor and enforce clearly outlined rules and regulations that govern the industry, but they rely on self-reporting and whistleblowers, rather than a foolproof monitoring and oversight system in addition to the self-reporting guidelines in place.
Goldman attributes the 1MDB scandal to rogue employees who avoided compliance measures for personal gain. Characterizing the Goldman employees involved in the project as rebellious and misguided, Mr. Blankfein asserts, “These are guys who evaded our safeguards, and lie, stuff like that’s going to happen.”
However, when it comes to compliance reporting for the 1MDB project, U.S. prosecutors note that Goldman’s “system of internal accounting controls could be easily circumvented and that the firm’s business culture, particularly in Southeast Asia, at times prioritized consummation of deals ahead of the proper operation of its compliance functions.”
Goldman employees describe a “culture of secrecy” at the financial institution, a factor that likely made it easier for employees to work around compliance measures.
Taken together, it’s clear that Goldman’s compliance protocols were insufficient, failing to account for the real-world dynamic of power, greed, and financial incentive for avoiding established restrictions.
In short, this moral and financial catastrophe was avoidable, and it’s important to ensure that it is prevented from happening again.
What’s needed is robust user activity monitoring software to bridge the gap between the onus of human reporting and the nefarious incentives that encourage people to circumvent these procedures. In doing so, Goldman Sachs and other financial institutions can create an electronic, automated oversight model that makes it more difficult for employees to break the law. With features like real-time alerts and digital forensic evidence, organizations can demonstrate intent to comply with regulations while documenting any instances of malicious employee actions.
For example, employee monitoring software can establish rules that monitor user behavior and activity, serving as both a guardrail and a deterrent to bad behavior. Using these automated guidelines, from the boardroom-down, the compliance team can receive a warning notifying them to a potential problem while equipping them with the tools to stop specific events before they cause a bigger headache. The 1MDB scandal is almost a decade in the making, and, with these systems in place, it’s possible that Goldman Sachs could have prevented its proliferation long before it engulfed the bank.
Of course, if misuse or criminality does occur, employee monitoring software provides the digital forensics to quickly identify anyone responsible, ensuring that accountability is swift, accurate, and complete. Hearsay is inherently difficult to corroborate, but recorded computer user sessions are indisputable, providing real-time or historical evidence of an employee’s digital activity.
Goldman’s involvement in the 1MDB scandal should be a warning to other financial organizations as proof that the consequences for malfeasance can be incredibly costly. Goldman will endure dramatic fines that will impact their bottom line, and the reputational damage will take years if not decades to repair.
By deploying proper technology oversight, financial firms can guard against the next scandal, which protects both their brand and their employees from the cascading consequences of inaction. In 2019 and beyond, monitoring, auditing, and forensic capabilities should be a top priority for organizations operating in regulated industries like the financial sector.
Goldman Sachs was late learning this lesson, but it can be an instructive moment for everyone else, and it means that now is the perfect time to make sure that your company isn’t the next to endure an embarrassing and expensive scandal like 1MDB.
Originally published in the January 2019 issue of Thomas Reuters’ Wall Street Lawyer and reprinted with permission.