The Prosecution of Roger Ng: FCPA Enforcement Against Employees for Circumventing Internal Corporate Controls

The Trial of Roger Ng in United States v. Jho et al.  

Roger Ng, a former Goldman Sachs (GS) banker, is currently on trial in the Eastern District of New York for money laundering and Foreign Corrupt Practices Act (FCPA) conspiracy charges.  So far, he is the only defendant to go to trial in the United States on charges related to involvement in the widely-publicized alleged conspiracy to misappropriate billions of dollars in funds raised by the Malaysian sovereign wealth fund 1Malaysia Development Berhad (1MDB) and launder the siphoned funds to pay hundreds of millions of dollars in bribes and kickbacks.  These bribe and kickback payments went to, among others, GS bankers (allegedly including Mr. Ng) and foreign officials in both Malaysia and Abu Dhabi who helped facilitate the complex bond offering transactions structured by GS that, on their face, provided 1MDB with the needed capital to acquire infrastructure assets on behalf of the Malaysian people.  Mr. Ng allegedly played an active role in arranging this scheme, hiding critical details from GS’s internal oversight, and laundering the criminal proceeds.

Mr. Ng was indicted on three counts:  (1) conspiracy to bribe foreign officials in violation of the FCPA, 15 U.S.C. § 78dd-1; (2) conspiracy to commit money laundering, 18 U.S.C. § 1956; and, notably, (3) conspiracy to circumvent GS’s own internal accounting controls in violation of the FCPA, 15 U.S.C. §§ 78m(b)(2)(B), 78m(b)(5).  This last charge arises out of the FCPA’s accounting provisions.  The provisions require securities “issuers” to keep detailed and accurate accounting records and develop compliance procedures to ensure that “transactions” are recorded and potential FCPA violations are identified and reported.  While these substantial duties are placed upon securities issuers, “person[s],” including “natural person[s],” who “knowingly circumvent or knowingly fail to implement a system of internal accounting controls” in violation of 15 U.S.C. § 78m(b)(5) may also face stiff penalties. 

In this case, Mr. Ng and fellow GS bankers allegedly used private means of communication and made false statements to hide the involvement of Jho Low, a Malaysian financier about whom GS’s compliance control function had previously raised red flags, in the bond offering transactions.  Ng and others were concerned that, should GS’s compliance arm learn about the full extent of Low’s involvement, they would shut down the lucrative bond deals altogether.  

The FCPA’s Internal Controls Provision as a Prosecutorial Tool

The FCPA’s internal accounting controls provision provides a useful prosecutorial tool and may perhaps lay the groundwork for overcriminalization of corporate conduct. First of all, systems of internal controls are anything but fixed across time and space; they can change quickly with new regulatory requirements and vary across companies and industries.  As the court for the Northern District of Georgia has stated, “there are no specific standards by which to evaluate the sufficiency of controls.”  Rather, systems of internal controls are assessed on a case-by-case basis based on a reasonableness standard.  Moreover, at least one court has found that the government can allege both the failure to implement and the active circumvention of internal controls in the same count against the same defendant without running into the issue of mutual repugnance that would warrant dismissal of the count.  Ultimately, prosecutors can achieve a guilty verdict on an extremely broad range of theories related to falling short of adequate oversight.  

While the FCPA is indeed known as an anti-bribery statute, there is a legitimate concern that its internal control provisions can take on a life of their own.  These provisions might support FCPA enforcement against corporate employees, particularly managerial-level employees below the top echelon of corporate executives, who neither took the requisite acts nor had the necessary mens rea for bribery itself.  The internal control provisions can also allow for FCPA prosecutions where they seemingly do not belong—see, for example, an internal controls charge under the Foreign Corrupt Practices Act in the prosecution of a fully domestic public corruption conspiracy. 

Much FCPA internal controls enforcement without corresponding bribery charges has, to date, targeted corporate entities.  But recent FCPA enforcement cases also highlight the trend that corporations often settle their cases without a final criminal judgment or truly crippling consequences for the corporation.  See, for example, DOJ’s $3 billion settlement with Goldman Sachs over the 1MDB charges brought against it and the SEC’s $25 million settlement with Cognizant Technology Solutions Corp. on charges related to the facilitation of a $2 million bribe to an Indian official. 

Practical Concern for Corporate Employees in FCPA Enforcement

In both the Goldman Sachs and the Cognizant Technology Solutions cases mentioned above, the DOJ has moved forward with criminal prosecution of high-level corporate employees.  It is not implausible to believe that the government might take a heavier hand against certain individuals implicated in a bribery scheme “in return” for allowing corporations to settle on relatively tame terms, given that criminal prosecutions of corporations could be extremely costly for investors and other innocent third parties.  

Adamant enforcement of the internal controls provision would seemingly allow this heavy hand to probe deeper down the employee hierarchy, reaching employees not guilty of bribery itself but who may have participated in a firm’s culture (or employee subculture) of lax oversight, imprudent decision-making, one-eyed pursuit of profit, etc.  In fact, the SEC has pursued FCPA enforcement on a control-person theory against supervisory-level employees who, as alleged, neither participated in bribery n0r knowingly circumvented or failed to maintain internal controls themselves, but failed to supervise corporate personnel within a Brazilian subsidiary who made undocumented cash payments to facilitate the importation of unregistered products. 

Moreover, the use of the circumvention-of-controls charge in the case against Roger Ng itself suggests the broad scope with which this charge can be used in future prosecutions.  Mr. Ng argued that the “transactions” that must be recorded pursuant to the internal compliance requirement only referred to the securities issuer’s own transactions—and thus any effort to siphon funds from 1MDB after GS had distributed the legitimate bond proceeds would not undermine the scope of these controls.  In opposition, the government argued that (1) the plain language of the FCPA statute renders the internal accounting controls provision implicated when a defendant directs the flow of money from a securities issuer to a third party and then to the kickback/bribe recipients, even if the final illegal transaction does not formally and directly involve the issuer; and (2) even before any payments were made, Mr. Ng circumvented the statutorily-mandated controls by concealing Mr. Low’s role in the transactions.  

Reasons for Concern Moving Forward

In Mr. Ng’s case, the government alleges that the former head of investment banking for GS Malaysia is guilty of playing a critical role in developing and encouraging the elaborate bribe/kickback scheme.  But it is possible that the jury will find that Mr. Ng himself exhibited neither the mens rea requisite for bribery nor that for money laundering, but still convicts on the FCPA internal controls charge.  Such an outcome would hold Mr. Ng liable for intending and acting to circumvent internal safeguards in a vacuum. 

Future prosecutors will inevitably tack on an FCPA internal controls charge in similar cases.  They may also wonder whether this relatively less onerous burden of proof could be overcome against managerial-level employees in other types of cases, perhaps as an alternative to incurring the third-party effects of pursuing stiff criminal penalties against culpable corporate entities themselves.  Consider (1) vigorous prosecution of managerial employees on the control-person theory; (2) prosecutions of managerial employees who dutifully undertook to knowingly circumvent internal controls in the service of and coordination with their bosses, yet who are ignorant of their role in the boss’s grander criminal enterprise; or (3) wide-sweeping corporate bribery prosecutions that drag in managerial employees who may have circumvented internal controls in light of a corporate culture of freewheeling or corner-cutting, yet who played no substantive role in the bribery scheme at the center of the allegations.  If Mr. Ng’s case is any indication, we might see more aggressive FCPA enforcement against large swaths of managerial employees for activity that is neither “foreign” nor characterized as “bribery.”      

Max Cherman is a second-year student at Columbia Law School and a Staff member of the Columbia Journal of Transnational Law.  He graduated from Duke University in 2020.