The Confidentiality of Reports by a Corporate Compliance Monitor
In a groundbreaking decision, Judge Gleeson granted a third party’s motion to make public a Report by the compliance monitor appointed under HSBC’s deferred prosecution agreement because the Report is a “judicial record” that “the public has a First Amendment right to see.” United States v. HSBC Bank USA and HSBC Holdings PLC, No. 12-CR-763 (JG) (E.D.N.Y., January 28, 2016). The Report contains the monitor’s review of HSBC Bank’s “implementation of remedial measures and ongoing compliance with” anti-money laundering requirements and of HSBC Holdings PLC’s compliance with economic sanctions laws.
The government and HSBC wanted the Report kept under wraps despite the First Amendment because: (1) disclosing it would have a “chilling effect” on “HSBC employees in cooperating with the Monitor” and would “invade the [employees’] privacy interests”; (2) it could be a “roadmap” for criminals seeking to exploit HSBC’s AML and sanctions compliance programs; and (3) its publication could damage the Monitor’s “relationship with foreign regulators” because it would “contravene assurances” of confidentiality the Monitor had given. While granting the legitimacy of these concerns, the Court nevertheless held that “targeted redactions” would alleviate almost all of them. The Court credited the third set of concerns and held that five of Report’s six appendices would remain sealed. But the majority of the Report itself, and the appendix containing the United States Country Review, would have to be made public — except for country names and information identified as confidential by the foreign jurisdictions. (The Court pointed to the monitor’s affidavit stating the belief “that a redacted report that does not negatively impact the monitor’s work can be produced.”)
The government also argued that public disclosure would hurt the effectiveness of monitors and also “impact the relationship between [DOJ] and financial regulators in the future when independent monitors are imposed.” But the Court noted that the government “did not have to file a DPA in this case” but did so because “perhaps the filing and maintenance of criminal charges was intended to produce a public relations benefit for the government.” Of course, once a case was filed, the government invoked the Court’s supervisory powers over what was then a “pending federal criminal case.” This will be the case whenever “the government choose[s] to resolve future criminal conduct by way of a DPA.” The Court thus found that “the government’s interest in prohibiting access to the Report for the sake of its future law enforcement efforts is minimal.”
I see two lessons here as long as the opinion remains good law (HSBC filed a Notice of Appeal on February 2nd). For those of us who may act as corporate monitors under DPAs: write your reports not only anticipating their disclosure but also with an eye toward their future court-ordered redaction. Use sections and appendices strategically and think about how confidential information, or information about employees, is included throughout your report. For company counsel, this opinion gives you another tool for persuading the government to give your client a non-prosecution agreement rather than a DPA. You may be able to convince the government that it can accomplish all it needs to do to vindicate the public interest with an NPA as with a DPA, and that the benefits it may get from filing and then suspending charges are outweighed by the costs of the potential exposure of the monitor’s reports.
(The Court cites my article on corporate deferred prosecution agreements.)