Dead on Deferral?: Whether to Prosecute Companies That Fail to Comply with DPAs

By Brittney Nagle1

Enormous fines have become one of the most recognizable ways that the United States punishes bad actors on the global stage. When bad actors, in particular large international banks and other financial institutions, violate U.S. economic sanctions and fail to follow Anti-Money Laundering (AML) requirements, law enforcement agencies on federal, state, and local levels have launched large scale criminal and civil investigations.2 These investigations do not always result in criminal prosecution; instead, the parties involved will often reach a resolution.

One such resolution mechanism that has gained increasing popularity in recent years is a Deferred Prosecution Agreement (DPA). Under a DPA, a defendant, in this context usually the corporation itself, agrees to waive indictment and be charged criminally, and in exchange the prosecutor agrees to defer criminal charges under the condition that the defendant fulfills certain conditions within a specified time.3 A common condition of DPAs requires the bank or financial institution work with a monitor, typically an unrelated law firm or auditor, for a period generally of five years to ensure that the failures in their compliance and AML systems were fixed, and that the same pitfalls that led to the violations in the first place were not repeated.4 If the defendant satisfies their obligations under the DPA, the charges are dismissed and it is as though the government decided never to bring charges in the first place.5 If however, the conditions of the DPA are not met, then the defendant could face criminal prosecution.6

Many of those agreements, signed in 2010 through 2012, either have or are about to come to the end of the monitoring term.7 Regulators and law enforcement agencies are or will be working with the financial institutions and banks themselves to determine whether the terms of the DPAs were fulfilled.8 This will inevitably raise the question of what options are left for regulators and law enforcement agencies that find that a financial institution has failed to fulfill the requirements of its DPA.

Both criminal and civil proceedings could be brought following a bank’s failure to meet the requirements of its DPA. On the criminal side, the two major options are pursuing criminal charges against the corporation and imposing individual criminal liability against corporate executives. Each of these options presents its own benefits, incentives, and challenges, and they are not mutually exclusive. This Contribution will argue a combination of criminal charges against banks who do not uphold their obligations under a DPA along with bringing actions to disgorge executives of bonus and discretionary compensation would be the best ways to ensure that the government is able to enforce sanctions and AML compliance on major international banks.

I.              Corporate Criminal Liability

The first option that prosecutors could consider in the event of a failed DPA is to bring criminal charges against the bank or financial institution. Criminal charges against the corporation would vary depending on the conduct, but could involve crimes like mail fraud, wire fraud, falsifying business records, and tax evasion, as in the Credit Suisse case.9 The benefit to directly pursuing charges is that it is arguably the strongest “stick” of enforcement. However, pursuing criminal charges can also come with enormous consequences that give prosecutors and regulators pause.

The main concern with this course of action is the prevailing wisdom that the collateral consequences of actually indicting a bank likely outweigh the benefits of an indictment.10 Indictments in this situation can wreak havoc on the employees, shareholders, and customers of the institution. These harms could exceed any benefit to be gained by punishing the bank in this way.11 The collapse of Arthur Andersen under the weight of a criminal indictment and prosecution led to the idea that pursuing a criminal case against a large corporation is effectively a death sentence for the company, regardless of the ultimate outcome of the case.12 This so-called “Andersen effect” is often cited as a major factor in the Department of Justice’s policy of pursuing DPAs instead of criminal indictments.13

Recently, however, the Department of Justice (DOJ) has faced some criticism for this approach, and this may indicate that criminal charges are a more likely and desired result of a failed DPA. Critics argue that the fear of the “Andersen effect” and fear of accusations of prosecutorial overreaching have led the DOJ and other agencies to be too soft on corporate crime.14 Court E. Golumbic and Albert D. Lichy, two scholars who have studied trends in enforcement, cite two major shifts in the executive and judicial branches as evidence that the tide may be turning back in favor of criminal charges.15

The first shift is the judicial branch’s apparent view that the Department of Justice is being too soft on corporate crime and desire to be involved in the settlement process. In United States v. HSBC Bank USA, N.A., Judge Gleeson took the unprecedented step of finding that the supervisory power of the court gives judges the authority to supervise the terms of the DPA and ultimately the power to approve or reject it should the court find the terms improper.16 Judge Gleeson’s ruling comes after Judge Rakoff’s refusal to approve the Security Exchange Commission’s (SEC) settlement with Citigroup Global Markets for their role in the financial crisis of 2008.17 In his opinion, Judge Rakoff railed against the judiciary simply granting rubber-stamp approval of settlements between the government and financial institutions, going to far to say that doing so is “worse than mindless, it is inherently dangerous.”18 The Second Circuit disagreed with Judge Rakoff,19 but the trend of judges becoming more involved in the agreement and settlement process can still be seen as an indication of an overall dissatisfaction with the government’s current “soft” approach towards corporate crime and judicial dissatisfaction at being effectively cut out of the process. By moving towards criminal charges following failed DPAs, the judiciary will have a more active role in promoting accountability among banks and financial institutions.

The second shift is that the Department of Justice has shown itself increasingly willing to pursue criminal charges instead of DPAs in cases against major financial institutions.20 In the months following the announcement of the DPA with HSBC, the DOJ announced that they had secured guilty pleas from the Japanese subsidiaries from the United Bank of Switzerland (UBS) and the Royal Bank of Scotland (RBS) for their role in the LIBOR21 manipulation scheme, in December of 2012 and February of 2013, respectively.22 In addition to this, the DOJ announced the indictment of S.A.C. Capital advisors on allegations of insider trading. S.A.C. ultimately settled the case by pleading guilty and agreeing to pay a $1.8 billion fine in addition to terminating their investment business.23 Finally, there is the guilty plea entered by Credit Suisse Group for conspiring to aid tax evasion, which led to the bank paying a fine of $2.6 billion.24 Golumbic and Lichy’s point is that the DOJ’s decision to bring criminal charges against each of these entities so soon after the HSBC case indicates that the DOJ is not in fact crippled by the Andersen effect and pursues an indictment when it finds it appropriate.

Further, it is unclear whether the Andersen effect is in fact a real phenomenon that should be considered.25 Gabriel Markoff used publicly available data to develop a data set of all publicly traded companies that were convicted of a crime in the years 2001 through 2010.26 Of the 54 companies included in his dataset, Markoff found that none could reasonably be said to have gone out of business as a result of a federal criminal conviction.27 This, Markoff argues, calls into question the veracity of the standard wisdom that criminal prosecution alone could destroy a company.28 Markoff acknowledges a few explanations for this, but focuses primarily on the notion that the Andersen effect might be the exception rather than the rule when it comes to corporate prosecutions.29 Despite the evidence and the increasing willingness of the DOJ to bring criminal charges, fear of the “Andersen effect” remains strong and is often cited as the major reason to pursue DPAs.30

While there is a push from the executive and judicial branches to pursue criminal charges in the first place, there remains a strong argument for turning to criminal charges when DPAs fail. Randall Eliason, former chief of the DOJ’s Fraud Section, has argued that reluctance to pursue criminal charges has encouraged corporations and their executives to be less fearful of the consequences of a federal investigation. According to Eliason,

[w]ith the threat of criminal liability effectively off the table, corporate executives may be more willing to skate aggressively close to the line – or to jump over it. If the prospect of real criminal sanctions against the company is removed, then engaging in criminal activity becomes just another dollars-and-cents decision. The moral condemnation aspect of a criminal conviction is lost – and with it the unique deterrent value of criminal law.31

While the DOJ might hesitate to start pursuing criminal charges in lieu of DPAs from the start, finding that banks and financial institutions have failed to follow through with the terms of the agreement provide some evidence that Eliason may be right, and that perhaps actually pursuing the criminal charges outlined in the criminal information filed at the outset of the DPA is the best way to deal with failures to comply.

II.            Individual Criminal Liability

The other major option that law enforcement agencies could pursue in the wake of a failed DPA is individual criminal liability. While individual criminal liability in the corporate context is a relatively new legal development, it has been implemented successfully in area of securities fraud and other types of corporate fraud. For example, the Sarbanes-Oxley Act (“SOX”) requires that the CEO and CFO forfeit any bonuses, compensation, and any stock sale profits if the company is required to file a restatement of any of financial reporting requirements under federal securities laws because of material noncompliance as a result of misconduct,32 and the Yates Memo33 asserted that the DOJ would no longer be willing to award cooperation credit to a corporation unless the corporation identified “individuals involved in the misconduct, and provide the DOJ with all relevant facts, regardless of the employees’ position, status, and seniority.”34 This emphasis on individual criminal liability in the corporate context could and should be applied to violating sanctions and AML laws, both for individuals and corporations, after a failed DPA.

A.    Individual Liability as Applied to Low-Level Employees

Nearly every investigation into a large financial institution violating U.S. sanctions and AML laws traces down to the lowest level employees.35 In many of the DPAs related to sanctions and AML violations, the individuals in the bank who had actual knowledge of the violations were not higher level executives, but rather lower level employees in both the commercial and retail banking sectors. In large, complicated financial institutions, oftentimes low-level employees’ compensations and job securities are tied to metrics that give the employees an incentive to break the rules. For many relationship managers or low-level compliance and risk management officers, there was, and continues to be, a direct conflict between following proper protocols, and doing their job.

This conflict manifested itself in the context of sanctions and AML by leading bank employees at several large banks to engage in a process called “stripping” to circumvent the laws.36 Knowing that any transactions that involved sanctioned countries could be blocked in filters established by the Office of Foreign Asset Control (“OFAC”), a branch of the Treasury Department, the banks engaged in behavior that would allow them to conceal the true nature of transactions conducted on behalf of clients from sanctioned countries.37 In addition to altering payment instructions, these low-level employees also have incentives to circumvent sanction requirements in other ways, notably in helping customers from sanctioned countries open accounts and coaching them on how to properly pass “Know Your Customer” (KYC) requirements, which are the controls put in place to screen out these exact individuals.38

The practicalities of the complex federal investigations and internal investigations are such that these are the employees for whom investigators can find a “smoking gun.” In building a criminal case, prosecutors are acutely aware of the high beyond a reasonable doubt standard. Absent a strict liability regime, this means that in prosecuting individuals for corporate bad acts, the only people who would have an actual fear of trial are those low-level employees. When a bank cooperates and turns over internal emails, policies, and payment cover messages, it is the relationship managers and low-level compliance officers who are sending and receiving the emails and altering the payment messages. The strongest evidence relates to them, not to the bank’s officers.

While it may be feasible to prosecute the low-level employees involved in the crime, enforcing individual criminal liability against these low-level employees would likely not be at all effective in achieving the policy goal of cracking down on corporate crime and holding culpable individuals responsible. As a practical matter, the first hurdle is that many of violations occurred at bank branches outside of the U.S., and that the employees processing the transactions are not U.S. citizens, and therefore unlikely to be extradited to the U.S. to be held responsible for their crimes.39 The other practical concern is that imposing criminal penalties on these employees is unlikely to discourage the behavior. From the standpoint of the employee, especially those located outside of the U.S., it simply may be worth the risk. An employee half way across the world, whose income depends on the volume of business he or she generates, is unlikely to be concerned with the possibility of facing criminal charges in the U.S. For the bank, these employees are largely disposable. Criminal sanctions imposed against a relationship manager located in remote bank branch in the Middle East is unlikely to cause as much alarm for a international bank as criminal sanctions imposed against the bank’s top executives. Though it is a pessimistic attitude, the reality is that low level employees are replaceable, and punishing them will do little to correct the bank’s behavior.

In addition to the practical concerns, there are ethical concerns. Though the Yates Memo aims to be tougher on culpable individuals, regardless of seniority, who engage in and enable corporate crime, including those who are “judgment proof” and thus subject to a largely symbolic prosecution, it seems unlikely that low-level employees will yield the result the DOJ is looking for.40 Imposing criminal liability only on those low level employees for which substantial evidence exists would do little to stem the tide of corruption in a large organization. The DOJ has recognized this problem in prosecuting other large, complex organizations like organized crime and gangs. Punishing the “little guys” at the bottom of the food chain is unlikely to satisfy the public desire to hold corporations accountable.

B.    Individual Liability as Applied to Corporate Executives and Directors

Individual liability imposed against Corporate Executives and Directors would provide the benefit of actually holding those in charge of these major financial institutions accountable for bad behavior. The possibility of liability ensures that these executives have some “skin in the game” and incentivizes them to encourage a corporate culture that is compliant with U.S. regulatory regimes. Individual liability imposed against corporate executives and directors seems more in line with achieving the policy goal of stemming corporate bad behavior but presents its own challenges.

Unlike their lower-level counterparts, there is seldom substantial evidence that higher-level officers or executives of the company directly engaged in the bad behavior for which the bank is being investigated. Because of this, it is very difficult to see how prosecutors could successfully pursue criminal charges against the officers absent some other change. The violations that the banks are charged with in most of the DPAs involve a willful or knowing state of mind.41 While the bank as a whole may be willing to sign such an agreement, it is doubtful that an individual will. Absent any “smoking gun” emails, memos, or other direct evidence establishing actual knowledge or willfulness by the executive in question, the government will have a very difficult time proving their case, especially if a savvy defense attorney is aware of this and pushes for trial.

One way around this is to change the standard of liability for criminal misconduct in this context. There are a few ways lawmakers could do this. First, Congress could impose a RICO-style regime that would allow prosecutors to commute the acts of lower level employees engaged in systemic violation of sanctions and AML protocols to the higher-level executives charged with making sure the bank is following them. By introducing a conspiracy-type charging regime into this context, prosecutors would be able to circumvent the challenges presented by willful and knowing standards. The problem, however, is that this type of regime, drawing comparisons between large financial institutions and organized crime, is unlikely to gain much support in Congress. Another option that would be available to Congress would be to adopt a strict liability regime for executive officers in this context, similar to the strict liability regime imposed on executive officers in the context of securities laws. Under Section 304 of the Sarbanes-Oxley Act:

If an issuer is required to prepare an accounting restatement due to the material noncompliance of the issuer, as a result of misconduct, with any financial reporting requirement under the securities laws, the chief executive officer and chief financial officer of the issuer shall reimburse the issuer for—

(1) any bonus or other incentive-based or equity-based compensation received by that person from the issuer during the 12-month period following the first public issuance or filing with the Commission (whichever first occurs) of the financial document embodying such financial reporting requirement…42

To the extent that officer compensation is based on the volume of business done with prohibited entities, Congress could impose a claw back on that compensation as well. By imposing a strict liability regime on incentive compensation of the high-level executives, prosecutors would be more able to overcome the challenge of proving that an executive willfully or knowingly engaged in bad conduct. Limiting the punishment to a claw back of certain categories of compensation would also assuage concerns that the punishment is too harsh for individuals whom prosecutors cannot prove had firsthand knowledge of the misconduct.

There are, however, some concerns with this option as well. In particular, there is a concern that imposing strict liability on executives for this conduct could result in an exodus of capable compliance officers from troubled companies.43 The crux of this argument is that by putting the risk of liability on corporate officers drives talented executives into sectors that are less risky.44 This is especially true when one considers that many of these banks have thousands of employees across the globe. Executives who fear liability on the basis of actions taken by a few bad employees across the globe would possibly sway them to leadership roles in less risky sectors or drive up the cost of executive compensation packages to make up for the risk.45

III.          Conclusion

Though each option presents its own challenges, a combination of both major options is best. Moving ahead with charges against banks who do not uphold their obligations under a DPA, along with bringing actions to disgorge executives of bonus compensation might be the best way to ensure that the DOJ is able to enforce sanctions and AML compliance on major international banks. Recent trends in judicial behavior and a willingness to file criminal charges against financial institutions indicate that the age of living in fear of the Andersen effect may be diminishing, and so filing of criminal charges could be a more realistic possibility. The biggest hurdle to this would be imposing individual liability on executives due to the fear of driving capable executives out of the industry. However, prosecutors, regulators, and Congress should not this fear like a new version of the Andersen effect. Instead, they should pursue a strong strategy to deter violations and compliance with DPAs to ensure a healthy financial corporate culture and market.

Recommended Citation: Brittney Nagle, Dead on Deferral?: Whether to Prosecute Companies That Fail to Comply with DPAs, 2018 N.Y.U. Proceedings 4,


1. Brittney Nagle is a 3L at New York University School of Law. This piece was prepared in conjunction with the author’s Compliance and Risk Management for Lawyers class. The views expressed in this article do not necessarily represent the views of the author on this point of law. Rather, this article is a distillation of one side of the argument regarding Deferred Prosecution Agreements discussed in the course of the class.
2. See, e.g., Press Release, Lloyds TSB Bank Plc Agrees to Forfeit $350 Million in Connection with Violations of the International Emergency Economic Powers Act, Dep’t of Just. (Jan. 9, 2009), [hereinafter “Lloyds Press Release”]; Press Release, Barclays Bank PLC Agrees to Forfeit $298 Million in Connection with Violations of the International Emergency Economic Powers Act and the Trading with the Enemy Act, Dep’t of Just. (Aug. 18, 2010), [hereinafter “Barclays Press Release”]; Press Release, ING Bank N.V. Agrees to Forfeit $619 Million for Illegal Transactions with Cuban and Iranian Entities, Dep’t of Just. (June 12, 2012), [hereinafter “ING Press Release”]; Press Release, Standard Chartered Bank Agrees to Forfeit $227 Million for Illegal Transactions with Iran, Sudan, Libya, and Burma, Dep’t of Just. (Dec. 10, 2012), [hereinafter “Standard Chartered Press Release”].
3. See Steven R. Peikin, Deferred Prosecution Agreements: Standard for Corporate Probes, N.Y. L. J. (Jan. 31, 2005),
4. See id.
5. See id.
6. See id.
7. See id.
8. See id.
9. See Press Release, Credit Suisse Pleads Guilty to Conspiracy to Aid and Assist U.S. Taxpayers in Filing False Returns, Dep’t of Just. (May 19, 2014), [hereinafter “Credit Suisse Press Release”].
10. See F. Joseph Warren, et. al., Gibson Dunn Offers Update on Non-Prosecution and Deferred Prosecution Agreements, CLS Blue Sky Blog (Jan. 16, 2017),
11. See Elizabeth K. Ainslie, Indicting Corporations Revisited: Lessons of the Arthur Andersen Prosecution, 43 Am. Crim. L. Rev. 107, 109 (2006); Court E. Golumbic & Albert D. Lichy, The “Too Big to Jail” Effect and the Impact on the Justice Department’s Corporate Charging Policy, 65 Hastings L.J. 1293, 1296 (2014).
12. See Gabriel Markoff, Arthur Andersen and the Myth of the Corporate Death Penalty: Corporate Criminal Convictions in the Twenty-First Century, 15 U. Pa. J. Bus. L. 797, 800 (2013).
13. See, e.g., Memorandum from Larry D. Thompson, Deputy Attorney Gen., U.S. Dep’t of Justice, to Heads of Dep’t Components on Principles of Fed. Prosecution of Bus. Orgs. (Jan. 20, 2003) [hereinafter Thompson Memo], available at .
14. See Golumbic & Lichy, supra note 11, at 1296.
15. See id. at 1297.
16. United States v. HSBC Bank USA, N.A., 12-CR-763, 2013 U.S. Dist. LEXIS 92438, at *18-20 (E.D.N.Y. July 1, 2013).
17. See United States SEC v. Citigroup Global Mkts. Inc., 827 F. Supp. 2d 328 (S.D.N.Y. Nov. 28, 2011).
18. Id. at 335.
19. See SEC v. Citigroup Capital Mkts., 673 F.3d 158, 164 (2d. Cir. 2012).
20. See Golumbic & Lichy, supra note 11, at 1297.
21. LIBOR, the London Interbank Offered Rate, is a benchmark rate which indicates the rate at which some of the world’s top banks would agree to short-term loans with each other and influences global interest rates. See LIBOR, Investopedia, (last visited Feb. 2, 2018).
22. See Press Release, UBS Securities Japan Co. Ltd. to Plead Guilty to Felony Wire Fraud for Long-Running Manipulation of LIBOR Benchmark Interest Rates, Dep’t of Just. (Dec. 19, 2012), [ hereinafter “UBS Press Release”]; Press Release, RBS Securities Japan Limited Agrees to Plead Guilty in Connection with Long-Running Manipulation of Libor Benchmark Interest Rates, Dep’t of Just. (Feb. 6, 2013), [hereinafter “RBS Press Release”].
23. See Press Release, Manhattan U.S. Attorney Announces Guilty Plea Agreement With SAC Capital Mgmt. Cos., Dep’t of Just. (Nov. 4, 2013), [hereinafter “SAC Press Release”].
24. See Credit Suisse Press Release, supra note 9.
25. See Markoff, supra note 12 at 797 (finding that there is no empirical evidence to support the “Andersen effect” and that in a study of organizational convictions in the period from 2001-2010, no publicly traded company failed because their conviction).
26. See id. at 812-15.
27. See id. at 827.
28. See id.
29. See id.
30. See id. at 807-08.
31. Randall D. Eliason, We Need to Indict Them, Legal Times, Sept. 22, 2008; see also Sara Sun Beale, A Response to the Critics of Corporate Criminal Liability, 46 Am. Crim. L. Rev. 1481, 1482-86 (2009) (arguing that corporations, as large, powerful actors, are more than just legal fictions and should bear direct responsibility for their acts).
32. Paul F. Wessell, Key Provisions of the Sarbanes-Oxley Act of 2002, Rhoads & Sinon, (last visited Oct. 2, 2017).
33. See Memorandum from Sally Quillian Yates, Deputy Att’y Gen., Individual Accountability for Corporate Wrongdoing (Sept. 9, 2015) [hereinafter Yates Memo], [ -AVX9].
34. Sharon Oded, Coughing Up Executives or Rolling the Dice?: Individual Accountability for Corporate Corruption, 35 Yale L. & Pol’y Rev. 49, 52 (2016).
35. See, e.g., Lloyds Press Release, supra note 2; Barclays Press Release, supra note 2; ING Press Release, supra note 2; Standard Chartered Press Release, supra note 2.
36. See, e.g., United States v. Standard Chartered Bank, Deferred Prosecution Agreement (Dec. 10, 2012) [hereafter “Standard Chartered DPA”], available at;  United States v. Barclays PLC, Deferred Prosecution Agreement (Aug. 10, 2010) [hereafter “Barclays DPA”], available at; United State of America v. ING Bank, N.V. , Deferred Prosecution Agreement (June 12, 2012) [hereafter ING DPA”], available at:; United State of America v. Lloyds TSB Bank PLC, Deferred Prosecution Agreement (Jan. 09, 2009) [hereafter “Lloyds DPA”], available at
37. See Standard Chartered DPA, supra note 36, Appx A at 9; Barclays DPA supra note 36, at 26; Lloyds DPA, supra note 36, at 22.
38. See Dan Ryan, FinCEN: Know Your Customer Requirements, Harvard Law Sch. Forum on Corp. Governance and Fin. Regulation (Feb. 7, 2016),
39. To the extent that the United States has an extradition treaty with countries where these violations occur, they would not cover the extradition of a foreign national from his or her own country to face liability in the United States. See 18 U.S.C. Sect. 3181.
40. See Oded, supra note 34, at 52.
41. See, e.g., Barclays DPA, supra note 36, Exhibit A at 1 (Barclays charged with “(1) willfully violating and attempting to violate the Trading with the Enemy Act, 50 U.S.C. app. §§ 5, 16, and regulations issued thereunder and (2) willfully violating and attempting to violate the International Emergency Economic Powers Act, 50 U.S.C. § 1705, and regulations thereunder.”); ING DPA, supra note 36, at 1-2 (ING agreeing to be charged with “knowing and willfully conspiring, in violation of Title 18, Section 371 to commit the following offenses: (a) engaging in transactions with entities associated with Cuba, in violation of the Trading with the Enemy Act, Title 50, United States Code, Appendix, Sections 1-44, and regulations issued thereunder; and (b) engaging in transactions with entities associated with sanctioned countries, including Iran, in violation of the International Emergency Economic Powers Act, Title 50, United States Code, Section 1705, and regulations issued thereunder.”); Lloyds DPA, supra note 36, at 1 (agreeing to be charged with “knowingly and willfully violating and attempting to violate regulations under the International Emergency Economic Powers Act, Title 50, United States Code, Section 1705, to wit, Title 31, Code of Federal Regulations, Sections 560.203 and 560.204 which prohibit: (a) the exportation from the United States of a service to Iran without authorization and (b) any transaction within the United States that evaded and avoided, or had the purpose of evading and avoiding such regulations.”); Standard Chartered DPA, supra note 36, at 1 (agreeing to be charged with one count of “knowingly and willfully conspiring, in violation of Title 18, Section 371 to engage in transactions with entities associated with sanctioned countries, including Iran, Sudan, Libya, and Burma, in violation of the International Emergency Economic Powers Act, Title 50, United States Code, Section 1705, and regulations issued thereunder.”).
42. Sarbanes–Oxley Act of 2002, Pub.L. 107–204 § 304 (2002).
43. See generally Court. E. Golumbic, “The Big Chill”: Personal Liability and the Targeting of Financial Sector Compliance Officers 69 Hastings L.J. 45 (2014).
44. See id.
45. See id.