Commentary: Goldman Sachs’ 1MDB Compliance Failures Provide Lessons for Firms and Banks (Part 2)

Goldman Sachs and the government of Malaysia recently announced an agreement to resolve all criminal and regulatory proceedings involving the investment bank in the country over 1MDB through a $3.9 billion settlement.

Click here to read the background story of the 1MDB scandal.

What are the key takeaways from this scandal?

Lesson 1

Make sure to undertake proper and ongoing due diligence and act on red flags. Listen to experienced people in the firm before doing deals. Verify independently the main points of what is represented to the compliance and legal departments on large deals. The failure to act on red flags or ignoring them often leads to disaster, reputational loss and even loss of market share.


Goldman’s various internal Foreign Corrupt Practices Act (FCPA) and accounting controls were overseen and enforced by its compliance function and its legal department. These groups worked with other sub-committees to approve the 1MDB transactions (collectively “committees”). In all, the 1MDB transactions involved more than 30 Goldman executives including the then chief executive, the chief operating officer and later the president. The bond deals went through no less than five internal Goldman committees. It appears that not one committee or not one person had absolute oversight of risk and compliance in relation to the 1MDB deals or independently verified what they were told by Leissner or Ng. It is plausible that no-one in compliance or on the committees even checked what Leissner was telling the committees because even Blankfein admitted Leissner and Ng lied to him.

Putting lies to one side, there were several other red flags (outlined) that Goldman executives and the various committees knew about in relation to the bond deals that should have made them concerned or at least apply more intense compliance. The red flags didn’t stop here.

Goldman appointed BSI, a struggling Swiss bank with a dubious background of cleaning money for rich Americans, as its bank of choice to receive the 1MDB funds and then attend to the various transfers internationally. Goldman committees must have known that this small bank was to receive the first tranche of $3 billion for the bond deals.

There were more warning signs if someone had looked. In 2011, the Monetary Authority of Singapore found serious policy lapses and weak enforcement controls at BSI.

Additionally, the Harvard Law School Forum on Corporate Governance has pointed out that Goldman’s own lawyers in Singapore advised the bank’s executives in an email that it was unusual to use such a small private bank for a $3 billion deposit and recommended against it.

Again, the bank’s committees, compliance and legal teams must have known that BSI was the bank of choice where the bond deposits were destined. To paint the picture more clearly, the largest bond offering in the world at the time was to be deposited into a small, unknown Swiss bank with a known history for laundering, amid question marks surrounding its compliance from Singaporean regulators. How many more red flags did compliance need?

What emerges is that there was simply a complete failure within Goldman’s management, compliance and legal to undertake proper due diligence and detect or appreciate the many red flags that pointed to vulnerabilities around the transaction and the framework. Even when the most senior partner in Asia raised concerns about the 1MDB bond deal it was ignored. Was it the case that Goldman was blinded by the $600 million commission fees for the bond deals?

Lesson 2

If the firm is taken in by fraud and lies from its own executives, then the compliance system does not work. Make sure compliance and/ or legal has a line of sight over all business dealings and fund transfers, no matter how confidential, and that important assurances are independently verified. By deploying proper compliance oversight, firms can guard against the next scandal and inaction. The reason to have compliance is to unravel lies and fraud, not to be taken in by them. Put the best compliance people to work overseeing the biggest and most important transactions at the firm. Finally, hold senior executives accountable for significant compliance failures and release them from the company if there is a significant compliance failure.

The $3.9 billion settlement that Goldman Sachs reached with the Malaysian government for its role in the 1MDB corruption scandal offers a lessons about cultural failure and circumvention of internal compliance controls. This second and concluding article about the case examines those failings after part one explored the due diligence failures and presented four lessons for compliance professionals, the latter two which are outlined below.

The deal struck by the U.S. investment bank, which allegedly failed to act while $4.5 billion was stolen from its client, a sovereign wealth fund, involves a cash payment of $2.5 billion and a guarantee to recover $1.4 billion in assets bought with the fraudulently diverted money. Goldman Sachs underwrote and arranged bond sales for the wealth fund totalling $6.5 billion and took in $600 million in fees.

Cultural failure

According to the DoJ, Goldman’s culture in 2009, particularly in South-East Asia, prioritised “consummation of deals ahead of the proper operation of its compliance functions. In addition, an unnamed participating managing director of the firm is alleged to have been aware of the bribery scheme and to have agreed not to disclose this information to the firm’s compliance and control personnel”.

This points to the fact that where there was lucrative business to be had, and for certain deals, not all information was disclosed to Goldman’s compliance and legal teams and these departments could be side-stepped and conveniently avoided.

The first point is that at the highest levels of Goldman, many executives knew they were dealing with Jho Low representing 1MDB, and that its own compliance department had already vetted the banker as unsuitable to do business with and had refused to open an account for him. Goldman executives knew Jho Low’s wealth could not be explained, and his background was dubious.

The bank’s culture, as it was seven years ago, included executives at the highest level that oversaw kickbacks to government officials in

Malaysia and Abu Dhabi and the appointment of little-known Swiss bank BSI to launder money for 1MDB with the knowledge of some Goldman executives at partner level. One can only say that there was not a unified compliance culture within the bank, and that doing “the deal” was more important than disclosing issues to compliance or honestly.

Lesson 3

Make sure senior leaders in the organisation work towards a unified compliance culture where everyone is on the same page and where staff are rewarded for honesty and integrity and not just closing deals.

A failure of culture will limit the longevity of an organisation. Compliance officers, as well as all senior individuals in financial services firms, are on notice that regulatory regimes are making it simpler for supervisors to hold people to account. Senior individuals would be well-advised to consider these issues in order to manage their personal liability.

Thomson Reuters’ Cost of Compliance survey for 2020 sets out that to build unified compliance across the organisation, senior managers and directors should know exactly what they are responsible for at any point in time, and how compliant activities in their areas of responsibility are structured and tested as operating effectively. An organisation should have comprehensive recordkeeping so that, after an event, compliant activities and the discharge of relevant obligations can be demonstrated.

Circumvention of internal compliance controls

The bank has spent a considerable amount of money on its internal compliance controls. The DoJ indictment states that: “Leissner knowingly circumvented internal accounting controls that Goldman Sachs had in place and caused the company’s books, records and accounts to be falsified through the misrepresentation that he had made to Goldman Sachs’ executives and representatives”.

It makes little sense to lay the blame only at the feet of Leissner and Ng, who operated mainly from Asia, when the bond deals were all approved in New York. At various times, the committees (as set out in Part 1 of this article) had oversight of the transactions, not to mention a talented legal team. The point about compliance is to unravel lies, not to be taken in by them.

It begs the question of how can a senior executive in a South-East Asia business unit override compliance controls in New York. It also appears there was no overall compliance review by supervisors from different reporting lines and there was no independent review of the transactions or verification of what Leissner told the committees. The conclusion from this is the current committee review procedure at Goldman Sachs needs a rigorous overhaul as the compliance framework failed when it was most needed and should have exposed an unsophisticated fraud that could have been detected by independent verification.

Lesson 4

Do not send a chicken out to deal with a shark; hire skilled compliance experts that can assess large important transactions. Make sure compliance committees are effective and staff have appropriate skill sets. Know exactly what staff are responsible for at any point in time in any transaction and that activities in their areas of responsibility are structured and are tested, i.e., they work. Verify, verify and then verify independently important information in relation to large transactions.

Closing remarks

Goldman’s bond offerings were surrounded by political connections between the then prime minister of Malaysia, Najib Razak, and the bank’s then chief executive, Lloyd Blankfein.

This strategic alliance may have created an ability for Goldman to position itself ready for commercial projects with 1MDB and turn a blind eye to red flags to get the deal done, no matter what. Perhaps Goldman wanted the commercial work so much that the firm blindsided itself to the risks staring back at them.

The bank ignored one red flag after another. The compliance failures of Goldman Sachs and the ambitions of senior executives and partners to drive the deal enabled the fraud by not allowing compliance to have complete oversight. A unified compliance culture is the one weapon a firm or bank has to prevent another 1MDB scandal from emerging in a different form. If these severe and expensive lessons are not learned, they will only reoccur.

Subscribe to Business Insight

Discover best practice and keep up-to-date with insights on the latest industry trends.