The FBI on Governmental Sector Compliance Programs [Podcast]


By Adam Turteltaub

The FBI has a long-established compliance program born out of allegations of misuse of National Security Letter authority.

In this podcast, Catherine Bruno, FBI Assistant Director for the Office of Integrity & Compliance, offers advice for other governmental entities eager to establish a compliance program. She explains the history and structure of the FBI’s program, advice for selecting members of the team, earning management support, mistakes to avoid, and more.

She also provides insight into what has helped the development of the FBI’s program, including enlisting experts within the organization to identify risks and to help secure buy in.

Listen in to learn more about how to build a compliance program in a governmental setting.


  1. Congratulations Assistant Director Catherine Bruno on taking over the reins of the Office of Integrity and Compliance at the FBI and perhaps building on that program to generate government wide interest. I thought I would take this opportunity to comment on your presentation especially with regard to its origins.

    First, a little about me. After over 28 years as an FBI Agent, in 1996 I retired from the FBI as Chief of its Legal Advice and Training Section in the General Counsel’s Office. Thereafter, I took a position with Horizon Blue Cross Blue Shield of New Jersey as its first Director of Corporate Compliance and remained in that position for about six years (1997 – 2003) developing in depth understanding of the theory and practice of corporate compliance programs.

    In 2003 I returned to the FBI as a contractor in the Security Division.

    My involvement in the creation and implementation of the FBI Office of Integrity and Compliance started with news reports of the FBI misuse of an investigative technique called the National Security Letters. As you correctly point out, early in March 2007, the Department of Justice (DOJ), Office of Inspector General (IG), issued a report which concluded that in a large number of cases, the FBI did not comply with certain legal requirements in law which provided the FBI with the authority to request information from financial companies and communications providers in connection with counterterrorism and counterintelligence cases. The DOJ report includes a response from Director Mueller dated March 6, 2007 concerning the IG’s findings. The report was made public shortly thereafter and the press was replete with reports of the IG findings and highly critical editorials.

    On March 12, 2007 I wrote an internal email captioned “OIG NSL findings” to Pat Kelley, then the Deputy General Counsel and Chief of Staff in the Office of General Counsel, as follows:

    Pat – As often as I thought I would throw my 2 cents into things that I see that I wanted to comment on, I haven’t. But with the OIG report that came out last Friday, I thought I would give you and Valerie something to consider, and that is the establishment of a formalized compliance program within the FBI. Every major corporation and especially those that do business with the federal government have them; others have them just to be good corporate citizens as part of their self-governance. There are established methodologies [sic]to accomplish the compliance program tasks that are derived from the Federal Sentencing Guidelines. These are geared to raise the level of assurance that a corporation is complying with the rule of law. This is a matter of comfort to the regulators, high level execs and boards of directors that monitor and are ultimately responsible for compliance. My sense is that doing this would be a bold move, that would be well received by Congress – and while I would suggest focusing on the immediate problem of the NSL reporting requirements, I would broaden it to include all legal requirements on the FBI. I have a bit of history with compliance programs (and the FBI), having spent most of my post bureau effort in that area and continue to write and lecture on compliance program issues. If you or Valerie [Caproni – the General Counsel] would like discuss this idea further please let me know and I would be happy to come by. I think that many of the pieces of a compliance program are all ready in place but require an major effort of integration and monitoring. (Copy attached at Tab B.)

    Later that day I received an Outlook invitation to meet with Mr. Kelley on March 14, 2007. While I don’t have written record of that meeting, my recollection is that I briefed him on corporate styled compliance programs and what I had in mind as far as the suggestion I set out in my prior email. I had an additional opportunity to promote the concept with Valerie Caproni when we met socially at the Kelley’s house on March 17, when she and I talked about the concept. On March 19th I wrote to Ms. Caproni: “I was particularly enthused by our discussion of possibly applying compliance program methodology used in the private sector to the Bureau processes. I think that it is a terrific way to deflect the Bureau’s critics – and to show great leadership not only within the federal law enforcement / intelligence community but throughout government.” She wrote back: “I’ll keep you posted on where this is going – but I think that it will definitely happen in some shape or form.”

    During the Director’s testimony before the Senate Judiciary Committee, on March 27, 2007, he testified:

    “What I did not do, and should have done, is put in a compliance program, complete with auditing and follow-through to assure that those procedures were being followed.”

    However, it is not clear that he had a firm notion of what that program would look like. By April 16 I was detailed to the Office of the General Counsel to assist Pat Kelley who had been designated as the lead for the implementation of the compliance program at the FBI. I was advised of a meeting to be held on April 19, 2007, where the Rand Corporation was to make a presentation concerning a proposal regarding a compliance program. To assist Pat Kelley, I prepared a short powerpoint presentation which I transmitted to him by email on April 18, 2007. I presented that paper at the meeting. What is significant about the presentation is that it set out the elements of an effective compliance program which were eventually incorporated in total into the FBI compliance program.

    Also, during that period the FBI field offices and headquarters were tasked with attempting to discover any other practices that might be problematic. To the best of my knowledge that effort resulted in no concrete recommendations. The management process that I advocated be put in place had a component to assess risk of non-compliance.

    On May 15, 2011 a meeting with the Director and Deputy Director was held to provide a status report on the implementation process and to present a few remaining decision points. One of those decision points was the reporting structure of this new compliance program office. The General Counsel had suggested that it report to her. I was asked for my view and related that the best practice in industry was that it be independent from the General Counsel which was approved by the Director.

    I presented the FBI with an idea, a management process upon which to implement the concept, and the practical experience upon which to recommend solutions to advocating the adoption of the program and addressing implementation concerns. Of course it took Pat Kelley’s management skills, Valerie Caproni’s shared vision and the Director’s leadership to actually make it happen. Government, generally moves at glacial speed; however the implementation of the compliance program went from concept (03/2007) to the initial compliance committee meetings (07/2007) – a mere 4 months.

    That being said I wish to compliment you on the establishment of the Federal Working Group of Compliance Professionals. In that regard you may wish to review the materials at the website of the Rutgers Center for Government Compliance and Ethics (RCGCE)(, the mission of which is to promote similar programs at federal, state and local governmental organizations. This was the brainchild of Joe Murphy, long recognized as a leading expert in the area of corporate compliance and ethics. Without the FBI experience, the Rutgers Center would not have developed.

    As a consequence, the FBI, in a large measure, will be viewed as the starting point for these programs in government and the history of the development at the FBI may become relevant to future researchers. I thought I would share with you my perspective on the start of the program at the FBI, lest it be lost through fading memories and evaporating documentation.

    If you have any questions concerning this comment please feel free to contact me

    Emil Moschella

Comments are closed.