The Compliance Kitchen returns with a wrap-up of the week’s top trade and economic sanction issues. In today’s episode, Silvia Surman looks at the EU prolonging economic sanctions over Russia’s military aggression against Ukraine; FinCEN designates virtual currency exchange Bitzlato a “Primary Money Laundering Concern” for illicit Russian finance; DOJ obtains guilty plea from a military contractor for rigging bids on government military contracts.
Day: January 30, 2023
One of the most significant changes in the 2020 FCPA Resource Guide, 2nd edition, was the addition of a new Hallmark entitled “Investigation, Analysis, and Remediation of Misconduct,” which reads in full:
The truest measure of an effective compliance program is how it responds to misconduct. Accordingly, for a compliance program to be truly effective, it should have a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents. An effective investigations structure will also have an established means of documenting the company’s response, including any disciplinary or remediation measures taken.
In addition to having a mechanism for responding to the specific incident of misconduct, the company’s program should also integrate lessons learned from any misconduct into the company’s policies, training, and controls. To do so, a company will need to analyze the root causes of the misconduct to timely and appropriately remediate those causes to prevent future compliance breaches.
Ultimately, performing a root cause analysis is not simply sitting down and asking many questions. It would be best if you had an operational understanding of how a business operates and how they have developed its customer base. Overlay the need to understand what makes an effective compliance program with the skepticism an auditor should bring so that you do not simply accept an answer provided to you, as you might in an internal investigation. Marks noted that “a root cause analysis is not something where you can ask the five whys. You need these trained professionals who understand what they’re doing.”
Three key takeaways:
- A root cause analysis is required if you have a reportable compliance failure.
- There is no one process for performing a root cause analysis. You should select the one which works for you and follow it.
- To properly perform a root cause analysis, you need trained professionals who understand what they’re doing.
Categories
Episode 142- Scott Schools
In this episode of The Ethics Experts, Nick welcomes Scott Schools. Scott is the Chief Compliance and Ethics Officer at Uber Technologies, Inc. He joined Uber after a legal career that has included twenty-one years at the Department of Justice as well as seven years in the private sector. Scott spent a total of seven years as Associate Deputy Attorney General.
Welcome to the Hughes Hubbard Anticorruption and Internal investigation Practice Group’s podcast, where host Tom Fox and members of the Hughes Hubbard Anticorruption and Internal Investigation Practices Group delve into the legal issues surrounding white-collar and other investigations, both domestically and internationally. In this episode, Tom sits down with Amina Hassan, a litigator in the Hughes Hubbard litigation department. Tune in as they discuss the FTX scandal, one of the most unbelievable stories in recent fraud history.
Amina has been with the firm since graduating law school and has a wealth of experience in the crypto world, handling cross-action security litigation and helping clients navigate the uncertain regulatory and enforcement landscape in the US.
Key ideas you’ll hear in this episode:
- FTX was the second largest crypto exchange. It was a sprawling group of over 100 entities headquartered in the Bahamas. It offered a crypto derivatives exchange for trading futures on a margin, but not available to US customers.
- Sam Bankman-Fried was the founder of FTX. Alameda Research was a sister company and one of FTX’s biggest customers, but also borrowers. Money seemed to flow between and through all of the entities in an unusual way which led to the failure and lack of control.
- The collapse of FTX has brought scrutiny on the SEC’s role in regulating crypto. However, the SEC’s position is that they already have a regulatory structure in place and will continue to enforce it.
- The SEC has been the most active regulatory agency for crypto enforcement, but other agencies, such as the CFTC, FTC, and CFPB, will likely become more active in enforcing regulations in the crypto space.
- Sophisticated investors such as pension funds, hedge funds, and large wealth management funds invested nearly a billion dollars in FTX despite having fewer financial statements than the average individual.
- The FTX scandal is a wake-up call for institutional investors to improve their due diligence in the crypto space. This should include understanding the technology and asking the right questions, such as how wallets are kept and stored.
- The aftermath of the collapse of FTX may mean challenges for its competitors, such as Coinbase or even Bitcoin.
- The SEC has taken an enforcement-centric approach towards crypto and has not indicated any plans for rulemaking in 2023.
- There have been calls for more clarity in existing regulations for the crypto space and for possible specialized agencies like FINRA to be created for the crypto industry.
KEY QUOTE:
“One of the key takeaways from the FTX scandal is really the complete failure and lack of controls.” ~ Amina Hassan
Resources
Hughes Hubbard & Reed website
Amina Hassan on LinkedIn
What does remodeling a home have to do with ESG? In this episode of the ESG Report, Tom Fox and Kristy Grant-Hart discuss the role of compliance in leading the ESG initiative within a corporation. Kristy, the founder of Spark Consulting, explains how compliance professionals can expand their role to lead the E, S and G components of ESG. She also shares her personal experience of remodeling her new home with her husband and how it relates to ESG.
Kristy Grant Hart is a well-known figure in the compliance field. She is the founder and CEO of Spark Consulting, a global compliance and ethics consultancy that recently celebrated its 6th anniversary. Spark Consulting now has locations in Chicago, New York, Los Angeles, and London. The company also recently released a business simulation game called Compliance Competitor, which has been picked up by many companies. Kristy has over 15 years of experience in compliance and governance, working with clients across multiple industries. She is also the author of four books, including How To Be A Wildly Effective Compliance Officer and The Compliance Entrepreneurs Handbook, which was written with Kirsten Liston and Joseph Murphy.
You’ll hear Tom and Kristy talk about:
- ESG is a bridge between compliance, governance, and board relationships.
- ESG can be a huge driver for change and reputation enhancement.
- CCOs are skilled at bringing together people and putting programs into a framework, and this lends itself well to running a successful ESG program.
- The renewed focus on G (Governance) is a positive development, as better governance leads to more ethical behavior and compliance. Compliance has a relationship with the board, the Audit and Risk Committee, and it makes sense for compliance to expand its remit of reporting and talk about different stakeholders in different ways for better board management.
- The push for gender diversity on boards is a step towards greater perspective and understanding of different stakeholders.
- Supply chain management is an important aspect of the compliance function.
- The June 2020 Update to the Evaluation of Corporate Compliance Programs from the Department of Justice emphasizes the importance of institutional justice and fairness within corporations, which ties into ESG principles.
- The compliance function and CCO must have access to all corporate data, not just compliance data, in order to effectively lead ESG efforts.
- The S in ESG, which stands for social, encompasses issues such as diversity, equity and inclusion, and responsible sourcing in the supply chain.
- The evolution of supply chain compliance and its integration into ESG efforts has been growing in recent years.
- Compliance professionals already have a wide range of skills and experience that can be applied to leading E efforts within ESG. They have an important role to play, even if they are not experts in the field.
- Remodeling a home can also be a valuable learning experience: her personal experience of learning new construction skills aligns with the idea that compliance professionals can learn and lead the E component of ESG.
KEY QUOTE:
“I think that the more that we see diversity on boards, the better companies will do, but also the opportunities become more expansive and that’s something that I’m passionate about and feel that’s incredibly important. I also think compliance should have much more of a seat on boards.” – Kristy Grant Hart
Resources:
In this episode, host Michael Volkov takes a closer look at the Honeywell FCPA case. The Justice Department and the FCC had a strong year in FCPA enforcement; they closed out the year with two important cases, ABB and Honeywell. Last week’s episode covered the ABB case, and this episode will focus on the Honeywell UOP case, which resulted in a $160,000,000 settlement.
- Honeywell was involved in a bribery scheme in Brazil and Algeria to secure contracts with state-owned oil companies.
- Honeywell conspired to offer a $4 million bribe to a high-ranking executive of Petrobras in Brazil in an attempt to secure a valuable $425 million contract to design and build a refinery.
- Honeywell’s use of third-party agents, such as sales agents, to facilitate bribery payments was done without proper controls and oversight, leading to a lack of proper invoicing, description of services, and confirmation of payment arrangements which facilitated illegal payments.
- Honeywell’s senior management was complicit in the scheme and there was a lack of commitment to corporate ethics and compliance culture within the company.
- The case serves as a reminder of the risks to companies of engaging in bribery and the importance of having a strong compliance culture and third-party risk management program.
KEY QUOTE:
“Honeywell’s actions occurred in an environment where no one raised a question about the bribery scheme. The … narrow focus on winning the project through whatever means possible was clear.” – Michael Volkov
RESOURCES
Honeywell UOP to Pay Over $160 Million to Resolve Foreign Bribery Investigations in U.S. and Brazil
SEC Charges Honeywell with Bribery Schemes in Algeria and Brazil
Email Michael: mvolkov@volkovlaw.com
Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Morrison and Foerster partner James Koukios to discuss the recent Kenneth Polite speech announcing changes to the Department of Justice Corporate Enforcement Policy.
In this episode, we consider the following:
- What is the CEP;
- This is a follow on from the Monaco Memo;
- Why this change is significant for recidivists;
- How this change redefines an effective compliance program;
- The new CEP offers real, tangible, and significant benefits for compliance programs; and
- What it all means going forward.
Resources
Kenneth Polite Speech
Updated CEP
There is a reason that lawyer truisms are just that: because they are based in fact. One of those truisms is that bad facts make bad laws. I saw that in the first year I started practicing law in case in Texas which forever changed the definition of gross negligence: Burke Royalty. In that case, a company allowed a rough neck to burn to death while hanging on a chain off an oil rig. The company, Burke Royalty claimed they had subcontracted their safety function to another company. The Texas Supreme Court decreed that safety was a non-delegable duty and failure to provide a safe workplace could form the basis of claim for gross negligence.
We now see this same truism playing out in the Chancery Court of Delaware in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst and the creation of an absolute toxic atmosphere of sexual harassment at the very highest levels of the organization. It included the now disgraced former Chief Executive Officer (CEO) Steven Easterbrook but he was dismissed from this litigation.
I will not go into the sordid facts of this matter as they are well-known from other litigation. Suffice it to say that Fairhurst and Easterbrook engaged in multiple instances of sexual harassment and inappropriate behavior with other McDonald’s employees and such conduct was not only well-known within the organization but also known by the McDonald’s Board. But this case dealt not Easterbrook or the Board but with Fairhurst. As you might guess from his corporate title, Fairhurst had a human resources role which he apparently took as license to get drunk at company events and grope, fondle and generally harass as many women as possible. It appears that the rest of McDonald’s senior management and Board stood by while he engaged in all of this.
Fairhurst’s attitude towards sexual harassment seemed to have permeated the entire corporate culture at McDonald’s. One employee class action lawsuit by employees claimed that 75% of all female employees had been sexually harassed while working at the company. Another allegation said that “over 70% of those who reported sexual harassment they witnessed or experienced faced some form of retaliation, with 42% reporting loss of income as a result.” A class action lawsuit by employees of McDonald’s franchisees claimed that “almost two-thirds of restaurant employees worked at locations that did not provide any sexual harassment training.”
As I started out this post, bad facts make bad law.
What the Court of Chancery found was there has long been a duty of oversight in Delaware law, not only for Board’s since at least the 1960s but for officers as well. On the Board side of the equation, there is of course the Caremark decision from 1996 but which established an affirmative duty of Board oversight, with its progeny up to this day. However in 1963, the Delaware Supreme Court established a Board duty when red flags are brought to its attention in the case of Graham v. Allis-Chalmers Manufacturing Co., which held that directors have an obligation to respond if information reached them, but created no affirmative duty to set up an information system to learn about issues within the company. A limited duty of oversight arose only if the directors had already learned enough to suspect that there were issues that needed overseeing. Caremark created that affirmative duty.
Taking a deep dive into the legalese, in this case the court noted, “Using more functional terminology, that species of claim can be called an “Information-Systems Claim” or an “Information- Systems Theory.” A plaintiff typically pleads a prong-two Caremark claim by alleging that the board’s information systems generated red flags indicating wrongdoing and that the directors failed to respond. From a functional perspective, the second type of claim can be called a “Red-Flags Claim” or a “Red-Flags Theory.”
But Board’s do not govern in a vacuum. They depend on senior management. Here the court said, “Indeed, from that perspective, the Caremark oversight role “is more suited to corporate officers who are responsible for managing the day-to-day affairs of the corporate enterprise.” This “first reason for recognizing oversight duties for directors—the seriousness with which the law takes the role—thus applies equally to officers.”
Indeed, “relevant and timely information is an essential predicate for satisfaction of the board’s supervisory and monitoring role under Section 141.” Finally, “board’s need for information leads ineluctably to an imperative for officers to generate and provide that information: Whereas a corporate board meets periodically—roughly six to ten times a year—senior officer engagement with the corporation is continuous. From a practical perspective, a board’s ability to effectively monitor is contingent upon adequate information flow, usually from senior officers functioning in a non-directorial capacity.”
Join me tomorrow where I take a dive into the Court’s legal reasoning.
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Stories we are following in today’s edition of Daily Compliance News:
- Is corruption robbing Ohio blind? (Ohio Capital-Journal)
- Shareholders can sue execs for ‘failure of oversight.’ (Reuters)
- Is SBF contacting witnesses edition? (WSJ)
- The court hearing on a monitor for Boeing. (Law360)
