Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.
Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.
Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.
Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.
The foundation of any effective whistleblower program is a clear, robust policy that is communicated effectively across the organization.
What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance.
In this episode, Tom visits with Sage Franch, CEO and co-founder of Rulebook, and Scott McCleskey, a member of Rulebook’s board of advisors, who discuss their innovative AI-driven solutions for regulatory compliance.
Franch describes his extensive background in AI, emphasizing its transformative impact on driving business growth and organizational resilience. McCleskey, with over 30 years in compliance, highlights the challenges of navigating complex regulatory environments and the siloed nature of compliance functions. The conversation explores Rulebook’s AI tools like Regufy and PolicyProtect, which enhance compliance professionals’ abilities by processing vast amounts of regulatory information quickly, thus aiding in proactive and informed decision-making. Moreover, the discussion challenges misconceptions about AI, suggesting that it should augment rather than replace human capabilities, offering support in managing compliance risk proactively and efficiently. The episode concludes with insights into the potential future evolution of compliance tools and the role of AI in wider regulatory contexts.
Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.
Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.
Angela Ang is TRM Labs’ senior policy advisor in Singapore. TRM Labs is a world-renowned blockchain intelligence company. She is also a former regulator, having spent over a decade at the Monetary Authority of Singapore (MAS), where she was most recently its deputy director in charge of licensing for payments and crypto service providers. Angela has also been recognized as a LinkedIn Top Voice for Finance in Asia for her thought leadership on digital asset developments in the region.
In this episode of Regulatory Ramblings, she talks to host Ajay Shamdasani about growing up in Singapore, spending time in the US, her education at INSEAD, and ultimately, the early days of her career in a business development capacity at the Monetary Authority of Singapore (MAS) where she promoted the Lion City as an international financial center.
Recalling her experiences as a regulator with fondness, she notes that as a MAS officer, she was privileged to see policymaking at the highest level up close—emphasizing that few jobs enable one to work with ministers and policymakers so early in their careers. Notwithstanding the high intellectual rigor of working for a body as mission-driven as the MAS, she stresses that regulators are people, too.
The discussion then moves on to what TRM Labs does in blockchain intelligence and analytics. Angela describes it: “Blockchain analytics is like Google Maps for blockchain. We help clients make sense of public blockchain data and use it to fight fraud and financial crime.” She points out that while the immutable ledger functionality of a blockchain is invaluable, it is often not easily understood by clients, likening it to “looking at a satellite image without context.” TRM, she says, helps make sense of blockchain ledgers by layering information about entities and their risk levels to give clients a better picture.
In that regard, she sees parallels between her time at the MAS and TRM Labs, which also has a compliance-centric business model and is mission-driven. “A lot of our staff have joined [TRM Labs] from the public sector,” Angela says, lauding the firm’s spirit of nimbleness and entrepreneurialism.
She also recounts her first exposure to cryptocurrencies and blockchain in 2015 when her boss asked her to undertake a research project on the subject as part of the MAS capital markets team. Her impressions then and now are that while there is much to be said for the “promise of blockchain,” they need to be weighed against the “technology and risks of investing in crypto”; Angela recalls former MAS head Ravi Menon’s speech, paraphrasing his central policy point of Singapore saying yes to digital asset innovation, but no to cryptocurrency speculation. She said such an approach was prudent for the Lion City to adopt as “crypto will be around for the foreseeable future.”
She then shared her views on the regulation in Asia, stating that the region is leading the pack regarding regulatory clarity. “There has been more movement in crypto regulation across the region, especially in financial hubs like Singapore and Hong Kong,” she says.
For example, Japan (2017) and Singapore (2020) were amongst the first countries to pioneer bespoke crypto regulation, fully realizing the failures of crypto for the investing public over the past decade, she says. “We need to regulate and think about it [crypto] differently.”
There has been massive movement, for example, Singapore’s rules on custody of crypto assets, expansion of licensing requirements, and Hong Kong’s regulation of over-the-counter crypto trading and its virtual asset service provider (VASP) licensing regime this year.
Yet, with Asian jurisdictions at different levels of development, Angela acknowledges that even with digital assets, every Asian regulator will have their philosophy on how to view crypto. She is broadly optimistic about the direction of things, citing the region’s general move towards greater regulatory clarity.
Citing a deep-dive regional survey by TRM’s policy team, the trend worldwide was overwhelmingly (80%) towards tightening regulation and more consumer protection measures.
“Regulation is about control and the requirements needed to prevent illicit activity. Sufficient enforcement is there to ensure consequences,” Angela said, noting that more levers for action against recalcitrant entities were needed.
She added that the authorities also had the responsibility to deeply understand the technology implementation and controls regulated entities must comply with to ensure they meet the requirements of the regulatory outcomes they have in mind. This also requires having enough skilled people to conduct rigorous supervision as needed.
The conversation then turned to the perceived talent shortage in crypto compliance. While explaining that digital finance was different from traditional finance, she said that older principles of compliance and risk management were still appliable, “but the devil is in the details,” adding: “You need good governance and disclosures; it is the same with traditional finance as with digital finance. There is overlap, but the technology of blockchain and crypto creates differences. For example, verifying ownership of a bank account differs from verifying ownership of a blockchain wallet.”
Technology’s changed landscape also gives rise to the related topics of SupTech and RegTech, which are key parts of what TRM does. As Angela explains, crypto compliance professionals use TRM’s tools for ongoing due diligence and transaction monitoring. Yet, regulators also use TRM’s offerings for RegTech purposes – to obtain real-time information about entities’ activities on the blockchain.
“As regulators build their knowledge of blockchain and crypto, we will see greater opportunities for SupTech applications offering real-time monitoring without adding to the [compliance] burden of regulated entities. The goal of SupTech should be to make tools user-friendly for non-experts such as non-cryptographers and non-asset tracers,” she said.
TRM Labs’ data shows that the total amount of crypto crimes emanating from Asia was US34.8 billion, but that is still just 0.63% of the global total. Angela notes that figure is comparable to traditional finance while acknowledging that crypto is borderless and that organizations and syndicates operate across borders across and from Asia.
She says VASPs have evolved to respond better to crypto crime, citing the loss of trust in recent years. “They are winning it [trust] back. As the industry matures, with more governance and compliance, they realize their role in fighting crime,” she said, emphasizing TRM’s role in working with the public and private sectors.
Angela stresses that VASPs have lower rates of crypto crimes with proper licensing and mandated risk controls than in less regulated jurisdictions. While noting that there are different degrees of risk controls, “few exchanges in the world now exist with no risk controls,” she says. Those are high-risk exchanges and conduits for bad actors moving outside regulated parameters. Most exchanges have degrees of risk control, and there has been a leveling up of crypto regulation worldwide.”
Looking ahead, she pointed to market misconduct as an evolving area in digital finance. The Madrid-based International Organization of Securities Commissions (IOSCO) FinTech Taskforce has singled it out as a priority item for crypto regulators, she says.
Regulatory Ramblings podcasts is brought to you by The University of Hong Kong – Reg/Tech Lab, HKU-SCF Fintech Academy, Asia Global Institute, and HKU-edX Professional Certificate in Fintech, with support from the HKU Faculty of Law.
We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere has bribery schemes that were torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Today, I want to conclude my multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.
Deere offers valuable insights for compliance professionals tasked with ensuring that corruption risks are identified, mitigated, and resolved during the post-acquisition phase of M&A. This post will explore the key lessons from the Deere FCPA enforcement action, focusing on post-acquisition integration and investigation. As organizations expand through acquisitions, especially in foreign markets, the compliance team is critical in safeguarding the company from inheriting liabilities that could have been avoided with effective post-acquisition measures.
Deere, a multinational corporation known for its agricultural machinery, faced FCPA enforcement following its acquisition of a foreign company, the Wirtgen Group, which operates in regions with high corruption risks, specifically in Thailand. The Wirtgen Group-Thailand had engaged in corrupt practices, including the bribery of foreign officials to win contracts. After the acquisition, these activities continued for a period, undetected by Deere’s compliance team, which had not yet fully integrated the acquired company into its compliance program.
This case is a cautionary tale for compliance professionals on the importance of swift and effective post-acquisition integration and investigation processes. The lesson here is clear: post-acquisition efforts cannot be an afterthought. They must be a central part of the compliance strategy from day one.
Establish a Post-Acquisition Integration Plan from the Start
One key takeaway from the Deere FCPA enforcement action is the need for a well-defined post-acquisition integration plan with a robust compliance component. All too often, post-acquisition focuses on operational integration, with compliance being pushed down the priority list. However, Deere’s case demonstrates that failing to integrate compliance programs immediately can result in ongoing illegal activities that expose the acquiring company to FCPA violations.
Compliance professionals must ensure that the integration plan includes the following.
Immediate roll-out of the parent company’s compliance policies and procedures to the acquired entity.
Compliance training for all acquired company employees, focusing on FCPA and anti-corruption standards.
Review and revise the acquired entity’s third-party relationships to ensure compliance with the company’s standards and the FCPA.
Enhanced monitoring of high-risk activities, particularly interactions with foreign officials or government contracts.
Had Deere implemented these steps immediately post-acquisition, it could have identified and halted the corrupt practices sooner, avoiding the costly consequences of prolonged illegal activities.
Prioritize Post-Acquisition Investigations
Post-acquisition investigations are crucial in identifying undisclosed or ongoing corrupt activities within the acquired entity. The Deere case highlights how important it is for compliance professionals to conduct thorough investigations after the acquisition to ensure that any risks missed during the pre-acquisition phase are uncovered.
Key components of a post-acquisition investigation include:**
Forensic reviews of financial transactions, particularly payments to third parties, to detect any suspicious or abnormal patterns that could indicate bribery or corruption.
Employee interviews at various levels of the acquired entity to gather information about day-to-day operations, compliance culture, and potential risks.
Contracts and business deals are reviewed to ensure no irregularities or unethical practices, particularly in jurisdictions with high corruption risks.
3rd-party audits of key suppliers, agents, and intermediaries who may have been involved in transactions with government entities or foreign officials.
In Deere’s case, a thorough post-acquisition investigation could have identified the ongoing corrupt practices early, allowing the company to take corrective action before it became the subject of an FCPA enforcement action.
Leverage Internal and External Resources for Compliance Integration
Deere’s failure to quickly integrate its compliance program into the acquired entity highlights the need for compliance professionals to leverage internal and external resources to accelerate the integration process. Post-acquisition compliance integration is often resource-intensive, especially when acquiring companies with operations in high-risk regions.
Key steps include the following.
Internal audit teams will be utilized to conduct a deep-dive assessment of the acquired entity’s financial and operational controls, focusing on FCPA compliance.
Engaging external forensic auditors and FCPA specialists to assist with investigations in high-risk jurisdictions where corruption is more likely to occur.
Establishing cross-functional teams that include representatives from compliance, legal, finance, and operations to ensure that compliance integration is holistic and touches every aspect of the acquired business.
Deere could have benefited from engaging external experts to help accelerate the compliance integration process and identify areas of concern within the newly acquired entity. By failing to do so, the company allowed corrupt practices to continue, resulting in significant FCPA penalties.
Monitor and Reassess Compliance Risks Regularly
Post-acquisition compliance efforts don’t end with the initial integration. Continuous monitoring and reassessment of compliance risks are essential to ensure that the acquired entity remains aligned with the parent company’s standards and the requirements of the FCPA. This is particularly important in industries and regions where corruption is more prevalent.
Continuous monitoring should include the following.
Regular audits of financial transactions and third-party payments.
Ongoing risk assessments that factor in changes in business operations, market conditions, and regulatory environments.
Compliance reporting mechanisms, such as whistleblower hotlines, allow employees of the acquired entity to report any concerns anonymously.
Periodic reviews of the acquired entity’s compliance culture are needed to ensure that employees adhere to the company’s anti-corruption policies.
In Deere’s case, ongoing monitoring could have helped identify and mitigate corruption risks earlier in the post-acquisition phase. The absence of regular monitoring and reassessments allowed corrupt practices to continue unchecked for an extended period.
Act Swiftly on Red Flags if They Appear
The most critical lesson from the Deere case is quickly identifying red flags. In this case, the acquired entity had numerous warning signs, including operations in high-risk regions, dealings with government officials, and lacking robust internal controls. However, these red flags should have been addressed promptly, allowing illegal activities to persist.
When red flags are identified, take some of the following steps.
Launch a formal investigation immediately to determine the scope of the issue.
Take corrective action, including terminating contracts with third parties involved in corrupt practices or dismissing employees who engage in illegal activities.
Notify regulatory authorities if there is a risk of FCPA violations and work proactively to resolve the issue before enforcement actions are taken.
Had Deere acted swiftly on the red flags within the acquired entity, the company might have been able to avoid the FCPA enforcement action and the associated penalties.
The Deere FCPA enforcement action provides a sobering reminder that compliance efforts cannot end with signing an acquisition deal. For compliance professionals, the real work begins in the post-acquisition phase. By prioritizing compliance integration, conducting thorough post-acquisition investigations, leveraging internal and external resources, continuously monitoring compliance risks, and swiftly acting on red flags, companies can avoid the pitfalls that Deere faced.
In today’s global business environment, withcompanies expanding through M&A in high-risk jurisdictions, compliance professionals must take a proactive and vigilant approach to post-acquisition compliance. The lessons from Deere remind us that the cost of failure is high, but with the right strategies in place, the risks can be managed effectively.
As a compliance professional, your role is to ensure post-acquisition compliance becomes integral to your company’s M&A strategy, protecting your organization from FCPA risks and safeguarding its reputation in the global marketplace.
