Categories
Daily Compliance News

August 10, 2022 the Boston Scientific Announces FCPA Investigation edition

In today’s edition of Daily Compliance News:

  • China company accused of shipping to Iran. (WSJ)
  • Boston Scientific announces FCPA probe in Vietnam. (Medical Design and Outsourcing)
  • Guatemala is now going after the press that reports on corruption. (NYT)
  • BitMEX employee guilty plea in AML violations. (Reuters)
Categories
Blog

Principals of Effective Organizations: Part 2 – Olivia Newton-John and Operationalizing Compliance

We also lost someone Monday who was a cultural phenomenon for many decades, Olivia Newton-John, the beautiful Australian singer who burst on the US scene in 1974. She is probably best known as the heartthrob Sandy in the movie version of Grease where she put the singer’s chaste image behind her. According to her New York Times (NYT) obituary, “her character, Sandy, transformed from a pigtailed square smitten with John Travolta’s bad-boy Danny to a gum-smacking bad girl. “Grease” became one of the highest grossing movie musicals ever, besting even “The Sound of Music.” Its soundtrack was the second best-selling album of the year, beaten only by the soundtrack for “Saturday Night Fever,” which also starred Mr. Travolta.” If you can watch Grease without singing along, you are probably dead.

For my personal tribute I will quote a Facebook post from my friend Bill Dyer who I have known since 1976 when he was my RA at the University of Texas. Dyer penned the following, “In the summer of 1974, before my senior year at Lamesa High School, I was a full-time DJ at KPET-AM. Olivia Newton-John’s “If You Love Me, Let Me Know” album had come out in May, and we had a promotional copy at the station…The single I was *supposed* to play from this album was the country & western(ish) title song, “If You Love Me, Let Me Know” — consistent with our station’s C&W format. But the track that I personally preferred from the album was this song, I Honestly Love You. The programming director gave me grief about it, and I did indeed also play “If You Love Me, Let Me Know.” But this was THE heart-throb song of the summer. And yeah: It still gets me. Requiescat in pace, Olivia Newton-John. You were jaw-droppingly talented and lovely, and your music will continue to summon forth some of my most vivid memories of my young adulthood.”

We are currently exploring 10 Principles of Effective Organizations, by Michael O’Malley. The author identified 10 research-backed principles from the field of organization development to guide companies and I have adapted them for the compliance professional. Yesterday in Part 1, we took up his first five, focusing on the Chief Compliance Officer (CCO), and today we conclude with his final five, focusing on operationalizing your compliance program.

Diversify your workforce — and create an inclusive environment

 Every CCO should be modeling diversity, but the author makes clear the benefits of diversity, noting “Complex tasks require a diverse mix of viewpoints and abilities to satisfactorily complete.”  For compliance this need will only grow with the need for a diversity of subject matter expertise (SME) in a corporate compliance function, including compliance, legal, behavioral psychology and behavioral organization, data scientist and a host of others.

Compliance functions in 2025 and beyond will “require large numbers of different agents to enhance system reliability and resilience.” In addition to the diverse workforce and discipline need for any compliance program, you should consider diversity of citizenship so that not all your compliance talent is from the domicile from your home country. You should also consider bringing other corporate disciplines into your compliance function on a rotating basis such as sales leaders, senior executives and Human Resource (HR) functionaries as well.

Promote personal growth

Almost stating table stakes in the 2022 corporate world, the author states, “An effective talent management program is one in which a company has a large pool of able, external job candidates, sufficient competent coverage of existing positions, succession plans throughout the organization, and a panoply of support programs: career counseling and development, career planning workshops and vocational assessments, mentoring and coaching programs, and in-house training and educational assistance to augment employees’ career objectives.”

Now take this base line and overlay what the Department of Justice (DOJ) has told us over the years. In theFCPA Corporate Enforcement Policy it states, “The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;”. This means not simply hiring competent compliance department personnel but also that they continue to grow within the compliance profession by going to conferences and growing professionally in other ways (such as reading blogs and listening to podcasts).

 Empower people

 While many CEO-types believe “the practice of empowerment in organizations is often like a parent handing the keys of a high-performance vehicle to their teenager and hoping, day after day, that the car will return intact.” CCOs and other compliance professionals recognize that empowering not simply your compliance team but indeed your employee base to ‘do compliance’ is a key manner to operationalize your compliance program to make it effective.

Always remember that as a CCO or compliance professional, your customers are your employees, and this can extend to other stakeholders such as key third-party partners. Empower these groups to do compliance and they can become not simply your good friends but also will allow you to move from a detect mode to a prevent mode. This also ties into having a true speak up culture in an organization.

Reward high performers

Here the author focuses on based pay for performance plans for employees. He believes that rewarding high performers can “increase job satisfaction and motivate action and, when appropriately structured, are instrumental in producing environments in which the best help the rest. Indeed, it is common in teams that the top members will lift the performances of good, but less capable, members.”

Yet when you consider rewarding your employee base for doing business ethically and in compliance you should consider the same benefits as a part of your compliance program. The DOJ has long recognized this as far back as the original edition of the FCPA Resource Guide which continues to state in the 2nd edition, “DOJ and SEC recognize that positive incentives can also drive compliant behavior. The incentives can take many forms such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance program, and rewards for ethics and compliance leadership.” So, reward your high performers for doing business ethically within your company’s values in addition to your compliance function personnel who do great work.

Foster a Leadership Culture

Even in 2022, ethics and compliance all starts at the top. The author correctly notes, “Everyone who has worked in an organization knows the affective power of leadership and its effects on culture, both good and bad.” Appropriate tone at the top and a compliance program and function to back up “supportive, inclusive management practices that provide assurances of safety allow people to take reasonable risks, make mistakes, speak up and challenge the status quo, and ask for help and request resources to make improvements” will help your organization going forward.

Senior management who create safe environments encourage “employees to more openly and beneficially interact, learn and grow, display greater creativity, and think of themselves as potent and efficacious actors will reap those benefits. Despite the known value of leadership, organizations frequently show little genuine interest in the quality of leadership by foregoing meaningful assessments and by being far too accommodating of managerial miscreants who may be productive but are toxic to the organization’s culture.”

The author concludes, “Fulfilling these 10 principles is a tall order.” Nonetheless, any CCO who puts these into practice will have a compliance function that should be resilient and able to respond to market or regulatory changes when needed and does business ethically and in compliance through a fully operationalized compliance regime.

Tom’s Top 5 Olivia Newton-John Playlist (all from YouTube)

I Honestly Love You

You’re the One I Want

Summer Nights

Xanadu

Let Me Be There

Categories
The Compliance Life

Scott Garland – To the DOJ and the Computer Crime & Intellectual Property and National Security Unit

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What skills does a CCO need to navigate the compliance waters in any company successfully? What are some of the top challenges CCOs have faced, and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, I am joined by Scott Garland, Managing Director at AMI. Scott came to AMI from the DOJ, where he held the role of Professional Responsibility Officer. As he described, it was akin to a CCO role for the US Attorney’s Office for Massachusetts.

With a knack for understanding technology, relating it to legal issues, and translating it for lawyers, judges, and juries, Garland went to the DOJ, working at Main Justice in Computer Crime & Intellectual Property Section in DC. His work there included criminal investigations and trials, policy analysis, and drafting manuals. From that position, he moved to Boston to the US Attorney’s Office for the District of Massachusetts. He began in the Cybercrime Unit, then National Security Unit, eventually becoming NSU’s Deputy Chief, then Acting Chief of the Unit. Along the way, he picked up a variety of advisory responsibilities: identity theft coordinator, committee on dealing with cooperating witnesses, and grand jury supervisor.

Resources

Scott Garland’s Profile on AMI

Categories
The Corruption Files

Hiring in the Financial Space

Welcome to another episode of The Corruption Files!

Thomas Fox and Michael DeBernardis discuss questionable hiring practices from JP Morgan, Credit Suisse, and Bank of New York (BNY) Mellon in employing relatives of high-profile clients to gain favor. They also discuss how companies can find a middle ground in hiring families, why Hiring can be a high-risk area, preventative questions to avoid a violation, and the significance of internal control and documentation.

▶️ Hiring in the Financial Space with Thomas Fox and Michael DeBernardis

Key points discussed in the episode:

✔️ Thomas Fox gives a brief background on the BNY Mellon case.

✔️ Michael DeBernardis mentions how Hiring based on connections has existed for a long time and doesn’t directly violate any laws. It’s all up to a company’s intent. For BNY Mellon, it was to maintain close connections with major clients. He recommends compliance professionals look into their company’s hiring process.

✔️ Hiring unqualified people means you’re hiring them for other reasons. JP Morgan took in ineligible candidates for leverage with high-profile clients and free advertising in their respective home countries. Documentation stopped JP Morgan in its tracks.

✔️ JP Morgan structured hiring program managed to override compliance controls, revealing regulation flaws. Being discovered next to BNY Mellon’s case, it was not the last instance of son-and-daughter corruption.

✔️ Thomas Fox retells the Credit Suisse case. Retracing the company’s spreadsheets revealed their inner workings.

✔️ The risk of hiring relatives can be minimized when there is a middle ground. Thomas Fox shares questions to ask to prevent violations. He also adds strengthening internal control can put a company on the good side of regulators.

—————————————————————————-

Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance-Shout Outs and Rants from Episode 102

Welcome to our fan-favorite Shout Outs and Rants.

  1. Matt Kelly rants about the LIV exhibit golf tour and the insane amount of money being spent by Saudi Arabia to rehabilitate its reputation through sports.
  2. Jonathan Marks shouts out SEC Chairman Gary Gensler on the 20th anniversary of the enactment of SOX.
  3. Tom Fox shouts out to Vin Scully, the former play-by-play announcer for the Los Angeles Dodgers.
  4. Jay Rosen shouts out to Celtic great Bill Russell, who died this week.

The members of Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com.
  • Jonathan Armstrong is our UK colleague, an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com.
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com.

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox, the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Innovation in Compliance

Passionate About AML with Simon Winchester

 

Simon Winchester is the Vice President of Advanced Technologies at Jumio Corporation. His responsibilities entail building the go-to-market strategies for newly acquired technologies within Jumio and then driving the adoption on a global scale. One of the company’s most recent additions is its AML (anti-money laundering) solutions. Tom Fox welcomes him to this week’s show to talk about current world events and the company’s AML solution. 

 

 

Money Laundering in 2022

Tom asks Simon if money laundering schemes have become more ubiquitous since the Russian invasion of Ukraine. Simon replies that the recent events certainly had an impact. He says that money laundering is “criminals taking illicitly-gained funds and then turning them into legitimate cash or assets which are ideally free of suspicion.” At the core of this criminal process are three themes: placement, layering, and integration. Due to the digital environment we live in today, more people from all demographics are comfortable with digital banking, and criminals now find it easier to launder money, which makes it more difficult to detect. Fortunately, Jumio works hard to provide AML solutions and offer more effective compliance programs. 

 

Key AML Regulations

Tom asks Simon what are some of the key AML regulations that Jumio advises clients on. It mostly depends on where your organization is located in the world, as local enforcement bodies drive AML regulations, Simon responds. These regulations will take a cue from international standards set by the Financial Action Task Force, which functions as a “global AML watchdog”. In the UK, the EU AML directives shape policy and provide guidance. Recently, they brought a new directive into effect which “increased the frequency of regulatory updates to the KYC and AML legislation, and brought a strict obligation to industries that were not previously subjected to severe AML protocol,” Simon tells Tom. 

 

Playing Catch-Up With Money Launderers

Tom asks Simon what Jumio sees as the key components of a successful AML program. Ideally, a company providing AML solutions should have a well-defined plan, Simon says. However, that is not feasible given the current climate. The components of a successful AML program, Simon says, include three steps: 

  • A dedicated compliance officer who is tasked with creating, monitoring and reviewing the compliance program, and staff training. 
  • A written risk-based compliance program with comprehensive AML policies and procedures that are documented. This approach identifies and protects your business from financial crime and includes having the technology in place to support that framework. 
  • An appropriate customer due diligence process, which means vetting your clients to avoid financial crimes. 

 

The Role of a CCO in AML Solutions

Simon believes that “Chief Compliance Officers are the catalyst for the growth and innovation”. He acknowledges how CCOs often get the raw end of the deal and their role in the organization must be scrutinized and changed. With the right AML technologies, compliance team, and effective AML program, a CCO and their team can drive shareholder value through organizational growth. 

 

Resources

Simon Winchester | LinkedIn 

Jumio Corporate | Website | LinkedIn | Twitter 

 

Categories
Daily Compliance News

August 9, 2022 the Mar-a-Lago Searched edition

In today’s edition of Daily Compliance News:

  • Mar-a-Lago was searched by the FBI. (Everyone)
  • DOT penalizes crypto mixers for laundering NKorean money. (WaPo)
  • Belts and roads were always a fraud. (NYT)
  • Taiwan has tough insurance issues. (WSJ)
Categories
Blog

Principals of Effective Organizations: Part 1 – David McCullough and the CCO

Last week we lost Vin Scully, this week we lost David McCullough. McCullough was one of America’s greatest living historians. He worked in a variety of formats, including non-fiction books, television and movies. He was a great writer, winning numerous national awards for his books. According to his New York Times (NYT) obituary, “McCullough won Pulitzer Prizes for two presidential biographies, “Truman” (1992) and “John Adams” (2001). He received National Book Awards for “The Path Between the Seas: The Creation of the Panama Canal” (1977) and “Mornings on Horseback” (1981), about the young Theodore Roosevelt and his family.”

Many others knew him from his television work, most notably on Ken Burns The Civil War, and as the host of the American Experience. Not exactly John Facenda-like (i.e., the Voice of God) but as Gary North said, “not imperious, yet not exactly soothing, either — comes on, and we become more calm.” He also noted, “Incredibly, you don’t want him to shut up.” I heartily agree and could have listened to McCullough read the phone book (when there was such a thing).

As for my favorite books, probably No. 1 is The Path Between the Seas. Book about places are a notoriously tricky thing but it was great history, wrapped in a great biography all the while telling a great story. My co-favorite (1A) was his biography John Adams, first and foremost because of the love story between Adams and his wife Abagail, who was truly his partner in his entire life’s work. It also set a standard for telling the story of how Founding Fathers created a new nation in the midst of a bitter war.

I thought McCullough was a good introduction to start a two-part series on business approaches to create an effective compliance. I recently saw an article in the Harvard Business Review (HBR), entitled 10 Principles of Effective Organizations, by Michael O’Malley which also intrigued me about this topic. The effectiveness of a compliance program is an ongoing dialogue but what business strategies can you use to do so. Chief Compliance Officers (CCOs) are good at using the Hallmarks of an Effective Compliance Program, as delineated in the FCPA Resource Guide 2nd edition, as a guide but in this article, the author articulates a set of criteria and goals to meet to maintain the ability of companies to compete and grow. He identifies 10 research-backed principles from the field of organization development to guide companies and I have adapted them for the compliance professional. Today we take up his first five and we conclude tomorrow with his final five.

Encourage cooperation

The central objective of every compliance program is to achieve a cooperative ethical order in an organization to do business ethically and in compliance. From the organizational behavioral perspective, this means removing “divergent motives and antagonistic goals” in an organization.  While getting everyone to row in the same direction is one part, the second part is to keep some group of employees, a business unit or geo-region, from breaking off and taking a short cut in your risk management protocol.

This means you as CCO need to channel your inner Russ Berland and buy lots of pizza for the business unit folks or others in the organization to create “strong social bonds among employees” that will drive all employees to do business in such a desired manner. The author notes, “They are affective bridges back to the organization that positively build relationships and influence performance.” That is certainly a key for every CCO and compliance professional.

Organize for Change

Many “once-great companies have found their final resting places in an expansive graveyard of slow-movers and has-beens. These companies failed because they were unable to adapt to changing conditions and succumbed to capitalism’s unapologetic truth that only the fittest will survive.” Now think about that intonation in the context of 2 years of a pandemic and the Russian invasion of Ukraine and its impact on business on a worldwide basis. Just as business has been buffeted by these winds, so has the compliance profession and its need to respond.

In effective compliance programs, CCOs “upend paralysis by generating a consensus of meaning and action. They build the case for change, create a positive mindset for change, convince others of the value and legitimacy of the change efforts, and battle against systemic forces of institutional inertia that lock companies into their current, misguided trajectories.” This is only truer in 2022 for the reasons I noted above. What the author said about companies applies to compliance even more, “Confidence, conviction, and courage are helpful companions in this journey, as not all change is readily apparent and must be made before there is an evident need for it and the window of opportunity has closed.”

Anticipate the Future

This is something I have talked more and more about, as the “preservation of an organization­ depends on its leaders having the navigational judgment and skill to prepare their companies for what lies ahead.” Once again this is even more so for the compliance function. The author noted that the “short term is undertaken with greater certainty of outcomes. The short term can be very rewarding. The short term provides executives with the continuing authority to lead by demonstrating their effectiveness in producing results.” Yet as we begin to plan towards mid-century, CCOs “must be able to look past nearby obstructions to see clearly what lies beyond.”

Part of that is anticipating your organizations needs both on the sales side and in the Supply Chain. Part of that is having resiliency built into your compliance program so that if China invades Taiwan, you will be able to respond to the inevitable changing landscape. Another part is technology or ComTech. A CCO needs to have tech savvy “people who collectively challenge the assumptions on which their current actions are based in order to imagine other possibilities. As Thomas Kuhn maintained, if your conception of the world is that it is flat, you will see things one way; if your conception is that it is round, you will see things in quite other ways. But you cannot see the implications of roundness until you suspend belief in flatness.”

Remain Flexible

Compliance must be at once disciplined, resilient and flexible, “reacting to the unexpected during turbulent times and flexibly bending when rushes of demand are placed on” it, then bounce back into shape “once the need for transformation has passed.” This can largely be achieved through improved use of ComTech and by aligning that tech to meet new challenges. Here the author also speaks to the need of “a simple creative additive of divergent thinking.” What you may not need on your compliance team is another lawyer but a data scientist, behavioral psychologist or a training expert. Compliance is changing and as a CCO you need to be ready to embrace the change to deliver the top compliance services to your customer, your company employees.

Create Distinctive Spaces

Interestingly, coming out of a two-year (and still ongoing) pandemic, the author believes there is  a “link between the quality of a work environment and employees’ health, satisfaction, and performance.” This means if you are going to require your compliance team back in the office, the “basic dimensions of environmental indoor quality such thermal comfort, air quality, lighting, acoustic quality, and the ergonomic features of furnishings positively relate to enhanced performance.” Not only will it make your compliance team more effective, but it will also help in the competition for talent acquisition and retention.

Join us tomorrow where we conclude our review and note that Grease is the word.

Categories
The Ethics Experts

Episode 129 – Julie Kratz

In this episode of The Ethics Experts, Nick welcomes Julie Kratz. Julie is a highly-acclaimed TEDx speaker and inclusive leadership trainer who led teams and produced results in corporate America. Promoting diversity, inclusion, and allyship in the workplace, Julie helps organizations foster more inclusive environments. She is a frequent keynote speaker, podcast host, and executive coach.

Categories
Blog

Would You Buy a New Car From Them? Part 2 – Lessons for Compliance

Over this series, I am reviewing the corruption enforcement action Involving the company formerly known as Chrysler Group LLC, now FCA US LLC (Chrysler or the company herein) which was criminally sentenced to pay a fine of over $96 million and a forfeiture money judgment over $203 million. These amounts were above a previous civil penalty of $310 million. All of this was for designing a vehicle emissions system for the company’s Jeep Grand Cherokee and Ram 1500 that would evade federal emissions standards for diesel vehicles and then lying about it to federal authorities. It was a different type of corruption from a Foreign Corrupt Practices Act (FCPA) enforcement action but corruption, nonetheless. Today, I want to consider some of the lessons for the anti-corruption compliance professional.

The actions by the company are instructive for what not to do in any corruption investigation. The Plea Agreement specified that the company did not receive credit for self-disclosure as it did not self-disclose its criminal conduct or fraud. The company did receive some cooperation credit for cooperating during the scope of the investigation but did not receive any credit for failures in both taking timely remedial action and for failing to discipline senior executives who were involved in or had knowledge of the criminal action and fraud. (Recall that one executive involved directly in the fraud was with the company until 2020.)

All these actions were very costly to the company in terms of how it was evaluated under the US Sentencing Guidelines. Under Section 8(C)2.5(g)(2) a company can receive credit of up to five (5) points for cooperating in the investigation and affirmatively accepting responsibility for it’s conduct. The company only received a two (2) point discount. Since the Plea Agreement specified the company did cooperate in the investigation, it clearly did not accept responsibility for its conduct. The lack of those three points in discount cost the company somewhere in the estimated range of $20 to $30 million in additional fines and penalties.

The Plea Agreement also specified for the first time the Monaco Doctrine of evaluating past conduct as a part of the overall evaluation of the company. The Plea Agreement detailed that the company had a prior criminal conviction for bribery and corruption under the National Labor Relations Act (NLRA) for bribing union officials. However, it is not clear how that worked into the overall fine and penalty except to note that the company paid the maximum under the US Sentencing Guidelines, after credit for the civil penalty.

Additionally, while there is no requirement for a monitor in this resolution of the criminal action, there was a such a requirement in the Consent Decree from the civil action. It mandated an Independent Compliance Auditor for a period of three years from the resolution of the civil matter, which was May 2019.

Lessons Learned

There are multiple lessons for the anti-corruption compliance professional from this enforcement action. Obviously, the need to engage in robust remediation for the matter at issue and your compliance program is critical. Moreover, and once again the Department of Justice (DOJ) criticized a company for tardiness in disciplining those who were involved in the fraud or those who were aware of it. As I noted in Part 1, multiple former company employees were criminally indicted for their conduct in this sordid affair. Yet some of them were with the company until 2019 and 2020 and not all were terminated, some left the company in voluntary separations, which sounds suspiciously like retirements. Such actions could save your organization literally millions of dollars.

One of the clearest, which was not stated in any of the resolution documents, was that every Chief Compliance Officer (CCO) needs to read the newspapers and stay abreast of current events in their industry. It was September 2015 that the Volkswagen (VW) emissions-testing scandal became public. It was by far the largest scandal in emissions-testing and cost VW billions in investigative and remediation costs, fines, penalties, buy-backs, market share loss and reputational damages. To say that anyone at the company was not aware of it is to simply defy belief.

Beyond just the CCO, every Board member was no doubt aware of the VW emissions-testing scandal. Under the current state of the Caremark Doctrine, there may well be a duty to make an inquiry by the Board of auto manufacturers to senior management to investigate if they have been involved in similar conduct. Here we do not know how the scandal got to the attention of the DOJ, but it was clear from the Plea Agreement, it was not from self-disclosure. CCOs and Boards need to be much more proactive when competitors get into trouble about investigating similar products or services which could lead to criminal and civil fines and penalties.

This matter warrants consideration by every CCO in every US public and private company. Every CCO can also use the case as instruction and training for both senior management and their company Board of Directors.

Resources

DOJ Press Release

Information

Plea Agreement

Consent Decree from the civil action