Categories
Blog

Fraud Trends for 2022

I recently had the chance to visit with Olivia Allison, Senior Managing Director at K2 Integrity. We looked at some key fraud trends in 2021 and how they might influence fraud investigation, prevention and enforcement going forward into 2022. We began with a discussion of general fraud trends from 2021, particularly around Covid-19 issues, such as personal protective equipment (PPE), and monies distributed by governments to bolster national economies, such as Paycheck Protection Program (PPP) in the United States. Allison added that supply chain issues were also a contributing factor to these issues. She found that during investigations related to COVID procurement and healthcare procurement specifically in relation to the pandemic there were supply chains issues regarding fraud.
She believes going forward there will continue to be fraud investigations as more allegations are put forward about fraud in both COVID procurement and public procurement. Of course, the government is interested in these categories because fraudsters are trying to defraud the government out of funds. Interestingly, she found issues around fraud and data security, particularly in the heyday of working from home (WFH). This may well change in 2022 when we have a Return to the Office (RTO) but with the surge of the Omicron variant many companies are shelving RTO plans until the spring 2022.
WFH led to wider fraud inside of companies because employees were “bypassing controls, sometimes maliciously, sometimes it’s not fraudulent, but they just think that the controls are inconvenient.” This was coupled with the troubling phenomenon that Allison has seen reported recently that millennials “just think that some controls are inconvenient and they just try to work around them.” This obviously puts organizations at risk and from a culture perspective can be very damaging.
Allison noted that another risk factor for fraud she is following in 2022 are two related phenomena. They are the mobility of the work force coupled with the Great Resignation. These have led to people moving around a lot more in the labor market. With folks changing jobs and working remotely;  it is very difficult to have the same level of connection with your employer. Companies must work much  harder to build some kind of consistent culture. One of the prongs of the Fraud Triangle is Rationalization, that “the company owes me a bit more or something like that and if you do not have that level of loyalty, there is a kind of widespread risk that people may be justifying certain actions to themselves.” Allison believes that there are “a lot of things brewing that are difficult for companies, whether it’s supply chain or data, or employee loyalty, that may cause problems in the future.”
We then turned to what Allison characterized as “multi-vector crisis” which is when multiple crises coming from many different directions. As a compliance officer or fraud examiner, you are not simply responding to one threat or even one threat vector but several at the same time. Allison believes are some steps an organization can take to manage such risks. The first is “you need to make sure that your protocols, data security, policies and procedures are clear and manageable. Then train when onboarding your staff so employee understand your procedures and monitor that they are actually following them.” Finally, ensure “what is written on paper is also what happens in practice.” I would also add Document Document Document.
Additionally, companies are building dashboards of different fraud indicators. But that is only a starting point as they then must use the data to prevent fraud. She added, “I think that is a trend and also something that companies need to be looking at as they are using data. It is more than just gathering data, its actually using the data to drive decisions.” Finally, if you have not done so since the pandemic shut down the country in March 2020, you should “refresh your training.” From the training perspective, Allison believes that more frequent, yet shorter messaging is better. You can certainly have a longer annual targeted training but here she agrees with Tina Rampino that an “espresso shot” of training can be more effective.
From the controls perspective, you need to determine if different types of frauds are happening within your organization or if the situation is simply that controls are being bypassed. If there is a control bypass or override, this needs to be closed off or the bypass needs to be approved by senior management with an appropriate business justification. Of course, controls issues need to be considered when thinking about different working practices and where your employees work; whether that is WFH, RTO, work outside the physical office or a hybrid situation.
We concluded by looking at whistleblowers and the recently implemented EU Whistleblower Directive, which came into force in December 2021. In at least the last four or five ACFE Reports to the Nations, one of the consistent themes is that fraud is almost always detected internally and either reported internally or picked up through internal audit or internal controls or some other mechanism. With the EU Whistleblower Directive and the governmental monies being poured into the economies to rebuild infrastructure and other projects, Allison expects to see an increase in whistleblowers reporting fraud. This includes internal reporting and reporting to the government where a potential bounty is in play. But Allison also cautioned that the “media is a sort of third line of whistleblowing” which we saw in 2021 with the Facebook whistleblower, Francis Haugen.
All of these factors lead Allison to believe that the risk of fraud and fraud reporting will increase in 2022. Companies need to train their front-line employees to prevent fraud before it happens. Controls need to be assessed in light of the evolving work locations. Of course, the government is very interested in both fraud prevention but also fraud detection and prosecution so 2022 could well be a more significant year than 2021.

Categories
The Compliance Life

Valerie Charles – Academic Journey and Early Professional Career


The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Valerie Charles, partner at StoneTurn. We discuss Valerie’s journey to the CCO chair, then to a ComTech start up, to her current role at StoneTurn and look down the road at where ComTech and compliance will be in 2025 and beyond.
Valerie was a dancer from a young age and this passion helped inform her early academic career. Her civil rights work out of college lead to her to law school and that led to work in Big Law in white collar defense. From there she moved in-house, heading up a corporate compliance function. In this role she saw the need for an integrated tech solution for the corporate compliance function.
Resources
Valerie Charles LinkedIn Profile
Valerie Charles at StoneTurn

Categories
Innovation in Compliance

Why People Don’t Whistleblow with Ian Foxley


Tom Fox welcomes Ian Foxley to this week’s episode of the Innovation in Compliance Podcast. Ian is well-known for his work as a whistleblower in the Airbus GPT corruption scandal in Saudi Arabia, and is now the founder and CEO of Parrhesia Inc. In this episode, Tom and Ian talk about why individuals have a hard time speaking up, what needs to change within organizations, and what needs to be done to protect whistleblowers.  

Parrhesia 
Parrhesia is the principle of affording protection by the powerful to the vulnerable in exchange for vital information. It is this principle that Ian founded his company on. It is also a principle that Ian finds to be absent from the modern business world. “If you don’t allow people to question what rulers are doing you end up with autocracy,” he tells Tom. People need to be allowed to ask questions, and if the situation demands it, whistleblow, so that individuals in charge can take stock of their behaviour and change accordingly. Parrhesia is a social contract between an organization and an individual. 
Why The Whistle Isn’t Blown
Whistleblowing is about two things: declaring the information, and guarding the corporate/individual reputation. The number one root cause as to why individuals don’t come forward when they have knowledge of corruption is fear. They are scared of losing their jobs, their homes, their health and in some cases their families. Ian lists four other reasons why whistleblowing doesn’t occur:

  • Individuals fear that speaking up is not going to be effective.
  • Guilt because of complicity, and fear of possible legal action against themselves.
  • They’re not brave enough to, but assuage their guilt by hindering or delaying processes within the organizations.
  • They believe their actions are for the greater good.

Change The Culture
Tom asks Ian what companies can do to alleviate the fear whistleblowers feel so that they can be comfortable with speaking out. “Unless you can change the culture across a number of companies and organizations, the fear will always be present,” Ian stresses. There needs to be more positive examples of whistleblowers retaining their careers, their sense of identity, and their sense of worth to society after disclosing wrongdoing, or the culture will never change. The fear will always exist. The education has to change and the organizational mindset has to change. 
To The Future
“In order to change the world, you have to lose your ego,” Ian says in response to Tom’s question on the future of whistleblowing. In the next phase of corporate existence, whistleblowers have to spread their message. They have to bring people with them and show them that they can fight, and more importantly, win.
Resources
Ian Foxley | LinkedIn | Twitter
Parrhesia Inc

Categories
Daily Compliance News

January 4, 2022 the Why Upgrade Edition


In today’s edition of Daily Compliance News:
·       Airbnb settles Cuba trade sanction case. (WSJ)
·       Danske Bank builds out its compliance function. (WSJ)
·       How much does outdated data protection cost a business? (Reuters)
·       Why perform DD pre-acquisition. (Reuters)

Categories
The ESG Report

ESG – From the Board to the Front Line with Dan Zitting


Dan Zitting, CEO of Galvanize (now Diligent), is back on this week’s episode of the ESG Report. He and Tom Fox check in about the progress of his company’s M&A with Diligent, reporting on ESG to the board, and ESG trends for 2022.

Becoming Diligent
Dan tells Tom how Galvanize’s M&A with Diligent is progressing. “We’ve had a big year,” he says. Galvanize being part of Diligent means that they can now bring a truly integrated GRC solution from the board to the front line. “We are working really hard on technology capability that brings what GRC professionals do directly into the boardroom,” Dan remarks. “…We’re creating the ability to say, ‘Hey, alongside that board book sits information dashboards and information and analytics about how other areas of governance and risk and compliance in the front line are working’.” Real-time reporting on ESG will help the board engage in governance more proactively, he comments. 
Tom asks how the acquisition strengthens Galvanize. We have the opportunity to elevate our work all the way to the boardroom, Dan responds. Also, Diligent’s global scale means that Galvanize now has access to more resources and a bigger client market. 
The Proactive Approach
What are some of the key changes you’ve seen in the GRC space, Tom asks Dan. 2021 has accelerated progress toward an integrated risk management approach, he replies. Global pressure to take ESG seriously has also spurred this on. Both Tom and Dan agree that companies need to be nimble enough to pivot in anticipation of rapid change. “Traditional approaches just don’t work,” Dan points out. “If the way we’re going to evaluate these events is by auditing past history or looking at how we complied with controls in the past, it’s just not good enough anymore.” The better, more proactive approach to risk management involves using leading indicators rather than historical auditing activity. He describes how an automated GRC platform can help companies achieve this goal. We encourage our clients to think about creating structures and systems rather than just focusing on the software as the solution, he tells Tom.
Reporting to the Board and ESG Trends
“Particularly on ESG topics, the board is looking for the answers to simple questions,” Dan advises. Keep your report to just 5 points and their relevant benchmarks. Currently, two hot topics boards want to know about are carbon emissions and gender diversity. Dan believes the conversation will expand to other issues in the coming years, and that we’ll see ESG becoming more important throughout the organization. “I think a lot of organizations are going to be setting up a sustainability function that will ultimately have responsibility for doing that kind of accounting. We should be concentrating on that and then in turn connecting it to standards and compliance programs which is exactly what we know how to do as GRC professionals,” he remarks.
Dan shares his view on ESG trends for 2022 and beyond. The rapidly increasing pay rate for GRC professionals is a sign of how important and necessary this role has become. Boards and audit committees are also asking more questions and looking for guidance on ESG. That’s a good indication of what’s to come, Dan says.
Resources
Dan Zitting on LinkedIn | Twitter
Diligent Institute

Categories
FCPA Compliance Report

Karen Woody on JPMorgan and Nikola SEC Enforcement Actions


In this episode of the FCPA Compliance Report, I am joined by Professor Karen Woody. We discuss the recent SEC enforcement actions involving JPMorgan and Nikola which were announced in December 2021. Highlights of this podcast include:

  1. Background on both cases.
  2. Why was the SEC so excised with JPMorgan?
  3. What are the broader lessons for the Compliance Professional?
  4. Compliance Consultant or Monitor or both?
  5. Nikola and the trouble with SPACs?
  6. What is the intersection of puffing, faking it til you make it and illegal conduct?
  7. SPACs and Due Diligence.
  8. Could Nikola change the SEC approach to SPACs?
  9. From visionary to founder to CEO of a public company?
  10. The shadow of Elizabeth Holmes?

Resources-Tom on the FCPA Compliance and Ethics Blog
JPMorgan
Nikola

Categories
31 Days to More Effective Compliance Programs

Day 1-What 2021 Brought to Compliance


Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days series in January 2021, I will post a key part a best practices compliance program each day. By the end of January, you will have enough information to create, design or enhancement a compliance program. Each podcast will be short, at 6-8 minutes with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will plan to join each day in January for this exploration of best practices in compliance.
2021 was a very significant year for every compliance practitioner and compliance program. While there was a paucity of corporate FCPA enforcement actions, the three enforcement actions were significant with multiple lessons for the compliance professional. In Deutsche Bank, we learned about the costs of a corrupt culture and recidivism, in Amec Foster Wheeler, we saw happens to a company which pays bribes and then tries back out; the criminals they are dealing with have them in an untenable position that they must continue to pay the bribes and how catastrophic failure in pre- and post-acquisition due diligence can lead to massive FCPA violations. Finally, in WPP, we saw how accepted business incentives can become perverse, what happens when you ignore whistleblowers. However, there were two major policy announcements from the Biden Administration which every compliance professional needs to not simply be aware of but study and implement solutions based upon these announcements.
In late October, Deputy Attorney General Lisa O. Monaco gave a Keynote Address at ABA’s 36th National Institute on White Collar Crime (Monaco Speech). The key changes announced in the Monaco Speech were as follows: (1) “today I am directing the department to restore prior guidance making clear that to be eligible for any cooperation credit, companies must provide the department with all non-privileged information about individuals involved in or responsible for the misconduct at issue. To be clear, a company must identify all individuals involved in the misconduct, regardless of their position, status or seniority.” This portends a return to the strictures of the Yates Memo. (2) “The second change I am announcing today deals with the issue of a company’s prior misconduct and how that affects our decisions about the appropriate corporate resolution. (3) The final change I am announcing today deals with the use of corporate monitors.” This final change is a rejection of the strictures laid out in the Benczkowski Memo regarding the DOJ use of corporate monitorships.
In November, the Biden Administration released the United States Strategy on Countering Corruption (the “Strategy”); subtitled “Pursuant To The National Security Study Memorandum On Establishing The Fight Against Corruption as a Core United States National Security Interest”; in response to President Biden’s prior declaration of corruption as a national security issue of the United States. While obviously focused on the US government’s role in leading the fight against corruption, the entire document portends a major sea change in the approach of fighting bribery and corruption, literally on a worldwide basis. For this reason alone, it should be studied by all compliance professionals. Obviously, this more holistic approach is most welcomed. Corruption does more than simply steal money from the world economy.
Three key takeaways:

  1. The Biden Administration released its Strategy on Countering Corruption.
  2. Deputy Attorney General Lisa Monaco gave a speech refocusing the DOJ’s efforts on FCPA and other white-collar crime.
  3. Even with a paucity of FCPA enforcement actions, there were multiple lessons for the compliance professional.
Categories
Classroom Insiders

Narrowing the Scope of Disclose or Abstain Rule Violations


Staats Smith was a judicial intern with the Delaware Chancery Court this past summer, and plans to work with one of the large Delaware firms during the next. He is a 2L student at Washington and Lee. In this episode of Classroom Insiders, Staats talks about the pivotal case of Dirks v. SEC.

Chiarella was an employee for a financial printing publication, which was used by the company to disclose their material nonpublic information. To avoid premature disclosure, the company developed a code to prevent its employees from trading on the information before it went public. However, Chiarella was able to crack the code, and made hefty profits on his trades as he was always leading it before the news broke. He was convicted for violating the disclose-or-abstain rule by the District Court, which was affirmed by the Second Circuit. Justice Powell decided to reverse the conviction; it was in his view that Chiarella owed no duty to the sellers or shareholders, as he was not an insider or a fiduciary.
Any fiduciary relationship Chiarella had with his employer was not considered due to the application of a judicial waiver, Staats claims; an argument not briefed or argued is deemed waived. The theory of misappropriation was not brought up at all in the District Court, so it could not even be considered on review.
Resources
Karen Woody on LinkedIn 

Categories
This Week in FCPA

Episode 283 – the Tribute to Madden and Harry edition


With Jay on a holiday assignment, Tom is joined by Mike Volkov to look at some of the week’s top compliance and ethics stories this week in the Tribute to Madden and Harry edition.
Stories
1.     We lost two greats this week, one in sports and gaming and one from politics. John Madden and Harry Reid. Tom and Mike reflect.
2.     No poaching in the Defense IndustryJay DeVecchio and Lisa Phelan in a MoFo Client Alert.
3.     What is a ‘Bump Up’ provision in an E&O policy. Barry Buchman and Michael Scanlon in D&O Diary.
4.     Reflections on 2021 in Compliance. Lisa Schor Babin in CCI.
5.     Should lawyers file SARs? Jason Morris in Compliance Week (sub req’d).
6.     Fraud in the taxi business? (This is my shocked face.) Matt Kelly in Radical Compliance.
7.     Making ESG 2nd nature in asset allocation. Sara Rosner and Jess Gaspar in Harvard Law School Forum on Corporate Governance.
8.     An app for ESG investment. Lawrence Heim in PracticalESG.
9.     Thoughts for the Board from 2021. Marty Lipton in Harvard Law School Forum on Corporate Governance.
10.  Tom and Mike look back at 2021 in compliance. Tom in FCPA Compliance and Ethics Blog.
 Podcasts 
11.  Want some fun? Join Tom and One Stone Creative co-founder Megan Dougherty for an exploration of the full MCU. In their most recent posting, check out Episode 3, Iron Man.
12.  In December on The Compliance Life, I visit with Matt Silverman, Director of Trade Compliance at VIAVI. Matt is the first Trade Compliance Director I have hosted on TCL. In Part 1, Matt details his academic career and early professional life. In Part 2, Matt moves into trade compliance. In Part 3, Matt moves into the Director’s chair. In Episode 4, Matt looks down the road for trade compliance.
13.  The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Classroom Insider. In this most unique pod, Karen interviews some of her student to tell the history of insider trading. Check out Episode 1 where they discuss the history of insider trading. In  Episode 2, the disclosure or abstain rule. On Episode 3, they will take up narrowing the scope of the disclose or abstain rule.
14.  On EMBARGOED!, Brian and Tim run through a Lightning Round-style discussion of the top economic sanctions and export controls stories of 2021.
15.  Looking to enhance your compliance program? Check out 31 Days to a More Effective Compliance Program returns, which runs for the month of January, from January 1 to January 31. Available on the Compliance Podcast NetworkMegaphoneiTunes, and all other top podcast platforms.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Mike Volkov is the founder of the Volkov Law Group and can be reached at mvolkov@volkovlaw.com.

Categories
Daily Compliance News

December 31, 2021 the Fog Ahead Edition


In today’s edition of Daily Compliance News:

  • Legislation to take on Amazon productivity algorithms. (Bloomberg)
  • Delaware court rulings that will shape M&A in 2022. (Reuters)
  • Deutsche Bank fined by German regulators for poor internal controls. (WSJ)
  • Foggy regulations challenge crypto. (WSJ)