Categories
Daily Compliance News

Daily Compliance News: August 15, 2024 – The $475MM in Fines Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • More fines for failure to monitor employee text messaging.  (WSJ)
  • Boeing and the cost of culture failure. (NYT)
  • The former Trafigura COO is set for trial for failure to prevent corruption. (WSJ)
  • Big payday for shareholder lawyers in the Dell case. (FT)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

Assessing Communication Compliance: Ephemeral Messaging and Retention

I recently had the opportunity to visit with Alex Cotoia, Regulatory Manager, and Daniela Melendez, an Associate at The Volkov Law Group, on the importance of addressing electronic communications preservation and management in this new age of rapid technological change. They joined penned an article for the Volkov Law Group’s site, Corruption, Crime and Compliance entitled, “Google’s Failure to Preserve Electronic Communications — A Warning to Every Company of a New Reality Surrounding Electronic Data.”

Ephemeral messaging, a method of communication that automatically erases content after a short period of time, is becoming increasingly popular in both personal and business settings. Platforms like Snapchat and Instagram offer features that allow messages to disappear, providing a sense of privacy and security. However, the use of ephemeral messaging in business comes with its own set of challenges and legal implications. Additionally, as both Cotoia and Melendez noted “companies have to devote significant resources and attention to information technology and security, electronic communications and business-generated data, and to overall information security and governance.”

The pointed to a recent case involving Google, where the companies document retention policy for ephemeral messaging was 24 hours, yet a Court Order required such messages be preserved. The Court found Google failed to preserve its chat data, despite a preservation order that directed Google to preserve chat records by changing the default settings for the chat system.  The Court found that Google did not effectively emphasize the importance of those obligations to its employees.

The episode highlighted the concerns raised by the Department of Justice (DOJ) regarding the use of ephemeral messaging for illegal activities, leading to more enforcement actions. This poses challenges for investigations, particularly in the corporate sector. They related that at a “fundamental level, the case underscores the criticality of applying document preservation policies to all media used by an organization’s employees to conduct company business. This echoes guidance provided by the U.S Department of Justice in the context of recent updates to its guidelines concerning the “Evaluation of Corporate Compliance Programs.”  The most recent iteration of those guidelines calls on companies to thoroughly understand the various communication channels—including ephemeral messaging applications—utilized by a company’s employees to conduct business.”

The Google case is as an example of the legal liabilities and sanctions that can result from failing to preserve relevant evidence. In this case, Google was sanctioned by a district judge for failing to preserve employee chat evidence relevant to an antitrust litigation. The employees did not follow the company’s policies regarding document preservation, leading to legal consequences.

The implications of the Google case extend beyond commercial litigation and preservation of evidence. The DOJ’s focus on ephemeral messaging applications in their guidelines for evaluating corporate compliance programs sends a clear message to organizations that they need to adopt or refine their data preservation policies in relation to employee communication.

One of the key considerations for companies is to assess their risk profile and determine whether ephemeral messaging applications are appropriate for conducting business. High-risk industries, such as those prone to corruption, should prohibit the use of these applications due to the potential for concealing illegal activities. On the other hand, companies with lower risk profiles may be more lenient in allowing employees to use ephemeral messaging applications for legitimate business purposes.

The DOJ guidelines also emphasize the need for companies to proactively manage authorized communication channels, monitor and preserve all business-related electronic data, and develop specific policies for employee obligations regarding personal devices and document retention. This requires companies to account for all communication channels, maintain data consistently, and constantly monitor content for any evidence of illegal activity.

The Google case serves as a wake-up call for companies accustomed to more lax preservation policies. It highlights the importance of enforcing existing policies and providing comprehensive training to employees on document preservation. Failure to do so can result in legal consequences and sanctions.

Cotoia and Melendez also reported that they observed “an uptick” in inquiries from clients regarding ephemeral messaging policies and the need for guidance in this area. Companies are seeking advice on how to navigate the challenges and legal implications associated with ephemeral messaging in business.

The use of ephemeral messaging in business presents challenges and legal implications that organizations need to address. It is crucial for companies to refine their data preservation policies, consider the appropriateness of ephemeral messaging for their business, and proactively manage authorized communication channels. By doing so, companies can mitigate the risks associated with ephemeral messaging and ensure compliance with legal requirements.

Categories
Blog

Messaging App Compliance in Regulated Industries: Lessons from Recent Enforcement Actions

In recent years, regulated industries, particularly broker-dealer firms like Wells Fargo and Morgan Stanley, have faced increased scrutiny from regulatory bodies due to their lack of compliance in policing messaging apps. The Securities and Exchange Commission (SEC) recently announced charges against 10 firms in their capacity as broker-dealers and one dually registered broker-dealer and investment adviser for widespread and longstanding failures by the firms and their employees to maintain and preserve electronic communications. The firms admitted the facts outlined in their respective SEC orders. These firms collectively “agreed to pay combined penalties of $289 million and have begun implementing improvements to their compliance policies and procedures to address these violations.” Additionally, the Commodity Futures Trading Commission (CFTC) ordered four financial institutions to pay $260 million for recordkeeping and supervision failures due to the widespread use of unapproved communication methods.

Even more troubling is the involvement of senior managers in these misconducts, leading the SEC to require an independent compliance consultant in multiple settlements. This highlights the significance of overall corporate culture and the need for stricter compliance measures. Matt Kelly and I recently explored these enforcement actions, the reforms that companies must implement, the role of consultants in reviewing these reforms, and the potential risks and consequences of using messaging apps for business purposes in a Compliance into the Weeds podcast.

Reforms in regulated industries focus on policies and procedures, messaging policies, and employee training. Companies must establish clear messaging policies that outline the acceptable use of communication channels and the importance of recordkeeping obligations. Training employees on these policies and ensuring their understanding is equally vital. Additionally, companies must track training records and allegations of policy violations, making them readily available for review. Next, both ongoing monitoring and continuous improvement must be utilized. Finally, do not forget the need for disciplinary frameworks, with repeat offenders and senior employees potentially facing more severe discipline.

The enforcement crackdown by the SEC and CFTC has already resulted in significant penalties, with fines totaling a staggering $550 million. J.P. Morgan was the first bank to face such a settlement decree, setting a precedent for other banks. This raises speculation about whether the misconduct will continue and if there will be additional enforcement actions. While some large securities firms have yet to be targeted, all regulated industries must take note and proactively address compliance issues.

As noted above, using improper messaging apps for business communication is a significant concern for regulators. Moreover, these violations of securities laws occurred due to employees using ephemeral messaging apps like WhatsApp and Snapchat, which turn off record preservation. Once again, the involvement of supervisory employees and managers in using these apps is even more alarming, further angering the regulators. The SEC’s requirement for an independent compliance consultant in multiple settlements indicates a focus on corporate culture and the need to address senior managers’ involvement.

While these enforcement actions focused on regulated industries, it raises an important question about whether non-regulated industries could also face similar exposure to the SEC. The Justice Department has emphasized taking messaging and communication app risks seriously for all companies. Therefore, even if a company operates outside the purview of specific regulations, it is crucial to consider the potential risks and consequences of using improper messaging apps for business purposes. In a Radical Compliance blog post, Kelly noted, “That is a terrible look for a company. It paints the picture of a management team not interested in good ethical conduct, and we all know how that goes over with the Justice Department when evaluating the state of your compliance program.”

We desired to shed some light on the recent enforcement actions against regulated industries for their lack of compliance in policing messaging apps. The fines and penalties imposed by the SEC and CFTC highlight the seriousness of these violations. Companies must implement reforms, establish robust policies and procedures, and prioritize employee training to ensure compliance. The conversation also underscores the potential risks and consequences of using improper messaging apps for business communication. All companies must prioritize compliance and take proactive measures to address these concerns regardless of industry. By doing so, companies can foster a culture of integrity and avoid the hefty fines and reputational damage associated with non-compliance.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Messaging App Enforcement and Internal Controls

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent SEC and CFTC enforcement actions around messaging app non-compliance.

Join Tom and Matt as they take a deep dive into the enforcement actions and then consider how such claims would impact non-regulated industries. Regulated industries, particularly broker-dealer firms like Wells Fargo and Morgan Stanley, are facing enforcement actions and hefty fines for their employees’ use of messaging apps like WhatsApp and Snapchat that allow record preservation to be disabled. The involvement of senior managers in these misconducts has prompted the SEC to require an independent compliance consultant in settlements.

The conversation between Tom and Matt emphasizes the importance of messaging policies and procedures in regulated industries and the need for stricter compliance measures. They also discuss the complexities and potential consequences of record-keeping obligations and the regulatory concerns over the use of messaging apps. The conversation briefly touches on the future of AI chatbots in customer service, with differing perspectives on their ethical implications. Overall, the conversation highlights the significance of messaging policies, enforcement, and compliance in regulated industries.

Key Highlights

·      Enforcement Actions Against Regulated Industries

·      Enforcement actions and messaging policies

·      Record-keeping obligations for broker dealers and other industries

·      Regulatory concerns over the use of messaging apps

·      Internal Controls and non-regulated industries

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

No Smoke and No Fire: The Rise of Internal Controls Absent Anti-Bribery Violations in FCPA Enforcement by Karen Woody in Cardoza Law Review

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 4

What happens when two top compliance commentators get together? They talk compliance, of course. Join Tom Fox and Kristy Grant-Hart in their podcast, 2 Gurus Talk Compliance, as they tackle topics on behavior economics, OFAC settlement lessons, the importance of the user experience in compliance policy creation, and more. They also discuss incorporating behavioral sciences into compliance strategies and the exciting changes in compliance consulting services. With their expertise, they share insights on how data, behavioral science, and innovative approaches can improve compliance programs, business processes, and profitability.

 

Listen as they provide valuable insights on understanding culture by starting a dialogue and the importance of finding someone to give a narrative to. Lastly, they discuss the challenge of bribery and corruption and the need for compliance professionals to be innovative, accept failures, and be comfortable with experimentation. Take advantage of this exciting and informative podcast episode from two renowned compliance experts, Tom Fox and Kristy Grant-Hart.

Highlights Include:

·      Evolution of Corporate Ethics and Compliance Programs

·      Microsoft OFAC Settlement

·      Irritating Emails

·      Behavioral Science in Compliance

·      Messaging Apps and Dept. of Business Denial

·      FTX and its (lack of) Internal Controls

 Notable Quotes

1.      “I don’t want to say the traditional tools are limited, but we’ve really evolved past them.”

2.     When they were specifically talking about the section on learning and training and talking about that frequently shorter in more bursts, more frequently where the learner gets to decide when and how they learn is really a lot not just with behavioral science, but also with adult learning theory.”

3.     “But again, 1 of the things that are so powerful about the enforcement act is that they tell us what we should be doing.”

4.     “Compliance professionals need to look at their sales models and see if they’re using distributors.”

Resources 

1.     Microsoft’s OFAC Settlement Underscores Important Remedial Measures

2.     FTX, Multimillion-Dollar Expenses Were Approved by Emoji

3.     Your Email Does Not Constitute My Emergency

4.     New DOJ policies about messaging apps and clawbacks threaten compliance departments’ standing

Connect with Kristy Grant-Hart on LinkedIn

Spark ComplianceConsulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

February 3, 2023 – The We’re No. 1 Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • SEC now looking at hedge fund use of ephemeral messaging apps. (Bloomberg)
  • Somalia most corrupt, according to TI-CPI. (Quartz)
  • SBF banned from contacting former FTX employees. (Reuters)
  • Think you are having a bad week-did your business lose $100MM? (BBC)
Categories
From the Editor's Desk

August and September 2022 in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Kyle Brasseur, EIC at Compliance Week, unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories upcoming for the next month, talk some sports and generally try to solve the world’s problems.

In this month’s episode, we look back at top stories in CW from August around the first CCPA enforcement action, the PCAOB deal with China on audits of Chinese companies listed on the NYSE, and potential bank fines for ephemeral messaging apps. We previewed some upcoming CW events, including the ESG virtual event, CW 2022 in Europe, which will be held in Scotland, and the virtual 3rd Party Risk conference, scheduled for December.

We conclude with a look at some of the top sports stories, including a look at the Deshaun Watson resolution and debate whether it could have been handled any worse by the NFL and Browns; Tom Brady leaves the Bucs for 10 days during the preseason; and what does this mean for the regular season? Ichiro and what is greatness?