Categories
Daily Compliance News

June 25, 2022 the State Capture Edition


In today’s edition of Daily Compliance News:

  • FCA fines Ghana Bank for poor AML controls. (WSJ)
  • Law professors can detail prosecutorial misconduct. (Reuters)
  • Nike leaves Russia. (BBC)
  • State capture in South Africa. (WaPo)
Categories
Never the Same

ESG Will Never Be the Same

After the Russian invasion of Ukraine, the business world will never be the same again. Deputy Attorney General Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is, of course, Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate. Over this five-part podcast series, I will consider how the business will never again be the same and how a confluence of events has changed business forever. I am joined in this exploration by Brandon Daniels, CEO of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and ESG. In this concluding Part 5, we look at perhaps the business area with the greatest changes from the Russian invasion, ESG. Highlights include:

·      Why ESG will never be the same.

·      Companies must have a holistic approach to ESG.

·      Reputational damage as a top-line expense.

·      ESG must be managed proactively.

·      Does your corporate ethical values stand for freedom and democracy or something less.

Categories
Blog

Why ESG Will Never Be the Same After the Russian Invasion

After the Russian invasion of Ukraine, the world of business will never be the same again. Deputy Attorney General (DAG) Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is of course Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate.
Over this five-part series, I have considered how business will never again be the same and how a confluence of events has changed business forever. I have been joined in this exploration by Brandon Daniels, Chief Executive Officer (CEO) of Exiger. We have explored the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and environmental, social and governance (ESG). In our concluding Part 5, we consider why ESG will never be the same after the Russian invasion of Ukraine.
The pandemic led to an explosion of ESG awareness and forward movement. This was driven much more by the business world, from institutional investors, to shareholders, employees, and other stakeholders to financial institutions and even insurers, rather than through regulatory change. They are all now evaluating business prospects, targets and partners through an ESG lens. Many businesses have responded by upping their ESG game through sustainability officers, more robust ESG programs and similar efforts. However, these efforts were in many ways siloed within the three broad categories of ‘E’; ‘S’; and ‘G’. What the Russian invasion of Ukraine drove home was the need for a more holistic approach to corporate ESG.
ESG is now a key national security interest of democracy. The transparency mandated by ESG programs, through government required disclosure or private sector required disclosure also ties into the other areas of business change we have explored over this series. Obviously, the disruption in the supply chain of key minerals coming out of Russia, such as aluminum or fossil fuel, is an important issue but companies which tried to continue to use those resources faced a much greater risk and economic sanctions; that being reputational risk. Daniels remarks, “in terms of social issues, companies were forced to comply with sanctions, but then there were boycotts against companies that maintained relationships with the Russian autocracy. There were boycotts against companies that had ties to Russian oligarchs.”
It is this impact on reputational damage which has changed ESG going forward. Regulators can certainly levy and assess fines based upon violations of laws and regulations. For many businesses, however, this is simply seen as a cost of doing business, a below the line cost such as a corporate legal department of compliance function. However, hits to reputational damage are above the line costs meaning they eat directly into sales, revenue, and success. Moreover, your market cap and the valuation of your business are both based on revenue so any hit to your top line could significantly impact your organization in a very negative manner. If your organization is seen as supporting autocratic regimes who nakedly wage wars against women and children or your company purchases goods which were made by Uyghur slave labor; a very large swath of the consuming public will not want to purchase your products or even do business with you. The risk is simply too high.
This has led Daniels to reflect that consumers want to purchase and transact with purpose driven businesses. He said, “What is more purpose driven than supporting democracy and supporting the arrest, the fight against a brutal regime that is quite literally killing innocent women and children. This is not a question of risk management or risk appetite. This is a question of deciding whether or not you as a brand can stand for the ideals of freedom and the ideals that we have for an inclusive and fair and open and democratic world. When we talk about purpose driven, we have to remember that what people are demanding, is a company that aligns with their values, aligns with their ethics.”
All of these factors will change ESG forever and how companies’ approach ESG. Your organization must not only more fully integrate ESG into the overall business strategy, but your organization must integrate the ‘E’, the ‘S’ and the ‘G’ through a cohesive approach to all three all the way up to the Board level. Daniels noted that many companies were caught “flat-footed” by the Russian invasion of Ukraine. Looking across the three pillars of ESG, the Russian invasion of Ukraine forced companies to take ESG more seriously. Daniels said, “it codified and solidified in people’s minds, the need to manage ESG as a part of reputational brand value. You have to look at ESG proactively because trying to react to these situations causes so much turmoil.”

Categories
Blog

Why Anti-Bribery and Anti-Corruption Will Never Be the Same After the Russian Invasion

After the Russian invasion of Ukraine, the world of business will never be the same again. Deputy Attorney General (DAG) Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is of course Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate.
Over this five-part series, I will consider how business will never again be the same and how a confluence of events of events has changed business forever. I am joined in this exploration by Brandon Daniels, Chief Executive Officer (CEO) of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and environmental, social and governance (ESG). In Part 3, we continue our explorations of changes wrought by the Russian invasion of Ukraine, in the realm of anti-bribery and anti-corruption (ABC) compliance and enforcement.
The World Economic Forum estimates that over $3 trillion is lost annually to the global economy due to the scourge of corruption. Corruption does more than simply steal money from the world economy. According to the United States Strategy On Countering Corruption, (Strategy), “Corruption robs citizens of equal access to vital services, denying the right to quality healthcare, public safety, and education. It degrades the business environment, subverts economic opportunity, and exacerbates inequality. It often contributes to human rights violations and abuses, and can drive migration. As a fundamental threat to the rule of law, corruption hollows out institutions, corrodes public trust, and fuels popular cynicism toward effective, accountable governance.”
Writing for the World Economic Forum, Delia Ferreira Rubio, Nicola Bonucci and Rachel Davidson Raycraft linked the fight regarding economic and trade sanctions to bribery and corruption. They connected the monies stolen by oligarchs and strongmen through a variety of strategies to bribery and corruption. Taking this connection a step further, they noted “the close relationship between corruption and conflict”, as laid out in the UN Sustainable Development Goal (SDG) 16 – Peace, Justice and Strong Institutions. As with the Strategy, UN SDG 16, “is grounded in the principles of anti-corruption, including targets such as reducing illicit finance, corruption and bribery; and developing effective, accountable and transparent institutions at all levels.”
ABC enforcement is well-known and there are two decades of the modern era of Foreign Corrupt Practices Act (FCPA) enforcement. This modern era began after the connection was established between corruption and terrorism, most notably from the events of 9/11. However, now ABC is seen as a key component of both global security and global prosperity. The Biden Administration recognized these components when it announced that ABC is now seen as a National Security Threat to the US, when it announced its Strategy in December 2021.
The Strategy laid out five pillars of the US government’s increased emphasis on ABC enforcement and compliance. Pillar 1 spoke to modernizing, coordinating, and resourcing US government efforts to fight corruption. Pillar 2 dealt with curbing illicit financing. Pillar 3 was about holding corrupt actors accountable. Pillar 4 broadened the approach beyond a US-only perspective to discuss a broader multilateral anti-corruption architecture. Pillar 5 also enhanced a more holistic approach by discussing improving diplomatic engagement and leveraging foreign assistance to advance these goals.
All of this means more information and analysis, including search and data collection, by using “information more effectively to understand and map corruption networks and related proceeds, and dynamics, and tailor prevention and enforcement related actions, as well as build the evidence base around effective assistance approaches.” The next improved information sharing within the US government, private companies and across international boundaries. It also includes holding corruption actors accountable, curbing illicit financing and bolstering international cooperation and actions.
Another key area laid out in the Strategy was the increased focus on the “transnational dimensions of corruption.” This means more than simply looking at the usual geographic areas recognized as high risks of corruption by tackling transnational organized crime through “understanding and disrupting networks, tracking flows of money and other assets, and improving information and intelligence sharing across U.S. departments and agencies, and, as appropriate, with international and non-governmental partners.”
The Strategy set the stage for changes wrought by the Russian invasion of Ukraine. Daniels said that bribery and corruption are not “lone wolf crimes”; as they do not occur in a vacuum. They are almost always associated with attempts to hide illegal payments through money-laundering and often are done in conjunction with anti-competitive crimes such bid-rigging or similar acts. Moreover, bribery and corruption leads to constraints in the marketplace through awarding of business in decidedly non-legal manners. Daniels went on to state, “We don’t think of this as a cost of doing business for two reasons. One, because it does go alongside very often autocratic governments. Two, such actions go with it, such as disinformation.”
One of the consequences of the dramatic increase in economic and trade sanctions is that corruption will be the enhanced risk of bribery and corruption. This can occur as impacted businesses and sanctioned individuals look for ways to evade sanctions through the use of bribery and corruption. Some of the ways they will try to avoid and evade sanctions will be through  smuggling, setting up shell companies, money laundering and self-dealing, all facilitated by bribery and corruption.
An unintended, but no less powerful example of the nefarious impacts of bribery and corruption, has been demonstrated by the Russian Army in the invasion of Ukraine. It has been the abject failure of the Russian Army to be able to keep a modern army functioning in the field. The Russian Army has been plagued by equipment that did not function and non-existent parts and stores which were all sold off on the Black Market by corrupt Russian government officials. In many ways, criminals simply siphoned away the stores of the Russian Army due to bribery and corruption.
Finally, as DAG Lisa Monaco stated, the role of compliance professionals as gatekeepers has dramatically changed. The Department of Justice (DOJ) clearly views corporate citizens as key allies in this fight. Rubio, Bonucci and Raycraft noted that gatekeepers “play an indispensable role in the enforcement and realization of laws and regulations that target illicit finance.” Anti-bribery and anti-corruption compliance has been forever changed by the Ukraine War as it is clear that “by controlling, distributing and managing wealth, gatekeepers control, distribute and manage global power – and, in effect, global security.” Anti-bribery and anti-corruption compliance and enforcement will never be the same again, literally on a worldwide basis.

Categories
Blog

Why Cybersecurity Will Never Be the Same After the Russian Invasion

After the Russian invasion of Ukraine, the world of business will never be the same again. Deputy Attorney General (DAG) Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is of course Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate.
Over this five-part series, I will consider how business will never again be the same and how a confluence of events of events has changed business forever. I am joined in this exploration by Brandon Daniels, Chief Executive Officer (CEO) of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and environmental, social and governance (ESG). In Part 4, we continue to explore the changes wrought by the Russian invasion of Ukraine, in the realm of cybersecurity.
The Russian invasion of Ukraine gave everyone else an understanding of how serious cybersecurity really was from a defense perspective and not just from a corporate risk management perspective. According to Daniels, it drove home the clear message in cybersecurity that the United States is in a non-kinetic war with Russia and China. Over the past decade the theft of intellectual property (IP) through cybercrime has steadily increased but Russia and China are essentially “showering the US with attacks” and specifically Russia is attempting to compromise “US facilities and technologies since the crisis” began.
A second and equally important point on cybersecurity, is how interconnected it is to commerce. Countries such as Russia and China are clearly using both state and non-state businesses to further the ambitions of the state. These attacks have been particularly prevalent in supply chain where 80% of the largest cyber-attacks that have occurred, have been supply chain attacks. This means that you may have integrated some software into your organization through a vendor, but somewhere earlier in that software development, in that vendor’s purchasing of under underlying software capabilities, there was a malicious piece of software that was planted by a state-owned actor, a non-state actor or a criminal network. This interconnectedness between third party and supply chain, risk management and cyber risk management was made so much more explicit from the Russian invasion of Ukraine.
Daniels pointed out that companies may have “vendors that are owned one to two degrees away by Russian oligarchs and those Russian oligarchs might be using the fact that we use their software one to two degrees away as an entry point to steal classified information about what the US government is doing in” an area such as critical infrastructure. Once again, the nature of cybersecurity and its interconnectedness with third party and supplier risk management, was “another revelation that came out of this crisis and this conflict.”
One of the continuing themes from the Russian invasion of Ukraine is the interconnectedness of risks which will never be the same. Some of these we have previously explored such as supply chain, trade and economic sanctions and anti-bribery and anti-corruption. There are others such as crypto and ESG as well. This can all lead to a perception of complexity which could overwhelm risk management and other business professions thinking through how to manage these risks.
Daniels suggested an approach which assesses your vendors in their environment for four quadrants of risk: operational, foreign ownership, financial health and reputational risk. After you have established your risk appetite you will need to assess every vendor on an individual and singular basis. You should have a process where each vendor coming through your company’s pipeline follows an onboarding process that manages to your risk appetite and then monitors for risks that could pull a vendor above your risk threshold. If a vendor falls outside of your risk appetite for any of these key areas, you should review the use of that vendor in more detail.
There are other risk profiles you should consider. One is industry risk, which means what critical industries are you relying upon. Daniels noted that a cloud hosting company should be concerned with computing resources, bandwidth, power, or fiber optic resources. He said, “Don’t try to boil the ocean, just look at your critical industries and see where you might have issues that are coming up that could be problematic” for your industry.
Finally, another key risk area to consider is jurisdictional risk. This means reviewing the locations of your facilities. Daniels said, “I look at where my top or most critical products are being manufactured. Again, if I’m a cloud hosting company, it might be the microelectronics that I use to power computing resources, to determine where the concentration of manufacturing locations.” But the key is to take it in bite size chunks by company, industry, and jurisdiction, and then monitor so you can at least maintain a reactive posture on upcoming events. By doing so this enables your company to do continuous maturing and evolution thereby increasing complexity and efficacy to continuously improve that program to start to work towards proactive risk management.

Categories
Blog

Why Economic and Trade Sanctions Will Never Be the Same After the Russian Invasion

After the Russian invasion of Ukraine, the world of business will never be the same again. Deputy Attorney General (DAG) Lisa Monaco recently said that the world’s “geopolitical landscape is more challenging and complex than ever. The most prominent example is of course Russia’s invasion of Ukraine.” It is “nothing less than a fundamental challenge to international norms, sovereignty and the rule of law that underpins our society.” This is even more so in the current business climate.
Over this five-part series, I will consider how business will never again be the same and how a confluence of events of events has changed business forever. I am joined in this exploration by Brandon Daniels, Chief Executive Officer (CEO) of Exiger. We will explore the irrevocable changes in Supply Chain, trade and economic sanctions, anti-corruption, cyber-security and environmental, social and governance (ESG). In Part 2, we continue to explore the changes wrought by the Russian invasion of Ukraine, in the realm of economic and trade sanctions.
According to Daniels, one of the keys on the nature of sanctions on punitive economic activities, is to endure that you are having the right impact and through a set of comprehensive sanctions. You must do so while “making sure that you’re not hurting your allies and partners that can help unwind some of these undesirable or intolerable geopolitical situations.” This means that when thinking about economic sanctions, it is not simply a consideration of the implemented economic sanctions; it is a broader consideration of “a comprehensive set of economic and trade policies that have been codified into legislation, through regulation and rulemaking,  that set the tone for sanctions in the future sanctions and economic prohibitions in the future.”
Two precursors to the development of the US economic and trade sanctions response to the Russian invasion of Ukraine were the increase in economic and trade sanctions utilized by the Trump Administration and, most significantly, the passage of the National Defense Authorization Act on January 1, 2020, which included the Anti-Money Laundering (AML) Law of 2020. This was the first update of federal AML laws since the Patriot Act was passed in the wake of 9/11. Both of these seemingly disparate developments set the stage so that Russia invaded Ukraine and the Biden Administration, along with most western democracies, came down levying economic and trade sanctions in very short order against certain Russian individuals, Russian companies and against Russia itself.
The US government had also been ramping up its economic and trade sanctions enforcement over the past several years. DAG Monaco has said that three such cases have led to over $1 billion in fines and penalties alone over the past 10 years, adding “so we’re by no means starting on a blank canvas.” However, “what you have seen in the last few months is something completely different…The scope of the sanctions imposed on Russia by the United States and its allies and partners are of a new order of magnitude…We are pouring resources into sanctions enforcement, and you have seen and will continue to see results.” Indeed, she categorized economic and trade sanctions enforcement as “the new FCPA.” But it’s not just the war in Ukraine that has prompted a new level of intensity and commitment to sanctions enforcement. We have turned a corner in our approach. Over the last couple of months, I’ve given notice of that sea change by describing sanctions as “the new FCPA.”
Daniels noted that these new rounds of sanctions based upon the Russian invasion of Ukraine are actually broader and more comprehensive because they strive to get at the root of an issue, which is intelligence gathering by state and non-state actors from US businesses. He pointed to the examples of the Chinese companies ZTE Corporation and Huawei Technologies Co., Ltd., which are subject to bans from the Federal Communications Commission (FCC) but who still might be suppling chips to suppliers down your supply chain and more nefariously using those chips to engage in intelligence gathering and industrial espionage.
The economic and trade sanctions, put in place before the Russian invasion of Ukraine and those levied thereafter, are designed to not simply punish Russia but also interdict their ability to wage war. This means sanctions will be used to disrupt the Russian ability to fund the war through its banking sectors. Yet another set of reasons are to change non-democratic and unethical behaviors by making the cost to engage in these behaviors so high through economic and trade sanctions.
One of the most interesting consequences in the area has been the increase in and much more highly publicized increase in whistleblowers. Once again, the AML Law of 2020 set the stage for this by including a bounty provision that any person or entity involved in reporting an economic and trade sanctions violation would be eligible for up to 30% bounty on any recovery. Perhaps the most visible byproduct of this has been the worldwide hunt for the multi-million up to billion-dollar yachts of Russian oligarchs. Whistleblowers and bounty hunters are actively looking for these yachts to turn their locations over to American authorities who can seize them.
But these seizures are only one step. As Daniels noted, because the AML Law of 2020 also helps uncover the companies who own these yachts and the companies who own those companies. In other words, transparency. Here one only need to think of the Panama Papers, the Pandora Papers and the Paradise Papers to understand why the light of day is the best disinfectant for enforcing economic and trade sanctions.
Once again, as with supply chain, the government is now looking for businesses to help in this fight. The US government has enlisted the private sectors as key partners in the implementation of economic and trade sanctions to allow the US government “to go after those who profit from corruption and crime around the world — whether they are sanctions-evading oligarchs or office-holding bribe recipients. Working with our partners, we can ensure that corrupt regimes will be held responsible — whether we’re seizing yachts or freezing slush funds.”

Categories
Everything Compliance

Episode 100, the Ukraine Invasion Edition


Welcome to the only roundtable podcast in compliance as we celebrate our 100 show. In 2021, Everything Compliance was honored by W3 as a top talk show in podcasting. In this episode, we have the quintet of Jay Rosen, Jonathan Marks, Tom Fox, Jonathan Armstrong and Matt Kelly. We focus on changes to compliance and businesses in the wake of the Russian invasion of Ukraine. We begin with a special Breaking News segment of Elon Musk putting his Twitter purchase ‘on hold’. We conclude with our fan favorite Shout Outs and Rants.

1. Jay Rosen what the Russian invasion of Ukraine means for business ventures for countries in the West. Rosen shouts out Christopher Flores and Robert Moran, the first time pilot who had to take over the landing of a plane when the pilot fell ill and Robert Morgan, the air traffic controller who talked him down to a safe landing.

2. Matt Kelly takes a deep dive into the Stericycle FCPA enforcement action.  Kelly rants about Moderna and its hiring of the new CFO for one day and wonders if releasing news of the prior company’s accounting fraud investigation could have been disclosed.

3. Jonathan Marks explores the changes the conflict has wrought for ESG. Marks also rants about Moderna which fired its CFO after one day on the job, asking did Moderna  perform any due diligence.

4. Tom Fox looks the changes in the National Security issues for ABC, AML and export control. Fox rants about Justice Alito who wants to take American culture, legal rights and jurisprudence back to the 18th century English law.

5. Jonathan Armstrong explores the changes the conflict has wrought for ESG. Armstrong shouts out to Ivy Williams and Helena Normanton, the first two women barristers in the United Kingdom.

The members of the Everything Compliance are:
•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.