Tag: SEC

Categories
Daily Compliance News

April 18, 2023 – The Wall Street Reckoning Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Sex + BMW=gross corruption in Norway. (The Guardian)
  • Wall Street reckoning coming over Jeffrey Epstein. (NYMagazine)
  • DeSantis threatens punitive action against Disney. (NYT)
  • SEC charges Brittrex. (Reuters)
Categories
Daily Compliance News

April 5, 2023 – The Not There Finest Hour Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

· Jamie Dimon says banking regs need to be tightened.  (WSJ)

· Steinmetz’s guilty verdict was upheld on appeal.  (Reuters)

· Founder of Frank charged with fraud. (NYT)

· VW fights draconian sanctions. (Reuters)

Categories
GalloCast

Gallocast – Episode 8

Welcome to the GalloCast. You have heard of the Manningcast in football. Now we have the GalloCast in compliance. The two top brothers in compliance, Nick and Gio Gallo, come together for a free-form exploration of compliance topics. It is a great insight on compliance brought to you by the co-CEOs of Ethico. Fun, witty, and insightful with a dash of the two brothers throughout. It’s like listening to the Brothers Gallo talk compliance at the Sunday dinner table. Hosted by Tom Fox, the Voice of Compliance.

In the Gallo Cast, host Tom Fox visits with brothers Nick and Gio Gallo to discuss topics from Silicon Valley Bank’s $200 billion accounting fraud to the importance of daddy-daughter dates. They debate the role of leadership and the importance of non-financial incentives for corporate compliance. Nick and Gio touch on discussions about risk and return in banking, the impact of social media, and the use of metrics for executive performance assessment. They urge people to reach out for help when struggling and encourage leaders to create a workplace that fosters connection, compassion and understanding. Listen to the GalloCast and find out how to be a better leader and a better person.

Key Highlights

·       The Impact of Low Interest Rates and Yield Chasing: Discussing the Silicon Valley Bank Collapse

·       The Impact of Silicon Valley Bank’s Composition of Depositors and Yield Chasing on the Stock Market Crash.

·       The Risks of Taking Big Swings: A Look at Silicon Valley Bank Leadership

·       The Role of a Bank’s Chief Risk Officer in Times of Crisis and the Implications of a Zero Interest Policy.

·       The return of capital and the risks to improve income for short-term gain.

·       The Role of Executive Leadership in setting Company Goals and Values.

·       Rewarding Compliance to Promote a Positive Culture

·       Corporate Transparency and Measures to Assess Compliance Team Performance

·       Measuring the Effectiveness of Compliance Teams

·       Creating Space to Talk About Mental Wellbeing in the Workplace

·       Creating an Empathetic Workplace for Stress Relief and Support

·       Creating a Comfortable and Supportive Workplace Environment

·       The Benefits of Creating Lasting Memories with Loved Ones

·       The Impact of Daddy-Daughter Activities on Emotional Bonding

Resources

Nick Gallo on LinkedIn

Gio Gallo on LinkedIn

Ethico

Tom Fox 

Connect with me on the following sites:

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Into the Weeds

Blackbaud – Failures in Cyber Breach Disclosures

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, we discuss the consequences of insufficient disclosure regarding cybersecurity risks, as demonstrated in the recent Blackbaud SEC enforcement action. The SEC requires companies to proactively disclose material events, and the Delaware Court of Chancery is making it clear that senior executives are responsible for ensuring compliance with disclosure requirements. Tune in next week to hear more Compliance into the Weeds from Tom and Matt. 

Key Highlights

·      The cost of poor communication: $3 million lesson from Blackbaud’s FCC fine.

·      Disclosure Controls and the Sarbanes Oxley Act

·      The Consequences of Failing to Comply with the SEC and FCC Regulations on Reporting Data Breaches

·      SEC Cracking Heads and What’s Next 

Notable Quotes:

1.      “Do words still matter? I think that they do.”

2.     “I couldn’t think of at least 3 million reasons why that was a bad idea in hindsight, and maybe they should have been more forthcoming.”

3.      “Oh, well, actually, you know, we missed the revenue target, but we forgot to tell the CFO people would be fired. You know, there would be heads stuck on the pikes. In front of the office lobby or something like that.”

4.     “A compromise of our data security that results in customer or donor personal or payment card data being obtained by unauthorized persons could, and that’s the word. Could adversely affect our reputation with our customers and others.”

 Resources

Matt  on LinkedIn

Matt on Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

March 25, 2023 – The Mintz Employees Arrested in China Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Legacy of Iraq-corruption, corruption, and more corruption. (AP)
  • Tiktok CEO struggles before Congress. (NYT)
  • Coinbase gets Wells Notice. (Bloomberg)
  • Mintz Group was raided in China, and employees were arrested. (Reuters)
Categories
Blog

The Week That Was in Compliance – The ECCP: Part 3 – Messaging Apps

In addition to the speeches presented at the ABA’s 38th Annual National Institute on White Collar Crime, by Deputy Attorney General Lisa Monaco (2023 Monaco Speech) and Assistant Attorney General Kenneth A. Polite (Polite Speech); there was the release of the 2023 U.S. Department of Justice Criminal Division Evaluation of Corporate Compliance Programs (ECCP). Today we review another new addition to the ECCP, dealing with messaging apps.

There is not much which seems to excise the regulators in the compliance space as much as messaging apps. The Securities and Exchange Commission (SEC) has brought multiple and very large enforcement actions against regulated industries around their allowing employees to use messaging apps with no corporate oversight. The Department of Justice (DOJ) has been talking about messaging apps for over two years and now incorporated its guidance into the ECCP.

The ECCP opened this section by noting, “Messaging applications have become ubiquitous in many markets and offer important platforms for companies to achieve growth and facilitate communication.” For any company under investigation or in a Foreign Corrupt Practices Act (FCPA) enforcement action, the DOJ will evaluate its “policies and mechanisms for identifying, reporting, investigating, and remediating potential misconduct and violations of law…governing the use of personal devices, communications platforms, and messaging applications, including ephemeral messaging applications.” Off the shelf policies will not be sufficient as the company’s management of messaging apps “should be tailored to the corporation’s risk profile and specific business needs.” Not surprisingly the DOJ is also concerned about storage, access and even backups, requiring that “business-related electronic data and communications are accessible and amenable to preservation by the company.” Training and communication of these policies and procedures will also be evaluated and “whether the corporation has enforced the policies and procedures on a regular and consistent basis in practice.”

The Messaging Apps

Under the section entitled “Communication Channels”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What electronic communication channels does the company and its employees use, or allow to be used, to conduct business?
  • How does that practice vary by jurisdiction and business function, and why?
  • What mechanisms has the company put in place to manage and preserve information contained within each of the electronic communication channels?
  • What preservation or deletion settings are available to each employee under each communication channel, and what do the company’s policies require with respect to each?
  • What is the rationale for the company’s approach to determining which communication channels and settings are permitted?

Under this section, compliance must delineate which messaging apps a company uses and why. Is it consistent or does it vary country by country? What mechanism has your organization put in place to manage this risk? Finally, how are the communications preserved and what is your rationale for your system?

Policies and Procedures

Under the section entitled “Policy Environment”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What policies and procedures are in place to ensure that communications and other data is preserved from devices that are replaced?
  • What are the relevant code of conduct, privacy, security, and employment laws or policies that govern the organization’s ability to ensure security or monitor/access business-related communications?
  • If the company has a “bring your own device” (BYOD) program, what are its policies governing preservation of and access to corporate data and communications stored on personal devices—including data contained within messaging platforms—and what is the rationale behind those policies?
  • How have the company’s data retention and business conduct policies been applied and enforced with respect to personal devices and messaging applications?
  • Do the organization’s policies permit the company to review business communications on BYOD and/or messaging applications?
  • What exceptions or limitations to these policies have been permitted by the organization? If the company has a policy regarding whether employees should transfer messages, data, and information from private phones or messaging applications onto company record-keeping systems in order to preserve and retain them, is it being followed in practice, and how is it enforced?

This section presents several areas a compliance professional should look into for their program. Do you have an appropriate set of policies and procedures in place and are they the same for company issued phones and BYOD phones? If not, why not. Do you have a data retention policy in place for messaging apps and their platforms and is it applied consistently (if at all)? Does your organization review business communications through messaging apps or does your organization even have the right to do so? Finally, are messages preserved somewhere?

Under the section entitled “Risk Management”, the DOJ poses a series of questions that every compliance program must answer. These questions include:

  • What are the consequences for employees who refuse the company access to company communications? Has the company ever exercised these rights?
  • Has the company disciplined employees who fail to comply with the policy or the requirement that they give the company access to these communications? Has the use of personal devices or messaging applications—including ephemeral messaging applications—impaired in any way the organization’s compliance program or its ability to conduct internal investigations or respond to requests from prosecutors or civil enforcement or regulatory agencies?
  • How does the organization manage security and exercise control over the communication channels used to conduct the organization’s affairs?
  • Is the organization’s approach to permitting and managing communication channels, including BYOD and messaging applications, reasonable in the context of the company’s business needs and risk profile?

This  final section might as well have been named ‘consequence management’ but I guess that moniker was already taken. Here the DOJ wants to know what consequences recalcitrant  employees faced for failure to follow the appropriate  policies and procedures.  Moreover, did any employee actions around messaging apps hinder or block internal investigations or regulators queries or attendant responses?  Next, is an appropriate level of internal security being exercised for such communications? Finally, are the company’s action reasonable in the context of its business needs and risk management protocol?

Obviously, there is quite a bit in these three sections every compliance professional will have to consider. But the framework already exists which you can adapt. It is risk assessmentrisk management strategyongoing monitoringongoing improvement. It may take some work but your blueprint to handle these requirements exists.

Join us tomorrow when we conclude our review of the 2023 ECCP.

Categories
Everything Compliance

Episode 113 – The Replika AI Edition

Welcome to the only roundtable podcast in compliance as we celebrate our second century of shows. Everything Compliance has been honored by W3 as the top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Karen Woody, and Matt Kelly who discuss a potpourri of issues. We conclude with our fan fav Shout Outs and Rants section.

1. Matt Kelly looks at ChatGPT and raises several questions for the compliance professional. He rants about Facebook and its layoffs and performance reviews.

2. Jonathan Armstrong comes in smoking on the Replika AI imbroglio in Italy and discusses his collection of comments by users of the service. He shouts out to the British Navy for the Altmark Incident in 1940, the last recorded English naval battle fought with cutlasses.

3. Tom Fox shouts out  Valentine’s Day and all those hopeless romantics out there.

4. Karen Woody looks at the new rules promulgated by the SEC on insider trading. She shouts out to the Netflix show Cunk on Earth.

5. Jay Rosen looks at the First Energy corruption scandal and the current trial of former Ohio House speaker Larry Householder. He shouts out to Stevie Van Zandt donating a do rag to California Representative Jamie Raskin to wear during his cancer treatment.

The members of the Everything Compliance are:

•       Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com

•       Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu

•       Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com

•       Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com

•       Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com

The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.

Categories
Daily Compliance News

February 22, 2023 – The Going Dark Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • Binance secretly moved money out of the US affiliate. (Reuters)
  • Is supporting DEI now illegal in Texas? (PracticalESG)
  • SEC is becoming increasingly opaque about the whistleblower program. (KU)
  • Does PCAOB have jurisdiction over crypto audits? (WSJ)
Categories
Daily Compliance News

February 18, 2023 – The Lot of White Castle’s Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • White Castle is looking at a $17bn fine in Illinois. (Reuters)
  • Crypto clampdown continues. (NYT)
  • SBF bail could be revoked. (LA Times)
  • Paul Pearce was fined by SEC for promoting crypto without disclosure. (WSJ)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Code of Conduct as an Internal Control

In 2016, the SEC announced one of the most interesting non-international-focused FCPA enforcement actions. It involved a clear quid pro quo benefit paid out by United Airlines, Inc. to David Samson, the former chairman of the Board of Directors of the Port Authority of New York and New Jersey. This public government entity has authority over, among other things, United’s operations at the company’s huge east coast hub in Newark, New Jersey.

At the time, United’s Code of Conduct prohibited “United employees from directly or indirectly making bribes, kickbacks or other improper payments to government officials, civil servants or anyone else to influence their acts or decisions” and that “[n]o gift may be offered or accepted if it will create a feeling of obligation, compromise judgment or appear to influence the recipient improperly.” Only the United Board of Directors could grant a waiver to the code, and none was sought or obtained by Smisek. The Order concluded, “The [Chairman’s] Route was initiated in violation of United’s policies.”

The company was also sanctioned for not having internal controls to prevent such actions as those taken by Smisek. The SEC also found this was a violation of Section 13. This was in the face of detailing the protocol for the United instituting or reinstituting a route. The Order stated, “United had insufficient internal accounting controls to prevent approval of the South Carolina Route in derogation of United’s Policies.” All the underlying facts, enforcement theories, and remediation point towards the failure of internal controls when domestic bribery corruption occurs.

 Three key takeaways:

1. It is very unusual for the FCPA to form the basis of a domestic bribery violation.

2. A Code of Conduct can be an internal control.

3. Even a CEO must follow internal controls.

For more information on building a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.