Categories
Compliance Into the Weeds

Issue and Trends for 2022, Part 1


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom begin a special two-part podcast series of several topics they will be following in 2022. Today in Part 1, we consider

  • The Biden Administration’s Strategy on Countering Corruption, specifically around FinCEN and AML enforcement and how it may impact FCPA enforcement.
  • The PCAOB was long dysfunctional before the Trump Administration eviscerated it. How will it change under the Biden Administration?
  • The SEC plans for the regulation of and reporting on ESG.
  • FCPA enforcement for recidivist corporations after DAG Lisa Monaco’s speech in October 2021.

Resources
Matt in Radical Compliance

Categories
FCPA Compliance Report

Karen Woody on JPMorgan and Nikola SEC Enforcement Actions


In this episode of the FCPA Compliance Report, I am joined by Professor Karen Woody. We discuss the recent SEC enforcement actions involving JPMorgan and Nikola which were announced in December 2021. Highlights of this podcast include:

  1. Background on both cases.
  2. Why was the SEC so excised with JPMorgan?
  3. What are the broader lessons for the Compliance Professional?
  4. Compliance Consultant or Monitor or both?
  5. Nikola and the trouble with SPACs?
  6. What is the intersection of puffing, faking it til you make it and illegal conduct?
  7. SPACs and Due Diligence.
  8. Could Nikola change the SEC approach to SPACs?
  9. From visionary to founder to CEO of a public company?
  10. The shadow of Elizabeth Holmes?

Resources-Tom on the FCPA Compliance and Ethics Blog
JPMorgan
Nikola

Categories
Classroom Insiders

Narrowing the Scope of Disclose or Abstain Rule Violations


Staats Smith was a judicial intern with the Delaware Chancery Court this past summer, and plans to work with one of the large Delaware firms during the next. He is a 2L student at Washington and Lee. In this episode of Classroom Insiders, Staats talks about the pivotal case of Dirks v. SEC.

Chiarella was an employee for a financial printing publication, which was used by the company to disclose their material nonpublic information. To avoid premature disclosure, the company developed a code to prevent its employees from trading on the information before it went public. However, Chiarella was able to crack the code, and made hefty profits on his trades as he was always leading it before the news broke. He was convicted for violating the disclose-or-abstain rule by the District Court, which was affirmed by the Second Circuit. Justice Powell decided to reverse the conviction; it was in his view that Chiarella owed no duty to the sellers or shareholders, as he was not an insider or a fiduciary.
Any fiduciary relationship Chiarella had with his employer was not considered due to the application of a judicial waiver, Staats claims; an argument not briefed or argued is deemed waived. The theory of misappropriation was not brought up at all in the District Court, so it could not even be considered on review.
Resources
Karen Woody on LinkedIn 

Categories
This Week in FCPA

Episode 283 – the Tribute to Madden and Harry edition


With Jay on a holiday assignment, Tom is joined by Mike Volkov to look at some of the week’s top compliance and ethics stories this week in the Tribute to Madden and Harry edition.
Stories
1.     We lost two greats this week, one in sports and gaming and one from politics. John Madden and Harry Reid. Tom and Mike reflect.
2.     No poaching in the Defense IndustryJay DeVecchio and Lisa Phelan in a MoFo Client Alert.
3.     What is a ‘Bump Up’ provision in an E&O policy. Barry Buchman and Michael Scanlon in D&O Diary.
4.     Reflections on 2021 in Compliance. Lisa Schor Babin in CCI.
5.     Should lawyers file SARs? Jason Morris in Compliance Week (sub req’d).
6.     Fraud in the taxi business? (This is my shocked face.) Matt Kelly in Radical Compliance.
7.     Making ESG 2nd nature in asset allocation. Sara Rosner and Jess Gaspar in Harvard Law School Forum on Corporate Governance.
8.     An app for ESG investment. Lawrence Heim in PracticalESG.
9.     Thoughts for the Board from 2021. Marty Lipton in Harvard Law School Forum on Corporate Governance.
10.  Tom and Mike look back at 2021 in compliance. Tom in FCPA Compliance and Ethics Blog.
 Podcasts 
11.  Want some fun? Join Tom and One Stone Creative co-founder Megan Dougherty for an exploration of the full MCU. In their most recent posting, check out Episode 3, Iron Man.
12.  In December on The Compliance Life, I visit with Matt Silverman, Director of Trade Compliance at VIAVI. Matt is the first Trade Compliance Director I have hosted on TCL. In Part 1, Matt details his academic career and early professional life. In Part 2, Matt moves into trade compliance. In Part 3, Matt moves into the Director’s chair. In Episode 4, Matt looks down the road for trade compliance.
13.  The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Classroom Insider. In this most unique pod, Karen interviews some of her student to tell the history of insider trading. Check out Episode 1 where they discuss the history of insider trading. In  Episode 2, the disclosure or abstain rule. On Episode 3, they will take up narrowing the scope of the disclose or abstain rule.
14.  On EMBARGOED!, Brian and Tim run through a Lightning Round-style discussion of the top economic sanctions and export controls stories of 2021.
15.  Looking to enhance your compliance program? Check out 31 Days to a More Effective Compliance Program returns, which runs for the month of January, from January 1 to January 31. Available on the Compliance Podcast NetworkMegaphoneiTunes, and all other top podcast platforms.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Mike Volkov is the founder of the Volkov Law Group and can be reached at mvolkov@volkovlaw.com.

Categories
Daily Compliance News

December 30, 2021 the Maxwell Guilty Edition


In today’s edition of Daily Compliance News:

  • Ghislaine Maxwell found guilty. (NYT)
  • Taxicab lender company charged with fraud by SEC. (Reuters)
  • Who lost Afghanistan? (Decclan News)
  • Foreign Rocket company owner ordered to sell stake. (Bloomberg)
Categories
Blog

2021 – The Year in FCPA Enforcement

There was a paucity of Foreign Corrupt Practices Act (FCPA) enforcement actions in 2021. However, the few enforcement actions announced did provide significant lessons for every compliance professional.
Deutsche Bank
The year started off with a bang when, according to a Department of Justice (DOJ) Press Release, Deutsche Bank Aktiengesellschaft, “agreed to pay more than $130 million to resolve the government’s investigation into violations of the Foreign Corrupt Practices Act (FCPA) and a separate investigation into a commodities fraud scheme. “The resolution includes criminal penalties of $85,186,206, criminal disgorgement of $681,480, victim compensation payments of $1,223,738 and $43,329,622 to be paid to the US Securities & Exchange Commission in a coordinated resolution.” Settlement documents include a Deferred Prosecution Agreement (DPA) and Information from the Department of Justice (DOJ) and a Cease and Desist Order (Order) entered to with the Securities and Exchange Commission (SEC). This settlement comes on the heels of another FCPA settlement in August 2019, where the Bank paid $16.2 million to settle a ‘Princeling’ charge that it corruptly hired sons and daughters of foreign officials and of employees of state-owned enterprises.
One can only wonder at the culture at the Bank which basically boiled down to win at all costs: lie, cheat, steal, engage in bribery and corruption, manipulate the markets, we don’t care. Just Win Baby. The Bank was also comfortable in dealing with some very dodgy characters beyond even Donald Trump and his family. The Bank has now said it will no longer do business with Trump and his personal banker left the Bank at the end of 2020.
Does this mean the Bank will turn state’s evidence against Trump? It is hard to say at this point, but the Bank is committed in the DPA to “cooperate fully with the Offices in any and all matters relating to the conduct described in the Statement of Facts and other conduct under investigation by the Offices at any time during the Term, subject to applicable laws and regulations, until the later of the date upon which all investigations and prosecutions arising out of such conduct are concluded, or the end of the Term.” [emphasis supplied] While this is boilerplate language found in every DPA it certainly takes on greater significance now.
Amec Foster Wheeler
The next matter was the Amec Foster Wheeler FCPA enforcement action, which is currently owned by John Wood Group PLC (Wood), the successor-in-interest to Amec Foster Wheeler Plc. It involved a long-standing corruption investigation which involved multiple investigative and enforcement agencies in multiple jurisdictions regarding the use of the disgraced agent Unaoil to pay bribes to secure business. In a Press Release, the Company said that it had reached agreements with the UK Serious Fraud Office (SFO), the DOJ and SEC) in the US, and the Ministério Público Federal (MPF), the Comptroller General’s Office (CGU) and the Solicitor General (AGU) in Brazil, to resolve their respective bribery and corruption investigations into the past use of third parties in the legacy Foster Wheeler business. Under the terms of these various agreements, the Company will pay compensation, disgorgement and prejudgment interest, fines and penalties totaling $177m. The payment will “be phased over the next three years with approximately $62m payable in H2 2021, and the balance to be paid in instalments in 2022, 2023 and 2024.”
There were some key lessons learned from the matter. In the area of internal controls, hopefully in 2021, if a General Counsel is asked to draft an agreement, even an interim agreement which violates a company’s internal controls for the vetting and contracting with third-party agents, that GC would stop the process. But if not, there should trips wires which would alert those at the highest level of a corporation that a key control was been over-ridden or worked around. This of course means the Board of Directors should have visibility into the highest risks an organization faces and in the world of international commerce, a third-part sales agent is that level of risk.
This case also involved multiple failures in the area of Mergers and Acquisitions (M&A). There were at least two acquisitions involved here where the acquiring entity; first Amec  acquired Foster Wheeler (forming Amec Foster Wheeler) and then the second, the John Wood Group PLC (acquiring Amec Foster Wheeler) failed to perform either sufficient pre-acquisition due diligence or even post-acquisition audit of the acquired company’s high-risk ventures. Once again, this involved Petrobras which was well-known for corruption issues by 2014. There was no mention of the failures of Amec and Wood in the M&A areas on this matter but clearly something went through unnoticed.
Since at least the 2012 FCPA Resource Guide, the DOJ and SEC have specified the steps for compliance in M&A. It is pre-acquisition due diligence which should form the basis of post-acquisition integration. After acquisition, there should be a full forensic FCPA audit and investigation, most notably in high-risk markets and with high-risk ventures. There must be full compliance training and integration of the acquired entity into the acquirer’s compliance regime.
WPP
Finally, was the SEC Cease and Desist Order entered into with WPP plc, the world’s largest advertising group, for paying bribes to Indian government officials and participating in other “illicit schemes” in China, Brazil and Peru. WPP agreed to pay $11 million+ in disgorgement and interest and penalty of $8 million for a total amount of just over $19 million. Some of the key lessons from compliance including the following.
Culture Matters – It seems about the most basic thing to say in the compliance realm, but the most important thing is your corporate culture. If your culture puts no value on doing business ethically and in compliance, your organization will surely have problems. Investigations – From the ignoring of internal whistleblower reports, to selecting poor investigative counsel, to allowing the persons involved in the corruption to help shape the original internal investigation, this matter is an excellent teaching tool for how NOT to perform an investigation. M&A  – There was no preacquisition compliance due diligence into any of the entities acquired. This was bookended with no forensic compliance audit of the acquired entities after acquisition as well. Incentives – When do sales or remuneration incentives become perverse incentives? WPP crossed that threshold when they made the earnouts for the founders of the organizations they acquired, who were kept on to run subsidiaries such as WPP-India, contingent on hitting sales numbers they could not reach without engaging in bribery and corruption.
While there was a smaller number of FCPA enforcement actions in 2021 than in prior years, the cases that were resolved were significant. They provide many lessons for every Chief Compliance Officer (CCO) and compliance professional.

Categories
Daily Compliance News

December 23, 2021 the How to Win Friends Edition


In today’s edition of Daily Compliance News:

  • Wall Street puts hold on RTO. (NYT)
  • Brazilian companies list on NYSE, what could go wrong. (Reuters)
  • SEC blocks Apple bid to block shareholder proposal. (Reuters)
  • Amazon sues India financial crimes agency. (SEC Press Release)
Categories
Compliance Into the Weeds

Compliance into the Weeds: On the Naughty List-JPMorgan $200 Settlement

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a deep dive into the JPMorgan settlement with the SEC and CFTC for faulty electronic record-keeping. Some of the issues we consider are:

·      Why does Matt ‘almost feel bad’ for JPMorgan?
·      There was a paucity of facts. So why is the fine so high?
·      Is it a ‘Compliance Consultant’ or a Monitor?
·      The remediation agreed to by JPMorgan.
·      Lessons learned for the compliance professional and ephemeral communications.
·      Focus on consistent and even-handed discipline for JPMorgan employees going forward.
Resources
Matt in Radical Compliance
Tom in the FCPA Compliance and Ethics Blog

Categories
Blog

On the Naughty List – Nikola and Social Media Shenanigans

We continue our exploration of Santa’s Naughty List this week before Christmas by looking at the compliance failures of Nikola Corporation (Nikola). In a Press Release, the Securities and Exchange Commission (SEC) announced that Nikola, a publicly traded company created through a special purpose acquisition company transaction, has agreed to pay $125 million to settle charges that it defrauded investors by misleading them about its products, technical advancements, and commercial prospects via a Cease and Desist Order (Order). This follows on the heels of an earlier filing against former Nikola founder and Chief Executive Officer (CEO), Trevor R. Milton (Milton), for repeatedly disseminating false and misleading information – typically by speaking directly to investors through social media – about Nikola’s products and technological accomplishments.
Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said in the Press Release, “As the order finds, Nikola Corporation is responsible both for Milton’s allegedly misleading statements and for other alleged deceptions, all of which falsely portrayed the true state of the company’s business and technology. This misconduct — and the harm it inflicted on retail investors — merits the strong remedies today’s settlement provides.” And boy what misconduct it detailed. This matter should be studied by not only every compliance professional but also every business executive. It also points out one of the basic deficiencies of Special Purpose Acquisition Corporations (SPACs).
Nikola was created via the merger of Legacy Nikola and VectoIQ Acquisition Corp. (VectoIQ), which was formed in 2018 as a SPAC, for the purpose of effecting a business combination with one or more businesses. According to the Order, “VectoIQ and Legacy Nikola entered into a Business Combination Agreement (the “Business Combination Agreement”), as well as certain related agreements, pursuant to which Legacy Nikola would merge with a subsidiary of VectoIQ, with Legacy Nikola remaining as the surviving company and as a wholly-owned subsidiary of VectoIQ. On June 3, 2020, Legacy Nikola and VectoIQ consummated the merger contemplated by the Business Combination Agreement (the “Business Combination”), and VectoIQ changed its name to Nikola Corporation” and on June 4, 2020, Nikola’s common stock and warrants began trading on the Nasdaq Global Select Market.
What got Nikola into such SEC hot water was the mouth or rather modern-day social media postings of Milton. The Order stated, “From approximately March 2020 through September 2020, in his capacity as CEO and later as Executive Chairman of Nikola, Milton made materially false and misleading statements on numerous critical topics related to Nikola’s capabilities, technology, reservations, products, and commercial prospects.” Matt Kelly, writing in Radical Compliance, was a bit more pithy stating, “The problem was that almost every statement Milton made about Nikola’s hydrogen vehicles was, well, hot air.” According to the Order, there were multiple instances where Milton mislead investors and indeed anyone reading social media about the company.
Milton made false and misleading statements about the capabilities of Nikola’s first semi-truck prototype, the Nikola One, saying it was a working model and made a fraudulent video to back it up. He made a series of false and misleading claims about Nikola’s then-current hydrogen production capabilities, its costs to produce hydrogen, and the costs at which it obtained electricity to produce hydrogen profitably. He made false statements claiming that Nikola had engineered and already completed a prototype of an electric pickup truck, the Badger. Milton claimed that a “backlog of interest” in the vehicles were in the form of binding contracts, “the vast majority of the pre-orders were indications of interest that were cancellable at any time,” even going so far as to claim one customer had a binding order for 5,000 vehicles when no such contract existed. Finally, to top off all of Milton’s whoppers, he claimed a partnership with General Motors (GM) would generate over $4 billion in cost saving when there was no such arrangement in place.
I went into some detail in these clearly bogus claims to demonstrate why a Chief Compliance Officer (CCO) needs to have a handle on what their CEO is tweeting and social media-ing out. What steps can a CEO take? Here I will borrow once again from the Coolest Guy in Compliance.

  • Take a team approach to reviewing and publishing information about the company, so someone else can put a second set of eyes (The Eyes of Dr. T. J. Eckleburg) on what the CEO says before they hit the send button.
  • This approach should be a formal policy and procedure, fully documented so when the SEC comes knocking there will be a record.
  • A subject matter expert (SME) review on what statements about the company qualify as material information that should be disclosed in filings to the SEC.
  • Your process should also contain a mechanism to correct any misleading or erroneous statements that slip through your fully documented and operating policy and procedure.

If all of this sounds more than vaguely familiar it is because of the imbroglio surrounding Elon Musk and his use of social media. Musk was fined $30 million for his false and misleading tweets and the company was required a legal eagle to vet his tweets. All of this means this a CCO and corporate compliance program should be vigilant for this type of activity. Policies and procedures are mandatory, but they are only the starting point. This is a risk, like all other risks, it must be managed. If you set up policies and procedures but do not follow them, you could find yourself in SEC hot water as both Nikola and Milton have.
Put another way, Nikola got a Christmas present of 125 million lumps of coal. While any decision on Milton may have to wait until 2022, he will most probably be on Santa’s Naughty List for 2022.

Categories
Blog

On the Naughty List – JPMorgan and Failures for Record Keeping

We begin the week before Christmas by looking at one heck of a compliance failure (or perhaps series of compliance failures) which led JPMorgan Chase Bank, NA, J.P. Morgan Securities LLC, and J.P. Morgan Securities plc (JPMorgan) to paying some $200 million in fines and penalties to the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC). It breaks down with $125 million to the SEC and $75 million to the CFTC. While that is probably just a rounding error to JPMorgan, it will purchase many, many lumps of coal that JPMorgan will probably get from Santa this year as they clearly have been very, very naughty. Both the SEC and CFTC settled via Orders, (herein CFTC Order and SEC Order).
Matt Kelly, writing in Radical Compliance, said of the underlying facts they do “not paint a pretty picture for JP Morgan. The misconduct happened from at least January 2018 through November 2020, and even supervisors in the broker-dealer unit — the people who were supposed to enforce compliance with records-retention policies — engaged in the same bad habits.” JPMorgan received numerous subpoenas for documents from the SEC between 2018 and 2020. JPMorgan failed to comply with these subpoenas as “JPMorgan frequently did not search for records contained on the personal devices of JPMorgan employees relevant to those inquiries.” Moreover, these failures “impacted the Commission’s ability to carry out its regulatory functions and investigate potential violations of the federal securities laws across these investigations; the Commission was often deprived of timely access to evidence and potential sources of information for extended periods of time and, in some instances, permanently.”
In ongoing investigations, the SEC was provided What’s App, text messaging and emails from parties who were in contact with JPMorgan. The SEC brought this information to the attention of JPMorgan and the bank “identified other recordkeeping failures that it subsequently” reported to the SEC. The bank’s “Supervisory policies tasked supervisors with ensuring that employees completed training in the firm’s communications policies and adhered to JPMorgan’s books and recordkeeping requirements” were just as guilty of such conduct. The internal function charged with the screening and review of electronic communications, the compliance department’s e-surveillance group, “failed to implement a system of follow-up and review to determine that supervisors’ responsibility to supervise was being reasonably exercised so that the supervisors could prevent and detect employees’ violations of the books and records requirements. Even when employees used approved communications methods, including on personal phones, for business communications, JPMorgan failed to implement sufficient monitoring to assure that its recordkeeping and communications policies were being followed.” The Order concluded, “Even after the firm became aware of significant violations, the widespread recordkeeping failures and supervisory lapses continued with a significant number of JPMorgan employees failing to follow basic recordkeeping requirements.”
As a part of the remediation effort during the investigation, the Board of Director’s Audit Committee hired a consultant to help in the effort. The SEC Order broadened this initiative out further to a “Compliance Consultant” to be retained to lead a variety of remedial efforts. (This sounds suspiciously like a monitor). Some of these efforts will include:

  • A comprehensive review of JPMorgan’s supervisory, compliance, and other policies and procedures.
  • A comprehensive review of training conducted by JPMorgan to ensure personnel are complying with the requirements.
  • An assessment of the surveillance program measures implemented by JPMorgan to ensure compliance.
  • An assessment of the technological solutions that JPMorgan implements to meet the record retention requirements.
  • An assessment of the measures used by the firm to prevent the use of unauthorized communications methods for business communications by employees.
  • A review of JPMorgan’s electronic communications surveillance routines.
  • A comprehensive review of the framework to address instances of non-compliance, including (1) how JPMorgan determined which employees failed to comply, (2) the corrective action carried out, (3) an evaluation of who violated policies, (4) why and what penalties were imposed, and (5) whether penalties were handed out consistently across business lines and seniority levels.

There were also additional reporting obligations from the Compliance Consultant in the SEC Order that bear mentioning. In addition to a report at one year of the overall JPMorgan compliance program on record keeping for electronic communications; at two years the Compliance Consultant is to report on any discipline imposed on employees for violations of the record keeping policies. This includes, “written warnings, loss of any pay, bonus, or incentive compensation, or the termination of employment, with respect to any employee found to have violated JPMorgan’s policies and procedures”. JPMorgan’s Internal Audit function is also mandated to conduct an internal audit to determine compliance with the firm’s record keeping policies for electronic communications.
All of these obligations should be studied by compliance professionals for not only best practices but to determine any gaps in your company’s electronic data record keeping regime. This is critical even if you are not under the regulatory regime imposed on financial institutions or other regulated industries. The Department of Justice (DOJ) has long mandated that companies both understand and capture ephemeral communications but if your company gets into a Foreign Corrupt Practices Act (FCPA) or other similar investigation you will need to demonstrate compliance for a FCPA perspective and to then internally investigate any claims. Not much will be worse for your company than if the DOJ or SEC finds out about some FCPA-violative conduct and comes to your company and then you find out your business folks have been communicating through technology you were completely unaware of, you have no record of it and you cannot capture it.
Everyone was aware of the changes in risk when most companies went to WFH. Now are we RTO those risks have changed again. Even if you are aware of and have approved the use of Teams, Slack, Zoom or other technology to collaborate in the RTO environment; these tools are coming out with new features literally weekly that may change your risk profile. Use the JPMorgan SEC and CFTC enforcement actions as benchmarks to guide you through an assessment of your electronic record keeping program as well as key areas to enhance.
Matt Kelly and myself take a deep dive into this matter on this week’s Compliance into the Weeds, which will post Wednesday AM.