Categories
Daily Compliance News

Daily Compliance News: September 10, 2024 – The Palace Coup Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Bob Iger’s palace coup at Disney to regain power. (NYT)
  • More Tory corruption around Covid is undercover. (BBC)
  • Norfolk Southern CEO to depart for COI affair. (WSJ)
  • PCAOB requires audit firms to bring in outside experts to oversee audit quality. (FT)

 

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out the full 3-book series, The Compliance Kids on Amazon.com.

Categories
Daily Compliance News

Daily Compliance News: August 8, 2024 – The Whistleblowing in The UK Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • The UK takes whistleblowers seriously. (FT)
  • Afghanistan cricketer are banned for corruption. (ESPN)
  • Trouble for Boeing in outer space. (NYT)
  • Chaos on the Boeing assembly line. (WaPo)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

The UK Election and Its Implications for Compliance Professionals

Last week saw the greatest wipeout in the recorded history of UK governments, which saw the Tories being swept from power and losing over 400 seats in Parliament. The Labour Party took over with a commanding presence, securing around 450 seats, while the Tories retained only about 120 seats. I recently visited with Jonathan Armstrong, who shared his thoughts on the gravity and history of this election and what it might mean for our compliance contemporaries in the UK, the US, and worldwide, in the most recent episode of the award-winning podcast Life with GDPR.

This election is a refreshing change, irrespective of political leanings. The previous government was seen as limping along like a ship with a hole in its side, and the mood has noticeably improved since the new government took office. The Labour government, led by Sir Keir Starmer, has hit the ground running. Within hours of his appointment by the King, the new cabinet members were assigned their missions and started work immediately. This proactive approach is a sign of the times ahead.

From an enforcement point of view, this government has a firm grasp of compliance and enforcement. With his background as a defense barrister and tenure as the Director of Public Prosecutions, Sir Keir Starmer brings a wealth of experience. His leadership at the Crown Prosecution Service saw the first prosecutions under the Bribery Act, and his understanding of the criminal justice system bodes well for robust enforcement.

The now-entrenched SFO director, whom we previously called the “new” director, has taken significant steps in bribery enforcement, including the first dawn raids in years. I asked Jonathan if he saw a healthy interaction between the current SFO director and the new government. He responded that he does so.

Sir Keir Starmer and the current SFO director are on the same page regarding enforcement. The new administration has already announced a focus on investigating the PPE scandal, which involves around £7.2 billion worth of potentially corrupt contracts from Boris Johnson’s era. This will likely be a priority, and the new Covid Corruption Commissioner will work closely with the SFO, leveraging its powers to conduct dawn raids and demand documents. This indicates a continued and possibly intensified focus on bribery enforcement.

In addition to bribery and corruption, trade controls, customs, and economic sanctions are critical areas of concern. This includes sanctions involving Russian individuals and measures like the Uyghur Forced Labor Prevention Act in the United States. Here, Jonathan sees a stricter approach by Labour than the prior administration.

He believes that there was a perception that some Russian-connected individuals were overlooked in the sanctions list due to their connections with the Conservative Party. The new administration, less entangled with such interests, is likely to expand the sanctions list to align more closely with the US. Regarding Uyghur measures, the new second-in-command at the Treasury, Darren Jones MP, has a background in investigating supply chain issues and forced labor. Armstrong believes we can expect legislation similar to the US approach, emphasizing greater scrutiny and enforcement against forced labor in supply chains.

How about AI governance and enforcement, particularly with the significant tech companies dominating this space? Once again, Armstrong believes the previous administration was perceived as lenient on AI regulation, possibly due to future career aspirations. The new Labour government, however, is likely to take a stricter stance. This will involve a new centralized office to oversee AI usage, educating existing regulators on utilizing their powers, and possibly introducing new AI laws. These measures will likely mirror the EU AI Act, demonstrating the UK’s commitment to aligning with EU standards and fostering a closer relationship with the EU.

The new government views antitrust and competition law similarly to the EU. The CMA has already shown signs of cooperating with EU counterparts, conducting simultaneous dawn raids and sharing concerns about AI monopolies. The new administration is expected to continue this trend, addressing the concentration of GenAI in the hands of a few large US-based tech corporations. This collaboration with the EU will likely result in a more unified enforcement agenda across the channel.

What changes can we expect in traditional topics like GDPR and data privacy under the new UK government? The previous administration attempted to roll back some GDPR provisions, but the new government will likely take a more balanced approach. Changes will focus on areas like research while maintaining compliance with EU adequacy decisions to ensure seamless data transfers. The Labour government will prioritize maintaining a solid relationship with the EU, guaranteeing that any legislative changes do not jeopardize this adequacy decision.

Do you see the new government moving towards greater protections for workers in the era of remote and hybrid work models? Labour’s traditional ties to trade unions suggest a shift towards more pro-worker legislation. This could include regulations on maximum working hours and the right to disconnect, addressing the perceived always-on culture, particularly in US corporations. While hard and fast laws may not be imminent, there will be an emphasis on consulting employees about work-life balance and ensuring fair treatment.

This historic election marks a significant shift in the UK’s political landscape, with profound implications for compliance professionals. The new Labour government, focusing on enforcement, trade controls, AI governance, data privacy, and worker protections, promises a more robust and aligned approach with EU standards. Compliance officers must stay vigilant and adapt to these changes, ensuring their programs remain effective and compliant with evolving regulations. This new UK administration brings a fresh perspective and a more proactive approach to governance. Compliance professionals should be prepared for increased enforcement and regulatory scrutiny. By staying informed and adaptable, they can navigate these changes effectively and continue to uphold the highest compliance standards.

Categories
Life with GDPR

Life With GDPR: What Does The UK Election Mean for Compliance?

Tom Fox and Jonathan Armstrong, a renowned expert in cybersecurity, co-host the award-winning “Life with GDPR.” Jonathan has returned from his hiatus, and in this episode, we examine the UK election results and their potential impact on compliance.

The recent UK election has significant implications for compliance, particularly concerning the dynamics between the UK’s Serious Fraud Office (SFO) and the new government. Jonathan Armstrong, an expert on bribery enforcement, anticipates that the new administration under Keir Starmer will focus on high-profile issues like the PPE scandal while maintaining robust enforcement actions, including dawn raids.

Armstrong and Fox bring deep insights into the potential compliance landscape, shaped by their extensive backgrounds: Armstrong’s expertise in corruption investigations and Fox’s experience with the criminal justice system.

Fox highlights the impact of the new Prime Minister’s legal background in bolstering enforcement efforts and contemplates the future governance of AI under this administration. Both experts foresee a political shift, with Armstrong expecting the Conservative Party to lean rightward yet occupy the political center, and Fox emphasizing the continuity and experience the new government brings to compliance and enforcement issues.

 

Key Takeaways:

  • Heightened Bribery Enforcement Under New Government
  • Russian Sanctions and Uighur Import Regulations
  • Data Protection Bill Changes Post-UK Election
  • UK’s New Administration Faces Challenges and Changes
  • Center-Ground Positioning in UK Politics

Resources:

Connect with Tom Fox

Connect with Jonathan Armstrong

Categories
Blog

Internal Controls and Humans in the Loop: Lessons from Citigroup’s $126 Million Mistake

The Citigroup internal control debacle in compliance and ethics is a glaring reminder of the critical importance of robust, well-designed, functioning, and effective internal controls. The U.K. Financial Conduct Authority fined Citigroup £27.7 million, and the Bank of England’s Prudential Regulation Authority fined Citigroup £33.9 million, and Citigroup’s own internal losses costs added to a total loss of some $126 million. Citigroup’s mistakes underscore the perils of inadequate internal controls and provide many lessons for compliance professionals. Matt Kelly and Tom Fox discussed the matter in the most recent Compliance into the Weeds episode.

A Citigroup trader made a fateful error on a seemingly ordinary Monday (more on this day later) in May 2022. He intended to sell $58 million worth of securities but mistakenly placed the amount in the units field, leading to an order to sell 444 billion units. Although some of Citigroup’s controls caught parts of the error, they did not see the entirety of the Fubar. This mistake led to a flash crash on European stock markets and cost Citigroup $126 million, including fines and losses.

Lesson 1: Simplify and Focus Controls

One of the primary lessons from this incident is the need to consider human nature when designing internal controls. Citigroup had what was termed ‘hard-block controls‘, which blocked $248 billion worth of the order, and those controls could not be overridden. However, there were also ‘soft-block controls’ in the form of a pop-up screen asking the trader if he wanted to move forward. The trader in question faced a warning screen with 711 individual red flags, a list so long that it became impractical to review. This scenario is akin to users scrolling through and ignoring lengthy user agreements—a typical human behavior.

Controls should be designed to be practical and actionable. Instead of presenting an overwhelming list of potential issues, a focused warning on the specific error or most critical issues could be more effective. This approach ensures that users pay attention to the most relevant information, reducing the risk of overlooked mistakes. Moreover, never present a front-line employee with 711 different red flags that they must navigate and try to (1) figure out what they did wrong and (2) remedy the situation.

Lesson 2: Strengthen Automated Controls

As noted, Citigroup had a mix of hard and soft controls. While some automated controls blocked a portion of the erroneous trade, others allowed it to proceed after a mere warning. This differentiation highlights the need for robust automated controls that do not solely rely on human intervention, especially in high-stakes environments. Automated controls should be comprehensive and prevent significant errors without relying exclusively on human review. Complex controls that automatically block erroneous transactions can prevent costly mistakes.

Lesson 3: Ensure Adequate Coverage

Remember when I open the tale of the story with the trade happening on an ‘ordinary Monday’? It was not an ordinary Monday as the trade occurred on a U.K. banking holiday, further complicating the situation. The primary monitoring team (Monitoring Team 1) was off due to the Bank Holiday, and the backup team (Monitoring Team 2) did not effectively manage or escalate the issue. Even when another monitoring team (Monitoring Team 3) discovered the error and sent the information back to Monitoring Team 2, the team in charge of the holiday, Monitoring Team 2, has yet to respond.  These lapses point to another critical area: adequate staffing and effective backup procedures.

Companies must ensure adequate staffing to monitor and manage risks always, including during holidays, weekends, and off-hours. Effective backup procedures and cross-training can ensure that critical functions are covered regardless of the timing. Adequate staffing also means competent staffing, with teams understanding how and when to respond.

Lesson 4: Implement Consistent Global Controls

A notable aspect of Citigroup’s failure was the inconsistency in control implementation across regions. While robust controls existed in New York, they were not in Europe. Citigroup had those hard-block controls, which stopped $248 billion worth of orders,  but only for its New York trading desk. Moreover, these hard-block controls had been implemented back in 2013. Yet, for some reason, these hard-block controls had not been implemented at the London trading desk. This discrepancy highlights the importance of consistent global controls. Once a risk is identified and control is implemented in one region, it is crucial to extend that control globally. This consistency ensures that all parts of the organization are equally protected against similar risks, preventing regional disparities in control effectiveness.

Lesson 5: Integrate The Human Element

Citigroup’s failure also demonstrates the need for a vital human element in internal controls. Despite having multiple layers of monitoring, human oversight needed to be improved due to insufficient staffing and ineffective backup systems. While automated controls are essential, they should be complemented with effective human oversight. Regular training and clear protocols can enhance the effectiveness of both human and computerized controls, ensuring a more resilient control environment.

This human element extends to reports of control weaknesses by internal audit, as Citigroup had previously identified internal control weaknesses yet failed to address them adequately. This ongoing neglect resulted in repeated issues and significant penalties. When internal audits flag control weaknesses, it is imperative to address these issues promptly. Delaying remediation can lead to repeated failures and compound risks, as demonstrated by Citigroup’s experience.

The Citigroup incident offers a comprehensive lesson in the importance of robust internal controls, consistent global implementation, and the need for practical, focused warnings. Compliance professionals should take these lessons to heart and ensure that their organizations are equipped to prevent similar costly errors.

By designing effective controls, ensuring adequate staffing, and promptly addressing risks, companies can safeguard against the significant financial and reputational damage resulting from control failures. The Citigroup case is a stark reminder of the high stakes involved, and the critical role that well-designed internal controls play in maintaining the integrity of global financial operations.

Resources

Matt Kelly in Radical Compliance

Categories
Daily Compliance News

Daily Compliance News: May 28, 2024 – The Surreal Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Mike Lynch takes the stand.  (BBC)
  • Corruption in Polish national party.  (Politico)
  • US representatives call for the reopening of the Nigerian oil bloc’s OPL 245 investigation. (Nigerian Lawyer)
  • Need for audit reform in the UK. (FT)

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Daily Compliance News

Daily Compliance News: November 28, 2023 – The Hung Out to Dry Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. all from the Compliance Podcast Network. Each day we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • Tesla really doesn’t want unions in Sweden. (FT)
  • UK defendants say bribes were approved by the UK government. (Bloomberg)
  • CZ wants to go home. (Forbes)
  • Palm oil corruption in Honduras (The Guardian)
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 18 — Florida Man Games

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode! In this episode, Tom and Kristy take on various topics including the state image of Florida Man.

In the complex world of corporate governance, the issues of corporate misconduct, leadership accountability, and professional productivity are of paramount importance. Tom emphasizes the need for thorough due diligence when appointing leaders, particularly those with a history of misconduct. He also advocates for detailed record-keeping as a tool for managing workload and enhancing productivity. Kristy echoes these sentiments, highlighting the significance of ethical leadership and effective compliance measures. She also offers practical strategies for dealing with workplace challenges such as micromanagement and office politics. Join Tom Fox and Kristy Grant-Hart as they delve deeper into these topics in this award-winning 2 Gurus Talk Compliance podcast episode.

 Highlights Include: 

1. FCA bans Jes Staley (Compliance Week)

2. What is the purpose of a policy: Integrity in cricket? (University of Sussex)

3. CA gun shop owner pleads guilty to bribing former county sheriff.   (CSB-SF)

4. US Bankruptcy trustee seeks return of fees award to law firm of paramour. (Reuters)

5. ICO apologizes to ex-Nat West chief.   (FT)

6. Lawmakers Press Costco on China Forced Labor (WSJ)

7. Sam Bankman-Fried convicted of multi-billion dollar FTX fraud (Reuters)

8. UK Parliament Enacts Sweeping New Fraud Legislation Aimed at AML/TF Activities (Volkov)

9. Ever Thought ‘Just Leave Me Alone to Do My Job’? This Is for You (WSJ)

10. Which Florida Man best embodies the state’s spirit? A new contest will decide. (Washington Post)  

 Resources 

Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: November 9, 2023 – The ESG Helps Hiring Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • ESG helps in hiring the best and brightest. (FT)
  • The UK hits Russia with new sanctions. (WSJ)
  • Indian anti-corruption journalist targeted in spy op. (Reuters)
  • GE Aerospace to pay $9.4M in a DOJ false claims case (Compliance Week)
Categories
Daily Compliance News

Daily Compliance News: August 21, 2023 – The Crypto Under Magnifying Glass Again Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • UK to put magnifying glass on crypto transfers. (WSJ)
  • The next frontier for corporate benefits? (NYT)
  • ABC ex-prosecutor surges in Guatemalan Presidential race. (WaPo)
  • Lithium batteries scrutinized under UFLPA. (Reuters)