Category Archives: Compliance

Repeat Corporate Misconduct

by Veronica Root

But for other more salacious political concerns, the biggest story of the last couple weeks likely would have been Mark Zuckerberg’s testimony before Congress.  Zuckerberg spent two days answering hundreds of questions from lawmakers.[1]  Much of the questioning was concerned with Facebook’s protection, or alleged lack thereof, of its users’ privacy.  The testimony, however, once again raises questions about how companies that engage in repeated instances of misconduct should be sanctioned. Continue reading

The Evolving First Line of Defense

by Michael Held

Keynote Address

Good morning.  It’s an honor to join you at the 1LoD Summit.  The views I express today are my own, not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.[1]

I’ve heard it said that being in the risk control business can be, and often is, a thankless task. We get all the blame when something goes wrong, and none of the glory when things go right.  So, I want to start my remarks with a word of gratitude to you, my fellow travelers in the world of risk controls.  Thank you—not just for the invitation to speak today, but also for the work you perform each day at your firms. 

The growing sophistication and stature of the first line of defense is, in my view, an unqualified improvement in corporate governance—especially at financial firms.  Let’s begin with what you are defending.  Continue reading

FinCEN Releases Frequently Asked Questions Regarding Customer Due Diligence and Beneficial Ownership Requirements

by David S. Cohen, Franca Harris Gutierrez, Sharon Cohen Levin, Jeremy Dresner and Michael Romais

Last week the Financial Crimes Enforcement Network (FinCEN) issued much-anticipated Frequently Asked Questions (FAQs) that provide additional guidance to financial institutions relating to the implementation of the new Customer Due Diligence Rule (CDD Rule), set to go into effect on May 11, 2018.[1] In general, the FAQs clarify certain issues that have caused implementation challenges for financial institutions. While FinCEN’s earlier guidance provided a general overview of the CDD Rule—including the purpose of the rule, the institutions to which it is applicable, and some relevant definitions—the new FAQs provide greater detail for financial institutions seeking to comply with the CDD Rule. The FAQs are meant to assist covered financial institutions in understanding the scope of their customer due diligence (CDD) obligations, as well as the rule’s impact on their broader anti-money laundering (AML) compliance. While the guidance is helpful in clarifying some of FinCEN’s expectations, the implementation challenge lies in applying the CDD Rule to a financial institution’s specific products and services.

As financial institutions work to meet the CDD Rule’s fast-approaching May 11 compliance deadline, they should pay special attention to the following key areas summarized below. Continue reading

Techniques for Reinforcing a Culture of Compliance

by Natalie Noble

The importance of establishing a robust “culture of compliance” within corporations is a common refrain among government regulators.[1] But developing a structured process, much less a firm definition, around such a squishy concept can be a daunting task for compliance officers. At its core, an effective culture of compliance should shape employees’ gut instincts by reinforcing values that weigh against breaking the law. To accomplish this, companies should supplement their traditional ethics trainings and “tone at the top” by integrating compliance factors into their incentives programs and forestalling ethical fading. As an additional line of defense, companies should actively encourage employees to slow down and think methodically about their decisions before they take final action. Continue reading

Section 7 of the United Kingdom Bribery Act 2010 and the “Fair Warning Principle”

by Jonathan J. Rusch

As governments around the world watch the rising tide of public sentiment and law enforcement actions against corruption,[1] some are looking to the United Kingdom Bribery Act 2010 (the “Act”) as a model for crafting their own criminal sanctions, including with regard to corporate criminal liability.[2]  Section 7 of the Act, which is captioned, “Failure of commercial organization to prevent bribery,” defines the offense in just 45 words:

A relevant commercial organisation (“C”) is guilty of an offence under this section if a person (“A”) associated with C bribes another person intending—

(a) to obtain or retain business for C, or

(b) to obtain or retain an advantage in the conduct of business for C.[3]

Unless the company, as an affirmative defense, can “prove that [it] had in place adequate procedures designed to prevent persons associated with [it] from undertaking such conduct,”[4] it faces a criminal fine without statutory limit.[5] Continue reading

The New DOJ FCPA Corporate Enforcement Policy Highlights the Continued Importance of Anti-Corruption Compliance

by Lisa Vicens, Jonathan Kolodner, and Eric Boettcher

In a significant development for companies relating to the Foreign Corrupt Practices Act (FCPA), in late November the U.S. Department of Justice (DOJ) announced a new FCPA Corporate Enforcement Policy (the Enforcement Policy).

The Enforcement Policy[1] is designed to encourage companies to voluntarily disclose misconduct by providing greater transparency concerning the amount of credit the DOJ will give to companies that self-report, fully cooperate and appropriately remediate misconduct. Notably, in announcing the Enforcement Policy, the DOJ highlighted the continued critical role that anti-corruption compliance programs play in its evaluation of eligibility under the Enforcement Policy. Continue reading

White Collar and Regulatory Enforcement: What to Expect in 2018

by John F. Savarese, Ralph M. Levene, Wayne M. Carlin, David B. Anders, Jonathan M. Moses, Marshall L. Miller, Louis J. Barash, and Carol Miller

Introduction

In our memo last year, we acknowledged that it was close to impossible to predict the likely impact that the newly elected Trump administration would have on white-collar and regulatory enforcement.  (White Collar and Regulatory Enforcement: What to Expect in 2017)  Instead, we set out a list of initiatives we urged the new administration to consider, including clarifying standards for when cooperation credit would be given, reducing the use of monitors, and giving greater weight to a company’s pre-existing compliance program when exercising prosecutorial discretion, among other suggestions.  While the DOJ under Attorney General Jeff Sessions has, for example, taken some steps toward clarifying the applicable standards for cooperation and increasing incentives to disclose misconduct in the FCPA area, few other policy choices or shifts in approach have been articulated or implemented.  Continue reading

Global Anti-Bribery Year-in-Review: 2017 Developments and Predictions for 2018

by Kimberly A. Parker, Jay Holtmeier, Erin G.H. Sloane, Lillian Howard Potter, Tetyana V. Gaponenko, Victoria J. Lee, and Roger M. Witten

This past year marked the 40th anniversary of the U.S. Foreign Corrupt Practices Act (“FCPA”).  Since its enactment in 1977, the U.S. Department of Justice (the “DOJ”) has brought approximately 300 FCPA enforcement actions, while the U.S. Securities and Exchange Commission (the “SEC”) has brought approximately 200 cases.[1]  This anniversary year, the first year of the Trump administration, demonstrated that the FCPA continues to be a powerful tool in combating corruption abroad and encouraging compliance at global companies.

Below are six key take-aways regarding FCPA enforcement in 2017: Continue reading

Draft GDPR Transparency Guidelines Issued: What Does Your Privacy Policy Need to Contain?

by Jeremy Feigelson, Jane Shvets, Dr. Thomas Schürrle, Ceri Chave, Dr. Friedrich Popp, and Christopher Garrett

Late last year, the Article 29 Working Party (the “Working Party”) issued detailed draft guidance (the “Guidelines”) on transparency under the EU General Data Protection Regulation (the “GDPR”), which comes into force in May 2018. These Guidelines, which will be finalized following a consultation process, contain the Working Party’s interpretation of the mandatory transparency information that must be provided to a data subject by way of privacy policy or other disclosures.

One of the express requirements of the GDPR relates to how businesses communicate their use of a data subject’s personal information to that data subject at the point of data collection or consent, typically via a privacy policy or notice. Getting this right is crucial. Businesses will need to examine their current privacy policies and other disclosures closely, and consider whether these need revising not just in the light of the GDPR, but also to factor in the requirements listed in the Guidelines, which elaborate on existing GDPR provisions. While the Guidelines will not be binding, data protection authorities may take a dim view of businesses which fail to comply with the Guidelines without good reason, given that representatives from all of the EU data protection authorities are part of the Working Party. Businesses that fail to comply with the information duties under the GDPR will face fines of up to the higher of 4% of annual worldwide turnover or EUR 20 million. Continue reading

Creating a Culture of Compliance

by Michael C. Neus

Many constituents have a vested interest in determining a firm’s culture of compliance:  regulators, investors, prospective employees, among others.  Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations.  Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.”  There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading