With the EU General Data Protection Regulation (“GDPR”) in force for less than two months, many companies are already experiencing an increase in requests from individuals seeking to obtain a copy, or request correction or erasure, of their personal data under Articles 15 to 17 of the GDPR.
Do we have to respond?
Yes. A response is required even if the response is that the company will not honour the request because a relevant exemption applies. Continue reading →
Board-level audit and compliance committees should support efforts to revise the organizational compliance plan to incorporate specific provisions focused on antitrust law-related guidelines. This is especially important given the Department of Justice’s (“DOJ”) plans to credit pre-existing compliance programs that incorporate such provisions. A company’s General Counsel, perhaps teaming with the Chief Compliance Officer, can support the committee in this initiative.
In a recent speech, Principal Deputy Assistant Attorney General (“DAAG”) Andrew Finch stated that the Antitrust Division is examining whether, and to what extent, to recognize and credit pre-existing compliance programs, potentially during charging or at sentencing. This consideration might mirror the approach taken by the Canadian Competition Bureau, which announced last month that it would recommend fine discounts of up to 20% for companies that have a “credible and effective” compliance program.Continue reading →
Sometimes the unexpected happens. But preparing for the unexpected is the essence of the compliance function. The failure to effectively prepare for risks unrelated to your core business can be disastrous. A seemingly innocuous compliance breach could disqualify your firm from participating in a private offering of securities under Rule 506(d), known as the “Bad Actor” Disqualification. Being a Bad Actor can have detrimental, if not fatal, consequences for your firm – hence the critical importance of making known certain unknowns. Continue reading →
Prosecuting corporate criminality is not straightforward. As a result of these difficulties, the UK Parliament is turning to an indirect form of corporate criminal liability: the Bribery Act 2010 introduced the corporate offence of failure to prevent bribery (FtPB), and this provision has been emulated with respect to the failure to prevent the facilitation of tax evasion in the Criminal Finances Act 2017.
In brief, a relevant commercial organisation (C) is guilty of FtPB if a person associated with C bribes another person with the intention of obtaining or retaining business or an advantage for C. An ‘associated’ person is an individual or body who ‘performs services’ for or on behalf of the organisation, and this definition was framed broadly intentionally. Crucially, the corporate entity can rely on the section 7(2) defence that it had “adequate procedures” in place designed to prevent persons associated with it from bribing. Continue reading →
But for other more salacious political concerns, the biggest story of the last couple weeks likely would have been Mark Zuckerberg’s testimony before Congress. Zuckerberg spent two days answering hundreds of questions from lawmakers. Much of the questioning was concerned with Facebook’s protection, or alleged lack thereof, of its users’ privacy. The testimony, however, once again raises questions about how companies that engage in repeated instances of misconduct should be sanctioned. Continue reading →
Good morning. It’s an honor to join you at the 1LoD Summit. The views I express today are my own, not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.
I’ve heard it said that being in the risk control business can be, and often is, a thankless task. We get all the blame when something goes wrong, and none of the glory when things go right. So, I want to start my remarks with a word of gratitude to you, my fellow travelers in the world of risk controls. Thank you—not just for the invitation to speak today, but also for the work you perform each day at your firms.
The growing sophistication and stature of the first line of defense is, in my view, an unqualified improvement in corporate governance—especially at financial firms. Let’s begin with what you are defending. Continue reading →
Last week the Financial Crimes Enforcement Network (FinCEN) issued much-anticipated Frequently Asked Questions (PDF: 387 KB) (FAQs) that provide additional guidance to financial institutions relating to the implementation of the new Customer Due Diligence Rule (CDD Rule), set to go into effect on May 11, 2018. In general, the FAQs clarify certain issues that have caused implementation challenges for financial institutions. While FinCEN’s earlier guidance provided a general overview of the CDD Rule—including the purpose of the rule, the institutions to which it is applicable, and some relevant definitions—the new FAQs provide greater detail for financial institutions seeking to comply with the CDD Rule. The FAQs are meant to assist covered financial institutions in understanding the scope of their customer due diligence (CDD) obligations, as well as the rule’s impact on their broader anti-money laundering (AML) compliance. While the guidance is helpful in clarifying some of FinCEN’s expectations, the implementation challenge lies in applying the CDD Rule to a financial institution’s specific products and services.
As financial institutions work to meet the CDD Rule’s fast-approaching May 11 compliance deadline, they should pay special attention to the following key areas summarized below. Continue reading →
The importance of establishing a robust “culture of compliance” within corporations is a common refrain among government regulators. But developing a structured process, much less a firm definition, around such a squishy concept can be a daunting task for compliance officers. At its core, an effective culture of compliance should shape employees’ gut instincts by reinforcing values that weigh against breaking the law. To accomplish this, companies should supplement their traditional ethics trainings and “tone at the top” by integrating compliance factors into their incentives programs and forestalling ethical fading. As an additional line of defense, companies should actively encourage employees to slow down and think methodically about their decisions before they take final action. Continue reading →
As governments around the world watch the rising tide of public sentiment and law enforcement actions against corruption, some are looking to the United Kingdom Bribery Act 2010 (the “Act”) as a model for crafting their own criminal sanctions, including with regard to corporate criminal liability. Section 7 of the Act, which is captioned, “Failure of commercial organization to prevent bribery,” defines the offense in just 45 words:
A relevant commercial organisation (“C”) is guilty of an offence under this section if a person (“A”) associated with C bribes another person intending—
(a) to obtain or retain business for C, or
(b) to obtain or retain an advantage in the conduct of business for C.
Unless the company, as an affirmative defense, can “prove that [it] had in place adequate procedures designed to prevent persons associated with [it] from undertaking such conduct,” it faces a criminal fine without statutory limit.Continue reading →
In a significant development for companies relating to the Foreign Corrupt Practices Act (FCPA), in late November the U.S. Department of Justice (DOJ) announced a new FCPA Corporate Enforcement Policy (the Enforcement Policy).
The Enforcement Policy is designed to encourage companies to voluntarily disclose misconduct by providing greater transparency concerning the amount of credit the DOJ will give to companies that self-report, fully cooperate and appropriately remediate misconduct. Notably, in announcing the Enforcement Policy, the DOJ highlighted the continued critical role that anti-corruption compliance programs play in its evaluation of eligibility under the Enforcement Policy. Continue reading →