Category Archives: Compliance

Do DOJ Policy and ISO Compliance Standard Overlap; and What Are the Pros and Cons For Applying the ISO Standard?

by Daniel Lucien BÜHR

In February 2017, the Fraud Section of the United States Department of Justice’s Criminal Division published a document entitled “Evaluation of Corporate Compliance Programs.” This document lists the assessment criteria for effective corporate compliance programs. The DOJ recognises that each company’s risk profile and the solutions it adopts to reduce risks should be evaluated on their own merits. The DOJ therefore tailors its determination to each case. However, even tailored determinations raise many of the same questions. The DOJ document explains the questions the DOJ may ask about a corporate compliance program. However, it gives no guidance on how companies can actually provide the right answers.

In December 2014, the International Organization for Standardization published ISO International Standard 19600 – Compliance management systems – Guidelines, which helps organisations establish, develop, implement, evaluate, maintain and improve an effective and responsive compliance management system. It is the first international standard on state-of-the-art compliance management and provides the conceptual basis for other international standards, such as ISO 37001 – Anti-bribery management systems.

The DOJ document and ISO Standard 19600 differ, yet they have a shared preventive goal. A comparison between the DOJ document and the ISO Standard 19600 shows that US policy and the Standard are largely compatible, and that ISO 19600 is an appropriate tool for companies to get to a level of compliance management that allows them to provide the right answers to the DOJ’s questions, should that be necessary: Risk and Compliance Management (PDF: 296 KB). The table in the comparison illustrates the overlap between the DOJ and ISO guidance; the flowchart opposite the table illustrates the iterative “plan-do-check-act” management system that the Standard advocates. The colour scheme of both graphics indicates the topical overlap. Continue reading

What Employers Need To Know About California’s New #Metoo Laws

by Elizabeth A. Ising, Stewart L. McDowell, Jason C. Schwartz, Katherine V.A. Smith, Lori Zyskowski, Sean Sullivan, Elizabeth A. Dooley, Alice YN Ha, Jordan E. Johnson, Dustin G. May, Arturo Pena Miranda, and Matthew T. Sessions

On September 30, 2018, Governor Edmund G. Brown signed several new workplace laws, and vetoed others, that arose out of the #MeToo movement.  We briefly review the newly signed legislation and also highlight bills that Governor Brown rejected.  Unless otherwise indicated, these new laws will take effect on January 1, 2019.  Continue reading

New York Office Of The Attorney General Publishes Report On Virtual Currency Platforms And Their Potential Risks

by Arthur S. Long, Carl E. Kennedy, and Jeffrey L. Steiner

This post reviews the New York State Office of the Attorney General’s (the “OAG”) Virtual Markets Integrity Initiative Report (the “Report”), which was published on September 18, 2018.[1]  The publication of the OAG’s 42-page Report brings to a close its six-month fact-finding inquiry of several virtual currency platforms.[2]  The OAG sent out detailed letters and questionnaires to a number of virtual currency platforms seeking information from the platforms across a wide-range of issues, including trading operations, fees charged to customers, the existence of robust policies and procedures, and the use of risk controls.  Continue reading

Court Of Appeal In London Overturns Widely Criticised High Court Judgment In SFO V ENRC

by Patrick Doris, Sacha Harber-Kelly, Richard Grime, and Steve Melrose

I. Introduction

Today the Court of Appeal of England and Wales issued its judgment in The Director of the Serious Fraud Office and Eurasian Natural Resources Corporation Limited[1] regarding the privileged nature of documents created in the context of an internal investigation.

The Court of Appeal reversed the High Court’s decision and found that all of the interviews conducted by ENRC’s external lawyers were covered by litigation privilege, and so too was the work conducted by the forensic accountancy advisors for the books and records review. The Court of Appeal found that ENRC did in fact reasonably contemplate prosecution when the documents were created. Moreover, while determining that it did not have to decide the issue, the Court of Appeal also stated that it may also have departed from the existing narrow definition of “client” for legal advice privilege purposes in the context of corporate investigations. Continue reading

You Want What?: Responding to Individual Requests Under the GDPR

 by Jeremy Feigelson, Jane Shvets, and Christopher Garrett

With the EU General Data Protection Regulation (“GDPR”) in force for less than two months, many companies are already experiencing an increase in requests from individuals seeking to obtain a copy, or request correction or erasure, of their personal data under Articles 15 to 17 of the GDPR.

Do we have to respond?

Yes. A response is required even if the response is that the company will not honour the request because a relevant exemption applies. Continue reading

Department of Justice Offers Incentive for Antitrust-Based Corporate Compliance

by Michael W. Peregrine and Mary N. Strimel

Board-level audit and compliance committees should support efforts to revise the organizational compliance plan to incorporate specific provisions focused on antitrust law-related guidelines.  This is especially important given the Department of Justice’s (“DOJ”) plans to credit pre-existing compliance programs that incorporate such provisions.  A company’s General Counsel, perhaps teaming with the Chief Compliance Officer, can support the committee in this initiative.

In a recent speech,[1] Principal Deputy Assistant Attorney General (“DAAG”) Andrew Finch stated that the Antitrust Division is examining whether, and to what extent, to recognize and credit pre-existing compliance programs, potentially during charging or at sentencing.  This consideration might mirror the approach taken by the Canadian Competition Bureau, which announced last month that it would recommend fine discounts of up to 20% for companies that have a “credible and effective” compliance program.[2]  Continue reading

Potholes in Compliance: Hidden Risks Under Rule 506(d)’s Bad Actor Disqualification

by Joshua Pirutinsky

I. Introduction

Sometimes the unexpected happens. But preparing for the unexpected is the essence of the compliance function. The failure to effectively prepare for risks unrelated to your core business can be disastrous.  A seemingly innocuous compliance breach could disqualify your firm from participating in a private offering of securities under Rule 506(d), known as the “Bad Actor” Disqualification.   Being a Bad Actor can have detrimental, if not fatal, consequences for your firm – hence the critical importance of making known certain unknowns. Continue reading

Extending the “Failure to Prevent” Model of Corporate Criminal Liability in the UK

by Liz Campbell

Prosecuting corporate criminality is not straightforward. As a result of these difficulties, the UK Parliament is turning to an indirect form of corporate criminal liability: the Bribery Act 2010 introduced the corporate offence of failure to prevent bribery (FtPB), and this provision has been emulated with respect to the failure to prevent the facilitation of tax evasion in the Criminal Finances Act 2017.  

In brief, a relevant commercial organisation (C) is guilty of FtPB if a person associated with C bribes another person with the intention of obtaining or retaining business or an advantage for C.  An ‘associated’ person is an individual or body who ‘performs services’ for or on behalf of the organisation, and this definition was framed broadly intentionally.[1]  Crucially, the corporate entity can rely on the section 7(2) defence that it had “adequate procedures” in place designed to prevent persons associated with it from bribing. Continue reading

Repeat Corporate Misconduct

by Veronica Root

But for other more salacious political concerns, the biggest story of the last couple weeks likely would have been Mark Zuckerberg’s testimony before Congress.  Zuckerberg spent two days answering hundreds of questions from lawmakers.[1]  Much of the questioning was concerned with Facebook’s protection, or alleged lack thereof, of its users’ privacy.  The testimony, however, once again raises questions about how companies that engage in repeated instances of misconduct should be sanctioned. Continue reading

The Evolving First Line of Defense

by Michael Held

Keynote Address

Good morning.  It’s an honor to join you at the 1LoD Summit.  The views I express today are my own, not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.[1]

I’ve heard it said that being in the risk control business can be, and often is, a thankless task. We get all the blame when something goes wrong, and none of the glory when things go right.  So, I want to start my remarks with a word of gratitude to you, my fellow travelers in the world of risk controls.  Thank you—not just for the invitation to speak today, but also for the work you perform each day at your firms. 

The growing sophistication and stature of the first line of defense is, in my view, an unqualified improvement in corporate governance—especially at financial firms.  Let’s begin with what you are defending.  Continue reading