Category Archives: Compliance

Global Anti-Bribery Year-in-Review: 2017 Developments and Predictions for 2018

by Kimberly A. Parker, Jay Holtmeier, Erin G.H. Sloane, Lillian Howard Potter, Tetyana V. Gaponenko, Victoria J. Lee, and Roger M. Witten

This past year marked the 40th anniversary of the U.S. Foreign Corrupt Practices Act (“FCPA”).  Since its enactment in 1977, the U.S. Department of Justice (the “DOJ”) has brought approximately 300 FCPA enforcement actions, while the U.S. Securities and Exchange Commission (the “SEC”) has brought approximately 200 cases.[1]  This anniversary year, the first year of the Trump administration, demonstrated that the FCPA continues to be a powerful tool in combating corruption abroad and encouraging compliance at global companies.

Below are six key take-aways regarding FCPA enforcement in 2017: Continue reading

Draft GDPR Transparency Guidelines Issued: What Does Your Privacy Policy Need to Contain?

by Jeremy Feigelson, Jane Shvets, Dr. Thomas Schürrle, Ceri Chave, Dr. Friedrich Popp, and Christopher Garrett

Late last year, the Article 29 Working Party (the “Working Party”) issued detailed draft guidance (the “Guidelines”) on transparency under the EU General Data Protection Regulation (the “GDPR”), which comes into force in May 2018. These Guidelines, which will be finalized following a consultation process, contain the Working Party’s interpretation of the mandatory transparency information that must be provided to a data subject by way of privacy policy or other disclosures.

One of the express requirements of the GDPR relates to how businesses communicate their use of a data subject’s personal information to that data subject at the point of data collection or consent, typically via a privacy policy or notice. Getting this right is crucial. Businesses will need to examine their current privacy policies and other disclosures closely, and consider whether these need revising not just in the light of the GDPR, but also to factor in the requirements listed in the Guidelines, which elaborate on existing GDPR provisions. While the Guidelines will not be binding, data protection authorities may take a dim view of businesses which fail to comply with the Guidelines without good reason, given that representatives from all of the EU data protection authorities are part of the Working Party. Businesses that fail to comply with the information duties under the GDPR will face fines of up to the higher of 4% of annual worldwide turnover or EUR 20 million. Continue reading

Creating a Culture of Compliance

by Michael C. Neus

Many constituents have a vested interest in determining a firm’s culture of compliance:  regulators, investors, prospective employees, among others.  Investment advisers registered with the Securities and Exchange Commission must demonstrate their compliance culture during periodic examinations by the Office of Compliance, Inspection and Examinations.  Current and former SEC examination staff often state that the primary indicator of a healthy compliance culture is the “tone from the top.”  There are a number of steps that a firm can take to demonstrate that top management fosters an effective compliance culture. Continue reading

“The Big Chill”: Personal Liability and the Targeting of Financial Sector Compliance Officers

by Court E. Golumbic

Introduction   

Prominent law enforcement and regulatory officials have referred to financial sector compliance officers, as “essential partners”[1] in ensuring compliance with relevant laws and regulations, whose “difficult job[s]” merit “appreciat[ion] and respect.”[2] Officials have noted the critical role these professionals play in shaping the culture of financial institutions, as well as the industry more generally.[3] However, a series of recent enforcement actions in which financial sector compliance officers have been personally sanctioned[4] has strained this partnership, fueling concerns among financial sector compliance officers that they are being unfairly targeted.[5]

Law enforcement and regulatory officials have responded to these concerns with assurances that both the ethos of a partnership and their even-handed enforcement approach remain intact.[6] Officials have stressed that in the rare instances in which financial sector compliance officers have been held personally accountable, the majority had engaged in affirmative misconduct.[7] Rarer still, they contend, are cases where compliance officers were found to have exhibited “wholesale” or “broad-based” failures in carrying out responsibilities assigned to them.[8] In these particular cases, officials have stressed that the enforcement actions proceed only when, after carefully weighing the evidence, the facts indicate that the compliance officers “crossed a clear line.”[9] Continue reading

Roadmap to an Effective Annual Review

by Michael C. Neus

As the year ends, SEC registered investment advisers to private funds start considering how to assess their firm’s compliance culture.  The Advisers Act of 1940 requires a formal annual review of the adequacy of “written policies and procedures reasonably designed to prevent violation of securities laws.”[1]  In other words, every year Chief Compliance Officers ask themselves how they can actually demonstrate their effectiveness.

Rather than viewing this process as a comprehensive narrative report identifying all deficiencies, perhaps a more useful construct is to think of the annual review as a way of collating and assessing activity throughout the year.  Paradoxically, assembling information used throughout the year makes the process easier than attempting a comprehensive one-shot evaluation.[2]   Effective annual reviews are more like a movie than a photograph. Continue reading

Trend Setting in Cloud Computing Legal Contracts….Who Knew?

By Joanna Fields

Over the past two years, US firms have experienced a significant increase in the number of mandatory regulatory reports, including the future Consolidated Audit Trail (CAT), Markets in Financial Instruments Directive (MiFID II) requirements applicable to firms doing business in Europe, new reporting requirements for swaps, the SEC’s Trade Reporting and Compliance Engine (TRACE), and the Treasury Department’s Regulation Systems Compliance and Integrity (Reg SCI).  Each of these reporting requirements could require some financial firms to process approximately a terabyte of metadata every day.  This has resulted in financial firms’ renewed interest in leveraging cloud technology.

Although it may seem like a recent technology trend in conversation, early network references to cloud computing date back to the 1960s.   The cloud computing discussed today has been derived by various technology marketing campaigns to make the language of engineers colloquial.  The cloud is an easy to adopt metaphor that has a myriad of meanings; for example, firms that allow employees to Bring Your Own Devices (BYOD) or issue laptops for remote access, are technically using cloud computing. Continue reading

Russia Considers Enhanced Whistleblower Protections

by Jane Shvets, Anna V. Maximenko, and Elena Klutchareva

Effective anti-corruption compliance programs include protections for whistleblowers that raise corruption concerns.  Article 13.3 of Russia‘s 2008 Federal Law No. 273-FZ on Counteracting Corruption (the “Anti-Corruption Law”) addressed Russian lawmakers’ expectations regarding effective compliance programs.[1]  But the law was silent on whistleblower protections.  Recently proposed legislation in Russia may help address this gap.

Even before the Anti-Corruption Law came into effect, Russian law included several provisions that could be interpreted to provide some protection for whistleblowers.  For example, Russian employment law prohibits discrimination and sets out an exhaustive list of permissible grounds for dismissing an employee for cause; firing an employee for blowing the whistle on potential corruption is not among them.  As a result, firing an employee for whistleblowing could ran afoul of Russian employment law.  In addition, the Russian government can protect individuals whose security might be threatened as a result of their participation in criminal proceedings that involve alleged corruption.  The state might, for example, provide such witnesses with physical protection, relocate them, or even give them new identities. Continue reading

Keeping Score of FIFA’s Corruption, Compliance and Efforts for Reform – Part 2

by Brandon D. Fox

Part 2 – Changing the Game Plan

In late June, FIFA, the world’s governing soccer organization, released the “Garcia Report,” chronicling the extensive corruption and conflicts of interest that occurred in FIFA’s awarding of the men’s 2018 and 2022 World Cup venues. Part 1 summarized the report’s findings. Part 2 discusses how specific steps and safeguards can mitigate the risks of misconduct and ensure cooperation among FIFA officials – and at any organization.

Leadership

FIFA’s problems started at the top.  FIFA’s investigators found an astounding number of executive committee members committed misconduct and showed disdain for the investigation.  FIFA’s failures were systemic and reflected a culture of corruption.  An organization’s culture cannot be fixed simply by strengthening rules or creating a targeted compliance program.  Indeed, these are meaningless if the leaders themselves are corrupt.  Executives must have integrity and show a commitment to everyone’s compliance with the law.  FIFA needs to identify candidates for its executive committee that have shown integrity and a dedication to complying with rules and laws. Continue reading

Keeping Score of FIFA’s Corruption, Compliance and Efforts for Reform – Part 1

by Brandon D. Fox

Part 1 – Foul Play

The first installment of this two-part series summarizes the Garcia Report’s findings of misconduct. Author Brandon Fox also focuses on the difficulties investigators faced as a result of leaders failing to cooperate and contrasts the misconduct and lack of cooperation to the U.S. Soccer Federation’s behavior.

In late June, FIFA, the world’s governing soccer organization, released the Garcia Report chronicling the extensive corruption and conflicts of interest that occurred in FIFA’s awarding of the men’s 2018 and 2022 World Cup venues.  This article summarizes the Garcia Report’s findings of misconduct, focusing on the difficulties investigators faced as a result of leaders failing to cooperate, and discusses how specific steps and safeguards can mitigate the risks of misconduct and ensure cooperation among FIFA officials – and at any organization. Continue reading

Do Compliance Officers Have A Growing Target On Their Backs?

by Patty P. Tehrani, Esq.

Have you noticed the number of articles and blogs covering the troubling trend of personal liability for compliance officers and Chief Compliance Officers (CCOs) in the financial services sector?  While anyone entering this industry knows it is highly regulated and replete with regulatory requirements, the growing liability of its compliance professionals is worrisome. Those responsible for overseeing their firm’s compliance program have many duties, and now more than ever find themselves on the receiving end of enforcement actions. This is evident in expanded corporate probes of compliance professionals or increasing regulatory expectations cited in speeches and proposed regulations.

Compliance professionals are concerned about facing personal liability especially when it is for non-rogue behavior.[1] As a result, I thought this trend warranted a closer review. Continue reading