Compliance Culture

Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

This Week on Compliance Culture

Be sure to visit Compliance Culture this week for posts on these topics.

  • Monday: Happy New Year!
  • Tuesday: Game fixing fraud in sports
  • Wednesday: Inexperienced CEOs and culture of non-compliance
  • Thursday: SEC enforcement priorities
  • Friday: Ethical dilemmas from The Good Place

Don’t miss it!

READ MORE

Selected TED/TEDx talks on justice and ethics

One of the most poignant and timeless discussions related to ethics is the concept of justice. Justice is the measurement of fairness and is defined by theories which vary wildly between and within cultures and countries. Administration of fairness is as crucial to ethics as are, for example, other fundamental ideas of morality such as trust and honesty. Theories of justice may focus on equal distribution, individual treatment, societal consequences, or even punishment and reparations. These differing theories all have their own foundation in a culture’s ethical values and are then impacted by historical events, jurisprudence, or religious beliefs in a variety of ways. Even though justice is so varying and individual, efforts toward and desires for it are indeed universal, and the ethical fundamentals of its moral pursuit are shared as well.

  • Justice is a decision (Ronald Sullivan) – Wrongful convictions are a particularly distressing and compelling example of injustice and need for justice-based reform within the legal system. If an innocent person is incarcerated, he or she is unjustly deprived of freedom, and the victim of the underlying crime misses out on true restoration or reparations as well. Ronald Sullivan argues for the importance of advocacy as the defining competency and mission of criminal law attorneys, especially public defenders. Working as an advocate with the mission of serving justice and ensuring that the individuals in a case are not subjected to injustice positions lawyers to address a moral good and employ the most ethical mode of legal representation.

 

 

  • Errors of justice (Asbjørn Rachlew) – Related to the above, wrongful convictions have an obvious striking and lasting impact on the innocent people who are sentenced to jail for crimes they do not commit. In this talk, Asbjørn Rachlew discusses wrongful convictions from the perspective of a police superintendent, especially focusing on those which included false confessions and intense, coercive investigations. From this perspective, Rachlew delves into the root causes for these errors of justice, helping the wrongfully convicted to see the reasons outside of themselves for their injustice as well as helping police and other authorities to understand their responsibilities and the consequences of their actions. For any moral society, thinking about the impact of these errors and the very real damage that can be done to humans because of injustice is a necessary ethical consideration and one that should lead to reform and better practices to ensure that justice is a higher priority.

 

 

  • Why Justice Isn’t Enough (Barry Schwartz) – Justice and morality go hand in hand. For a society to be considered moral or on the “good” side between right and wrong, justice must be a respected virtue. A just society is an ethical society. In most cases, this is clearly represented by a distributive system of justice where people deserve what they get and get what they deserve. Both of these outcomes may seem rare to many people, at least from a perception perspective. Indeed, in education, jobs, social standing, and material success of all kinds, people that are seen as having merit often go without while others who appear less deserving or have not worked diligently toward goals nonetheless get everything they could want anyway. The differentiating factor is sometimes just luck. Therefore considering and appreciating the importance of luck could increase social justice and administration of fairness and equitable treatment between individuals who are just as deserving as one another but haven’t been as lucky.

 

 

  • What is Fair and What is Just? (Julian Burnside) – What is the role of moral response in justice? What ethical responsibility do individuals and their communities have do something when confronted with injustice? This starts with defining fairness and justice. Just as people must have internal moral codes and ethical registers in order to have any ability to contribute to organizational ethics and integrity within groups, communities, or countries, people must also have individual definitions for and understandings of fairness and justice. Sensitivity to unfairness, and concern with fairness and justice, is an ultimate expression of compassion and a high moral value. The struggle for justice is universal, and is plagued by differing interests and values as well as the desire of many to not engage in confronting difficult or distressing situations, but sincere efforts toward it must be made by ethical individuals.

 

  • What if justice was something we felt (Ardath Whynacht) – The role of compassion in justice is a powerful evocation of the morality of striving for fairness. As demonstrated in the above talks, there are complicated forces that work against understanding and achieving justice. However, the social and ethical benefits of the effort to all involved are great enough to justify trying. Perhaps justice is more appealing and concrete of a goal if people approach it from a compassionate, humanistic perspective rather than from a legal or abstract wealth and rights distribution basis. Seeing justice from an emotional perspective, and acknowledging its restorative and connecting power, can transform the incentives in society to seek it.

In application, justice and the ethics of its interpretation and attempts to reach it in society is a major topic in the modern legal system, with the actions and decisions of lawyers, judges, and parties to cases all having major influence on the execution of different efforts toward fairness. Individual entitlements, such as to property, other wealth, basic goods, and social status, are also distributed with questions of equal rights or arrangement of inequalities under some vision of justice and ethics. Finally, as provocative as justice itself is the concept of injustice, or errors of justice, and how damage from this can be acknowledged, avoided, or corrected.

READ MORE

Round-up on FTC compliance

This is the second in a series of seven posts about regulatory compliance priorities and enforcement trends.  Last week’s post was about the Commodity Futures Trading Commission (CFTC).  Today’s post will be about the Federal Trade Commission (FTC).  On Thursday January 4, the post will be about the Securities & Exchange Commission (SEC).  On Thursday January 11, the post will be about the Food & Drug Administration (FDA).  On Thursday January 18, the post will be about the U.S. Department of Agriculture (USDA).  On Thursday January 25, the post will be about the Environmental Protection Agency (EPA).  Finally, on Thursday February 1, the post will be about the Federal Communications Commission (FCC).

The Federal Trade Commission (FTC) is the US regulator charged with supervisory authority to protect consumers as well as enforce antitrust laws to avoid monopolies and ensure competitive business practices. Created in 1914 by the Federal Trade Commission Act, the FTC is an independent regulatory agency with the purpose to monitor the markets for anticompetitive developments and investigate and eliminate those where they emerge. Avoiding monopolies, known as trust, was a major political focus at the time the FTC was created and eliminating these large, anti-competitive business entities, known as “trust busting,” was an important priority for President Woodrow Wilson. The creation of the FTC was intended to bring an administrative efficiency to regulating interstate trade so that these trust and antitrust matters could be determined more expediently by the regulatory agency instead of working their way slowly through the courts.

In its current state, the FTC has broad supervisory authority over business practices where consumer protection or competitive processes are involved. The mandates of its various bureaus include protecting consumers against unfair or fraudulent acts or practices, enforcing existing antitrust laws, and reviewing pending mergers. These issues come from consumer and business reports, pre-merger notice filings, press reports, and congressional inquiries.

The FTC’s enforcement actions extend to individual companies, groups of companies, or industries with the main objective of addressing series consumer fraud or harm and preventing anti-competition business developments. With such a far-reaching set of interests, the issues and focuses that characterize the FTC’s regulatory agenda and enforcement priorities are equally diverse.

  • Consumer DNA testing services and privacy: Companies offering DNA testing services for everything from ancestry to genetic diseases to potential allergies to nutritional needs have become very popular in recent years. Most of these services involve consumers using a kit at home to collect samples of hair, skin, or saliva, which they then send to the company. The company then tests the samples itself or sends them to a third-party lab service for testing and then compiles results and analytical data into a slick, branded presentation that is sent back to the customer to study. If these services were performed in the traditional setting of a doctor’s office, the customer would be treated as a patient and would therefore be afforded commensurate protections and have expectations of privacy and informed consent for the collection, use, and storage of their genetic material. In the retail DNA testing service business, however, the duty owed to consumers is more dubious and the practices of companies less closely supervised or disclosed. As the popularity and prevalence of these tests continues, the FTC will likely look to standardize and investigate business practices of these companies:  Senator Calls on FTC to Investigate DNA Ancestry Companies
  • Use of consent decrees: The public and courts are taking a closer look at the often widespread use of settlement agreements by regulatory entities. The FTC typically uses these in enforcement actions in the data-privacy arena when companies experience breaches that puts consumer information security at risk. Consumers having their data stolen in cybersecurity compromises of payment systems or other retail financial data records. Settlement agreements and consent decrees are meant to apply to individual companies in federal-level, case-specific circumstances only, but the legal precedent has evolved for this common law practice to be potentially applied to establish liability under state law as well. In the continued use of consent decrees, the FTC needs to elucidate clearly what standards apply to constitute a violation and when and where liability may exist:  Federal Court’s Embrace Of FTC Data-Breach Settlements As ‘Common Law’ Treads On Due Process
  • Venue shopping for overlapping antitrust review: As noted in this post, major merger and acquisition activity is at a high pitch in the markets right now. Many large companies are seeking to merge with or acquire another and in lots of cases, regulatory review is exhaustive and detailed. Regulators seek concessions, order sales or exclusions to assets, delay transactions, and influence deals in both the press and Congress. In this intense environment, companies looking to merge with or acquire another approach these transactions hoping for the lightest regulatory touch possible. As there are overlapping supervisory schemes, companies can attempt to shop for the friendliest regulator who might green-light the planned transaction. The FTC and the Department of Justice (DOJ) both conduct antitrust reviews. The perception in the marketplace is that the FTC review may be easier to pass or less burdensome in terms of settlement requirements than that of the DOJ. Therefore some large companies – such as CVS in its planned deal with Aetna – would prefer to be subject to the FTC to improve their odds of passing muster:  CVS likely wants FTC antitrust review, not Justice Department, of Aetna deal
  • Occupational licensing reform: Portability of occupational licenses – such as those required for nurses and accountants – has long-been a challenging political and business issue. States have wildly varying educational and experiential standards for achieving and maintaining these licenses, often making it very hard for professionals who need them to work to move between states that have differing licensure requirements. Military spouses in particular often find themselves shut out of work due to family relocations. On the other end, consumers could be potentially harmed due to unmet expectations for professional service standards in states where the licensing schemes are more lax or supervisory enforcement is inadequate compared to others. Short of a concerted effort by multiple individual states, there is an authority vacuum in the task of making a coherent and coordinated system out of this patchwork of rules, tests, and qualifications. The FTC could be the appropriate regulator to intercede in these circumstances and create a reformed federal unifying system that would function to provide access to work as well as protect consumers’ interests:  The Onerous, Arbitrary, Unaccountable World of Occupational Licensing
  • Net neutrality: Finally, nearly any discussion of US federal regulatory compliance hot topics at the end of 2017 is incomplete without mention of one of the biggest themes of the time, net neutrality. As the Federal Communications Commission (FCC) is pulling back from rule enforcement on net neutrality, both the FCC and the public expect the FTC to take up a more prominent role. The obvious areas where the FTC would have jurisdiction would be those concerning information security, principally data privacy, as well as competitive practices of service providers as well as other digital companies. Time will tell what approach the FTC intends to take in filling this enforcement void:  After Net Neutrality: The FTC Is The Sheriff Of Tech Again. Is It Up To The Task?

Be sure to check back next week for a round-up on SEC regulatory compliance.

READ MORE

Compliance challenges for start-ups in disruptive industries

In today’s fast-paced business world of innovation and advanced technologies, every company seems to offer the next in-demand disruption. Ever since the days of the dot-com boom and bust in the late 1990s and early 2000s, in the infancy of e-commerce and internet-based or networked products and services, companies have been striving to identify revolutionary items and ideas to market to consumers eagerly awaiting the next life-changing thing to buy. Start-ups in Silicon Valley and entrepreneurial communities all over the world want to develop the next iPhone that will transform every aspect of modern human life. Companies that provide services instead of making products all want to be the next Airbnb, the Uber of their industries, and so on.

But are those companies, and those goals of disruption for the sake of itself, anything to which companies should aspire? Companies in all business sectors are trying to emulate technology companies, and they may not be the best role models in terms of regulatory compliance, risk control frameworks, and business integrity fundamentals. Disruption and sustainability aren’t necessarily mutually exclusive, but many of the companies that were visible pioneers in the current wave of technological innovation and development cut ethical or foundational corners to focus on growth, sales, and branding. Companies in the new generation which seek to copy their success and single-minded commercial focus will run into legal and supervisory obstacles sooner rather than later, now that their predecessors have overstayed the honeymoon period of lax regulatory attention and are running afoul of legal, tax, and compliance concerns all over the world.

The start-up community’s response to public exposure of fraudulent or insufficient business practices – such as companies buying their own products to falsify sales success for partners and investors, or violating straightforward business operations rules like participating in mandatory state insurance programs to maintain company licensure – is to go on the defensive and blame the media. Worse yet, they want to claim stand-out corporate misconduct from their start-up peers are the exception, not the rule, and distance themselves from it, without doing any self-examination or risk assessment to feed-forward into their own continuous improvement.

However, the venture capital firms that are keeping these start-up companies striving toward their disruptive ambitions have a fiduciary duty to their funders to contain reputational risk that could stem from these companies’ public relations and legal problems. The “bad apples” theory cannot win the day in identifying why so much goes so wrong at so many start-ups that were once ambitious and backed by prestigious funders and now have failed, and are being sued by fraud, investigated for investor abuse, accused of forgery or inappropriate accounting practices, and have otherwise missed out on reaching disruption and instead fallen into disrepute.

In any business dominated by private companies getting rich quick, delving into areas which are within loopholes or blind-spots to current legal and regulatory enforcement agendas, transparency is the victim to innovation and doing things the right way, with respect to ethical concerns or compliance requirements that could pop up further down the road from the beginning, is subverted in favor of making money, attracting more investors, and bringing a product or service to market first and with the most attention. “Fake it till you make it” is a toxic approach to management and is no kind of leadership whatsoever. Ignoring legal and regulatory requirements cannot go on forever, as the many bans and service stoppages Uber has experienced in the last year well show. Companies may be able to grow quickly this way, but they cannot keep their business running or have much hope of holding onto their ill-gotten gains unless they tread carefully with regulators and supervisors from the start.

The cultural forces at work here are strong, and disconcerting. Founders with no experience as CEOs and even less experience as functional managers or ethical leaders are given millions of dollars by investors and pressured to be geniuses, redefine business and whatever it is they have to offer to the market in everything they ever do, and succeed at all costs. Liberties are taken, misrepresentations are made, and not every brilliant troublemaker with a crazy idea and a team of engineers turns out to be any good at actually running a legal, functioning, mature business.

The hope, supposedly, is that people will merely bend or flaunt the rules, and not break them, but who’s making the distinction? The moral hazard is great of creating an incentive for behavior that would even lead incrementally to a company that is not in simple compliance with the legal requirements for operating a business in the city, state, or country where it is located. Cautious onlookers assume that maybe if a few corners are cut at the beginning when things are small, it will all work out okay because by the time the company gets big, someone who likes paperwork or understands laws will stumble along and lend a hand. This is immature and short-sighted thinking.

Even if some philanthropic compliance officer did intervene, it would be too late to fix the cultural decay that grows at companies that do not have adequate business values and controls from the beginning. When people ask how it’s possible that business fraud and misconduct went on for years at some companies, or permeated every level of the organization seemingly without detection or interruption – this values void is the answer. To avoid a culture where cheating, misrepresenting, and making unethical decisions are all common, the foundations of the company must include cultural values where that conduct is expressly defined as unacceptable, and business governance structures to prevent, identify, and punish it when it happens.

For more on the challenges to ethical decision-making, and pitfalls for fraud and non-compliance, faced by start-ups, especially in the highly competitive advanced technology world of Silicon Valley, check out this article in Fortune from December 2016:  The Ugly Unethical Underside of Silicon Valley.

For further thoughts on the challenges that start-ups and emerging enterprises face with prioritizing compliance risk management, see this post on Tinder’s corporate culture and the role compliance can play in fostering professionalism in start-ups.  For practical tips, check out this post on compliance foundation must-haves for small businesses. And, check back next Wednesday, January 3, for a post on inexperienced (even if visionary) CEOs and the immature compliance cultures they cultivate by omission.

READ MORE

This week on Compliance Culture

Be sure to visit Compliance Culture this week for posts on these topics.

  • Monday: Merry Christmas!
  • Tuesday: Happy Boxing Day!
  • Wednesday: Non-compliance of start-ups
  • Thursday: FTC enforcement priorities
  • Friday: TED and TEDx talks on justice and ethics

Don’t miss it!

READ MORE

Last week on Compliance Culture

Check out last week’s posts on Compliance Culture, in case you missed or want to revisit them.

Many thanks for reading!

READ MORE

Compliance in The Circle

The 2017 movie The Circle, based on the 2013 novel of the same name by Dave Eggers, is about the impact of commercial technology on human life.  It poses common ethical and moral questions about privacy and security in a time of interconnected information sharing via social media and networked devices. The movie is a thriller which centers around a tech giant that offers advanced products and services that have transformed the way people do business and interact with each other by placing all interactions on various platforms and networks with ratings and sharing capabilities.

While the high-tech immersion depicted in The Circle is not yet current reality, technology is developing at a breakneck pace and social media platforms, the Internet of the Things, and services driven by algorithms and other artificial intelligence and machine learning are increasingly ubiquitous with each passing day. At its core The Circle is concerned with overreach of these technologies and the companies that develop and market them, and the ethical problems and moral challenges that can arise from human and societal interaction with them.

  • Secrecy as dishonesty – One of the central philosophical proclamations of The Circle is when the protagonist, Mae, is confronted with a legal transgression she committed and in her reckoning with her actions states, “Secrets are lies.” Mae’s central thesis is that she would not have committed her crime if someone had been watching or aware of what she was doing. Therefore, the suggestion is that secrecy is a form of dishonesty. Disclosure, on the other hand, is the ultimate truthfulness and in this perspective, is valued over privacy. Privacy enables people to lie and conceal, and therefore leads to misconduct and distrust. Individuals giving up their expectations of privacy would supposedly lead to greater overall security and trust. The tension between liberty and safety is not an unfamiliar one in society. The dilemma of which takes precedence will be an on-going and dominant moral dilemma.

 

 

  • Transparency overload – It’s easy to agree that transparency and openness encourages honesty and communication. Clear and public disclosure of organizational activities and values provide strong incentives for making the best ethical decisions and keeping integrity in mind when planning business strategy. However, the admirable mission of transparency is subject to subversion, as The Circle Claims of public transparency can be selective, creating an impression of a company that values openness and progressive values when in reality it is picking and choosing disclosures while hiding malfeasance and abuse behind this self-selected façade. Also, going too far in claiming transparency on a personal level can be too much of a good thing. As above, the tension between personal privacy and public disclosure is a delicate balance which must be worked thoughtfully.

 

 

  • Surveillance and consent – In promotion of corporate and societal values of transparency and shared disclosure, the company in The Circle introduces a service where tiny cameras are embedded everywhere out in the world. Some of the cameras are installed intentionally by users who wish to share, but others are placed in a variety of public locations without notification or permission to do so. The video streaming from the cameras are publicly available online for searching, indexing, and manipulation. While being able to see a high-definition and flexible feed of the surf at a beach is appealing for a number of reasons, cameras everywhere in public, regardless of their utility or entertainment value, can also be used by both private and public concerns to conduct surveillance. As these cameras are in some cases posted without consent or knowledge, this surveillance is vulnerable to unintended uses and can represent, as above, serious risks to personal rights and privacy expectations.

 

 

  • Cybersecurity – The company in The Circle develops, markets, and sells a technology service. Therefore the people who buy what they market are not only purchasers or customers but also users. They have heightened expectations and rights for protection by the company as such. Not only is the extent to which their data is collected by the company questionable (even when the users are intentionally sharing it in an excessive or imprudent manner), but the company also is obligated to store it, and may violate individuals’ rights by viewing it, accessing it, analyzing it, or not keeping it safe from intrusions by and alterations, deletions, or other misuses of, its employees or third parties. Cybersecurity risk management is a huge challenge for a company such as this one, which is clearly putting its commercial and societal ambitions over any fundamental value of information security that is discernible.

 

 

  • Unethical decision-making – While the titular company in The Circle repeatedly suggests that transparency can be a force for good and should be leveraged for this purpose by the widespread use of what boils down to be surveillance technology, reality of how humans use this technology show that its use and influence is not straightforwardly positive at all. Quite to the contrary, on many occasions in the movie disclosures and discoveries due to the technology are harmful to individuals and relationships. Despite the desire to incentivize honesty and normalize total disclosure, people end up getting hurt, both because of their own overzealous adoption of the technology and of the actions of others. In the most dramatic example of this, a person dies due to a series of events kicked off by a crowd-sourced surveillance operation performed at a company demonstration of their new service. Unethical decision-making, both in questionable design ethics by the organization and in immoral behavior by user-individuals, directly causes these tragic and disturbing events.

 

 

There are many ethical and moral dilemmas posed by availability of advanced technology which can encroach about privacy, security, and consent of individuals. Transparency, surveillance, and risks to information security and from cybersecurity are all common themes of The Circle as well.

READ MORE