Category: Compliance in current and historical events

Categories
Compliance in current and historical events

Design ethics of addictive technology

As social media platforms, the internet of things, and other online networks advance in sophistication and prevalence, the line between engagement and addiction becomes ever thinner. Features which are designed to make browsing the internet or using connected devices more comfortable, intuitive, and pleasurable are also vulnerable to misuse and abuse which can have highly negative impact on people’s daily routines and lives.

Indeed, the stereotypes of people too engrossed in their phones or tablets to even notice the people around them are widespread and real. So much of social interaction has been carried over into online communities and takes place on social media or in internet comment sections and forums. The positive possibilities of this kind of access to information and collaboration are boundless. Connecting across continents and sharing all kinds of information and ideas is powerful for learning, cooperation, and creativity. Making these systems better and more efficient for users to engage with only further empowers these uses. Designers, engineers, and technologists have taken the positive responses from users and implemented that feedback in coming up with new features and improvements with the aim of making the user interface and experience better.

Whether it’s making screens balanced with vivid images that are easy on the eyes or implementing machine-learning based algorithms that fill users’ feeds with the most interesting and entertaining information tailored for them, the original aim of these innovations is to make the platform or device more interesting to use and therefore to encourage the user to spend more time on it. This has obvious commercial appeal to the companies that create these networks and devices, their advertisers, and their other partners who are all competing to attract people’s attention and gain valuable impressions or content views. Time is money, and a faithful user is a lucrative one.

However, those eyeballs content providers and marketers wish to attract are, of course, inside the heads of people and therefore the ever-ramping effort to engage those people runs into risky territory where interest or active participation edges into dependency and addiction. There are countless studies which have shown health problems stemming from overuse of phones, tablets, computers, and other devices, including eye fatigue, migraines, sleep deprivation, and other problems related to vision, concentration, or stress caused by overindulgence in looking at screens. This is not to mention the destructive social impact that over-immersion in devices can have, isolating people from their families and communities as well interrupting work, diminishing traditional communication skills, and exposing people to online abuse and other unsafe or inappropriate content that could cause harm.

In fact, some of the individuals who have had the loudest voices against the dark side of the advancements of personal technology are in fact the designers and engineers who had a hand in actually creating the most addictive features. For example, the engineer who was involved in creating the Facebook “Like” button and the designer who worked on the “pull to refresh” mechanism first used by Twitter are among a growing group of technologists who have started to question and reject the role that immersive technologies play in their lives. These individuals understand the good intentions that were behind the original creation of these technologies, with the hope to make them more useful or fun for users, but they also see the downsides. Coined “refuseniks,” these early adopters have purposefully made efforts to diminish or balance the presence of technology in their lives. As many of these addictive behaviors center around the use of smartphones and applications on them, many of these people who designed these features and now speak out against them turn off notifications, uninstall particularly time-wasting applications, and even distance themselves physically from their phones by following strict personal rules about usage or cutting off access after certain times or in specific places.

The question remains – pioneers of these features may have matured within their own careers and lives enough to realize that their earlier intentions have destructive potential they don’t want to indulge personally. But how will companies creating products and services in this space balance this as public attention begins to more commonly acknowledge the problematic nature of these features? Being a refusenik cannot be the answer for everyone, as these devices and platforms do bring great value to their users and the world as a whole, despite the negative effect they can frequently also have. Organizations working in this space can take advantage of corporate social responsibility values to balance their innovation of new features with the expectations of how consumers can use them, for good or bad.

On an individual level, it is very helpful to take personal responsibility to acknowledge and understand how these platforms and technologies are designed to make people engaged and how that can turn to addiction. Being conscious of these features or tendencies in their use is key. People should push themselves to understand why and how they use these technologies before adopting and engaging in them. If they feel prone to misuse of it, then understanding the cause of it and exposure to it will help to mitigate its effects.

For an interesting perspective on high-tech designers and technologists who have rejected the technologies they sometimes played pivotal roles in creating, check out this article from The Guardian.

Categories
Compliance in current and historical events

Must-read ICIJ investigative project reports

The International Consortium of Investigative Journalists (ICIJ) is an independent, international network of over 200 investigative journalists in more than 70 countries worldwide. Their reporting focuses on international crime, corruption, and transparency of political and financial power held by governments and corporations. ICIJ works worldwide with local media partners to publish complex investigative reports often focusing on organizational corruption at the highest levels of power and the impact their activities have on people and communities in their home countries as well as in the developing world.

Like this blog’s earlier feature on the work of the Organized Crime and Corruption Reporting Project (OCCRP), reporters associated with ICIJ often follow highly complicated financial trails at major banking institutions and supporting organizations in the financial services industry, in order to uncover tax evasion, theft of national assets, bribery, and other financial crimes.

  • Luxembourg Leaks (2014): This blog has previously discussed the Luxembourg Leaks in the feature post on whistleblowers in the financial services industry. This investigative report was based on documents provided to ICIJ by, among others, a French employee of the Big 4 accounting firm PricewaterhouseCoopers. The ensuing investigation showed that Big 4 firms were facilitating registration of multinational companies in Luxembourg in order to evade local taxes and take advantage of banking secrecy laws that would prevent disclosure of even the existence of their offshore accounts to their home countries. Companies named in these papers included IKEA’s Australian operations, Pepsi, Disney, and the Koch Brothers’ business empire. 
  • Swiss Leaks (2015): Continuing in the vein of uncovering undisclosed accounts and financial arrangements maintained under the protection of a banking secrecy regime, this investigation revealed HSBC Private Bank (Suisse) maintained banking relationships with clients connected to arms trafficking, blood diamonds, and bribery. Many of the clients serviced by HSBC were connected to discredited political regimes in countries such as Egypt, Tunisia, and Syria. These were clients who due to their illegal or sanctioned activity would not be accepted for banking services in other countries. The documents showed that HSBC not only accepted them but repeatedly assured them that their wealth would be shielded from tax authorities or other inquiring government entities. 
  1. Evicted and Abandoned (2016): This investigation ran an external audit on projects supported by the World Bank. The International Finance Corporation, which provides private sector loans on behalf of the World Bank, has given financing to governments and corporations accused of egregious human rights violations. In some cases these financing activities continued after evidence of the violations was made public. Funds from World Bank projects were subsequently misappropriated and diverted by local governments to fund violent and harmful campaigns against the people who were supposed to be helped, and social and environmental impact was disregarded. 
  • The Panama Papers (2016): Receiving widespread media attention and igniting local investigations in many countries and by many financial institutions, the Panama Papers project was one of the biggest stories in money laundering investigation of recent years. ICIJ worked on this project in collaboration with OCCRP and Suddeutsche Zeitung, the German media organization which originally received the cache of documents from Mossack Fonseca, a trust company in Panama that facilitated legal incorporation of offshore shell entities for many of the world’s wealthiest people and powerful political figures. Many of these shell entities were later involved in illegal activities including tax evasion, fraud, and money laundering. 
  • The Paradise Papers (2017): The most recent of ICIJ’s reports, like the Paradise Papers, this details the facilitation of secret financial arrangements by offshore service providers, this time including one of the world’s most high-profile law firms working in this industry. This time the focus was on legal incorporations in Bermuda, Singapore, and Mauritius. The Paradise Papers differ somewhat from the Panama Papers in that they do not purport to uncover widespread illegal activity, but rather legal activity that is secret or inconsistent with representations otherwise made to the public. Political figures in the US, the UK and Canada, and their donors or other financial supporters, were included this time with information exposing their previously undisclosed offshore arrangements and ownership stakes. The Paradise Papers also provided great detail on the “tax engineering” of many major companies, including Apple, Nike, Allergan, and commodities giant Glencore.   While currently legal, it is expected that the public controversy over these increasingly “creative” tax arrangements may lead to deeper regulatory inquiry as to whether they should remain legitimate practices going forward. 

Like OCCRP, ICIJ has become a highly-regarded media organization in the twenty years since its formation. The work that the journalists of ICIJ do to investigate and expose corruption and crime is critical for the effort to enforce expectations that those in positions of power be held accountable for their actions, which even if legal, can be ethically unacceptable and abusive of the people they purport to serve. These investigations serve a crucial public service in exposing both criminal activity and legal arrangements which nonetheless may not meet society’s standards for transparency or lead later to the facilitation of illegal activity.

Categories
Compliance in current and historical events

Whistleblowers in major US corporate organizations

This is the third of a three-part series profiling whistleblowers in different industries. The first of these posts was on October 24 and focused on the financial services industry, including Julius Baer and PricewaterhouseCoopers. Last Tuesday’s post covered whistleblowers in the pharmaceutical industry, with stories of exposing corporate fraud in the manufacturing and marketing processes at companies like Eli Lilly and GlaxoSmithKline.

Today’s post, the final in this set, will look at whistleblowers from prominent historic cases of business fraud or miconduct in major US corporate organizations. The actions of these individuals in speaking up to expose unethical or illegal business practices led to major media attention, legislative and regulatory scrutiny, legal actions, and deep review of corporate cultures of the organizations. In some of these cases, deep societal debate about or change of previously accepted practices and standards was kicked off by the information exposed by whistleblowers.

  • Sherron Watkins, Enron Corporation: One of the most famous whistleblowers in modern business history, Sherron Watkins was Vice President of Corporate Development at Enron Corporation, the disgraced energy company which is often referred to as one of the biggest corporate scandals in modern history. In August 2001, Watkins reported suspicious accounting practices she observed in the company’s financial statements to Enron’s CEO, Kenneth Lay, who famously did not take action on the memo Watkins wrote on the issue. Enron, of course, filed for bankruptcy in December 2001, after the public disclosure of the fraudulent accounting practices that led to gross overstatement of the company’s financial condition. Watkins has spent the years since the Enron scandal writing and speaking about the problems within the corporate culture of the organization that allowed the fraud to occur and continue. For information on how Watkins sees her role in the Enron scandal more than fifteen years on, check out this Texas Monthly article from 2016.
  • Cynthia Cooper, WorldCom: Cynthia Cooper was the Vice President of Internal Audit at WorldCom, which at one time was one of the largest telecommunications companies in the US. Amid declining profits in the telecommunications industry and a thwarted merger with Sprint, starting in 2000 the company used fraudulent accounting practices to maintain the price of WorldCom stock in a decreasing market. In 2002, Cooper led a team of internal auditors which investigated and exposed this $3.8 billion accounting fraud. Cooper never intended for her internal audit memo to be publicized, and did not want public attention from it, as her feelings about exposing this fraud at a company where she had loved working were complicated. However, investigations by the Department of Justice and the Securities and Exchange Commission followed, which by the end of 2003 determined that the company’s assets had been inflated by an estimated $11 billion due to the fraudulent accounting. Have a look at this Q&A with Cooper from 2008.
  • Courtland Kelley, General Motors: For 30 years, Courtland Kelley worked at General Motors, ultimately as the national head of GM’s vehicle inspection program. For years, Kelley warned GM about design flaws in its cars and trucks that had gone unaddressed. To Kelley, the company seemed more interested in avoiding costly recalls and saving face in public than in making a relatively simple safety fix to the ignition switch system. In 2003, he sued GM under Michigan state whistleblower laws, hoping to expose this company inaction that led to manufacturing unsafe vehicles that were involved in crashes, some resulting in deaths. Kelley’s case was dismissed on procedural grounds, and in the aftermath, Kelley found that he was silenced and marginalized by GM in retaliation for speaking up. The company waited almost ten years before issuing a recall in February 2014. For an in-depth look at what happened at General Motors and to Kelley after he blew the whistle, read this Bloomberg Businessweek piece.
  • Mark Whitacre, Archer Daniels Midland: Mark Whitacre was president of the Bioproducts division at Archer Daniels Midland, a food and commodities trading corporation specializing in processing of grain and oilseed crops. For three years from 1992-1995, Whitacre was an FBI informant aiding in the agency’s investigation of ADM for price fixing (conspiracy arrangement between buyers or sellers to buy or sell a product at a fixed price only, irrespective of market conditions). The price fixing at ADM involved lysine, a chemical additive to animal feed. ADM was part of a cartel with four other companies that inflated prices on lysine because of their concerted market manipulation. Due to Whitacre’s initial reporting and subsequent acting as an undercover informant, the FBI collected a tremendous trove of information about the cartel’s activities and ultimately fined ADM $100 million, with many more hundreds of millions of dollars going from ADM to harmed plaintiffs and customers. Price fixing, once an overlooked practice in the industry which controlled prices without recourse, became a global investigation and enforcement priority. Whitacre himself was a complicated figure, as it turns out he was exposing one fraud while participating in others. In the course of the investigation, he confessed that he had been involved with arranging corporate kickbacks and money laundering schemes, and later pled guilty to tax evasion and fraud in connection with the embezzlement of $9 million, serving 8.5 years of a 10.5 year sentence. Whitacre’s story was dramatized in the movie The Informant!, which starred Matt Damon. For a profile on Whitacre from the time the movie was released in 2009, check out this CNN story.
  • Gregory Minor, Richard Hubbard, and Dale Bridenbaugh, General Electric:   Gregory Minor, Richard Hubbard, and Dale Bridenbaugh are known as the “GE Three.” They were a group of nuclear engineers at General Electric who turned whistleblowers in 1976 to alert the public of ongoing safety issues at US nuclear power plants. Their disclosures about the dangers of nuclear power received significant media coverage and Congressional attention. Minor, Hubbard, and Bridenbaugh timed their disclosures with resigning in protest from their positions in the GE nuclear reactor division. Nuclear power was at that time in wide use in the US; the GE Three raised huge concerns about insufficient controls within the industry due to vulnerabilities from human error and an engineering process that isolated individuals from the overall decision-making process. Their protest resignations and subsequent testimonies had a huge impact on society’s view of the safety of nuclear power and inspired activist campaigns against nuclear power and in favour of environmental safety and protection. Check out this 1976 report from the New York Times archive for the contemporary reaction to the GE Three.

Whistleblowers have been the impetus behind some of the most explosive and powerful disclosures of corporate fraud and malfeasance in recent history. Companies once admired and viewed as financial stalwarts have been shown to have deeply unethical business practices and a concerning lack of organizational and employee integrity below the surface. In an economy and culture which is increasingly dominated by large corporate interests, trust in and credibility of these major institutions is critical for the public. When this is violated by inaccurate disclosures, dishonest accounting practices, or fraudulent business arrangements, consumer and markets confidence is greatly impaired. Whistleblowers therefore perform an invaluable function in making the often personally difficult and professionally costly decision to stand up for the protection of these values when observing misconduct from within their organizations.

 

Categories
Compliance in current and historical events

Whistleblowers in the pharmaceutical industry

This is the second of a three-part series profiling whistleblowers in different industries. This started with October 24’s post looking at the financial services industry, including UBS, HSBC, and Citigroup. Today’s post will be focused on the pharmaceutical industry, looking at whistleblowers who exposed fraudulent sales and marketing practices, ethical issues in the development and research phase, and more. The third and final post in this set on next Tuesday will be about whistleblowers who exposed high-profile corporate fraud in major companies such as Enron and General Electric.

Whistleblowers in the pharmaceutical industry make an important contribution to protecting consumer safety when they come forward to raise concerns about business practices in their organizations. Corporate misconduct in this industry has direct impact on patient care and individual health. Therefore the actions of whistleblowers can serve to not only shed light on fraudulent or abusive actions by organizations or individuals within them, but also to prevent future harm to scientists and researchers working in the business, third party partners within their supply chain, and end-user consumers.

  • Jim Wetta, AstraZeneca: Jim Wetta was a sales employee at AstraZeneca who blew the whistle over misleading marketing practices for the antipsychotic drug Seroquel. AstraZeneca had been approved by the US Food and Drug Administration only for treatment of schizophrenia and bipolar disorder. However, the company took on a major sales effort to market Seroquel for off-label use by children under the care of psychiatrists and elderly people suffering from dementia. The company used continuing education seminars, mandatory for doctors to maintain their licenses to practice medicine, to market the off-label uses of the drug which were not previously approved by the FDA. In 2010, AstraZeneca settled with the Department of Justice for $520 million and faced thousands of product liability claims over the marketing of Seroquel. Check out this New York Times article for more information on what happened in this drug marketing case. 
  • Robert Rudolph, Eli Lilly: Robert Rudolph also worked in sales, in his case Eli Lilly. Along with eight other whistleblowers, he went to the federal government with evidence of illegal sales practices by Eli Lilly in the marketing of Zyprexa, a drug approved, like Seroquel, for use in treating schizophrenia and bipolar disorder. In 2001, the company began to market Zyprexa for a variety of off-label uses, especially in the elderly. Apart from this marketing process, Zyprexa representatives also took names from patient lists at doctors’ offices to try to get them to switch to Zyprexa, a blatant privacy violation. Further, throughout this time the company inflated the stock price by counting drug samples as sales. Rudolph, a long-time employee at Eli Lilly who was at the end of his career, saw the corporate culture changing in a bad way and felt that the pervasion of these practices into the business needed to be stopped. In 2009, Eli Lilly agreed to a $1.4 billion fine in a DOJ settlement. For an idea of the reputational risk this case caused Eli Lilly, take a look at this 2009 opinion piece on the dangers of the company’s practices to society.
  • John Kopchinksi, Pfizer: Like Wetta and Rudolph, John Kopchinski was a sales representative, in his case at Pfizer. In 2003, Kopchinski filed a “qui tam” lawsuit under the False Claims Act, which allows whistleblowers to aid the government in recovering money stolen in frauds that resulted in the government losing money. Kopchinski exposed evidence that Pfizer was promoting 13 drugs, most prominently the arthritis drug Bextra, for off-label uses that the FDA had previously rejected and unapproved doses. Kopchinski was fired by Pfizer after reporting his claims, but continued with the lawsuit until 2009. Pfizer went on to settle with the government for $2.3 billion. For more about Kopchinski’s legal battle with Pfizer, read this 2009 NPR piece.   
  • Adam Resnick, Omnicare: In another qui tam lawsuit filed under the False Claims Act, in 2006 Adam Resnick sued Omnicare, a pharmacy providing drugs to nursing homes, for Medicare and Medicaid fraud carried out in a series of kickback schemes with nursing home operators. This corrupt practice could potentially lead nursing home administrators to make decisions about what kind of drugs they give to residents not based upon patient care, but rather based upon what pharmaceutical supplier has enriched them in exchange for their continued business. Omnicare and the involved facilities settled their cases with the government in 2010. Resnick himself has a challenging past: he was a compulsive gambler who went to prison for check-kiting which led the collapse of the bank where he worked. As part of his rehabilitation from engaging in fraud he dedicated himself to exposing it instead. For more information on the Omnicare case, look to this 2010 article from the Chicago Tribune.
  • Cheryl Eckard, GlaxoSmithKline: Cheryl Eckard was a quality assurance manager for GlaxoSmithKlein. In 2002, she reported evidence that the company was selling defective and mis-identified drugs from its Puerto Rico plant. Eckard lost her job in 2003 after repeatedly complaining, but the FDA and DOJ found so many issues in the plant that GlaxoSmithKlein became an example for other pharmaceutical companies for what not to do. Due to products being mixed up in the manufacture and distribution process, the antidepressant Paxil and diabetes medication Avandamet were tainted. Some of the pills fell apart while others did not have the active ingredient required for them to be effective treatment. The factory where they were made did not have an effective quality controls framework in place. GlaxoSmithKline paid $750 million to the DOJ for their oversight shortcomings. For more information on the production problems Eckard exposed, read this 2010 article from the Guardian.

The process for creating, manufacturing, and distributing pharmaceutical products is long and complex, with many decision points where individuals may make choices in a narrow ethical frame or a limited context which prevents them from seeing the consequences of unethical actions or even the existence of better possible choices. Whistleblowers can help to demystify this process and illuminate for public scrutiny the problems in the design of the system that may cause good people to make bad decisions.

Check back next week, Tuesday November 14, for the final post in this three-part feature on whistleblowers in historical events. Next Tuesday’s post will discuss individuals who exposed fraudulent business practices in landmark cases of corporate fraud and bad business practices.

Categories
Compliance in current and historical events

Whistleblowers from significant scandals in financial services

This is the first of a three-part series profiling whistleblowers in different industries. This starts with today’s post, focused on the financial services industry, describing events where whistleblowers came forward to expose misconduct in investment banking, wealth management, and accounting. Tuesday November 7th’s post will cover the pharmaceutical industry, including AstraZeneca, Pfizer, and more. The post for Tuesday November 14 will be about whistleblowers who exposed high-profile corporate fraud in diverse companies such as WorldCom and Archer Daniels Midland.

Whistleblowers in the financial services industry have sparked reform for investor protection and shed light on the often secretive or mysterious culture within banking organizations, where trouble can be hidden from competitors and the public alike, as cultural problems deepen inside the organization completely unchecked by controls or encouraged by business strategy.

  • Bradley Birkenfeld, UBS: Brad Birkenfeld is an American banker. His disclosures regarding actions by UBS Group AG that enabled US tax evasion led to a $780 million fine from the US Department of Justice against UBS and publication of information that exposed the previously mysterious world of Swiss private banking. Indeed, Switzerland amended its federal banking law in 2009 and over the years subsequent made significant contributions to cooperation with other countries regarding reporting of tax data of their citizens. In 2013, Switzerland signed the Convention on Mutual Administrative Assistance in Tax Matters, cementing this obligation to roll back banking secrecy in this treaty which over 60 countries signed. For more on Brad Birkenfeld, who both did jail time and received a $104 million reward for his disclosure, check out this Bloomberg profile of him.
  • Rudolf Elmer, Julius Baer: Rudolf Elmer worked for the Swiss private bank Julius Baer for almost twenty years. In his last role, he was the head of the bank’s Caribbean operations for eight years. In 2002, the bank discovered that internal data had been stolen and subjected all employees to a lie detector test. Elmer declined the test once and then took it and failed, leading to this termination. Following this Elmer spent several years trying to share the information he had taken, culminating in releasing a cache of documents to WikiLeaks in 2008 and again in 2011. These documents provided evidence supporting allegations that Julius Baer had facilitated clients’ tax evasion through banking practices in the Cayman Islands. Elmer was tried several times in court for breach of banking and business secrecy laws, which historically have been notoriously tough in Switzerland, but have begun to be rolled back or scrutinized in the wake of cases such as Julius Baer’s.   Elmer also faced charges of harassment and other nuisance offenses for public disputes he got into with the bank and its employees, which demonstrates the complex and sometimes problematic emotional impact whistleblowing can have on people and their relationships with their ex-employers and ex-colleagues. In 2016, Julius Baer settled a deferred prosecution agreement, related to aiding US citizens in the commission of tax evasion, with the US Department of Justice for $547 million. For more information on this, check out this Forbes article from 2016.
  • Richard Bowen, Citigroup: Richard Bowen was a senior executive at Citigroup in the period leading up to the 2008 global financial crisis. He was the chief underwriter of the Consumer Lending Group unit, and in this capacity he was responsible for evaluating and maintaining the creditworthiness of the unit. From June 2006 on, Bowen warned the board of directors of Citigroup about major issues in the risky mortgages being bought and sold by the unit. Bowen reported evidence to the board that many of these mortgages were defective, fraudulent, or both. Despite Bowen’s weekly warnings via required reporting throughout 2006 and 2007, the board did not take action. Bowen requested outside investigations of the Consumer Lending Group unit which substantiated his reports and showed that the unit had been operating with insufficient controls against these risks since 2005. This information should have been provided to shareholders per the Sarbanes-Oxley Act, but it was not, despite the fact that the bank claimed compliance with the Sarbanes-Oxley Act during this period. In exchange for his whistleblowing, Citigroup took away most of Bowen’s responsibilities and eventually fired him. Bowen offered crucial testimony to the Financial Crisis Inquiry Commission in 2010. He is now a motivational speaker on ethical leadership and corporate culture within the banking industry. For a look at what happened to Richard Bowen after he blew the whistle on Citigroup, check out this New York times article from 2013.
  • Antoine Deltour, PricewaterhouseCoopers: Antoine Deltour was a French employee of PricewaterhouseCoopers who was involved in providing information to the press related to tax rulings in Luxembourg for multinational companies. The documents became known as the Luxembourg Leaks and were the focus of a global investigation conducted and published by the International Consortium of Investigative Journalists. The investigation showed that PwC and other major accounting firms were facilitating registration in Luxembourg by multinational companies in order to benefit from advantageous tax rulings for revene reallocation. The legality of these practices is questionable on a number of grounds, including anti-trust, market abuse, and tax deals as illegal state aid. As a result of the disclosures, Deltour and his fellow PwC employee who also released documents, Raphael Halet, received prison sentences (later changed to suspended or overturned) and fines, but have also received a lot of credit for helping to shed light on the secretive practices surrounding these Luxembourg tax rulings and brought greater attention to the need to identify and prevent state-sponsored tax avoidance and evasion. In this sense, like the Julius Baer case, the whistleblower helped to ignite an open dialog about whether banking secrecy laws serve the public interest. For more on this sentiment, check out this piece about the role of citizens in holding the EU accountable.

Individuals like the above speaking up about misconduct they suspect or observe in the financial services industry have brought much-needed exposure and change to business practices. They have also often been punished, fired, criticized, or doubted for their bold decision to expose wrongdoing by their employer and/or colleagues. The 2009 US Dodd-Frank Wall Street Reform and Consumer Protection Act, which was intended to promote transparency and prevent fraud in the financial services industry, now prohibits retaliation against whistleblowers and expands the powers of the Securities and Exchange Commission in order to provide for other protections and rewards for whistleblowers who speak up about corporate malfeasance. Nonetheless, whistleblowers in the US continue to face retribution for their actions, and in Europe they remain open to legal liability in addition, as their disclosures break laws that some may say are designed to enable the concealment of other fraudulent or illegal practices.

Check back in two weeks, on Tuesday November 7, for the second post in this series of three about whistleblowers in historical events. Next Tuesday’s post will discuss individuals who exposed fraudulent business practices in the pharmaceutical industry.

Categories
Compliance in current and historical events

The Madoff Ponzi scheme scandal

For more than 40 years, Bernie Madoff was one of the most prominent figures in the US financial services industry.   His trading firm, Madoff Securities, was founded in 1960 and due to its early adoption of then cutting-edge technology quickly became one of the major market makers in the business. The firm’s technology that it participated in creating later became the NASDAQ trading exchange. Apart from its brokerage business, Madoff Securities also offered investment management and advisory services to many prominent clients. These included banks such as Banco Santander, HSBC, RBS, and BNP Paribas; hedge funds; university endowments; charitable organizations; and famous individuals such as Steven Spielberg, Zsa Zsa Gabor, Sandy Koufax, and Elie Wiesel.

Madoff himself was very well-known in the securities industry. He was on the board of directors of the Securities Industry Association (SIA), the predecessor to the Securities Industry and Financial Markets Association (SIFMA), and served as chairman of SIA’s trading committee. He was also active in the National Association of Securities Dealers (NASD), the self-regulatory organization (SRO) for brokerage firms and exchange markets that predated the Financial Industry Regulatory Authority (FINRA), and served on the board of directors of the SRO, for a period even as its chairman

This last professional designation for Madoff seems ironic now. In reality, Madoff’s investment management business was revealed in December 2008 as a $65 billion Ponzi scheme, the largest financial fraud in US history. This massive fraud was carried out by Madoff and a close group of associates right alongside his legitimate brokerage business and taking full advantage of his huge network of investors and prominent reputation in the industry. In the scheme, trades and returns were completely fabricated and investor redemptions were funded by new infusions from individuals that Madoff aggressively pursued, touting his performance.

Despite numerous SEC investigations of various areas of Madoff’s business, and several outside analysts publicizing urgent and detailed concerns about the business and its purported performance claims which could not be replicated for authentication purposes, this scheme continued unmitigated for at least 15 years, per Madoff’s admission. It may have gone on for as long as 30 years, back to the very beginning of the investment advisory arm of Madoff Securities.

Madoff struggled to keep the fraud going as the global financial crisis caused the markets to contract throughout the fall of 2008, and investors sought redemption. Still, he managed to stay afloat until December 2008, when his sons, Mark and Andrew, confronted him about bonuses he wished to pay amid the mounting investor redemptions. Madoff confessed to his sons that the investment management business was a fraud, and his sons then reported him to law enforcement. In the subsequent months the shocking scale of his fraud and the losses it caused became the subject of public fascination.

For interesting insights on the fraud and scandal surrounding Bernie Madoff’s Ponzi scheme to defraud investors, check out these videos:

  • The Madoff Affair – An episode of the PBS documentary program Frontline from May 2009, when the complete scope of the scandal was still being discovered, which aims to tell the story of the fraud from the beginning and question how it was able to go on for so long.

 

  • The Man Who Knew – This March 2009 60 Minutes segment features Steve Kroft interviewing Harry Markopolos of Rampart Investment Management. Markopolos was a vocal critic and doubter of Madoff’s claimed investment returns. He attempted to alert the SEC on a number of occasions to the fraudulent practices he believed he had discovered in his study of the alleged performance of Madoff Securities, but he was ignored or his claims were not thoroughly investigated.

 

  • Ripped Off: Madoff and the Scamming of America – This is an April 2009 which looks at Bernie Madoff’s fraud in comparison with other Ponzi Schemes of the prior hundred years. With this study, the investigation assesses the magnitude of the damage Madoff’s scheme caused and places it in context of the global financial crisis which was beginning to deepen at the end of 2008.

 

  • The Hunt for Madoff’s Money– This February 2009 segment from the ABC news program 20/20 asks where the money that Madoff defrauded from his investors went, other than fund withdrawals by others’ withdrawals. The investigation looks at the luxury lifestyle and properties of Madoff and his family members and associates that were enriched by his fraudulent investment management scheme.

 

 

  • Madoff Victims on Guilty Plea – In this March 2009 report from CBS News, nine people who lost their investments in Madoff’s Ponzi scheme speak to Katie Couric about their reactions to the exposure of the massive fraud and his guilty plea that resulted in him being sentenced to 150 years in prison without standing trial.

Categories
Compliance in current and historical events

Compliance lessons to learn from the 2017 Equifax cybersecurity breach

Equifax is one of the major US-based consumer credit reporting agencies. It operates globally and due to their nature of its business, maintains sensitive and personal information on more than 800 million individuals and more than 80 million organizations.

In September 2017, Equifax announced that it had experienced a cybersecurity intrusion in July 2017 which impacted the data of up to 200 million consumers from the US, Canada, and the UK. The handling of this breach by Equifax was widely criticized and questioned. Among the controversial aspects of it were the two month delay in publicizing it, the lack of specific information about the data compromised, the inadequate and possibly even unsafe system and support provided for impacted consumers, and the perception of possible insider trading by company executives in the days after the breach took place but before it was public.

As the problematic response to this cybersecurity incident unfolded, Equifax’s various blunders and missteps in the public handling of the situation formed a guide for worst practices in such a scenario. As the dialog around Equifax’s response has shown, poor crisis management in the public eye only compounds the consumer protection problems.

  • Companies do often have legitimate reasons for delaying notifying consumers, regulators, and the public at large about data breaches. Sometimes companies do not even know they have been breached right away. Even once they are aware, sometimes law enforcement will request that they do not disclose the breach. Different types of data may be subject to different disclosure requirements, so companies also sometimes have to take time to determine what data was involved. However, these delays still can be very problematic for consumers, who can be unknowingly at risk and make assumptions about the seriousness with which their data is stored and maintained which might be very far from reality.  Why it can take so long for companies to reveal their data breaches 
  • While Equifax was taking its time notifying consumers and regulators of the data breach, questions abound about when – and what – people on the inside knew about it. This is because only a few days after the July 29 cybersecurity intrusion, on August 1 and August 2, several executives at Equifax sold shares. These transactions were not part of scheduled trading plans, but they were not total liquidations of their positions, and the company says that the executives were unaware of the breach at the time of the trades. However, the perception of possible insider trading is hard to avoid once the timing of this activity is revealed. If they truly did not know about the cybersecurity problem, it would have been wise at least to inform key senior management of the breach and advise them to avoid trading in the stock while in possession of inside information.  Three Equifax Managers Sold Stock Before Cyber Hack Revealed
  • Despite how secret most people in the US see their financial data as being – especially social security numbers and bank account or credit card information – current privacy laws are lacking in many key areas when compared to those in other parts of the world such as the EU. Top of mind among privacy concerns, including the need for consumers to input personal data to check whether their other personal data has been compromised, is that over a month went by before Equifax notified the public of the cybersecurity incident at all. In the 40 days that went past, the data could have been used for many illicit purposes without consumers even being aware they were at risk. Laws in the US currently differ between states with regards to breach notification requirements. There is no unifying directive in the US for the standard where personal data is concerned, such as there will be next year in the US under the General Data Protection Regulation, which requires notification within a maximum of 72 hours. Perhaps a higher standard in the US such as this one would reinforce seriousness of these events to organizations and improve consumer protection and communication processes when they occur.  Equifax breach disclosure would have failed Europe’s tough new rules
  • While these data breaches are unfortunately becoming so common that the public is often less alarmed by them now than in the past, irresponsible or insufficient responses by organizations to these breach still provoke justifiable outrage and calls for change. Consumers being desensitized to the exposure of their personal data just shows how widespread the problem is and how insufficiently the interests of the consumers are guarded. However exhausted the public may seem to be with the ongoing leaks and hacks of their private data, this is no excuse for organizations affected by them to respond with the same passive, indifferent attitude. Equifax’s lack of detail and inadequate communication displayed to the public that they did not care about the invasion consumers were suffering, which is quite a different message than one of fatigue by victims who have had this experience too many times to excuse. The reputational risk suffered by such corporate carelessness is extreme, and hopefully will drive consumers to advocate for a higher standard of responsibility and responsiveness from keepers of consumer data.  The Banality of the Equifax Breach
  • As the public contends with the reality of the Equifax data breach – that subsequent hacking attempts stemming from this breach are inevitable and that companies like Equifax do not meet the standard of care for protecting this private information in their possession – what can anyone do in the future? Holding companies accountable for their poor service by taking their business elsewhere is often the only choice consumers have to voice their displeasure. In the current system individuals aren’t really able to avoid the consumer credit reporting agencies, but organizations could opt to create and use independent systems with more secure infrastructures. These corporate users could drive a technological shift that would also benefit individual consumers. Blockchain and related technologies could provide the solutions to these vexing and chronic security concerns that the existing system seems unable to address.  It’s time to build our own Equifax with blackjack and crypto

Given the ever-increasing risks surrounding cybersecurity, compliance professionals and individuals interested in cybersecurity risk management can take many cues from the above on what not to do in such a situation from Equifax. Hopefully as organizations continue to live with the risk of such intrusions, and improve their control frameworks to prevent and mitigate them, they also pay attention to the public responses in such situation, to make sure that the statements made and guidance provided are adequate and accurate.

Categories
Compliance in current and historical events

Must-read OCCRP investigative project reports

The Organized Crime and Corruption Reporting Project (OCCRP) is an investigative reporting organization which focuses on organized crime and corruption. The consortium operates worldwide to publish the results of cross-border investigations into criminal enterprises that are often very complex. In many cases the OCCRP reporters are “following the money” to uncover and publicize bribery, tax fraud, and other crimes that are intimately connected to banking institutions and powerful politicians or state-sponsored organizations.

  • Game of Control (2008-2009) – This investigation centered on the involvement of organized crime in owning football clubs. A deeper look at the business of football in Eastern Europe and the former Soviet Union showed a network extending all around the world that enabled criminal businesspeople to hide their illicit activities by laundering money through football clubs they own, skimming transfer fees for players, and using shell companies for tax evasion and concealment of funds. The investigation uncovered evidence of game rigging, use of stadium property for organized crime operations, and even murders of club leaders linked to Bulgarian organized crime. 
  • The Big Bet (2009) – In this report, the OCCRP looked at the expansion of the gambling industry in Eastern Europe. Countries in the region were providing incentives for the gambling industry to come to stimulate local economies and increase tax revenues for governments, but along with the casinos come all the problems of organized crime and corruption. This investigation probed into the abusive practices of governments in these countries which fail to regulate the gambling industry sufficiently and do not enforce proper taxation, instead accepting bribes to look the other way, and not ensure that the public in these countries receives their share of the benefit from the huge revenues these companies make. 
  • The Panama Papers (2016) – The Panama Papers project was one of the biggest stories in money laundering investigation of recent years. The OCCRP worked on the project in collaboration with the International Consortium of Investigative Journalists and Suddeutsche Zeitung, the German newspaper which received a cache of documents from Mossack Fonseca, an offshore services provider in Panama. These documents provided the evidence of the illicit activities concealed in offshore companies set up by Mossack Fonseca, including tax evasion, fraud, and money laundering. Many of the world’s wealthiest people – politicians and businesspeople, criminals and not – were named in these documents. These included Russian, Azerbaijanim and Ukrainian politicians and their families.
  • The Russian Laundromat (2014-2017) – The OCCRP exposed a vast financial fraud scheme enabling money laundering out of Russia and into Europe through Moldavia. More than $20.8 billion was funnelled out of Russia via this mechanism. By tracking the money down to the accounts all over the world where it ended up, the project exposed systemic bribery and activities in the gray area of the Moldovan legal and supervisory system. Some of the world’s largest banking institutions – among 732 banks in 96 countries and including Dankse Bank, Bank of China, HSBC, UBS, RBS, Nordea, Credit Suisse, Citibank, and Deustche Bank – had this illicit money in their accounts. 
  • The Azerbaijani Laundromat (2017) – The most recent of the OCCRP’s reports, like the Russian Laundromat, this details a criminal money laundering operation that used UK-registered shell companies to move $2.9 billion from from Azerbaijan into Europe. This money came from a secret slush fund of Azerbaijani elites used to bribe officials, buy luxury items, and enrich themselves while Azerbaijani human rights were under ongoing assault and citizens were deprived of funds used by their government for their own illicit purposes. Danske Bank was again mentioned as a major banking institution which processed these transactions through their accounts without sufficient due diligence controls to expose the source. This investigation is ongoing and the subsequent movement of the funds and their uses will continue to be revealed. 

OCCRP has become one of the most respected and awarded non-profit media organizations in the world in the decade it has been publishing investigative reports. This is for good reason, as its work has led to the freezing or seizure of billions of dollars of assets, arrest warrants and firings, and closures of shell or illicit companies connected to criminal enterprises. The insights of these investigations cast a powerful light on the mechanisms of corruption which still have a strong hold on business and political organizations all over the world.

Categories
Compliance in current and historical events

The changing nature of, and expectations for, trust

Discussions of trust and honesty are popping up everywhere in the public discourse. From disputes over what constitutes “fake news” to discussions involving “alternative facts,” the current culture is obsessed with the struggle to determine what’s really real. Who can be believed, and why? How does anyone know for sure? The objective of establishing trust in an environment where the goalpost of the truth seems to be constantly in motion is challenging and even frustrating. However, in such an atmosphere, a flight to quality for integrity in ethical character and decision-making is needed more than ever.

  • The ubiquity of the internet makes it a powerful force in the overall assessment of trust in society. Concerns about security and privacy are a constant in the remote digital interactions of the internet, where much can be done and said anonymously. Advancements in technology promise to embed the internet and its connections further into the daily experiences of individuals and organizations. But does the internet hurt or help trust? At the very least, it seems that the nature of trust will be seen as evermore fluid, as the internet empowers the world yet suffers from countless security insufficiencies that set credibility and honesty on edge:  The Fate of Online Trust in the Next Decade
  • Compliance programs that are overly rules-based, focusing on preventing behavior defined as criminal or illegal and fine-tuned by enforcement standards, may prove inadequate for restoring trust in institutions. The public does not want to see that unethical behavior is only a problem if it involves breaking an existing rule or law. Indeed, a huge part of the compliance discipline is the aspirational aspect, where the controls seek to address the discrepancy that can exist between what is legal and what an organization wants to consider acceptable. Rather than going heavy on the rules-based approach, a values-based approach can be much more meaningful, giving the reassurance that the compliance program seeks to identify root causes and inspire ethical conduct, rather than just enforce rules and protect management from liability:  ‘Criminalized’ compliance may backfire in quest for better Wall Street cultures
  • Ten years on from the start of the global financial crisis in 2008, many observers are left underwhelmed by assessing the true change that has happened in its aftermath. Fundamental shifts in conduct and business practices were needed to truly reform the financial services sector and make the supervisory efforts over it effective. A major challenge in the recovery from the crisis was how to make the system more resilient, to withstand another crisis the same as or worse than before. However, perhaps more important was the effort to restore public trust in the industry, which could only be accomplished by taking a deep dive into the causes of the crisis and doing hard work across many organizations to address the reasons why and why not forever. While the regulators have made lots of new rules, and banks have been publicly shamed and put through the rigors of new testing and requirements that are seemingly without end, the markets don’t seem to trust that anything has really changed for the better – and maybe the public shouldn’t believe it either:  Markets Don’t Trust Banks, and They’re Right
  • So how to restore that public trust which has been violated and lost? Stronger governance is the first step, to weed out the problems which still exist and will take time to address effectively, like corruption, cybersecurity, and differences in reporting regimes. Injecting clarity into a truly integrated system which is more consistent and allows for comprehensive monitoring will help also to let the public know that supervisors are looking in the right places. These system overhauls and others should help to create markets and networks which are more likely to foster and support financial stability in the future:  Ten Powerful Actions To Restore Public Trust And Confidence In The Global Economy
  • As the advancements of technology constantly outpace regulatory and legal frameworks intended to control them, what implications do biometrics innovations have for trust? Data privacy concerns prevent many people from engaging in newer technologies, but what will happen when traditional authentication of identity is no longer available? Social media, AI such as facial recognition, and other advanced means of identification and verification are on their way, and all the problems of inclusion, access, and security that challenge their trustworthiness are coming with them:  The evolution of identity: trust, inclusivity, biometrics and beyond

Organizations must grapple with the fluid nature of trust and the expectations around it, in order to have any hope of inspiring trust and faith as cultural norms both inside and outside the office.

Categories
Compliance in current and historical events

Cybersecurity and the hacking of Hollywood

Cybersecurity appears near the top of any compliance officer’s risk assessment. Addressing the ever-evolving concerns around it is a priority on the strategic annual plan for any compliance program. Modern society’s reliance on technology and the internet is always increasing. Along with the many benefits of technology’s interconnectedness and conveniences comes risks to data privacy, information theft, unauthorized intrusions, and security breaches.

While all businesses are vulnerable to these threats, recently the spotlight has been on Hollywood and some high-profile hacking campaigns that have seriously impacted the entertainment industry. Damaging emails have been published, produced shows and scripts have been ransomed, and private photos have been leaked due to storage and server facilities being breached.

  • In November 2014, Sony Pictures was hacked by a group calling itself Guardians of Peace. The cyberattack used malware to steal and then overwrite and delete the data on half of Sony’s computer network worldwide. Not only did Sony have to deal with a major technology infrastructure crisis, but shortly after, the leaks began. The stolen data from the company that was subsequently published ranged from embarrassing personal emails of executives and celebrities to unreleased movies to sensitive employee information. The hack was eventually blamed on North Korea and their effort to suppress the film The Interview, a claim which is still disputed by some today. The fallout from the cyberattack and the insufficiency of the company’s preparations against it offer many difficult lessons in cybersecurity and corporate defences within it: Inside the Hack 
  • Netflix was compromised by a hacker going by the name thedarkoverlord, who posted ten episodes of the network’s hit show Orange is the New Black to a torrent site on the internet. The leak occurred after a ransom request was not met, first by a production vendor affiliated with Netflix and then by Netflix itself, demonstrating that cybersecurity at third-party vendors can also be a business risk: A Group Of Hackers Is Holding Hollywood Captive — & Here’s What It Wants
  • In another ransom case, Disney suffered a hack involving the latest movie in the Pirates of the Caribbean franchise, compromised while on the servers of a post-production facility. Work is often sent out to vendors in the industry who will do it for the lowest cost, but may not promise the most robust network security to prevent intruders from accessing the content and ransoming it to the owners. This phenomenon is becoming increasingly common and expensive: Cyberattacks once again roil Hollywood, but can anything be done about it?
  • HBO sustained a major cyberattack, possibly from various sources, on their servers which demonstrate how vulnerable major organizations can be to leaks, hacks, and social media hijackings. This event shows that HBO, and other organizations like it, face cybersecurity threats from a variety of sources: suppliers, insiders, intruders, and more. Ransom demands were involved here too, but other threats seemed designed just to test security protocols or to intimidate and embarrass: Breaking Down HBO’s Brutal Month of Hacks
  • Other than content owners such as networks and studios, Hollywood talent agencies, such as UTA, ICM, and WME, have all also been the target of cyberattacks. In the case of UTA, the intrusion occurred through the phone system and spread from there to the computer network, with a ransom demand following. Many of these hackers openly acknowledge they are motivated just by financial gains from ransom payments, so some companies are being advised to pay up and avoid damaging or embarrassing information and valuable content being leaked online: FBI Gives Hollywood Hacking Victims Surprising Advice: “Pay the Ransom”

The increasing frequency and visibility with which the technological systems of Hollywood companies are being targeted for cyberattacks indicates that this will remain a top risk for some time to come. The threats to the reputations of individuals and organizations involved, as well the economic and reputational risks, require that lessons learned from the situations above be implemented into practical and technological improvements to cybersecurity programs.