Compliance Culture

Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Round-up on the ethics of the Internet of Things

The Internet of Things refers to physical devices which are inter-networked and can share and store data between themselves. This includes things such as televisions, cars, buildings, and other objects that have network-connected technology inside that allow these objects to be accessed and controlled remotely via computer-based networks. This also includes systems that operate in this way, such as smart homes, grids, and cities. These things can be identified and operated individually but also are part of the interconnected system and can have co-dependencies.

There are obvious ethical issues with a highly connected and complex system such as the Internet of Things, where tremendous amounts of data are stored and shared and ultimately used in often mysterious or unclear ways – certainly to improve the intelligence of the Internet of Things and make it operate more efficiently, but also potentially for malicious or dishonest purposes.   Security vulnerabilities in a system which is remotely accessible are also an alarming risk, as unauthorized intrusions or destructive attacks could render everyday items such as cars or door locks inoperable or turn items such as smart houses or transportation networks against their users.

  • The technology that drives the Internet of Things has grown explosively, and legal and compliance frameworks have not been able to keep pace. Questions of liability that arise from cyberattacks on the Internet of Things and rules of responsibility governing companies working within this space are largely undefined. The Internet of Things may bring change to society similar to that of the Industrial Revolution. A thoughtful view on regulations and ethical guidance to protect privacy and security from the earliest design point in the industry is crucial: The Internet of Things Needs a Code of Ethics
  • Among all the fears of artificial intelligence and sentient, unfriendly robots with autonomous weapons, the real risk of the Internet of Things will still lie in the hands of humans. Hackers are a big threat to the system’s security and this risk must be taken seriously, with organizations investing in controls to prevent and mitigate attacks, intrusions, and disruptions that could damage devices, harm people, and interrupt business operations: Why Hackers Will Become a Significant Threat to the Internet of Things
  • The data produced in the Internet of Things is a major security and privacy consideration. Users of these interconnected devices may not realize how much information the devices have about them and their activities. The Roomba, a small robot home vacuum, was an early-comer to this market. The company that makes it, iRobot, has said it hopes to make money from selling maps of users’ living rooms to other companies. Using customer data for profit from a third-party is nothing new in the internet company world, but there are many questions of privacy, notice, and consent which remain to be answered: The Internet of Things is a data farm, Roomba won’t be its only profiteer
  • Cybersecurity fears about the Internet of Things extend to the U.S. government as well, where legislators have proposed to make sure that smart devices can receive security updates like traditional computers. Lawmakers also seek to prevent manufacturers from hard-coding passwords into their system tools that can be manipulated by hackers to take control of the related devices. The U.S. government is just as interested in the objects of the Internet of Things as consumers are, and safeguarding against present and future risks from them is top of mind: Two U.S. lawmakers think the government has a new cybersecurity problem: The Internet of Things
  • So what does all this mean for the future of the Internet of Things? Will the risks of it slow its growth or it will it continue to advance in both complexity and connectivity, its risks unchecked or outpacing the frameworks created to control against them? It appears likely that the value and appeal of connection, and the fear of not being able to function and communicate, will outweigh the desire to want to withdraw from it for safety and privacy purposes: The Internet of Things Connectivity Binge: What Are the Implications?

The intelligence and complexity of the Internet of Things will continue to grow as consumer applications become more in demand and commonplace. The need for strong security standards and clear customer protections will expand in kind. Privacy, safety, and control are all ethical concerns which compliance programs at the companies working on the Internet of Things will have to consider prominently in future risk assessments and strategic plans.

READ MORE

Round-up on compliance issues in food technology

Food technology, concerning the production processes that manufacture, transport, and distribute foods, continues to expand as disruptive technologies in general advance. As any practice that impacts food has obvious heavy impact on consumer safety, food technology practices are coming under increased scrutiny. While public attention was once mostly limited to risk-benefit analysis of various foods and the resulting consumer preferences and perceptions, innovative technologies are driving further questions and desires for customer protections and process disclosures.

  • In response to perennial consumer demand for more flavorful and interesting plant-based products to present vegetarian and vegan friendly burgers, Impossible Foods created their Impossible Burger, with soy leghemoglobin giving it an uncanny resemblance to meat and a regulatory problem with the U.S. Food & Drug Administration; can high-profile investors and customer interest overcome food safety concerns and the burdens of government supervisory challenges:  Impossible Burger’s ‘Secret Sauce’ Highlights Challenges of Food Tech
  • Walmart and a consortium of major food companies including Unilever and Kroger are experimenting with blockchain technology to simplify and automate their supply chains, in hopes of making a very complex set of production processes much more agile and enabling quicker investigations into outbreaks of food-borne illnesses, with improved documentation:  Walmart and 9 Food Giants Team Up on IBM Blockchain Plans
  • Another fascinating, developing use of blockchain in order to make the supply chain safer by combating food counterfeiting and tampering, illegal shipping, and industry malpractice by tracking products through the process and requiring non-anonymous, reliable documentation, all informed by industry “spying” that has uncovered the causes of abuses across food business sectors and country cultures:  Inside the Secret World of Global Food Spies
  • Personalized nutrition plans combine the trend for home genetic testing with consumer desires for at-home meal delivery or menu selection services, but how does freedom of choice and a culture of individual preference with emphasis on customization fit in with the goals of libertarian paternalism that can be espoused by suggesting biometrically-determined food choices:  I sent in my DNA to get a personalized diet plan. What I discovered disturbs me. 
  • Amazon continues to search for growth opportunities in the food business after announcing plans to acquire Whole Foods earlier this summer, this time turning to U.S. military technology to aim to deliver meals that do not need to be refrigerated, but will consumers be enthusiastic or will this solution only create new potential problems in trademarking of kits and safe fulfillment of orders:  Amazon looks to new food technology for home delivery

Blockchain will likely continue to pose the most challenging and exciting advances in the food technology industry. Making the supply chain for food more transparent and accountable, and also simpler to navigate, is a lofty goal which would serve the public interest. Integrity and consumer choice in the food business, with or without the impact of regulatory supervision, should drive innovation going forward.

READ MORE

Round-up on compliance issues in cryptocurrencies

Cryptocurrencies are secure, usually anonymous digital forms of money. Cryptocurrencies use blockchain, a decentralized technology linked to a public record of all transactions in the currency, to make payments and store money without attaching their identities to the cryptocurrency or needing to use a bank. The first and perhaps best known of these is Bitcoin, created almost ten years ago, but there are now as many as 1,000 cryptocurrencies available and more being added every day.

A payment method that was created to be secretive and operate outside of the banking system, and therefore outside of all its regulatory and legal controls as well, carries obvious associations of being used in facilitating illegal activities. Furthermore, as trading of cryptocurrencies evolves as an investment practice, heightened volatility and uncertainty in the still-emerging markets bring greater risks.

  • As speculation of a possible boom in the cryptocurrencies market grows, it is important to take cryptocurrencies seriously as businesses, and take from lessons that established technology companies have demonstrated – consider fundamental controls for the entities involved in cryptocurrencies, as paradoxical as that may seem for forms of money that are designed to exist outside of structured systems, but will certainly be vulnerable to the same organizational and individual abuses and vulnerabilities as those systems:  Cryptocurrency skeptics warn of another dot-com bubble, but remember: That’s where Amazon and Google started
  • The influence of artificial intelligence trading and trading/chat bots in traditional markets has already been disruptive and complicated. Now they’re appearing in cryptocurrency markets as well. These applications offer additional tools and advantages, but bring the possibility of eroding market expertise and increasing risks of errors and anomalies:  The Role of Trading Bots in the Cryptocurrency Market
  • What is the difference between a user, an owner, and a customer? All of these somewhat philosophical questions have very concrete foundations in regulation and law that may apply depending on the role of an individual in a transaction. As the cryptocurrency community continues to develop and inevitably professionalize, legal challenges that move these companies closer to the traditional banking organizations they aimed to make obsolete are certain to materialize:  Bitcoin Cash Soars to $700, Coinbase Customers Threaten to Sue
  • As cryptocurrency companies continue to grow in complexity and reach, competency and credibility will become very important, perhaps even competitive advantage for the prepared and professional cryptocurrency over the uncertain and ad hoc one. With “forks” on trading platforms affecting bitcoin holdings like splits would stocks, traders need consistent policy to set precedent and guidelines. Cryptocurrencies want to be free of negative controls that traditional banking systems impose, but fairness and transparency should not be the baby thrown out with the bathwater. Perhaps bitcoin exchanges, faced with conflicts of judgment among themselves, will be desperately seeking a self-regulatory organization before long:  Bitcoin Exchange Had Too Many Bitcoins
  • Cryptocurrencies may have an identity crisis ahead, as attempts to normalize mainstream uses and pave the way for this digital money to be seen as ordinary money are complicated by its continued connection to illicit activity. This time, it’s invoking the spectre of terrorist financing:  Controversial US Sanctions Bill Calls for Cryptocurrency Research

People will certainly continue to turn to cryptocurrencies both as payment methods and as investment opportunities. As this increases, risks for the organizations providing the technology and access in order to transfer, store, and trade cryptocurrencies will also grow. At the same time, users of cryptocurrencies can be seen as consumers deserving of protections, as well as possibly proxies for clients in the decentralised system, subject to some due diligence and markets governance.

Compliance in the cryptocurrencies markets can be a positive influence to ensure the fairness of markets and protect consumers. How to take an uncontrolled market and regulate it smartly, and appropriately for its spirit, without straying into bad or unnecessary regulation which will be the prevailing argument against the proposition for a culture of compliance, is the challenge ahead.

READ MORE

Round-up on emerging compliance disciplines in diverse industries

Compliance programs of the last 20 years have taken the firmest roots in industries that are by definition highly-regulated or in those which have most potential for widespread damage from wrongdoing.  These range from pharmaceutical companies in the former group to financial services firms in the latter group.  Current trends indicate, however, that many other industries’ practices are being assertively investigated by the media, concerned citizens, and filmmakers. These investigations bring to light processes and practices that are governed by insufficient controls and often unethical cultures.

  • Doping in professional sport is under increased public scrutiny in the aftermath of scandals such as state-sponsored cheating by Russian athletes in the Olympics and the dramatic fall from grace of Lance Armstrong, who cheated without detection for years; as society deals with the fallout of these discoveries, far-reaching change in anti-doping programs is necessary:  Icarus: A Doping House of Cards Tumbles Down
  • Evolving tech company organizational culture is under fire again, this time at Google, with an employee-authored document questioning diversity initiatives going viral and suggesting that gender inequality and treatment of people of color remain systemic problems in Silicon Valley that current corporate governance systems are insufficient to address.  The employee in question was dismissed immediately, and Google leadership immediately started disclaiming the statements and apologizing, but it remains to be seen what substantive steps might be taken to actually address the root causes of this conduct and openly analyze the culture of compliance at Google.  Hopefully a self-appraising, progressive conversation can take place in Silicon Valley rather than denial of the systemic issues that lead to these events time after time: Google Employee’s Anti-Diversity Manifesto Goes ‘Internally Viral’ 
  • Cybersecurity grows all the time as a risk factor to businesses, with hackers constantly outpacing efforts to prevent their intrusions; now moving beyond breaking into office e-mail servers or ransoming files from zombie computers, these cyber-thieves are exploiting differences in national laws and vulnerable devices to rig slot machines in casinos around the world:  Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot  
  • Campaign finance laws are a perennial hot issue in US politics; these laws are often intended to avoid corruption and increase transparency, but with the number of committees, groups, and shell companies participating in election fundraising constantly growing, following the money is becoming harder, complicating along with it efforts to establish accountability:  Soft Money Is Back — And Both Parties Are Cashing In
  • Fascinating intersection of business and politics, with all the risks inherent in both, as consumer technology giant Samsung struggles against an increasingly complicated government relationship, intense corporate work culture, legal dramas, and public protests, despite an impressive commercial rebound:  Summer of Samsung: A Corruption Scandal, a Political Firestorm—and a Record Profit

All the foregoing represents many growth areas for the welcome expertise of compliance practitioners and a possibility to drive change toward a society that places a higher value on accountability and integrity.

READ MORE

Round-up on developments in client due diligence in the financial services industry

Client due diligence and related processes in financial services – client acceptance, know your customer, anti-money laundering, sanctions monitoring – are central to modernizing and improving compliance programs. Current trends indicate that cultural differences, technological advances, and cooperation of enforcement authorities are all driving investigation and improvement.

In the ever-increasingly complicated global marketplace, client due diligence as a practice will continue to involve, taking into account local practices, changes in technology, and shifting regulatory priorities.

READ MORE

Round-up on compliance investigation and enforcement trends

Keeping up to date on developments in compliance investigation and enforcement priorities is important for planning compliance programs and setting strategic agendas. In a constantly changing regulatory environment, continuing education is a must. Recent developments suggest that regulators are regrouping and preparing new priorities, while companies are trying to contend with regulations and avoid looming legal challenges.

  • Prosecution of white-collar criminals is at an all-time low as some companies appear to be considered “too big to jail” and risk-adverse trial strategy rules the day:  Why Corrupt Bankers Avoid Jail
  • Airbnb, possibly setting precedent for other “shared economy” companies without traditional regulatory compliance frameworks, looks to pre-emptively contend with legal challenges by striking deals with municipalities:  Airbnb Tries to Clear Away Political and Legal Challenges in New York and San Francisco
  • The ECJ may declare Uber a transportation company later this year, opening the tech giant to much stricter regulatory scrutiny; in anticipation, Uber has withdrawn from some EU member states where the regulatory burden already overwhelms its appetite for the market: Europe’s Top Court Leaning Towards Dealing Uber a Big Regulatory Blow
  • HSBC, amidst negotiations with the U.S. Department of Justice as it is under investigation for its role in the bond market pre-2008 crisis, is concerned over regulatory gaps in the global financial market that may be unpredictably fragmented by Brexit, in which cooperation between regulators and investigators could become more problematic:  HSBC chief sounds alarm over financial regulation and Brexit
  • Amid mounting prosecutorial pressure and investigation efforts worldwide, a guilty plea and cooperation from ex-Credit Suisse Banker:  Ex-Credit Suisse Banker Helping U.S. After Tax Guilty Plea
  • Scandal at Wells Fargo continues to unfurl its tentacles into new areas of the bank’s business, now reaching into auto loan customers who were charged for unauthorized car insurance; previous attempts at punishment or reform now seem insufficient in light of the scope and scale of the wrongdoing, upping the ante on what is considered justice in corporate crime:  Give Wells Fargo the Corporate Death Penalty

This summer’s trends indicate diminished enforcement efforts, regulators regroup and try to ascertain a new approach to holding corporate criminals accountable for their ethical lapses, in light of previous attempts failing to adequately discourage wrongdoers. In the meantime, companies finding themselves cornered by regulatory pressures hope to gain time to comply or the blessing to continue as-is by negotiating agreements or reaching settlements with regulators.

READ MORE