Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

This week on Compliance Culture

Be sure to visit Compliance Culture this week for posts on these topics.

  • Monday: Happy Labor Day!
  • Tuesday: Martin Shkreli, unethical CEO role model
  • Wednesday: Non-compliance at Wells Fargo
  • Thursday: Compliance developments with cryptocurrencies
  • Friday: Insights from lectures on honesty and trust

Don’t miss it!


Selected documentaries on the 2008 global financial crisis

The Great Recession, which began in 2007-2008 with the collapse of the subprime mortgage market and led to an international banking crisis, offers many lessons for compliance practitioners and enthusiasts alike. Many documentaries have been produced in the ensuing years to offer new insights on the crisis and its causes.

  • American Casino and the origins of the subprime collapse – The filmmakers of American Casino started their work in 2008 with a theory that the housing market was in trouble. Over the year that they filmed, this idea took root in reality and unfolded before them. The 2009 documentary that resulted offers a vivid explanation of how the subprime mortgage market evolved and then fell apart. The stories of average Americans who held the mortgages that were underlying the bonds created by big investment firms humanize the origins of the crisis and help to ground the actions in the financial markets by connecting them to the many people that were affected.

  • Inside Job and non-disclosure of conflicts of interest – This 2010 documentary reaches back into the international origins of the financial crisis, to begin with an look at the collapse of the Icelandic banking system. One of the movie’s principal assertions is that academics and scholars who are professors at many of the prominent educational institutions have conflicts of interest due to their financial ties to firms such as Goldman Sachs and other large market makers. The film’s argument suggests that these conflicts of interest are not subject to mandatory disclosure and so the economists express opinions about investments and financial systems which cannot be transparently evaluated.

  • Capitalism: A Love Story and the dangers of deregulatory trends – Michael Moore’s 2009 documentary takes a wide view on general contemporary economic conditions in the United States, ethically questionable practices of major corporations, and the status of the American worker in modern capitalism. Germane to the subject of the 2008 global financial crisis, Moore takes a look at the lending practices of Countrywide, one of the main players in the subprime lending practices that led to the market collapse and ensuing crisis. Countrywide operated in an generation of regulatory relaxation, leading to unduly risky practices of giving loans to people who could not reasonably afford them as well as giving discounts and special deals to politicians and regulators in hopes of keeping the good times rolling.

  • The Flaw and the evolving state of modern American capitalism – A good companion movie to Capitalism: A Love Story, this 2011 documentary focuses on explaining how the consumer society in the United States has a symbiotic relationship with the markets, at the expense of the American citizen whose main value in society becomes determined by spending power.   In this dynamic, the rich get richer while the poor stay poor and the middle class drifts ever downward, with interventions such as the easier extension of lending in the pre-2008 years only seem to present a possibility for upward mobility for them, but rather just create financial crises where they bear the brunt of the losses.

  • Money for Nothing: Inside the Federal Reserve and the cyclicality of major financial crises – The ebb and flow of regulatory pressures in the United States are enabled by the lack of understanding most Americans have about what the Federal Reserve System is and how its policies impact the economy and the markets. This 2013 documentary suggests that these policies had a major role in the 2008 financial crisis and will continue to contribute to the creation of bubbles that culminate in future crises. The firm suggests that awareness of the public and citizens’ engagement in activism for more accountability and greater transparency by the Federal Reserve System are critical for protecting society from ever-greater financial crisis in the future.

These are just a few examples of documentaries which can provide an informative and compelling view into the events of the 2008 global financial crisis. For years to come there will surely be many more such documentaries to add further insights to the historical record on the Great Recession.


Round-up on emerging compliance disciplines in diverse industries

Compliance programs of the last 20 years have taken the firmest roots in industries that are by definition highly-regulated or in those which have most potential for widespread damage from wrongdoing.  These range from pharmaceutical companies in the former group to financial services firms in the latter group.  Current trends indicate, however, that many other industries’ practices are being assertively investigated by the media, concerned citizens, and filmmakers. These investigations bring to light processes and practices that are governed by insufficient controls and often unethical cultures.

  • Doping in professional sport is under increased public scrutiny in the aftermath of scandals such as state-sponsored cheating by Russian athletes in the Olympics and the dramatic fall from grace of Lance Armstrong, who cheated without detection for years; as society deals with the fallout of these discoveries, far-reaching change in anti-doping programs is necessary:  Icarus: A Doping House of Cards Tumbles Down
  • Evolving tech company organizational culture is under fire again, this time at Google, with an employee-authored document questioning diversity initiatives going viral and suggesting that gender inequality and treatment of people of color remain systemic problems in Silicon Valley that current corporate governance systems are insufficient to address.  The employee in question was dismissed immediately, and Google leadership immediately started disclaiming the statements and apologizing, but it remains to be seen what substantive steps might be taken to actually address the root causes of this conduct and openly analyze the culture of compliance at Google.  Hopefully a self-appraising, progressive conversation can take place in Silicon Valley rather than denial of the systemic issues that lead to these events time after time: Google Employee’s Anti-Diversity Manifesto Goes ‘Internally Viral’ 
  • Cybersecurity grows all the time as a risk factor to businesses, with hackers constantly outpacing efforts to prevent their intrusions; now moving beyond breaking into office e-mail servers or ransoming files from zombie computers, these cyber-thieves are exploiting differences in national laws and vulnerable devices to rig slot machines in casinos around the world:  Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot  
  • Campaign finance laws are a perennial hot issue in US politics; these laws are often intended to avoid corruption and increase transparency, but with the number of committees, groups, and shell companies participating in election fundraising constantly growing, following the money is becoming harder, complicating along with it efforts to establish accountability:  Soft Money Is Back — And Both Parties Are Cashing In
  • Fascinating intersection of business and politics, with all the risks inherent in both, as consumer technology giant Samsung struggles against an increasingly complicated government relationship, intense corporate work culture, legal dramas, and public protests, despite an impressive commercial rebound:  Summer of Samsung: A Corruption Scandal, a Political Firestorm—and a Record Profit

All the foregoing represents many growth areas for the welcome expertise of compliance practitioners and a possibility to drive change toward a society that places a higher value on accountability and integrity.


Tinder and the role of compliance in fostering professionalism in start-ups

Tinder is a well-known dating app which matches users based on location and social media profile compatibility. It is infamous for its “swipe” interface where users register their reaction to potential matches by swiping right on the screen to register an interest in connecting or swiping left to dismiss.

Tinder was founded by a group of childhood and university friends, most prominent among them Sean Rad. The spirit during the early days of Tinder is presented as rowdy, social, creative, and disruptive – a start-up with a millennial energy where the fun and approachability embodied in its product was inspired by its corporate identity.

Eventually, however, friendships began to sour, the novelty started to wear off, and controversy began to take seed. One of the co-founders, Whitney Wolfe, fell out with Rad and another co-founder, Justin Mateen and filed a lawsuit alleging discrimination, sexual harassment, and retaliation. Wolfe has gone on to found a competitor dating app, Bumble, in which only women can initiate communicate with their male matches. Gender imbalance, public health, personal security, and data privacy are all major concerns which have been raised against Tinder’s operating model.

In all cases, Tinder has only been able to be reactive to these issues, not to preventively address them. This goes down directly to the fact that Tinder has no native culture of compliance. Tinder has a start-up culture as described above – entrepreneurial, excitable, informal, and innovation-focused. In these dynamic cultures there is a tendency to eschew traditional foundations as staid, too likely to impose restrictions or rules that will stunt growth and prevent transformative achievements. All the focus goes on being fast-moving.

Indeed, the image of the plucky entrepreneur starting a business by maxing out personal credit cards and taking customer calls from the garage at home is an endearing and enduring one. However, when this start-up gets some cash and energy and scales up, often the investment is concentrated on people who will bring the product to market – engineers, designers, marketing and sales staff.   The below the line functions – HR, operations, finance, and indeed compliance – often stay with the principals or outside vendors for as long as possible, to the detriment of the development of compliance values at the core of the organization. This may be practical to achieve profit objectives, but it’s not professional.

A forced culture of compliance will never be a natural one. In the complex business and regulatory environment today, it would be wise to include among the early employees someone who can set the stage for a genuine culture of compliance from the beginning. A company that grows up aware of compliance and ethics obligations and has an authentic, competent champion for employee integrity will not have to try to develop this later on when it may be too late for it to take genuine hold.

For a deeper look into Tinder’s roots and Rad’s growing pains, check out this story by Nellie Bowles for The California Sunday Magazine.


Compliance 101: A quick guide

As this blog intends to demonstrate, compliance is both a subject for practitioners as well as a topic of general interest that shows up in business and the news all the time. Current and historical events, popular culture, and all types of jobs touch upon compliance subjects on a daily basis. Just as the law is everywhere in life, so are regulations and questions of ethics and integrity.

However, for such a ubiquitous subject, typical awareness of compliance matters is often very low. People may be very used to asking themselves whether events they read about in the news match with their own general norms. There is often a challenge between existing rules and what may be morally acceptable. This perceived discrepancy is nuanced and can prove hard to navigate without frustration.

As a prelude, ask yourself: have you ever heard of any current events regarding compliance? Or, perhaps, have you ever encountered any problematic dilemmas in your own life, which provoked curiosity about ethical choices and integrity? These could be perhaps news stories, personal experiences, or commercial situations you have observed in work or at school. These can include moral dilemmas and “catch 22” situations where commercial interests and personal obligations collide, as well as stories of crises and scandals. What have you heard, if anything, about the meaning and function of compliance?

Generally speaking, the main definitions of compliance as a discipline include:

  • Conforming to relevant laws, regulations, principles, and rules, standards and codes of conduct applicable to an organization’s activities, in letter and in spirit, or the process of doing so. This may concern gray areas, with no strict answer or universal judgment.
  • The aspiration that informs organizations in their efforts to ensure that they are aware of, and take steps to comply with, all relevant laws and regulations. This can be both prescriptive, referring to such laws and regulations that already exist, or predictive, referring to attempts to anticipate future laws and regulations.
  • Also describes efforts to ensure that organizations are abiding by both industry regulations and government legislation. This practice area is often called regulatory compliance.
  • Finally, emphasizes acting with integrity and therefore draws heavily from the study of ethics and morality, even extending philosophy and psychology. A modern goal of an effective compliance program is to design governance and control structures that encourage employee and organizational integrity and create disincentives against and penalties for dishonest or unethical behavior.

Typical tasks and responsibilities of a compliance professional include:

  • Advising business partners in identifying and assessing compliance risks (of legal or regulatory sanctions, material financial loss, or reputational damage) and effectively managing and mitigating these risks
  • Modeling good conduct and proscribed values of integrity and ethical behavior
  • Training employees and management on compliance matters
  • Monitoring business implementation of key compliance policies and procedures, and reporting accordingly to management on efficacy and accuracy of same
  • Coordinating regulatory stakeholder management

Now, check your impressions about what compliance means, and consider this in concrete terms and from your own perspective. Hopefully you now have a more meaningful insight on what compliance is and means in context of both current and historical events


Tips for e-mail handling of confidential information

To most people it’s impossible to imagine the modern office without e-mail as the primary mode of communication. With the widespread popularity of tablets and smartphones moving our e-mail accounts from our desktops to our cell phone screens and everywhere in between, the risks attendant to this ubiquitous use of e-mail is always at the forefront of compliance concerns surrounding the handling of confidential information. To handle this, ongoing controls are advisable to ensure that the flow of information is protected and restricted to sharing on a need-to-know basis only.

  • Determine recipients carefully: Recipients should be determined case-by-case by the purpose of the e-mail. Senders should also consider whether the information is intended to be used internally (for information purposes only) or also at a later stage externally (such as for promotional purposes). In general, recipients should be as limited as possible. Include broader stakeholders more remote to the work that the confidential information concerns only insofar as they are known to be interested (for example Compliance, Legal, or other functions serving the business line). Seek to avoid administrative burden on the sender to update standing lists to tailor them to a particular message, as this is where human error can lead to inadvertent dissemination.
  • Consider most appropriate method of distribution: Use individual addresses, not group mailboxes, to control the recipients, as group mailboxes can be under collective and changing ownership. Posting messages on shared, secure intranet or internet sites may be an attractive alternative to e-mails. This can help to prevent accidentally incorporating unintended recipients, but the community or site needs to be closed and carefully administered.
  • Remember strict criteria for sharing confidential information: Generally, confidential information should only be shared on a need-to-know basis, not like-to-know. Possessing confidential information should be seen as a responsibility, not a privilege, and seeking access to this information or inclusion in communications that share confidential information should be discouraged unless there is a work necessity. As a broad rule, e-mails sent to individuals or groups without first informing them of their responsibilities with handling confidential information should contain public information only.
  • Seek review/approval before dissemination: Think of clicking “send” on an e-mail as publishing the information contained within it. Are your messages up to publication standards? It would be wise to have those which contain confidential information reviewed first by business management before circulation. Management should also be comfortable seeking advice from Compliance on whether sharing the information is appropriate in terms of content or recipients if necessary.
  • Include disclaimer language regarding forwarding/use of information therein: Even with the above points considered, it still could be wise to add disclaimer language to the e-mail to discourage erroneous distribution or misuse. E-mails can easily be printed, forwarded, or copied and pasted. Standard disclosure language could be, for an example: “Information in this transmission is intended only for the person(s) to whom it is directed. Any disclosure, copying, forwarding, re-publishing, or other dissemination of the information is unauthorized. No liability is accepted for any unauthorized use of the information contained herein.”

Using e-mail has become second nature to most people, but communicating confidential information always merits extra caution. Considering the above control framework can help to use e-mail more carefully and wisely to ensure that confidential information is not mishandled or inadvertently disseminated


This week on Compliance Culture

Be sure to visit Compliance Culture this week for posts on these topics.

  • Monday: E-mails and confidential information
  • Tuesday: Compliance 101
  • Wednesday: Tinder as an example of compliance culture at start-ups
  • Thursday: Emerging compliance disciplines in diverse industries
  • Friday: Documentaries on the 2008 global financial crisis

Don’t miss it!


Margin Call and unethical crisis management in the financial services industry

The 2011 movie Margin Call focuses on the conduct of the employees of an investment bank in disaster mode. The movie takes place in the prelude to the 2008 global financial crisis. During a reduction in workforce, an analyst reveals that the firm’s predictive models are showing that its portfolio of mortgage-backed securities will soon experience losses which will exceed the highly-leveraged value of the firm and lead to its bankruptcy.

The rest of the movie centers on the behavior of the firm’s employees and senior management and the choices they make in handling this discovery. Unsurprisingly, many of them model unethical decision-making and provide cautionary examples from which governance and compliance structures can take advice for what to prevent.

  • Key man dependency and lack of transparency – The entire movie revolves around the too-late discovery of the projected losses by an analyst. His boss was working on a project to try to figure out what was wrong with the firm’s models, but he was laid off before he finished his analysis. This scenario suggests the conclusion that if the boss had not been working alone or had been sharing his work in progress sufficiently, then the problems could have been discovered earlier and the entire dilemma could have been avoided or at least mitigated. An insecure overdependence on the work of one vulnerable man and a lack of honest disclosure led to this firm’s undoing from the very start.

  • Corporate code of ethics and culture drivers – A firm’s compliance program sets a tone and provides a rules-based structure for employees. Ultimately each individual still has the freedom to make unethical or inappropriate decision for his or herself, but the choice architecture provided by a firm’s governance controls matters for setting expectations. Corporate enablement of immoral or ethical behavior starts at its simplest practices, such as reimbursement of expenses, especially in a business where the financial upside for compensation is immense. In a firm where an anything goes culture reigns, the downside of this culture is also immense.

  • Tone at the top and unethical executive decision-making – In a series of overnight meetings, the firm’s senior management decides to hold a “fire sale” and dump their toxic assets to limit their own exposure by dispersing the risk through the markets and ripping off their counterparty broker-dealers. They also know that their customers will quickly realize what they are doing and be disenchanted by the deceptive sale of only their troubled mortgage-backed securities holdings. Senior management justifies and solidifies their choice to destabilize the entire market and subject counterparties and clients to losses to avoid their own bankruptcy.

  • Lack of business sustainability due to dishonest practices – By selling the toxic mortgage-backed securities to the counterparty firms which should be their trusted partners, the traders end their careers, as no one will do business with them again in the future. They are compensated handsomely with promised bonus pay-outs, but there is another large reduction in workforce once their dirty work is done. The principals of the firm plan to profit from the coming financial crisis, but their business as it was, as an investment bank, is over.

  • “It’s just money” – moral relativism as justification of unethical behavior – The CEO and chairman of the board takes an apparent long view on the actions of his firm, seeing their choice to deceptively unload toxic assets on the market in order to stem their own losses by kicking off systemic disorder, as a mere reaction. “It’s just money” is a wilful disconnection from the human and integrity costs; believing that the entire economic system is a historic construct makes wrongdoing within it blameless. However, this is not reality; financial crises have real impacts and victims, and money is not just “pieces of paper with pictures on it.”

At every turn, Margin Call exemplifies bad corporate conduct, insufficient compliance and governance controls, and unethical decision-making. This movie provides a primer as to the devolving organizational accountability that set the stage for the 2008 financial crisis.