Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

This week on Compliance Culture

Be sure to visit Compliance Culture this week for posts on these topics.

  • Monday: Happy Labor Day!
  • Tuesday: Martin Shkreli, unethical CEO role model
  • Wednesday: Non-compliance at Wells Fargo
  • Thursday: Compliance developments with cryptocurrencies
  • Friday: Insights from lectures on honesty and trust

Don’t miss it!


Selected documentaries on the 2008 global financial crisis

The Great Recession, which began in 2007-2008 with the collapse of the subprime mortgage market and led to an international banking crisis, offers many lessons for compliance practitioners and enthusiasts alike. Many documentaries have been produced in the ensuing years to offer new insights on the crisis and its causes.

  • American Casino and the origins of the subprime collapse – The filmmakers of American Casino started their work in 2008 with a theory that the housing market was in trouble. Over the year that they filmed, this idea took root in reality and unfolded before them. The 2009 documentary that resulted offers a vivid explanation of how the subprime mortgage market evolved and then fell apart. The stories of average Americans who held the mortgages that were underlying the bonds created by big investment firms humanize the origins of the crisis and help to ground the actions in the financial markets by connecting them to the many people that were affected.

  • Inside Job and non-disclosure of conflicts of interest – This 2010 documentary reaches back into the international origins of the financial crisis, to begin with an look at the collapse of the Icelandic banking system. One of the movie’s principal assertions is that academics and scholars who are professors at many of the prominent educational institutions have conflicts of interest due to their financial ties to firms such as Goldman Sachs and other large market makers. The film’s argument suggests that these conflicts of interest are not subject to mandatory disclosure and so the economists express opinions about investments and financial systems which cannot be transparently evaluated.

  • Capitalism: A Love Story and the dangers of deregulatory trends – Michael Moore’s 2009 documentary takes a wide view on general contemporary economic conditions in the United States, ethically questionable practices of major corporations, and the status of the American worker in modern capitalism. Germane to the subject of the 2008 global financial crisis, Moore takes a look at the lending practices of Countrywide, one of the main players in the subprime lending practices that led to the market collapse and ensuing crisis. Countrywide operated in an generation of regulatory relaxation, leading to unduly risky practices of giving loans to people who could not reasonably afford them as well as giving discounts and special deals to politicians and regulators in hopes of keeping the good times rolling.

  • The Flaw and the evolving state of modern American capitalism – A good companion movie to Capitalism: A Love Story, this 2011 documentary focuses on explaining how the consumer society in the United States has a symbiotic relationship with the markets, at the expense of the American citizen whose main value in society becomes determined by spending power.   In this dynamic, the rich get richer while the poor stay poor and the middle class drifts ever downward, with interventions such as the easier extension of lending in the pre-2008 years only seem to present a possibility for upward mobility for them, but rather just create financial crises where they bear the brunt of the losses.

  • Money for Nothing: Inside the Federal Reserve and the cyclicality of major financial crises – The ebb and flow of regulatory pressures in the United States are enabled by the lack of understanding most Americans have about what the Federal Reserve System is and how its policies impact the economy and the markets. This 2013 documentary suggests that these policies had a major role in the 2008 financial crisis and will continue to contribute to the creation of bubbles that culminate in future crises. The firm suggests that awareness of the public and citizens’ engagement in activism for more accountability and greater transparency by the Federal Reserve System are critical for protecting society from ever-greater financial crisis in the future.

These are just a few examples of documentaries which can provide an informative and compelling view into the events of the 2008 global financial crisis. For years to come there will surely be many more such documentaries to add further insights to the historical record on the Great Recession.


Round-up on emerging compliance disciplines in diverse industries

Compliance programs of the last 20 years have taken the firmest roots in industries that are by definition highly-regulated or in those which have most potential for widespread damage from wrongdoing.  These range from pharmaceutical companies in the former group to financial services firms in the latter group.  Current trends indicate, however, that many other industries’ practices are being assertively investigated by the media, concerned citizens, and filmmakers. These investigations bring to light processes and practices that are governed by insufficient controls and often unethical cultures.

  • Doping in professional sport is under increased public scrutiny in the aftermath of scandals such as state-sponsored cheating by Russian athletes in the Olympics and the dramatic fall from grace of Lance Armstrong, who cheated without detection for years; as society deals with the fallout of these discoveries, far-reaching change in anti-doping programs is necessary:  Icarus: A Doping House of Cards Tumbles Down
  • Evolving tech company organizational culture is under fire again, this time at Google, with an employee-authored document questioning diversity initiatives going viral and suggesting that gender inequality and treatment of people of color remain systemic problems in Silicon Valley that current corporate governance systems are insufficient to address.  The employee in question was dismissed immediately, and Google leadership immediately started disclaiming the statements and apologizing, but it remains to be seen what substantive steps might be taken to actually address the root causes of this conduct and openly analyze the culture of compliance at Google.  Hopefully a self-appraising, progressive conversation can take place in Silicon Valley rather than denial of the systemic issues that lead to these events time after time: Google Employee’s Anti-Diversity Manifesto Goes ‘Internally Viral’ 
  • Cybersecurity grows all the time as a risk factor to businesses, with hackers constantly outpacing efforts to prevent their intrusions; now moving beyond breaking into office e-mail servers or ransoming files from zombie computers, these cyber-thieves are exploiting differences in national laws and vulnerable devices to rig slot machines in casinos around the world:  Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot  
  • Campaign finance laws are a perennial hot issue in US politics; these laws are often intended to avoid corruption and increase transparency, but with the number of committees, groups, and shell companies participating in election fundraising constantly growing, following the money is becoming harder, complicating along with it efforts to establish accountability:  Soft Money Is Back — And Both Parties Are Cashing In
  • Fascinating intersection of business and politics, with all the risks inherent in both, as consumer technology giant Samsung struggles against an increasingly complicated government relationship, intense corporate work culture, legal dramas, and public protests, despite an impressive commercial rebound:  Summer of Samsung: A Corruption Scandal, a Political Firestorm—and a Record Profit

All the foregoing represents many growth areas for the welcome expertise of compliance practitioners and a possibility to drive change toward a society that places a higher value on accountability and integrity.


Tinder and the role of compliance in fostering professionalism in start-ups

Tinder is a well-known dating app which matches users based on location and social media profile compatibility. It is infamous for its “swipe” interface where users register their reaction to potential matches by swiping right on the screen to register an interest in connecting or swiping left to dismiss.

Tinder was founded by a group of childhood and university friends, most prominent among them Sean Rad. The spirit during the early days of Tinder is presented as rowdy, social, creative, and disruptive – a start-up with a millennial energy where the fun and approachability embodied in its product was inspired by its corporate identity.

Eventually, however, friendships began to sour, the novelty started to wear off, and controversy began to take seed. One of the co-founders, Whitney Wolfe, fell out with Rad and another co-founder, Justin Mateen and filed a lawsuit alleging discrimination, sexual harassment, and retaliation. Wolfe has gone on to found a competitor dating app, Bumble, in which only women can initiate communicate with their male matches. Gender imbalance, public health, personal security, and data privacy are all major concerns which have been raised against Tinder’s operating model.

In all cases, Tinder has only been able to be reactive to these issues, not to preventively address them. This goes down directly to the fact that Tinder has no native culture of compliance. Tinder has a start-up culture as described above – entrepreneurial, excitable, informal, and innovation-focused. In these dynamic cultures there is a tendency to eschew traditional foundations as staid, too likely to impose restrictions or rules that will stunt growth and prevent transformative achievements. All the focus goes on being fast-moving.

Indeed, the image of the plucky entrepreneur starting a business by maxing out personal credit cards and taking customer calls from the garage at home is an endearing and enduring one. However, when this start-up gets some cash and energy and scales up, often the investment is concentrated on people who will bring the product to market – engineers, designers, marketing and sales staff.   The below the line functions – HR, operations, finance, and indeed compliance – often stay with the principals or outside vendors for as long as possible, to the detriment of the development of compliance values at the core of the organization. This may be practical to achieve profit objectives, but it’s not professional.

A forced culture of compliance will never be a natural one. In the complex business and regulatory environment today, it would be wise to include among the early employees someone who can set the stage for a genuine culture of compliance from the beginning. A company that grows up aware of compliance and ethics obligations and has an authentic, competent champion for employee integrity will not have to try to develop this later on when it may be too late for it to take genuine hold.

For a deeper look into Tinder’s roots and Rad’s growing pains, check out this story by Nellie Bowles for The California Sunday Magazine.


Compliance 101: A quick guide

As this blog intends to demonstrate, compliance is both a subject for practitioners as well as a topic of general interest that shows up in business and the news all the time. Current and historical events, popular culture, and all types of jobs touch upon compliance subjects on a daily basis. Just as the law is everywhere in life, so are regulations and questions of ethics and integrity.

However, for such a ubiquitous subject, typical awareness of compliance matters is often very low. People may be very used to asking themselves whether events they read about in the news match with their own general norms. There is often a challenge between existing rules and what may be morally acceptable. This perceived discrepancy is nuanced and can prove hard to navigate without frustration.

As a prelude, ask yourself: have you ever heard of any current events regarding compliance? Or, perhaps, have you ever encountered any problematic dilemmas in your own life, which provoked curiosity about ethical choices and integrity? These could be perhaps news stories, personal experiences, or commercial situations you have observed in work or at school. These can include moral dilemmas and “catch 22” situations where commercial interests and personal obligations collide, as well as stories of crises and scandals. What have you heard, if anything, about the meaning and function of compliance?

Generally speaking, the main definitions of compliance as a discipline include:

  • Conforming to relevant laws, regulations, principles, and rules, standards and codes of conduct applicable to an organization’s activities, in letter and in spirit, or the process of doing so. This may concern gray areas, with no strict answer or universal judgment.
  • The aspiration that informs organizations in their efforts to ensure that they are aware of, and take steps to comply with, all relevant laws and regulations. This can be both prescriptive, referring to such laws and regulations that already exist, or predictive, referring to attempts to anticipate future laws and regulations.
  • Also describes efforts to ensure that organizations are abiding by both industry regulations and government legislation. This practice area is often called regulatory compliance.
  • Finally, emphasizes acting with integrity and therefore draws heavily from the study of ethics and morality, even extending philosophy and psychology. A modern goal of an effective compliance program is to design governance and control structures that encourage employee and organizational integrity and create disincentives against and penalties for dishonest or unethical behavior.

Typical tasks and responsibilities of a compliance professional include:

  • Advising business partners in identifying and assessing compliance risks (of legal or regulatory sanctions, material financial loss, or reputational damage) and effectively managing and mitigating these risks
  • Modeling good conduct and proscribed values of integrity and ethical behavior
  • Training employees and management on compliance matters
  • Monitoring business implementation of key compliance policies and procedures, and reporting accordingly to management on efficacy and accuracy of same
  • Coordinating regulatory stakeholder management

Now, check your impressions about what compliance means, and consider this in concrete terms and from your own perspective. Hopefully you now have a more meaningful insight on what compliance is and means in context of both current and historical events


Tips for e-mail handling of confidential information

To most people it’s impossible to imagine the modern office without e-mail as the primary mode of communication. With the widespread popularity of tablets and smartphones moving our e-mail accounts from our desktops to our cell phone screens and everywhere in between, the risks attendant to this ubiquitous use of e-mail is always at the forefront of compliance concerns surrounding the handling of confidential information. To handle this, ongoing controls are advisable to ensure that the flow of information is protected and restricted to sharing on a need-to-know basis only.

  • Determine recipients carefully: Recipients should be determined case-by-case by the purpose of the e-mail. Senders should also consider whether the information is intended to be used internally (for information purposes only) or also at a later stage externally (such as for promotional purposes). In general, recipients should be as limited as possible. Include broader stakeholders more remote to the work that the confidential information concerns only insofar as they are known to be interested (for example Compliance, Legal, or other functions serving the business line). Seek to avoid administrative burden on the sender to update standing lists to tailor them to a particular message, as this is where human error can lead to inadvertent dissemination.
  • Consider most appropriate method of distribution: Use individual addresses, not group mailboxes, to control the recipients, as group mailboxes can be under collective and changing ownership. Posting messages on shared, secure intranet or internet sites may be an attractive alternative to e-mails. This can help to prevent accidentally incorporating unintended recipients, but the community or site needs to be closed and carefully administered.
  • Remember strict criteria for sharing confidential information: Generally, confidential information should only be shared on a need-to-know basis, not like-to-know. Possessing confidential information should be seen as a responsibility, not a privilege, and seeking access to this information or inclusion in communications that share confidential information should be discouraged unless there is a work necessity. As a broad rule, e-mails sent to individuals or groups without first informing them of their responsibilities with handling confidential information should contain public information only.
  • Seek review/approval before dissemination: Think of clicking “send” on an e-mail as publishing the information contained within it. Are your messages up to publication standards? It would be wise to have those which contain confidential information reviewed first by business management before circulation. Management should also be comfortable seeking advice from Compliance on whether sharing the information is appropriate in terms of content or recipients if necessary.
  • Include disclaimer language regarding forwarding/use of information therein: Even with the above points considered, it still could be wise to add disclaimer language to the e-mail to discourage erroneous distribution or misuse. E-mails can easily be printed, forwarded, or copied and pasted. Standard disclosure language could be, for an example: “Information in this transmission is intended only for the person(s) to whom it is directed. Any disclosure, copying, forwarding, re-publishing, or other dissemination of the information is unauthorized. No liability is accepted for any unauthorized use of the information contained herein.”

Using e-mail has become second nature to most people, but communicating confidential information always merits extra caution. Considering the above control framework can help to use e-mail more carefully and wisely to ensure that confidential information is not mishandled or inadvertently disseminated


This week on Compliance Culture

Be sure to visit Compliance Culture this week for posts on these topics.

  • Monday: E-mails and confidential information
  • Tuesday: Compliance 101
  • Wednesday: Tinder as an example of compliance culture at start-ups
  • Thursday: Emerging compliance disciplines in diverse industries
  • Friday: Documentaries on the 2008 global financial crisis

Don’t miss it!